I am trying to perform simple operation of getting object from GCS bucket in my Java application, due to official GCP documentation, and it looks like:
final GoogleCredentials credentials = GoogleCredentials
.getApplicationDefault()
.createScoped("https://www.googleapis.com/auth/devstorage.read_only");
final StorageOptions options = StorageOptions.newBuilder()
.setCredentials(credentials)
.build();
return options.getService().get(bucketName, objectName);
This returns an error, saying
Error getting access token for service account: oauth2.googleapis.com
While debugging, I can see that GoogleCredentials' getAccessToken method returns null, and when I try to use refreshAccessToken method, I receive UnknownHostException. I think the reason is lack of certificate, so I exported certificate from this page: https://googleapis.com/ and uploaded it to the JVM due to this instructions: Accept server's self-signed ssl certificate in Java client without any results. I am working on VPN and I am using some proxy on a daily basis to connect to GCP itself via e.g. gcloud, but I don't know what impact might it have. I am thinking about disabling SSL validation for local development purposes (final solution will be in k8s cluster inside GCP so the issue should be gone - at least I hope so). I have tried overriding RestTemplate bean but goolge seems to be not using this, and com.google.api.client.http.HttpRequest instead. Tried also using SslUtils to disable SSL validation (trustAllSSLContext method) without any luck as well.
To make it clear and avoid unnecessary questions - I am using json secret for GCP Service Account which is surely valid (using it with gcloud and it works fine) and GoogleCredentials has everything set up inside (project, ids etc.) just besides access token, so from my perspective it looks like it tries to reach google's authentication but fails while sending request.
