Skip to content
This repository has been archived by the owner on Mar 25, 2018. It is now read-only.

validate service account email is the identity #6

Open
codefromthecrypt opened this issue Mar 10, 2013 · 5 comments
Open

validate service account email is the identity #6

codefromthecrypt opened this issue Mar 10, 2013 · 5 comments

Comments

@codefromthecrypt
Copy link
Contributor

While we hope all folks read the README, I think we can do more to help them solve their own issues on google-compute.

If you do not pass an email address as identity GoogleComputeRestClientModule.supplyProject, will throw an a helpful exception saying: identity should be in [email protected] format.

However, if you pass the email that you sign into the GCE console with, you get a vague error noted in issue #4:

1) Error in custom provider, org.jclouds.http.HttpResponseException: org.jclouds.http.HttpResponseException: command: POST https://accounts.google.com/o/oauth2/token HTTP/1.1 failed with response: HTTP/1.1 400 Bad Request; content: [{
  "error" : "invalid_grant"
}] connecting to GET https://www.googleapis.com/compute/v1beta13/projects/adrian.f.cole/zones HTTP/1.1
  at org.jclouds.compute.config.BaseComputeServiceContextModule.provideTemplateOptionallyFromProperties(BaseComputeServiceContextModule.java:184)
  while locating org.jclouds.compute.domain.TemplateBuilder annotated with @com.google.inject.name.Named(value=DEFAULT)

If GoogleComputeRestClientModule.supplyProject checked that the identity ended in @developer.gserviceaccount.com as opposed to just having a @ in it, then this confusion wouldn't be possible.

cc @dralves @mattstep
@codefromthecrypt
Copy link
Contributor Author

related issue: jclouds/jclouds-labs#7

@dralves
Copy link
Contributor

dralves commented Mar 11, 2013

do you think we should do an additional call to make sure the identity is valid?
I mean if the email is in the correct format (<my_id>@developer.gserviceaccount.com) but the id is not valid the error would still resemble the error you had....

@codefromthecrypt
Copy link
Contributor Author

Any improvements upon what I noticed are welcome! Main thing is to make it
clear to users that this is not the email they signed up to gce within the
error message.

@dralves
Copy link
Contributor

dralves commented Mar 11, 2013

to be clear my suggestion would require a network call to check/get the project on context bootstrap (any valid api call would work but we might as well get the project since we are at it).
I know you frown upon adding more calls :) so I wanted to make that clear.

@codefromthecrypt
Copy link
Contributor Author

Then I probably would do it. Stick with just making the validation
slightly smarter.

On Sunday, March 10, 2013, David Ribeiro Alves wrote:

to be clear my suggestion would require a network call to check/get the
project on context bootstrap (any valid api call would work but we might as
well get the project since we are at it).
I know you frown upon adding more calls :) so I wanted to make that clear.


Reply to this email directly or view it on GitHubhttps://github.com/jclouds/jclouds-labs/issues/6#issuecomment-14693850
.

@jclouds jclouds mentioned this issue Apr 10, 2013
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codefromthecrypt @dralves