Project

General

Profile

Feature #21324

Handle new GCE credential format

Added by Parag Mhashilkar 12 months ago. Updated 14 days ago.

Status:
New
Priority:
Normal
Assignee:
Parag Mhashilkar
Category:
-
Target version:
Start date:
11/07/2018
Due date:
% Done:

0%

Estimated time:
Stakeholders:

HEPCloud

Duration:

Description

From: Steven C Timm
Date: Wednesday, November 7, 2018 at 9:57 AM
To: glideinwms-support
Subject: Need to discuss new google credential handling features of HTCondor

within the last year, Google Compute Engine shifted the way it stored its credentials from being a flat file in which
private key (long term) and access token (1 hr expiration) were stored together, to storing them in a pair of
sqlite databases, one for the private keys and one for the access tokens. For the past 5-6 months we have
been running a cron script which extracts the two parts and munges them together into a single auth_file
(the GCE_auth_file) so that HTCondor will know what to do with them. This file has been passed as
type auth_file from the frontend to the factory.

Now HTcondor from 8.7.9 and greater allows to parse the native sqlite db form of credentials. Only
problem is that we have no way for the frontend to pass such a set of credentials to the factory.
That leaves us with three options--park the credentials on the factory directly, teach glideinwms how to pass
such a credential file, or keep on extracting the credentials as we were doing. This is not
high urgency because we can continue with the existing way, although we may have to fix a bug.
But given we are likely to keep doing business with google in the long term, I would like to discuss the best way to handle this
for credential secret passing in the glideinwms.

Thanks

Steve Timm

History

#1 Updated by Marco Mambelli 14 days ago

  • Target version changed from v3_5_x to v3_6_x


Also available in: Atom PDF