GitHub user pquentin opened a pull request:
https://github.com/apache/libcloud/pull/921
google: Prevent GCE auth to hide S3 auth
## Prevent GCE auth to hide S3 auth
### Description
We currently authenticate to Google Cloud Storage using Amazon S3
compatibility auth. Our code runs in Kubernetes on Google Container Engine. We
tried to upgrade libcloud recently but 3849f65 from @crunk1 prevented us to
authenticate. (Interestingly, it's also the commit that made us want to
upgrade, since we eventually want to use service accounts.)
The issue happened for two reasons:
* `GoogleAuthType._is_gce()` always returns True when the code is run on
the Google Container Engine, regardless of the authentication provided (which
makes the issue impossible to reproduce in a local Docker environment)
* `GoogleAuthType._is_gcs_s3()` is always checked *after* `_is_gce()`, so
it could not be used on Google Container Engine
This pull request simply changes the order to give S3 higher priority. Note
that Installed Applications auth has lower priority still, because it's the
default auth when everything else fails. That's OK because I guess it's not
possible on GCE. Still, I think the documentation should recommend to always
specify the auth type, because explicit is better than implicit and it helps to
avoid unclear errors.
### done, ready for review
### Checklist (tick everything that applies)
- [x] [Code
linting](http://libcloud.readthedocs.org/en/latest/development.html#code-style-guide)
(required, can be done after the PR checks)
- [x] [Tests](http://libcloud.readthedocs.org/en/latest/testing.html)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/pquentin/libcloud trunk
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/libcloud/pull/921.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #921
----
commit b7694bf145f6cd8d8827070866ffc4b0ad2d6705
Author: Quentin Pradet <[email protected]>
Date: 2016-10-21T12:46:11Z
google: Prevent GCE auth to hide S3 auth
GoogleAuthType._is_gce() is going to return True on any GCE instance,
but if there are S3 credentials, they should be used.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
