2019/07/17 13:45:26 You don't have permission to upload data, detailed error message: Error occurred in RequestNewAccessKey: Error occurred during making HTTP request: Post https://localhost/user/credentials/api/access_token: x509: certificate signed by unknown authority
is there a way to force the client to accept a self signed certificate?
As a first step I would suggest to add self-signed certificate to your trusted certificates. Steps may vary depending on OS you use. What system are you running on?
is there no option for the gen3-client to accepted self-signed certificates?
I added the SSL certificate as a trusted resource, and now my error changed to:
2019/07/18 09:13:05 You don't have permission to upload data, detailed error message: 403 Forbidden error has occurred! You don't have permission to access the requested url "https://localhost/user/data/upload"
I also didn't see a step where I'm setting up a GS bucket in the documentation. Unless the app does that programmatically, I assume that needs to be setup?
Compose Services has limitations comparing to Cloud Automation, file upload was one of these limitations, that is why it is not documented. However I think it is possible to make gen3-client work with Composer Services now. Recent fence-yaml.conf file contains configuration variables for cloud services. Let me check with our developer how to better configure for GC, I will update you.
Regarding upload error - have you granted yourself permission in the user.yaml? Following sections should be present in your configuration:
Policies:
rbac:
policies:
- id: 'data_upload'
description: 'upload raw data files to S3'
resource_paths: ['/data_file']
role_ids: ['file_uploader']
If there is a guide for Cloud Automation that I've missed I'd love to look that over, but for now looking at compose services.
Confirming the following section exist in my user.yml
rbac:
policies:
- id: 'data_upload'
description: 'upload raw data files to S3'
resource_paths: ['/data_file']
role_ids: ['file_uploader']
- id: workspace
description: be able to use workspace
resource_paths: [/workspace]
role_ids: [workspace_user]
roles:
- id: 'file_uploader'
description: 'can upload data files'
permissions:
- id: 'file_upload'
action:
service: 'fence'
method: 'file_upload'
- id: workspace_user
permissions:
- action: {method: access, service: jupyterhub}
id: workspace_access
myemail@gmail.com: ##this is changed so my email isn't on a public forum but config is updated
admin: True
policies: ['data_upload', 'workspace']
I would like to update you with my findings. Currently Google Cloud support is not implemented in the Compose Services and there is no trivial way to automatically tight them.
