Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: gcs access and add test #966

Closed
wants to merge 7 commits into from
Closed

fix: gcs access and add test #966

wants to merge 7 commits into from

Conversation

wolfv
Copy link
Contributor

@wolfv wolfv commented Dec 5, 2024
edited
Loading

Unfortunately a bug slipped in where we were sending Bearer Bearer <token> (ie. one Bearer too much).

This fixes it and adds a test. I also added credential for a test account in the GOOGLE_CLOUD_TEST_KEY_JSON secret. This can access a bucket in the prefix-dev GCS (conda-channel-test/test-channel).

How to use GCS channels with rattler / pixi:

To use GCS channels, you need to first login using the gcloud CLI tool. For automatic discovery, rattler expects the ~/.config/gcloud/application_default_credentials.json file to be available (or the GOOGLE_APPLICATION_CREDENTIALS env var to contain the JSON contents).

To login, you can use gcloud auth application-default login which will automatically create the JSON file in the right place.

Logs on how the service account was created:

gcloud iam service-accounts create gh-action-test-bucket-reader \
    --display-name "Github Actions Test Bucket Reader"

gcloud iam roles create bucketReader \
    --project=conda-channel-test \
    --title="Bucket Reader" \
    --permissions=storage.objects.get,storage.objects.list


gsutil iam ch \
    serviceAccount:gh-action-test-bucket-reader@conda-channel-test.iam.gserviceaccount.com:roles/storage.objectViewer \
    gs://test-channel

gcloud iam service-accounts keys create key.json \
    --iam-account=gh-action-test-bucket-reader@conda-channel-test.iam.gserviceaccount.com

@wolfv wolfv mentioned this pull request Dec 5, 2024
Closed
2 tasks
baszalmstra
baszalmstra reviewed Dec 5, 2024
View reviewed changes
Copy link
Collaborator

@baszalmstra baszalmstra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good and awesome that you added a test!

crates/rattler_networking/src/gcs_middleware.rs
use tempfile;

#[tokio::test]
async fn test_gcs_middleware() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we only run this test if this variable is available?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We only run this test when the gcs feature is enabled. So that already makes the test run pretty seldomly. I havent' found a way to print a big fat warning, so I prefer to fail the test.

@baszalmstra
Copy link
Collaborator

Can you reopen this PR as a branch so we are sure that the test works?

@wolfv wolfv closed this Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baszalmstra baszalmstra baszalmstra left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wolfv @baszalmstra