Hello,
I have a service account that triggers builds on Google Container Builder. This works fine but now I would like to retrieve build logs using that service account. Here is the code that fetches the log (the token is obtained using google-auto-auth <https://github.com/stephenplusplus/google-auto-auth> package and this part works well in other places, so I really don't think this is the issue): var url = logsBucket + '/log-' + buildId + '.txt'; debug('Requesting log at %s', url); request .get(url) .set('Authorization', 'Bearer ' + token) .end(function(err, res) { if (err) return cb(err); var log = res.body; debug('Received build log : %o', log); cb(null, log); }); Currently, this fails with 401 Unauthorized although the service account has access to the following roles: - Admin kubernetes engine - Admin storage - Admin objects in storage - Cloud container builder - Reader Cloud container builder - Reader storage objects This is the error: { "message": "Forbidden", "stack": "Error: Forbidden\n at Request.callback (/app/node_modules/superagent/lib/node/index.js:696:15)\n [...]", "status": 403, "response": { "req": { "method": "GET", "url": "https://storage.googleapis.com/{PROJECT_ID}.cloudbuild-logs.googleusercontent.com/log-42602b35-af02-4e75-8100-8a3bd0e720fb.txt";, "headers": { "user-agent": "node-superagent/3.8.2", "authorization": "Bearer {BEARER_TOKEN}" } }, "header": { "x-guploader-uploadid": "{SOME-UPLOAD-ID}", "content-type": "application/xml; charset=UTF-8", "content-length": "337", "date": "Wed, 10 Jan 2018 11:06:54 GMT", "expires": "Wed, 10 Jan 2018 11:06:54 GMT", "cache-control": "private, max-age=0", "server": "UploadServer", "alt-svc": "hq=\":443\"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=\":443\"; ma=2592000; v=\"41,39,38,37,35\"", "connection": "close" }, "status": 403 }} Any idea why the request fails with 403 ? Could it come from a missing scope ? I only set scopes: 'https://www.googleapis.com/auth/cloud-platform' so far. Regards -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
