[jira] [Closed] (LIBCLOUD-762) GCE Add Pricing Data
[ https://issues.apache.org/jira/browse/LIBCLOUD-762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Johnson closed LIBCLOUD-762. - Resolution: Won't Fix Was fixed in https://github.com/apache/libcloud/pull/464 > GCE Add Pricing Data > > > Key: LIBCLOUD-762 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-762 > Project: Libcloud > Issue Type: Improvement >Reporter: David Wilson >Priority: Minor > > GCE currently has no pricing data. Add pricing data estimate. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (LIBCLOUD-785) GCE: Service Account User ID has been changed the postfix
[ https://issues.apache.org/jira/browse/LIBCLOUD-785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Johnson resolved LIBCLOUD-785. --- Resolution: Fixed Thanks for reporting this Hoang! > GCE: Service Account User ID has been changed the postfix > - > > Key: LIBCLOUD-785 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-785 > Project: Libcloud > Issue Type: Bug > Components: Core >Reporter: Hoang Phan >Assignee: Eric Johnson > Labels: gce, google-compute-engine, oauth2 > > The post-fix of Service Account has been change from > developer.gserviceaccount.com to ..iam.gserviceaccount.com. It > make user always need to use api service to authenticate. > https://github.com/apache/libcloud/blob/trunk/libcloud/common/google.py#L609 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Assigned] (LIBCLOUD-785) GCE: Service Account User ID has been changed the postfix
[ https://issues.apache.org/jira/browse/LIBCLOUD-785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Johnson reassigned LIBCLOUD-785: - Assignee: Eric Johnson > GCE: Service Account User ID has been changed the postfix > - > > Key: LIBCLOUD-785 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-785 > Project: Libcloud > Issue Type: Bug > Components: Core >Reporter: Hoang Phan >Assignee: Eric Johnson > Labels: gce, google-compute-engine, oauth2 > > The post-fix of Service Account has been change from > developer.gserviceaccount.com to ..iam.gserviceaccount.com. It > make user always need to use api service to authenticate. > https://github.com/apache/libcloud/blob/trunk/libcloud/common/google.py#L609 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (LIBCLOUD-776) Google Storage tests take forever on a Mac
[ https://issues.apache.org/jira/browse/LIBCLOUD-776?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Johnson resolved LIBCLOUD-776. --- Resolution: Fixed Thanks again for the investigation and fix Greg and Scott. > Google Storage tests take forever on a Mac > -- > > Key: LIBCLOUD-776 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-776 > Project: Libcloud > Issue Type: Bug >Reporter: Greg Hill > > If you run tox on a Mac, the google storage tests take forever. I tracked it > down to the _is_gce() method making an HTTP GET request against > http://metadata - for some reason this is slow on a mac but fails fast on > linux. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
libcloud git commit: [google] Allow for old and new style service account client email address
Repository: libcloud Updated Branches: refs/heads/trunk 59fec8e7a -> 88170f658 [google] Allow for old and new style service account client email address Closes LIBCLOUD-785 Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/88170f65 Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/88170f65 Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/88170f65 Branch: refs/heads/trunk Commit: 88170f6582dd6cc3bce87c0ab3a89118551fe508 Parents: 59fec8e Author: Eric JohnsonAuthored: Fri Dec 18 23:57:47 2015 + Committer: Eric Johnson Committed: Fri Dec 18 23:57:47 2015 + -- CHANGES.rst | 4 libcloud/common/google.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/libcloud/blob/88170f65/CHANGES.rst -- diff --git a/CHANGES.rst b/CHANGES.rst index b175664..874aebb 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -30,6 +30,10 @@ General Compute ~~~ +- [google] Allow for old and new style service account client email address + (LIBCLOUD-785) + [Hoang Phan] + - Minor security improvement for storing cached GCE credentials (LIBCLOUD-718) [Siim Põder] http://git-wip-us.apache.org/repos/asf/libcloud/blob/88170f65/libcloud/common/google.py -- diff --git a/libcloud/common/google.py b/libcloud/common/google.py index 491d5af..bfc8f9b 100644 --- a/libcloud/common/google.py +++ b/libcloud/common/google.py @@ -607,7 +607,7 @@ class GoogleAuthType(object): @staticmethod def _is_sa(user_id): -return user_id.endswith('@developer.gserviceaccount.com') +return user_id.endswith('.gserviceaccount.com') class GoogleBaseConnection(ConnectionUserAndKey, PollingConnection):
[jira] [Commented] (LIBCLOUD-785) GCE: Service Account User ID has been changed the postfix
[ https://issues.apache.org/jira/browse/LIBCLOUD-785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15065007#comment-15065007 ] ASF subversion and git services commented on LIBCLOUD-785: -- Commit 88170f6582dd6cc3bce87c0ab3a89118551fe508 in libcloud's branch refs/heads/trunk from [~erjohnso] [ https://git-wip-us.apache.org/repos/asf?p=libcloud.git;h=88170f6 ] [google] Allow for old and new style service account client email address Closes LIBCLOUD-785 > GCE: Service Account User ID has been changed the postfix > - > > Key: LIBCLOUD-785 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-785 > Project: Libcloud > Issue Type: Bug > Components: Core >Reporter: Hoang Phan >Assignee: Eric Johnson > Labels: gce, google-compute-engine, oauth2 > > The post-fix of Service Account has been change from > developer.gserviceaccount.com to ..iam.gserviceaccount.com. It > make user always need to use api service to authenticate. > https://github.com/apache/libcloud/blob/trunk/libcloud/common/google.py#L609 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (LIBCLOUD-718) gce_libcloud_auth credentials file world-readable
[ https://issues.apache.org/jira/browse/LIBCLOUD-718?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Johnson resolved LIBCLOUD-718. --- Resolution: Fixed Assignee: Eric Johnson > gce_libcloud_auth credentials file world-readable > - > > Key: LIBCLOUD-718 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-718 > Project: Libcloud > Issue Type: Bug > Components: Core >Reporter: Siim Põder >Assignee: Eric Johnson > > I noticed a suspicious-looking world-readable file on a VM that talks to > Google Compute Engine API via libcloud: > {noformat} > -rw-r--r-- 1 root root 164 Jun 27 21:21 > .gce_libcloud_auth.wargame-engine > {noformat} > It contains a "Bearer" access token so presumably should not be readable by > other users on a shared system. I suspect this (untested) patch might maybe > fix this in git head: > {noformat} > diff --git a/libcloud/common/google.py b/libcloud/common/google.py > index 694cf93..7a658c8 100644 > --- a/libcloud/common/google.py > +++ b/libcloud/common/google.py > @@ -715,7 +715,7 @@ class GoogleBaseConnection(ConnectionUserAndKey, > PollingConnection): > """ > filename = os.path.realpath(os.path.expanduser(self.credential_file)) > data = json.dumps(self.token_info) > -with open(filename, 'w') as f: > +with os.open(filename, os.O_WRONLY, 0o600) as f: > f.write(data) > > def has_completed(self, response): > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
libcloud git commit: [google] Minor security improvement for storing cached GCE credentials
Repository: libcloud Updated Branches: refs/heads/trunk 66f161739 -> 59fec8e7a [google] Minor security improvement for storing cached GCE credentials Closes LIBCLOUD-718 Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/59fec8e7 Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/59fec8e7 Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/59fec8e7 Branch: refs/heads/trunk Commit: 59fec8e7a203ce95bca7a8b6c5c1744f4f718527 Parents: 66f1617 Author: Eric JohnsonAuthored: Fri Dec 18 23:43:17 2015 + Committer: Eric Johnson Committed: Fri Dec 18 23:45:03 2015 + -- CHANGES.rst | 4 libcloud/common/google.py | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/libcloud/blob/59fec8e7/CHANGES.rst -- diff --git a/CHANGES.rst b/CHANGES.rst index 3084c38..b175664 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -30,6 +30,10 @@ General Compute ~~~ +- Minor security improvement for storing cached GCE credentials + (LIBCLOUD-718) + [Siim Põder] + - Removed DreamHosts Compute Driver, DreamHosts users will now use the OpenStack Node driver since DreamHosts are OpenStack API compliant (GITHUB-655) http://git-wip-us.apache.org/repos/asf/libcloud/blob/59fec8e7/libcloud/common/google.py -- diff --git a/libcloud/common/google.py b/libcloud/common/google.py index e29451f..491d5af 100644 --- a/libcloud/common/google.py +++ b/libcloud/common/google.py @@ -826,5 +826,5 @@ class GoogleBaseConnection(ConnectionUserAndKey, PollingConnection): """ filename = os.path.realpath(os.path.expanduser(self.credential_file)) data = json.dumps(self.oauth2_token) -with open(filename, 'w') as f: -f.write(data) +f = os.open(filename, os.O_CREAT | os.O_WRONLY, 0600) +os.write(f, data)
[jira] [Commented] (LIBCLOUD-718) gce_libcloud_auth credentials file world-readable
[ https://issues.apache.org/jira/browse/LIBCLOUD-718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15064985#comment-15064985 ] ASF subversion and git services commented on LIBCLOUD-718: -- Commit 59fec8e7a203ce95bca7a8b6c5c1744f4f718527 in libcloud's branch refs/heads/trunk from [~erjohnso] [ https://git-wip-us.apache.org/repos/asf?p=libcloud.git;h=59fec8e ] [google] Minor security improvement for storing cached GCE credentials Closes LIBCLOUD-718 > gce_libcloud_auth credentials file world-readable > - > > Key: LIBCLOUD-718 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-718 > Project: Libcloud > Issue Type: Bug > Components: Core >Reporter: Siim Põder > > I noticed a suspicious-looking world-readable file on a VM that talks to > Google Compute Engine API via libcloud: > {noformat} > -rw-r--r-- 1 root root 164 Jun 27 21:21 > .gce_libcloud_auth.wargame-engine > {noformat} > It contains a "Bearer" access token so presumably should not be readable by > other users on a shared system. I suspect this (untested) patch might maybe > fix this in git head: > {noformat} > diff --git a/libcloud/common/google.py b/libcloud/common/google.py > index 694cf93..7a658c8 100644 > --- a/libcloud/common/google.py > +++ b/libcloud/common/google.py > @@ -715,7 +715,7 @@ class GoogleBaseConnection(ConnectionUserAndKey, > PollingConnection): > """ > filename = os.path.realpath(os.path.expanduser(self.credential_file)) > data = json.dumps(self.token_info) > -with open(filename, 'w') as f: > +with os.open(filename, os.O_WRONLY, 0o600) as f: > f.write(data) > > def has_completed(self, response): > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (LIBCLOUD-774) Add support for creation/edit of preemptible instance in GCE driver
[ https://issues.apache.org/jira/browse/LIBCLOUD-774?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Johnson resolved LIBCLOUD-774. --- Resolution: Fixed Fixed in https://github.com/apache/libcloud/pull/643 > Add support for creation/edit of preemptible instance in GCE driver > --- > > Key: LIBCLOUD-774 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-774 > Project: Libcloud > Issue Type: Improvement > Components: Compute >Reporter: Brian Lawney >Priority: Minor > Labels: gce, patch > Original Estimate: 48h > Remaining Estimate: 48h > > GCE driver currently does not support the creation of preemptible instances. -- This message was sent by Atlassian JIRA (v6.3.4#6332)