Skip to content

log in using GOOGLE_*_CREDENTIALS if present for CloudSQL import #1136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
stephencompall-DA merged 2 commits into from
Jun 16, 2025
Merged

log in using GOOGLE_*_CREDENTIALS if present for CloudSQL import #1136

stephencompall-DA merged 2 commits into from
Jun 16, 2025

Conversation

@stephencompall-DA
Copy link
Contributor

@stephencompall-DA stephencompall-DA commented Jun 16, 2025
edited
Loading

Also adds more logging so we can be sure what service account we're dealing with.

From an idea by @isegall-da as to how to avoid getting stuck with the default infra node pool SA and its scopes problems for -pub-replicate-slots on devnet/generally via pulumi operator.

Pull Request Checklist

Cluster Testing

  • If a cluster test is required, comment /cluster_test on this PR to request it, and ping someone with access to the DA-internal system to approve it.
  • If a hard-migration test is required (from the latest release), comment /hdm_test on this PR to request it, and ping someone with access to the DA-internal system to approve it.

PR Guidelines

  • Include any change that might be observable by our partners or affect their deployment in the release notes.
  • Specify fixed issues with Fixes #n, and mention issues worked on using #n
  • Include a screenshot for frontend-related PRs - see README or use your favorite screenshot tool

Merge Guidelines

  • Make the git commit message look sensible when squash-merging on GitHub (most likely: just copy your PR description).

@stephencompall-DA stephencompall-DA self-assigned this Jun 16, 2025
@stephencompall-DA
log in using GOOGLE_*_CREDENTIALS if present; log more [skip ci]
f84b283 
Signed-off-by: Stephen Compall <stephen.compall@digitalasset.com>
@stephencompall-DA stephencompall-DA force-pushed the s11/explicit-login-for-gcp-pub-rep-slots-script branch from 1c00f2c to f84b283 Compare June 16, 2025 22:01
Copilot AI reviewed Jun 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the CloudSQL import process by leveraging GOOGLE_*_CREDENTIALS for authentication and adds additional logging for better traceability of service account usage.

  • Introduces logic to use GOOGLE_APPLICATION_CREDENTIALS or GOOGLE_CREDENTIALS if present
  • Adds logging for authentication steps and displays the current gcloud login
  • Enhances logging around temporary bucket creation, SQL upload, CloudSQL import, and cleanup

cluster/pulumi/canton-network/src/bigQuery.ts
gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS"
elif [ -n "$GOOGLE_CREDENTIALS" ]; then
echo "Using GOOGLE_CREDENTIALS for authentication"
echo "$GOOGLE_CREDENTIALS" | gcloud auth activate-service-account --key-file=-
Copy link

Copilot AI Jun 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using echo to pipe GOOGLE_CREDENTIALS may risk exposing sensitive information to stdout or logs. Consider securely passing the credentials (e.g., through a temporary file with appropriate permissions) to reduce potential security exposure.

Suggested change
echo "$GOOGLE_CREDENTIALS" | gcloud auth activate-service-account --key-file=-
TEMP_CREDENTIALS_FILE="$(mktemp)"
echo "$GOOGLE_CREDENTIALS" > "$TEMP_CREDENTIALS_FILE"
chmod 600 "$TEMP_CREDENTIALS_FILE"
gcloud auth activate-service-account --key-file="$TEMP_CREDENTIALS_FILE"
rm -f "$TEMP_CREDENTIALS_FILE"

Copilot uses AI. Check for mistakes.
isegall-da
isegall-da approved these changes Jun 16, 2025
View reviewed changes
Copy link
Contributor

@isegall-da isegall-da left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤞 thanks

@stephencompall-DA
[ci]
faa5581 
Signed-off-by: Stephen Compall <stephen.compall@digitalasset.com>
@stephencompall-DA stephencompall-DA marked this pull request as ready for review June 16, 2025 22:44
@stephencompall-DA stephencompall-DA enabled auto-merge (squash) June 16, 2025 22:55
@stephencompall-DA stephencompall-DA mentioned this pull request Jun 16, 2025
Merged
8 tasks
@stephencompall-DA stephencompall-DA merged commit a10fd2c into main Jun 16, 2025
116 of 118 checks passed
@stephencompall-DA stephencompall-DA deleted the s11/explicit-login-for-gcp-pub-rep-slots-script branch June 16, 2025 23:49
stephencompall-DA added a commit that referenced this pull request Jun 16, 2025
@stephencompall-DA
log in using GOOGLE_*_CREDENTIALS if present; log more (#1137)
fc66946 
Backport of #1136

Signed-off-by: Stephen Compall <stephen.compall@digitalasset.com>
stephencompall-DA added a commit that referenced this pull request Jun 17, 2025
@stephencompall-DA
incorporate #1136 gcloud login/logging changes [skip ci]
4762d50 
Signed-off-by: Stephen Compall <stephen.compall@digitalasset.com>
stephencompall-DA added a commit that referenced this pull request Jun 18, 2025
@stephencompall-DA
external script for publication/replication slots (#1117)
ec95f03 
* split off script

* support create/delete, invoke script from pulumi

* incorporate #1136 gcloud login/logging changes

* set -u and better quoting

---------

Signed-off-by: Stephen Compall <stephen.compall@digitalasset.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@isegall-da isegall-da isegall-da approved these changes

@ray-roestenburg-da ray-roestenburg-da Awaiting requested review from ray-roestenburg-da

Assignees

@stephencompall-DA stephencompall-DA

Labels

sprint2524

Projects

None yet

Milestone

Scan Updates on BigQuery

Development

Successfully merging this pull request may close these issues.

3 participants

@stephencompall-DA @isegall-da