mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(server): Specify correct authentication scope for GCS

Browse source 
When retrieving tokens for service service accounts, some methods of
retrieval require a scope to be specified.
This commit is contained in:
Vincent Ambo 2019-10-02 15:19:28 +01:00 committed by Vincent Ambo
parent aa02ae1421
commit f4f2909573
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
tools/nixery/server/builder/builder.go
View file

@ -45,6 +45,9 @@ import (
// use up is set at a lower point. // use up is set at a lower point.
const LayerBudget int = 94 const LayerBudget int = 94
// API scope needed for renaming objects in GCS
const gcsScope = "https://www.googleapis.com/auth/devstorage.read_write"
// HTTP client to use for direct calls to APIs that are not part of the SDK // HTTP client to use for direct calls to APIs that are not part of the SDK
var client = &http.Client{} var client = &http.Client{}
@ -270,7 +273,7 @@ func prepareLayers(ctx context.Context, s *State, image *Image, graph *layers.Ru
func renameObject(ctx context.Context, s *State, old, new string) error { func renameObject(ctx context.Context, s *State, old, new string) error {
bucket := s.Cfg.Bucket bucket := s.Cfg.Bucket
creds, err := google.FindDefaultCredentials(ctx) creds, err := google.FindDefaultCredentials(ctx, gcsScope)
if err != nil { if err != nil {
return err return err
} }