How to fix Google Cloud Platform workspace credential problems?


#1

When you create a new workspace, it all works fine with gsutil and gcloud… until the API tokens expire for the first time (about 30 minutes) and you should refresh the credentials. When trying to re-authenticate (with gcloud auth login or gcloud auth application-defaults login as instructed within GCP documentation), sudo rights are required. I don’t want to give any scripts those rights; might not be that bad idea, but I prefer not to.

Here is example of what happens after approximately 30 minutes, and how I fixed it:

$ gsutil ls gs://your-storage
ServiceException: 401 Invalid Credentials
sudo chown -R ubuntu:ubuntu /home/ubuntu/.config/gcloud/configurations/config_default
gcloud auth login
gsutil ls gs://your-storage

And you will get a nice list of the content of your storage.

I am not a GCP master (yet); I’ve gone through endless hours of documentation, but never came across a section about alternative token refresh method than gcloud auth login or using the service accounts (which I will use at production; would prefer using OAuth accounts for dev team). If anyone knows, that this method is not the correct one, but instead I am doing something wrong with the entire gcloud auth process, please let me know.

Anyway, thanks for your time!


#2

It seems, that I can verify, that my approach is incorrect, since the git authentication fails after the fix I proposed. Is the Google Cloud connected project for App Engine projects only? I am a bit confused ATM.


#3

I managed to fix the Git problem, by using .netrc auth. To do this, navigate to your gcloud repository and go to the cloning form. Instead of choosing the “Google Cloud SDK”-option, choose the “Manually generated credentials”.

However, now the gsutil has broken again, but with different authentication error message socket.error: [Errno 111] Connection refused. And again, the problem is solved by simply using sudo, but I would not prefer doing that.

I tried to check if sudo and regular user have different authentication credentials, but when I do gcloud auth list and sudo gcloud auth list they are identical.

This is very strange. What is going on?

PS: It also seems, that my trick didn’t fix the git, but instead the state of my Workspace has mystically changed over night. Could someone tell me how sudo user and regular user differ for Google Cloud Platform Workspaces; what I can do and what I can not do as a regular user and how to circumvent that, or if I should not circumvent anything, why is it so? Due to App Engine Deployment process model?