DEVHIDE
Login Or Sign up

Unable to send request to Google Cloud Compute Engine with Service Account credentials

54 Views Asked by At

I have a VM set up running a container with an in memory database (with redis). I know this is already a google service, but it is a lot cheaper for me to host it myself on a VM. I set up a VPC Firewall rule to allow traffic into the VM on port 8000 with a service account, open on 0.0.0.0/0 ipv4. I assume that this means it will accept traffic from all IPs as long as they have the correct credentials.

The issue is that no matter how I send the request packet I cannot get a response with the credentials. I always get ReadTimeout.

    raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host=(PUBLIC_IP), port=8000): Read timed out. (read timeout=2)

This is the code that I'm using for the request, the exact same thing can successfully connect to Cloud Run services and Cloud Functions, but maybe not here?

from google.oauth2 import service_account
from google.auth.transport.requests import AuthorizedSession


KEY_FILE = 'vm-key.json'
SCOPES = ['https://www.googleapis.com/auth/cloud-platform']

ip = # IP
port = 8000

target_audience = f"https://{ip}:{port}"
url = f"{target_audience}/get_attributes"

creds = service_account.IDTokenCredentials.from_service_account_file(
    KEY_FILE,
    target_audience=target_audience)
authed_session = AuthorizedSession(creds)

uuids = [
    ... payload
]

response = authed_session.post(url=url, json=uuids, verify=False, timeout=2)

I have tried connecting without the service account rule, ie accepting traffic from 0.0.0.0/0 and it works exactly as expected, the ports are open and talking to the container. It's only when I try to make the connection with the service account. I have tried using target_audience = f"http://{ip}:{port}" (http not https), a whole set of different target audiences in case it is wrong, but nothing I have tried has made any difference.

It seems like a super simple problem and I've been stuck on it for hours, so if anyone has any insights I'd appreciate it a lot.

Thanks!

python google-cloud-platform google-compute-engine service-accounts google-vpc
Original Q&A
1

There are 1 best solutions below

0
Ron Etch On

If you're able to confirm that you can connect via IP:Port connection, I think the issue is more on the code. As per error suggested, try configuring the read timeout of the code. In some case, there is a certain part of your script that makes the server unable or do not know what response should be.

Related Questions in PYTHON

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in GOOGLE-COMPUTE-ENGINE

Related Questions in SERVICE-ACCOUNTS

Related Questions in GOOGLE-VPC

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.