internal/resource: fix gs:// fetches in GCE without a service account
#1363
Commits on May 9, 2022
-
internal/resource: fix gs:// fetches in GCE without a service account
When running in GCE, we assumed that we should always perform authenticated GS fetches. However, these can fail if the VM is not associated with a service account, even if the object being fetched is publicly readable: error while reading content from ...: metadata: GCE metadata "instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.read_only" not defined Query the VM's service account scopes first, and if that query fails (presumably because there is no service account), fall back to anonymous access.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.