PyDrive2
PyDrive2 copied to clipboard
iterative
authentication-with-a default service-account isn't working
regarding comment in PR #221, i tried https://docs.iterative.ai/PyDrive2/oauth/#authentication-with-a-service-account
i couldn't find where this function is implemented. i tried to implement it by myself (copy pate), but the GCP environment couldn't find the "client_json_file_path": "service-secrets.json",
@lappazos please, no need to ping me directly and/or use my email. At least not immediately. We are getting notifications about the new issues.
i couldn't find where this function is implemented.
what function? try to follow these steps to generate the secrets file - https://dvc.org/doc/user-guide/how-to/setup-google-drive-remote#using-service-accounts
@shcheklein I don't think you understand. When you log in to a VM of GCP, you always use a service account. the service account credentials are available somehow in the machine (I'm not sure how, and that is the whole point of this request - automatic authentication using the VM service account credentials). many libraries can authenticate automatically when they are inside a GCP VM, saving the need in a JSON file. we don't want to create a JSON file, that is a potential security breach. BTW, at the moment I have no problem authenticating with JSON file - the whole point is avoiding that, using the VM Metadata credentials of the Service Account.
Back to your question, in the PR you suggested using https://docs.iterative.ai/PyDrive2/oauth/#authentication-with-a-service-account. This leads to a function called login_with_service_account, which I can't find in the library implementation. As I mentioned above, I tried to implement it by myself (copy-paste), but the GCP environment couldn't find the "client_json_file_path": "service-secrets.json",
Okay, I see. This duplicates this https://github.com/iterative/PyDrive2/issues/187 and https://github.com/iterative/PyDrive2/issues/179 ?
@lappazos @junp Do you know what is the mechanism behind the default service account? Is there a file in some location, ENV variable, etc? Is it the same as GoogleCredentials.get_application_default()?
Back to your question, in the PR you suggested using https://docs.iterative.ai/PyDrive2/oauth/#authentication-with-a-service-account. This leads to a function called login_with_service_account, which I can't find in the library implementation.
Could you give a link and / or more context?
Okay, I see. This duplicates this #187 and #179 ?
Yes, exactly
@lappazos @junp Do you know what is the mechanism behind the default service account? Is there a file in some location, ENV variable, etc? Is it the same as
GoogleCredentials.get_application_default()?
Unfortunately, I don't know what is the mechanism
Back to your question, in the PR you suggested using https://docs.iterative.ai/PyDrive2/oauth/#authentication-with-a-service-account. This leads to a function called login_with_service_account, which I can't find in the library implementation.
Could you give a link and / or more context?
I'm not sure what you mean - you gave me the link to that function. it is nowhere to be found in the library, only in the documentation and didn't work when I implemented it by copying it to my python file since the file path wasn't correct.
I'm not sure what you mean - you gave me the link to that function. it is nowhere to be found in the library, only in the documentation and didn't work when I implemented it by copying it to my python file since the file path wasn't correct.
okay, got it. Yes, for that workflow to work you need a file, or an ENV var, or something with the service account credentials. I would try to google and see how the default credentials are implemented - is a service account or not, are those saved in some file or not. Depending on that we either could modify the code a bit (I can help), or we'll need to wait for the PR to lend, or may be we'll have some way to fix the current implementation a bit to incorporate that flow.