samples for external-account: should acquire ADC for url-sourced creds failed #1329
Assignees
Labels
flakybot: issue
An issue filed by the Flaky Bot. Should not be added manually.
priority: p1
Important issue which blocks shipping the next release. Will be fixed prior to next release.
samples
Issues that are directly related to samples.
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Comments
flaky-bot
bot
added
flakybot: issue
product-auto-label
bot
added
the
samples
|
commit: 0552915 Test outputexpected 'GaxiosError: The caller does not have permission\n at Gaxios._request (/workspace/node_modules/gaxios/build/src/gaxios.js:129:23)\n at processTicksAndRejections (internal/process/task_queues.js:97:5)\n at async IdentityPoolClient.getImpersonatedAccessToken (/workspace/build/src/auth/baseexternalclient.js:369:26)\n at async IdentityPoolClient.refreshAccessTokenAsync (/workspace/build/src/auth/baseexternalclient.js:298:38)\n at async IdentityPoolClient.getAccessToken (/workspace/build/src/auth/baseexternalclient.js:149:13)\n at async IdentityPoolClient.getRequestHeaders (/workspace/build/src/auth/baseexternalclient.js:166:37)\n at async IdentityPoolClient.requestAsync (/workspace/build/src/auth/baseexternalclient.js:226:36)\n at async main (/workspace/samples/adc.js:31:15) {\n response: {\n config: {\n url: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\',\n method: \'POST\',\n headers: [Object],\n data: [Object],\n responseType: \'json\',\n paramsSerializer: [Function: paramsSerializer],\n body: \'{"scope":["https://www.googleapis.com/auth/cloud-platform"]}\',\n validateStatus: [Function: validateStatus]\n },\n data: { error: [Object] },\n headers: {\n \'cache-control\': \'private\',\n connection: \'close\',\n \'content-encoding\': \'gzip\',\n \'content-type\': \'application/json; charset=UTF-8\',\n date: \'Fri, 03 Dec 2021 22:31:58 GMT\',\n server: \'scaffolding on HTTPServer2\',\n \'transfer-encoding\': \'chunked\',\n vary: \'Origin, X-Origin, Referer\',\n \'x-content-type-options\': \'nosniff\',\n \'x-frame-options\': \'SAMEORIGIN\',\n \'x-xss-protection\': \'0\'\n },\n status: 403,\n statusText: \'Forbidden\',\n request: {\n responseURL: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\'\n }\n },\n config: {\n url: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\',\n method: \'POST\',\n headers: {\n \'Content-Type\': \'application/json\',\n Authorization: \'Bearer ya29.d.KuIDGwj-Jt36jUYFFx4sWp7rLmFjdzQZcS_9v20VoHZX7rbZ3WcB4fuRkc2VvaNbIoLQHP5pYsfkTjs1S3PgBbG3XCgD3DgrWaTxboqLHKw5Ho6-ZeW2mtcf0JyE6sH4PS1z961N1E6snhUYOou5lzyPfeyswv3B9WX6uF11RAFTpWmfOiCMl7a-reQDOGYrXDkbIDAgkuJQTInmS-irjdezZuixoRw05f9TNX6tYzKUEfAHS-bUkgx3REvpecxh2YhI1UQed8n9ZaxFupEj-KNpHeglcZH4kpRw0avkgOXOWyxQ2yaCPfdBI0XyTfT2cU0PEylkO2GonqH93LydIbp2Zt5b9A0tpxqqbcmoj5SVOsF0KEpLy9Upo1sespCiH8BdRLNgAZWXKKF3EqIgtZ09YF5z3O5w4BkyLgF2iCKTQj2N_KzWy18cHLdYD-Z_ZFfe0SmEZVAY5lYbGZz4IR_Yc2Q3cFix_veizXJv26f2_Y9dDe2uwk7vrMN0Wj-hmjqYZCWuUHu82JCCPBmtDoyq59s2ePkecmooNDRViXnB6dp63kk4MPktm_X5RlZuSjhS5w8VlVSgT6d5W3RTPZsvPQ-LLQbX2P8gdEMzGAxJInGKpNzYooHXtqr503aTsZPo0qc\',\n \'User-Agent\': \'google-api-nodejs-client/7.10.3\',\n \'x-goog-api-client\': \'gl-node/12.22.7 auth/7.10.3\',\n Accept: \'application/json\'\n },\n data: { scope: [Array] },\n responseType: \'json\',\n paramsSerializer: [Function: paramsSerializer],\n body: \'{"scope":["https://www.googleapis.com/auth/cloud-platform"]}\',\n validateStatus: [Function: validateStatus]\n },\n code: 403,\n errors: [\n {\n message: \'The caller does not have permission\',\n domain: \'global\',\n reason: \'forbidden\'\n }\n ]\n}\n' to match /DNS Info:/
AssertionError: expected 'GaxiosError: The caller does not have permission\n at Gaxios._request (/workspace/node_modules/gaxios/build/src/gaxios.js:129:23)\n at processTicksAndRejections (internal/process/task_queues.js:97:5)\n at async IdentityPoolClient.getImpersonatedAccessToken (/workspace/build/src/auth/baseexternalclient.js:369:26)\n at async IdentityPoolClient.refreshAccessTokenAsync (/workspace/build/src/auth/baseexternalclient.js:298:38)\n at async IdentityPoolClient.getAccessToken (/workspace/build/src/auth/baseexternalclient.js:149:13)\n at async IdentityPoolClient.getRequestHeaders (/workspace/build/src/auth/baseexternalclient.js:166:37)\n at async IdentityPoolClient.requestAsync (/workspace/build/src/auth/baseexternalclient.js:226:36)\n at async main (/workspace/samples/adc.js:31:15) {\n response: {\n config: {\n url: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\',\n method: \'POST\',\n headers: [Object],\n data: [Object],\n responseType: \'json\',\n paramsSerializer: [Function: paramsSerializer],\n body: \'{"scope":["https://www.googleapis.com/auth/cloud-platform"]}\',\n validateStatus: [Function: validateStatus]\n },\n data: { error: [Object] },\n headers: {\n \'cache-control\': \'private\',\n connection: \'close\',\n \'content-encoding\': \'gzip\',\n \'content-type\': \'application/json; charset=UTF-8\',\n date: \'Fri, 03 Dec 2021 22:31:58 GMT\',\n server: \'scaffolding on HTTPServer2\',\n \'transfer-encoding\': \'chunked\',\n vary: \'Origin, X-Origin, Referer\',\n \'x-content-type-options\': \'nosniff\',\n \'x-frame-options\': \'SAMEORIGIN\',\n \'x-xss-protection\': \'0\'\n },\n status: 403,\n statusText: \'Forbidden\',\n request: {\n responseURL: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\'\n }\n },\n config: {\n url: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\',\n method: \'POST\',\n headers: {\n \'Content-Type\': \'application/json\',\n Authorization: \'Bearer ya29.d.KuIDGwj-Jt36jUYFFx4sWp7rLmFjdzQZcS_9v20VoHZX7rbZ3WcB4fuRkc2VvaNbIoLQHP5pYsfkTjs1S3PgBbG3XCgD3DgrWaTxboqLHKw5Ho6-ZeW2mtcf0JyE6sH4PS1z961N1E6snhUYOou5lzyPfeyswv3B9WX6uF11RAFTpWmfOiCMl7a-reQDOGYrXDkbIDAgkuJQTInmS-irjdezZuixoRw05f9TNX6tYzKUEfAHS-bUkgx3REvpecxh2YhI1UQed8n9ZaxFupEj-KNpHeglcZH4kpRw0avkgOXOWyxQ2yaCPfdBI0XyTfT2cU0PEylkO2GonqH93LydIbp2Zt5b9A0tpxqqbcmoj5SVOsF0KEpLy9Upo1sespCiH8BdRLNgAZWXKKF3EqIgtZ09YF5z3O5w4BkyLgF2iCKTQj2N_KzWy18cHLdYD-Z_ZFfe0SmEZVAY5lYbGZz4IR_Yc2Q3cFix_veizXJv26f2_Y9dDe2uwk7vrMN0Wj-hmjqYZCWuUHu82JCCPBmtDoyq59s2ePkecmooNDRViXnB6dp63kk4MPktm_X5RlZuSjhS5w8VlVSgT6d5W3RTPZsvPQ-LLQbX2P8gdEMzGAxJInGKpNzYooHXtqr503aTsZPo0qc\',\n \'User-Agent\': \'google-api-nodejs-client/7.10.3\',\n \'x-goog-api-client\': \'gl-node/12.22.7 auth/7.10.3\',\n Accept: \'application/json\'\n },\n data: { scope: [Array] },\n responseType: \'json\',\n paramsSerializer: [Function: paramsSerializer],\n body: \'{"scope":["https://www.googleapis.com/auth/cloud-platform"]}\',\n validateStatus: [Function: validateStatus]\n },\n code: 403,\n errors: [\n {\n message: \'The caller does not have permission\',\n domain: \'global\',\n reason: \'forbidden\'\n }\n ]\n}\n' to match /DNS Info:/
at Context. (test/externalclient.test.js:384:12)
at processTicksAndRejections (internal/process/task_queues.js:97:5) |
|
Permissions fix to restore Workload Identity Federation being made internally. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This test failed!
To configure my behavior, see the Flaky Bot documentation.
If I'm commenting on this issue too often, add the
flakybot: quietlabel andI will stop commenting.
commit: 110ddc2
buildURL: Build Status, Sponge
status: failed
Test output
expected 'GaxiosError: The caller does not have permission\n at Gaxios._request (/workspace/node_modules/gaxios/build/src/gaxios.js:129:23)\n at processTicksAndRejections (internal/process/task_queues.js:97:5)\n at async IdentityPoolClient.getImpersonatedAccessToken (/workspace/build/src/auth/baseexternalclient.js:369:26)\n at async IdentityPoolClient.refreshAccessTokenAsync (/workspace/build/src/auth/baseexternalclient.js:298:38)\n at async IdentityPoolClient.getAccessToken (/workspace/build/src/auth/baseexternalclient.js:149:13)\n at async IdentityPoolClient.getRequestHeaders (/workspace/build/src/auth/baseexternalclient.js:166:37)\n at async IdentityPoolClient.requestAsync (/workspace/build/src/auth/baseexternalclient.js:226:36)\n at async main (/workspace/samples/adc.js:31:15) {\n response: {\n config: {\n url: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\',\n method: \'POST\',\n headers: [Object],\n data: [Object],\n responseType: \'json\',\n paramsSerializer: [Function: paramsSerializer],\n body: \'{"scope":["https://www.googleapis.com/auth/cloud-platform"]}\',\n validateStatus: [Function: validateStatus]\n },\n data: { error: [Object] },\n headers: {\n \'cache-control\': \'private\',\n connection: \'close\',\n \'content-encoding\': \'gzip\',\n \'content-type\': \'application/json; charset=UTF-8\',\n date: \'Fri, 03 Dec 2021 09:36:54 GMT\',\n server: \'scaffolding on HTTPServer2\',\n \'transfer-encoding\': \'chunked\',\n vary: \'Origin, X-Origin, Referer\',\n \'x-content-type-options\': \'nosniff\',\n \'x-frame-options\': \'SAMEORIGIN\',\n \'x-xss-protection\': \'0\'\n },\n status: 403,\n statusText: \'Forbidden\',\n request: {\n responseURL: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\'\n }\n },\n config: {\n url: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\',\n method: \'POST\',\n headers: {\n \'Content-Type\': \'application/json\',\n Authorization: \'Bearer ya29.d.KuIDGwho1cy1Ek41Hc7q0_MWkTiMlPI8KQTuqScd2fWuoGQWsJjgAFk89Vbt4iaIOKLeLcyz22nQ2I5caV7omFz0ptfcGADS1yN9L_wvVoSMPVzHrZuPEDCm26z2J8rUjuzSzogHIsdPI5XK_6ks0j8ybjWOWHzpCBwvUkXU6CfF2aKQDhm-TBM719RZtCYTj7AtEoNo13a0Z8dC5xMI-KOR_lM-_ogai2A75zY0bAfULbg_vGaw1mExE6jkhj6KjPvbyjne-PkJcsnE5dkncC4lR2Zt0IDnqd9J5whi0-ACxk2xY83zXcPuT73GNJzII6RLTqkMJbjS9bqroC7TefYUTB8Fu7KTpVVpXfNcF5N-LQwgXUUBZaMs-3hDLIwEzjg1jXduiVIjrwiZWjFuSxg0K3F17N0JPTIOAZixnPz3WrE0yGhvtICUe3aXkxXUc4EzlTnmC4RU1YdzWA4Z7-QSK-iFkOInKhkZVBDPQO3WAFK7TZIarzik3jYT09ByPbWVF9nbrMIQTI6uLGwb0jebVU1ptySWCKkYvD4fe0nW5wrW87vmPWQNMUn9sAQQQKLdva1vqrnQ-l43GOKqHYPjl_AN7xnmHJp9Uoum1rS4sYyAoRpsLTez2HqJiAmoHGUrGjY\',\n \'User-Agent\': \'google-api-nodejs-client/7.10.2\',\n \'x-goog-api-client\': \'gl-node/12.22.7 auth/7.10.2\',\n Accept: \'application/json\'\n },\n data: { scope: [Array] },\n responseType: \'json\',\n paramsSerializer: [Function: paramsSerializer],\n body: \'{"scope":["https://www.googleapis.com/auth/cloud-platform"]}\',\n validateStatus: [Function: validateStatus]\n },\n code: 403,\n errors: [\n {\n message: \'The caller does not have permission\',\n domain: \'global\',\n reason: \'forbidden\'\n }\n ]\n}\n' to match /DNS Info:/ AssertionError: expected 'GaxiosError: The caller does not have permission\n at Gaxios._request (/workspace/node_modules/gaxios/build/src/gaxios.js:129:23)\n at processTicksAndRejections (internal/process/task_queues.js:97:5)\n at async IdentityPoolClient.getImpersonatedAccessToken (/workspace/build/src/auth/baseexternalclient.js:369:26)\n at async IdentityPoolClient.refreshAccessTokenAsync (/workspace/build/src/auth/baseexternalclient.js:298:38)\n at async IdentityPoolClient.getAccessToken (/workspace/build/src/auth/baseexternalclient.js:149:13)\n at async IdentityPoolClient.getRequestHeaders (/workspace/build/src/auth/baseexternalclient.js:166:37)\n at async IdentityPoolClient.requestAsync (/workspace/build/src/auth/baseexternalclient.js:226:36)\n at async main (/workspace/samples/adc.js:31:15) {\n response: {\n config: {\n url: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\',\n method: \'POST\',\n headers: [Object],\n data: [Object],\n responseType: \'json\',\n paramsSerializer: [Function: paramsSerializer],\n body: \'{"scope":["https://www.googleapis.com/auth/cloud-platform"]}\',\n validateStatus: [Function: validateStatus]\n },\n data: { error: [Object] },\n headers: {\n \'cache-control\': \'private\',\n connection: \'close\',\n \'content-encoding\': \'gzip\',\n \'content-type\': \'application/json; charset=UTF-8\',\n date: \'Fri, 03 Dec 2021 09:36:54 GMT\',\n server: \'scaffolding on HTTPServer2\',\n \'transfer-encoding\': \'chunked\',\n vary: \'Origin, X-Origin, Referer\',\n \'x-content-type-options\': \'nosniff\',\n \'x-frame-options\': \'SAMEORIGIN\',\n \'x-xss-protection\': \'0\'\n },\n status: 403,\n statusText: \'Forbidden\',\n request: {\n responseURL: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\'\n }\n },\n config: {\n url: \'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken\',\n method: \'POST\',\n headers: {\n \'Content-Type\': \'application/json\',\n Authorization: \'Bearer ya29.d.KuIDGwho1cy1Ek41Hc7q0_MWkTiMlPI8KQTuqScd2fWuoGQWsJjgAFk89Vbt4iaIOKLeLcyz22nQ2I5caV7omFz0ptfcGADS1yN9L_wvVoSMPVzHrZuPEDCm26z2J8rUjuzSzogHIsdPI5XK_6ks0j8ybjWOWHzpCBwvUkXU6CfF2aKQDhm-TBM719RZtCYTj7AtEoNo13a0Z8dC5xMI-KOR_lM-_ogai2A75zY0bAfULbg_vGaw1mExE6jkhj6KjPvbyjne-PkJcsnE5dkncC4lR2Zt0IDnqd9J5whi0-ACxk2xY83zXcPuT73GNJzII6RLTqkMJbjS9bqroC7TefYUTB8Fu7KTpVVpXfNcF5N-LQwgXUUBZaMs-3hDLIwEzjg1jXduiVIjrwiZWjFuSxg0K3F17N0JPTIOAZixnPz3WrE0yGhvtICUe3aXkxXUc4EzlTnmC4RU1YdzWA4Z7-QSK-iFkOInKhkZVBDPQO3WAFK7TZIarzik3jYT09ByPbWVF9nbrMIQTI6uLGwb0jebVU1ptySWCKkYvD4fe0nW5wrW87vmPWQNMUn9sAQQQKLdva1vqrnQ-l43GOKqHYPjl_AN7xnmHJp9Uoum1rS4sYyAoRpsLTez2HqJiAmoHGUrGjY\',\n \'User-Agent\': \'google-api-nodejs-client/7.10.2\',\n \'x-goog-api-client\': \'gl-node/12.22.7 auth/7.10.2\',\n Accept: \'application/json\'\n },\n data: { scope: [Array] },\n responseType: \'json\',\n paramsSerializer: [Function: paramsSerializer],\n body: \'{"scope":["https://www.googleapis.com/auth/cloud-platform"]}\',\n validateStatus: [Function: validateStatus]\n },\n code: 403,\n errors: [\n {\n message: \'The caller does not have permission\',\n domain: \'global\',\n reason: \'forbidden\'\n }\n ]\n}\n' to match /DNS Info:/ at Context. (test/externalclient.test.js:384:12) at processTicksAndRejections (internal/process/task_queues.js:97:5)The text was updated successfully, but these errors were encountered: