Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Errors in sign_bytes are not clear #851

Closed
jkevingutierrez opened this issue Sep 1, 2021 · 0 comments · Fixed by #905
Closed

Errors in sign_bytes are not clear #851

jkevingutierrez opened this issue Sep 1, 2021 · 0 comments · Fixed by #905
Assignees
@arithmetic1728
Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@jkevingutierrez
Copy link

jkevingutierrez commented Sep 1, 2021
edited
Loading

Is your feature request related to a problem? Please describe.
When there is an error in the request made in the function sign_bytes is not clear what the real error is. It is just throwing a KeyError: 'signedBlob':

File "/usr/local/lib/python3.9/site-packages/storages/backends/gcloud.py", line 255, in url
return blob.generate_signed_url(self.expiration)
partner-marketing_web_1 |   File "/usr/local/lib/python3.9/site-packages/google/cloud/storage/blob.py", line 622, in generate_signed_url
return helper(
partner-marketing_web_1 |   File "/usr/local/lib/python3.9/site-packages/google/cloud/storage/_signing.py", line 395, in generate_signed_url_v2
signed_query_params = get_signed_query_params_v2(
partner-marketing_web_1 |   File "/usr/local/lib/python3.9/site-packages/google/cloud/storage/_signing.py", line 80, in get_signed_query_params_v2
signature_bytes = credentials.sign_bytes(string_to_sign.encode("ascii"))
partner-marketing_web_1 |   File "/usr/local/lib/python3.9/site-packages/google/auth/impersonated_credentials.py", line 293, in sign_bytes
return base64.b64decode(response.json()["signedBlob"])
KeyError: 'signedBlob'

Describe the solution you'd like
It would be great to have a more clear understanding of the real error. In my case the response was returning

{'error': {'code': 403, 'message': 'The caller does not have permission', 'status': 'PERMISSION_DENIED'}}

One option is to validate the response (response.json()), before returning the signedBlob. Similar to https://github.com/googleapis/google-auth-library-python/blob/main/google/auth/iam.py#L79

def sign_bytes(self, message):
    ...
    response = authed_session.post(
            url=iam_sign_endpoint, headers=headers, json=body
        )
    body = response.json()
    
    if "error" in body:
        # raise a more appropriate error
        
    return base64.b64decode(body["signedBlob"])
@busunkim96 busunkim96 added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Sep 1, 2021
@arithmetic1728 arithmetic1728 mentioned this issue Oct 29, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arithmetic1728 arithmetic1728

Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: fix error in sign_bytes googleapis/google-auth-library-python
3 participants
@jkevingutierrez @busunkim96 @arithmetic1728