Authenticating your Google Cloud account on a docker image

I find other behavior inside and outside the docker image to authenticate a google service account.

Out. Succeeds.

C:\Users\Ben\AppData\Local\Google\Cloud SDK>gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccount.com --key-file C:/Users/Ben/Dropbox/Google/MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370
Activated service account credentials for: [773889352370-compute@developer.gserviceaccount.com]

Run the docker container, pass the .json key to the tmp directory.

C:\Users\Ben\AppData\Local\Google\Cloud SDK>docker run -it -v C:/Users/Ben/Dropbox/Google/MeerkatReader-d77c0d6aa04f.json:/tmp/MeerkatReader-d77c0d6aa04f.json  --rm -p "127.0.0.1:8080:8080" --entrypoint=/bin/bash  gcr.io/cloud-datalab/datalab:local-20161227

Inside the docker, check if there is a file

root@4a4a9314f15c:/tmp# ls
MeerkatReader-d77c0d6aa04f.json  npm-24-b7aa1bcf  npm-45-fd13ef7c  npm-7-22ec336e

Run the same command as before. Fails.

root@4a4a9314f15c:/tmp# gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccoun
t.com --key-file MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370
ERROR: (gcloud.auth.activate-service-account) Failed to activate the given service account. Please ensure provided key file is valid.

What can cause this error? In a broader sense, what does the proposed strategy for transferring credentials offer . I tried this and it fails. I use the cloud API and cloud vision, and I would like to avoid manual gcloud init at the beginning of each run.

EDIT: to display gcloud info

root@7ff49b26484f:/# gcloud info --run-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic (1/1 checks) passed.

confirmed the same behavior

root@7ff49b26484f:/tmp# gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccount.com --key-file MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370
ERROR: (gcloud.auth.activate-service-account) Failed to activate the given service account. Please ensure provided key file is valid.
+5
2

? ?

, --key-file /tmp/MeerkatReader-d77c0d6aa04f.json? json /tmp.

.

0

, , VM. -- SDK Google :

There was a problem refreshing your current auth tokens: invalid_grant:  
Invalid JWT: Token must be a short-lived token and in a reasonable timeframe
Please run:
$ gcloud auth login

to obtain new credentials, or if you have already logged in with a different account:

$ gcloud config set account ACCOUNT

to select an already authenticated account to use.

.

+4

Source: https://habr.com/ru/post/1013988/


All Articles