diff options
author | Vincent Ambo <tazjin@google.com> | 2019-10-02T14·19+0100 |
---|---|---|
committer | Vincent Ambo <github@tazj.in> | 2019-10-03T12·21+0100 |
commit | f4f290957305a5a81292edef717a18a7c36be4bf (patch) | |
tree | 2c98ac4fa1b8bba9f4a37cc3e8f5e7c1106c77a4 | |
parent | aa02ae142166af23c1b6d8533b8eea5d6fa3e9a1 (diff) |
fix(server): Specify correct authentication scope for GCS
When retrieving tokens for service service accounts, some methods of retrieval require a scope to be specified.
-rw-r--r-- | tools/nixery/server/builder/builder.go | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/tools/nixery/server/builder/builder.go b/tools/nixery/server/builder/builder.go index 1bdd9212c770..ddfd4a078229 100644 --- a/tools/nixery/server/builder/builder.go +++ b/tools/nixery/server/builder/builder.go @@ -45,6 +45,9 @@ import ( // use up is set at a lower point. const LayerBudget int = 94 +// API scope needed for renaming objects in GCS +const gcsScope = "https://www.googleapis.com/auth/devstorage.read_write" + // HTTP client to use for direct calls to APIs that are not part of the SDK var client = &http.Client{} @@ -270,7 +273,7 @@ func prepareLayers(ctx context.Context, s *State, image *Image, graph *layers.Ru func renameObject(ctx context.Context, s *State, old, new string) error { bucket := s.Cfg.Bucket - creds, err := google.FindDefaultCredentials(ctx) + creds, err := google.FindDefaultCredentials(ctx, gcsScope) if err != nil { return err } |