Handle new GCE credential format
From: Steven C Timm
Date: Wednesday, November 7, 2018 at 9:57 AM
Subject: Need to discuss new google credential handling features of HTCondor
within the last year, Google Compute Engine shifted the way it stored its credentials from being a flat file in which
private key (long term) and access token (1 hr expiration) were stored together, to storing them in a pair of
sqlite databases, one for the private keys and one for the access tokens. For the past 5-6 months we have
been running a cron script which extracts the two parts and munges them together into a single auth_file
(the GCE_auth_file) so that HTCondor will know what to do with them. This file has been passed as
type auth_file from the frontend to the factory.
Now HTcondor from 8.7.9 and greater allows to parse the native sqlite db form of credentials. Only
problem is that we have no way for the frontend to pass such a set of credentials to the factory.
That leaves us with three options--park the credentials on the factory directly, teach glideinwms how to pass
such a credential file, or keep on extracting the credentials as we were doing. This is not
high urgency because we can continue with the existing way, although we may have to fix a bug.
But given we are likely to keep doing business with google in the long term, I would like to discuss the best way to handle this
for credential secret passing in the glideinwms.