google.auth.exceptions.RefreshError: ('invalid_scope: Invalid OAuth scope or ID token audience provided.', {'error': 'invalid_scope', 'error_description': 'Invalid OAuth scope or ID token audience provided.'})

[birb57]

Hi

Can not use adc authentication via service account for gce-rescue

Can you please advise ?

[gce-rescue]# [root@gce-rescue]# export GOOGLE_APPLICATION_CREDENTIALS="/root/gce-rescue/auth-simu.json" [root@gce-rescue]# /usr/bin/gce-rescue -p dbg-cs-sz-32064e0b -z europe-west3-a -n gcsb84rhel098 Traceback (most recent call last): File "/usr/bin/gce-rescue", line 33, in sys.exit(load_entry_point('gce-rescue==0.4b0', 'console_scripts', 'gce-rescue')()) File "/usr/lib/python3.9/site-packages/gce_rescue-0.4b0-py3.9.egg/gce_rescue/bin/rescue.py", line 44, in main vm = Instance(test_mode=False, **parse_kwargs) File "", line 12, in init File "/usr/lib/python3.9/site-packages/gce_rescue-0.4b0-py3.9.egg/gce_rescue/gce.py", line 112, in post_init check = Validations( File "", line 7, in init File "/usr/lib/python3.9/site-packages/gce_rescue-0.4b0-py3.9.egg/gce_rescue/tasks/pre_validations.py", line 48, in post_init authorize_check(project = self.project) File "/usr/lib/python3.9/site-packages/gce_rescue-0.4b0-py3.9.egg/gce_rescue/tasks/validations/authorization.py", line 43, in authorize_check result = service.projects().testIamPermissions( File "/usr/lib/python3.9/site-packages/google_api_python_client-2.125.0-py3.9.egg/googleapiclient/_helpers.py", line 130, in positional_wrapper return wrapped(*args, **kwargs) File "/usr/lib/python3.9/site-packages/google_api_python_client-2.125.0-py3.9.egg/googleapiclient/http.py", line 923, in execute resp, content = _retry_request( File "/usr/lib/python3.9/site-packages/google_api_python_client-2.125.0-py3.9.egg/googleapiclient/http.py", line 191, in _retry_request resp, content = http.request(uri, method, *args, **kwargs) File "/usr/lib/python3.9/site-packages/google_auth_httplib2-0.2.0-py3.9.egg/google_auth_httplib2.py", line 209, in request self.credentials.before_request(self._request, method, uri, request_headers) File "/usr/local/lib/python3.9/site-packages/google/auth/credentials.py", line 228, in before_request self._blocking_refresh(request) File "/usr/local/lib/python3.9/site-packages/google/auth/credentials.py", line 191, in _blocking_refresh self.refresh(request) File "/usr/local/lib/python3.9/site-packages/google/oauth2/service_account.py", line 441, in refresh access_token, expiry, _ = _client.jwt_grant( File "/usr/local/lib/python3.9/site-packages/google/oauth2/_client.py", line 308, in jwt_grant response_data = _token_endpoint_request( File "/usr/local/lib/python3.9/site-packages/google/oauth2/_client.py", line 279, in _token_endpoint_request _handle_error_response(response_data, retryable_error) File "/usr/local/lib/python3.9/site-packages/google/oauth2/_client.py", line 72, in _handle_error_response raise exceptions.RefreshError( google.auth.exceptions.RefreshError: ('invalid_scope: Invalid OAuth scope or ID token audience provided.', {'error': 'invalid_scope', 'error_description': 'Invalid OAuth scope or ID token audience provided.'}) [root@ gce-rescue]#

Thanks for your support