Friday, October 5, 2018

gcloud ADC for local testing (and how I will never get that day back)

After spending a day fighting permissions errors while running some test code locally using an account that I know for sure has the correct permissions:
{ Error: 7 PERMISSION_DENIED: User not authorized to perform this action.
at Object.exports.createStatusError (/Users/ivan/app/node_modules/grpc/src/common.js:87:15)
at Object.onReceiveStatus (/Users/ivan/app/node_modules/grpc/src/client_interceptors.js:1188:28)
at InterceptingListener._callNext (/Users/ivan/app/node_modules/grpc/src/client_interceptors.js:564:42)
at InterceptingListener.onReceiveStatus (/Users/ivan/app/node_modules/grpc/src/client_interceptors.js:614:8)
at callback (/Users/ivan/app/node_modules/grpc/src/client_interceptors.js:841:24)
code: 7,
metadata: Metadata { _internal_repr: {} },
details: 'User not authorized to perform this action.',
note: 'Exception occurred in retry method that was not classified as transient' }


I was even able to use gcloud to post a message to the same topic my code was trying to use just doing it from the CLI!  no permission errors there!

So after rebuilding and reconfiguring my environment, not to mention reinstalling gcloud and changing the configs a ton of times... I found out that 'gcloud auth login' no longer creates ADC for you... you must use
gcloud auth application-default login

This takes you through a browser based auth for the 'Google Auth Library' and BLAM-O you are in business!