gce.py issues authenticating to GCE

[Alex Leonhardt]

Hi,

So I've been trying to get gce to work, but no luck - it used to work, something changed, and now it isn't - not sure what happened, but I tried to setup everything from scratch again ... 

On GCE, I've created a service account, when creating the account, I ticked the box to allow domain-wide delegation (DwD), the p12 got downloaded automatically and the pem extracted with the command from the ansible site (https://docs.ansible.com/ansible/guide_gce.html#credentials) and stored as ansible.pem, I then clicked on "View client ID", edited the name (ansible) and saved it.

I've attached some screenshots that should help (I hope) ... 

https://console.developers.google.com/apis/credentials?project=projectname

Service account details / list : 

View client detail : 

The secrets.py has the following : 

GCE_PARAMS = ('ansible@********.iam.gserviceaccount.com', '/full/path/to/ansible.pem')
GCE_KEYWORD_PARAMS = {'project': '********'}

The gce.ini has the following : 

[gce]
libcloud_secrets = /full/path/to/secrets.py

But now I get this output : 

Please Go to the following URL and sign in:
https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.full_control+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fndev.clouddns.readwrite&state=Libcloud+Request&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&client_id=ansible%40********.iam.gserviceaccount.com
Enter Code:

Anyone got any ideas ? Any way to debug this ? 

Thanks!

Alex

[Eric Johnson]

I haven't done any testing to confirm, but it could be related to this: https://github.com/apache/libcloud/commit/88170f6582dd6cc3bce87c0ab3a89118551fe508 and ansible not yet supporting the new email address format for client_id.  You could try running libcloud from trunk (or making that one-line hack to your local install) to see if that fixes the issue.