The application (bin) loads the (service account) credentials fine when it has “normal” permissions. This is the run script:
#!/bin/bashexport GOOGLE_APPLICATION_CREDENTIALS=/home/user/config/gcloud/key.json./binHowever when bin permission are changed:
chown root:root binchmod u+s binI get this error:
E1003 10:02:07.563899584 60263 credentials_generic.cc:35] Could not get HOME environment variable. E1003 10:02:10.563621247 60263 google_default_credentials.cc:461] Could not create google default credentials: UNKNOWN:creds_path unset {created_time:”2022-10-03T10:02:07.563943484+09:00″}
Any advice would be appreciated.
Thanks.
Advertisement
Answer
As far as I can tell, this is expected behavior for gRPC. gRPC uses secure_getenv() to get all environment variables. In your case, that means the gRPC ignores the GOOGLE_APPLICATION_CREDENTIALS set.
You may need to change your application to use explicit service account credentials. Something like:
auto is = std::ifstream(filename);auto json_string = std::string(std::istreambuf_iterator<char>(is.rdbuf()), {});auto credentials = google::cloud::MakeServiceAccountCredentials(json_string);auto publisher = pubsub::Publisher( pubsub::MakePublisherConnection( pubsub::Topic(project_id, topic_id), google::cloud::Options{} .set<google::cloud::UnifiedCredentialsOption>( credentials)));