[ https://issues.apache.org/jira/browse/BEAM-1070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Frances Perry updated BEAM-1070: -------------------------------- Assignee: Ahmet Altay (was: Frances Perry) > Service Account Based Authentication Broken > ------------------------------------------- > > Key: BEAM-1070 > URL: https://issues.apache.org/jira/browse/BEAM-1070 > Project: Beam > Issue Type: Bug > Components: sdk-py > Environment: CentOS Linux release 7.1.1503 (Core) > Python 2.7.5 > Reporter: Stephen Reichling > Assignee: Ahmet Altay > Priority: Critical > > {{sdks/python/apache_beam/internal/auth.py}} calls into the > {{oauth2client.service_account.ServiceAccountCredentials.from_p12_keyfile}} > method with invalid and incorrectly-ordered parameters. Compare the [function > signature of > ServiceAccountCredentials.from_p12_keyfile|https://github.com/google/oauth2client/blob/ae73312942d3cf0e98f097dfbb40f136c2a7c463/oauth2client/service_account.py#L300-L303] > with [how it is > invoked|https://github.com/apache/incubator-beam/blob/9ded359daefc6040d61a1f33c77563474fcb09b6/sdks/python/apache_beam/internal/auth.py#L150-L154]. > This causes a runtime error when one attempts to use a service account to > authenticate with the Google Dataflow APIs. > The specific problems are: > - the {{client_scopes}} variable (a list) is passed as a positional > parameter where the function signature expects the {{private_key_password}} > parameter (a string). > - a keyed parameter, {{user_agent}}, is passed but no such parameter is > defined in the function signature. > - no value is provided for {{private_key_password}}. All p12 key files for > service accounts issued by Google Cloud have the password {{notasecret}} as > documented > [here|https://support.google.com/cloud/answer/6158849?hl=en#serviceaccounts], > so it's currently not possible to use a Google-issued p12 key file with this > implementation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)