[
https://issues.apache.org/jira/browse/BEAM-1070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kenneth Knowles updated BEAM-1070:
----------------------------------
This Jira ticket has a pull request attached to it, but is still open. Did the
pull request resolve the issue? If so, could you please mark it resolved? This
will help the project have a clear view of its open issues.
> Service Account Based Authentication Broken
> -------------------------------------------
>
> Key: BEAM-1070
> URL: https://issues.apache.org/jira/browse/BEAM-1070
> Project: Beam
> Issue Type: Bug
> Components: sdk-py-core
> Environment: CentOS Linux release 7.1.1503 (Core)
> Python 2.7.5
> Reporter: Stephen Reichling
> Priority: P3
>
> {{sdks/python/apache_beam/internal/auth.py}} calls into the
> {{oauth2client.service_account.ServiceAccountCredentials.from_p12_keyfile}}
> method with invalid and incorrectly-ordered parameters. Compare the [function
> signature of
> ServiceAccountCredentials.from_p12_keyfile|https://github.com/google/oauth2client/blob/ae73312942d3cf0e98f097dfbb40f136c2a7c463/oauth2client/service_account.py#L300-L303]
> with [how it is
> invoked|https://github.com/apache/incubator-beam/blob/9ded359daefc6040d61a1f33c77563474fcb09b6/sdks/python/apache_beam/internal/auth.py#L150-L154].
> This causes a runtime error when one attempts to use a service account to
> authenticate with the Google Dataflow APIs.
> The specific problems are:
> - the {{client_scopes}} variable (a list) is passed as a positional
> parameter where the function signature expects the {{private_key_password}}
> parameter (a string).
> - a keyed parameter, {{user_agent}}, is passed but no such parameter is
> defined in the function signature.
> - no value is provided for {{private_key_password}}. All p12 key files for
> service accounts issued by Google Cloud have the password {{notasecret}} as
> documented
> [here|https://support.google.com/cloud/answer/6158849?hl=en#serviceaccounts],
> so it's currently not possible to use a Google-issued p12 key file with this
> implementation.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
