Hi
Can not use adc authentication via service account for gce-rescue
Can you please advise ?
[gce-rescue]#
[root@gce-rescue]# export GOOGLE_APPLICATION_CREDENTIALS="/root/gce-rescue/auth-simu.json"
[root@gce-rescue]# /usr/bin/gce-rescue -p dbg-cs-sz-32064e0b -z europe-west3-a -n gcsb84rhel098
Traceback (most recent call last):
File "/usr/bin/gce-rescue", line 33, in
sys.exit(load_entry_point('gce-rescue==0.4b0', 'console_scripts', 'gce-rescue')())
File "/usr/lib/python3.9/site-packages/gce_rescue-0.4b0-py3.9.egg/gce_rescue/bin/rescue.py", line 44, in main
vm = Instance(test_mode=False, **parse_kwargs)
File "", line 12, in init
File "/usr/lib/python3.9/site-packages/gce_rescue-0.4b0-py3.9.egg/gce_rescue/gce.py", line 112, in post_init
check = Validations(
File "", line 7, in init
File "/usr/lib/python3.9/site-packages/gce_rescue-0.4b0-py3.9.egg/gce_rescue/tasks/pre_validations.py", line 48, in post_init
authorize_check(project = self.project)
File "/usr/lib/python3.9/site-packages/gce_rescue-0.4b0-py3.9.egg/gce_rescue/tasks/validations/authorization.py", line 43, in authorize_check
result = service.projects().testIamPermissions(
File "/usr/lib/python3.9/site-packages/google_api_python_client-2.125.0-py3.9.egg/googleapiclient/_helpers.py", line 130, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/lib/python3.9/site-packages/google_api_python_client-2.125.0-py3.9.egg/googleapiclient/http.py", line 923, in execute
resp, content = _retry_request(
File "/usr/lib/python3.9/site-packages/google_api_python_client-2.125.0-py3.9.egg/googleapiclient/http.py", line 191, in _retry_request
resp, content = http.request(uri, method, *args, **kwargs)
File "/usr/lib/python3.9/site-packages/google_auth_httplib2-0.2.0-py3.9.egg/google_auth_httplib2.py", line 209, in request
self.credentials.before_request(self._request, method, uri, request_headers)
File "/usr/local/lib/python3.9/site-packages/google/auth/credentials.py", line 228, in before_request
self._blocking_refresh(request)
File "/usr/local/lib/python3.9/site-packages/google/auth/credentials.py", line 191, in _blocking_refresh
self.refresh(request)
File "/usr/local/lib/python3.9/site-packages/google/oauth2/service_account.py", line 441, in refresh
access_token, expiry, _ = _client.jwt_grant(
File "/usr/local/lib/python3.9/site-packages/google/oauth2/_client.py", line 308, in jwt_grant
response_data = _token_endpoint_request(
File "/usr/local/lib/python3.9/site-packages/google/oauth2/_client.py", line 279, in _token_endpoint_request
_handle_error_response(response_data, retryable_error)
File "/usr/local/lib/python3.9/site-packages/google/oauth2/_client.py", line 72, in _handle_error_response
raise exceptions.RefreshError(
google.auth.exceptions.RefreshError: ('invalid_scope: Invalid OAuth scope or ID token audience provided.', {'error': 'invalid_scope', 'error_description': 'Invalid OAuth scope or ID token audience provided.'})
[root@ gce-rescue]#
Thanks for your support