libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (LIBCLOUD-568) Fixing cross service OAuth scopes for Google Compute Engine / DNS / Storage
Date Fri, 30 May 2014 12:44:01 GMT


ASF GitHub Bot commented on LIBCLOUD-568:

GitHub user erjohnso opened a pull request:

    [LIBCLOUD-568] Fixing cross service OAuth scopes for Google Compute Engine / DNS / Storage

    Prior to this fix, a user could call "get_driver()" for GCE but authorization was only
allowed for the "compute" scope.  With the addition of the DNS module, users calling its "get_driver()"
would only be authorized to the DNS service.
    This change allows scopes to be set as keyword params in get_driver() (or via
that get propagated down to the authorization connection class.  The default behavior is to
grant authorization via scopes to all supported google services (compute, storage, dns).
    It should be noted that the storage authorization via oauth scopes is bogus, but sets
the stage for future enhancements we expect to contribute over the summer.
    @wrigri, @franckcuny - A review would be much appreciated!

You can merge this pull request into a Git repository by running:

    $ git pull LIBCLOUD-568_google_oauth

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #302
commit 23e86256770e389741196d59f00554e8b76ea2d5
Author: Eric Johnson <>
Date:   2014-05-30T12:33:47Z

    update to allow simultaneous authorization for all supported google services


> Fixing cross service OAuth scopes for Google Compute Engine / DNS / Storage
> ---------------------------------------------------------------------------
>                 Key: LIBCLOUD-568
>                 URL:
>             Project: Libcloud
>          Issue Type: Improvement
>          Components: Compute, DNS, Storage
>            Reporter: Eric Johnson
> Currently, a user cannot authenticate to both Google Compute Engine and Google Cloud
DNS at the same time.  Each underlying call to "get_driver()" sets a specific OAuth scope
that precludes authorization to the other service.
> Incoming fix propagates scopes set during create_driver() down to the connection class.
 If no scopes are set (likely the main use-case), then full read/write scopes are set for
Compute, Storage, and DNS.

This message was sent by Atlassian JIRA

View raw message