1

When using google-cloud-sdk, following behavior is noticed. GOAL is to have the same behavior as point 1 mentioned below for the failed case in point 2. This will ensure the working of gcloud behind proxy. Help in this?

  1. service account was able to be activated via Powershell (In case of Manual Proxy setup in the Windows Proxy Settings). Following is how the successful case looks like.

    PS C:\Users\monica.bostina\Downloads\DLP1\Attended Framework> gcloud config list
[core]
account = vf-grp-dlplt-dev-dlp01@appspot.gserviceaccount.com
disable_user_reporting = True
project = vf-grp-dlplt-dev-dlp01

Your active configuration is: [default]
PS C:\Users\monica.bostina\Downloads\DLP1\Attended Framework> gcloud auth activate-service-account --key-file="temporary-credentials.json"

    Activated service account credentials for: [vf-grp-dlplt-dev-dlp01@appspot.gserviceaccount.com]

  2. service account was failing to get activated via Powershell (In case, Use Proxy setup is ON and Manual Proxy settings are OFF in the Windows Proxy Settings). Error message was the below.

PS C:\Users\monica.bostina\Downloads\DLP1\Attended Framework> gcloud config list
[core]
account = vf-grp-dlplt-dev-dlp01@appspot.gserviceaccount.com
disable_user_reporting = True
project = vf-grp-dlplt-dev-dlp01    

Your active configuration is: [default]
PS C:\Users\monica.bostina\Downloads\DLP1\Attended Framework> gcloud auth activate-service-account --key-file="temporary-credentials.json" 
ERROR: gcloud crashed (TransportError): HTTPSConnectionPool(host='oauth2.googleapis.com', port=443): Max retries exceeded with url: /token (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x00000199D6670DF0>: Failed to establish a new connection: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond'))
If you would like to report this issue, please run the following command:
gcloud feedback
        
To check gcloud for common problems, please run the following command:
gcloud info --run-diagnostics

I'm working in a corporate environment dealing with VPNs and proxies. Whitelisted the following URLs at proxy level --

https://accounts.google.com/o/oauth2/auth
https://oauth2.googleapis.com/token
https://www.googleapis.com/oauth2/v1/certs
https://www.googleapis.com/robot/v1/metadata/x509/vf-grp-XXXXXXXXXXXappspot.gserviceaccount.com
https://www.googleapis.com/auth/cloud-platform
Tejas Reddy Vodafone
  • 11
  • 1
  • 2
  • Related - https://stackoverflow.com/questions/52645927/gcloud-sdk-failed-to-install-in-macos-behind-corporate-proxy – Tejas Reddy Jan 07 '22 at 19:09
  • I think this was addressed here in this StackOverflow question. https://stackoverflow.com/questions/52645927/gcloud-sdk-failed-to-install-in-macos-behind-corporate-proxy – Tejas Reddy Jan 07 '22 at 19:11
  • Please consider accepting an answer if one has been helpful. See [how does accepting an answer work](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work) for info. – Jake Nelson Jan 13 '22 at 02:24

1 Answers1

0

Perhaps the manual proxy configuration is working but when using automatic detection you're being given a PAC script that doesn't work with the Gcloud URLs. It also may not be applied to shell/terminal.

Gcloud has its own proxy configuration internal to the application you could rely on so you don't have to manually set the proxy config in the OS.

I had to set the following values (as documented):

gcloud config set proxy/type [PROXY_TYPE]
gcloud config set proxy/address [PROXY_IP_ADDRESS]
gcloud config set proxy/port [PROXY_PORT]

In my case because we also use custom CA certificates on our proxy so I also had to extract them and combine them into a single cert that could be trusted within Gcloud.

gcloud config set core/custom_ca_certs_file [PATH_TO_CUSTOM_CA]

Jake Nelson
  • 1,748
  • 13
  • 22