Authenticate Google Cloud service account on docker image

I’m finding different behavior from within and outside of a docker image for authenticating a google service account.

Outside. Succeeds.

  • Docker not finding php's mysql extension
  • App stop working recently: File not Found in Laravel using Docker
  • Docker. Connect from one container to another container with mysql
  • Error when installing docker-compose using ansible-playbook
  • Linked container IP not in hosts
  • How can I deploy a crate cluster on Giant Swarm?
  • C:\Users\Ben\AppData\Local\Google\Cloud SDK>gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccount.com --key-file C:/Users/Ben/Dropbox/Google/MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370
    Activated service account credentials for: [773889352370-compute@developer.gserviceaccount.com]
    

    Run docker container, pass the .json key to tmp directory.

    C:\Users\Ben\AppData\Local\Google\Cloud SDK>docker run -it -v C:/Users/Ben/Dropbox/Google/MeerkatReader-d77c0d6aa04f.json:/tmp/MeerkatReader-d77c0d6aa04f.json  --rm -p "127.0.0.1:8080:8080" --entrypoint=/bin/bash  gcr.io/cloud-datalab/datalab:local-20161227
    

    From within docker, confirm the file is there

    root@4a4a9314f15c:/tmp# ls
    MeerkatReader-d77c0d6aa04f.json  npm-24-b7aa1bcf  npm-45-fd13ef7c  npm-7-22ec336e
    

    Run the same command as before. Fails.

    root@4a4a9314f15c:/tmp# gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccoun
    t.com --key-file MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370
    ERROR: (gcloud.auth.activate-service-account) Failed to activate the given service account. Please ensure provided key file is valid.
    

    What might cause this error? More broadly, what is the suggested strategy for passing credentials. I’ve tried this and it fails as well. I’m using the cloudml API and cloud vision, and i’d like to avoid manual gcloud init at the beginning of every run.

    EDIT: To show gcloud info

    root@7ff49b26484f:/# gcloud info --run-diagnostics
    Network diagnostic detects and fixes local network connection issues.
    Checking network connection...done.
    Reachability Check passed.
    Network diagnostic (1/1 checks) passed.
    

    confirmed same behavior

    root@7ff49b26484f:/tmp# gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccount.com --key-file MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370
    ERROR: (gcloud.auth.activate-service-account) Failed to activate the given service account. Please ensure provided key file is valid.
    

  • Meteor packages.json error workaround when upgrading from 1.2 to 1.3 and deploying in a docker container
  • Powershell Install-Package from Nuget
  • How to tell Docker to use dm/LVM backend for volumes instead of vfs
  • Can't get Pod info in the kubernetes cluster
  • Controlling the Data of a Database Docker Container
  • Current Base Device UUID: does not match with stored UUID:
  • 2 Solutions collect form web for “Authenticate Google Cloud service account on docker image”

    Have you attempted to put the credential in the image from the beginning? Is that a similar outcome?

    On the other hand, have you tried using --key-file /tmp/MeerkatReader-d77c0d6aa04f.json? Since it appears you’re putting the json file in /tmp.

    You might also consider checking the network configuration inside the container and with docker from the outside.

    This is probably due to a clock skew of the docker VM. I debugged the activate-service-account function of the google SDK and got the following error message:

    There was a problem refreshing your current auth tokens: invalid_grant:  
    Invalid JWT: Token must be a short-lived token and in a reasonable timeframe
    Please run:
    $ gcloud auth login
    
    to obtain new credentials, or if you have already logged in with a different account:
    
    $ gcloud config set account ACCOUNT
    
    to select an already authenticated account to use.
    

    After rebooting the VM, it worked like a charm.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.