How to do auth for public buckets

[ritikrishu]

Environment details

• OS: OSx 10.13.6
• Node.js version: 12.2.0
• npm version: 6.9.0
• gcp-metadata version: 1.0.0

Steps to reproduce

We are using google cloud storage SDK to fetch object keys from any public bucket in an electron-based app. The code snippet that we have is-

const gcs = new Storage({
    projectId
  });
  const objects = await gcs.bucket(bucketName).getFiles();
  return objects[0];

Private buckets work fine where we also pass the services.json. Public buckets work with same code as above in dev mode but in prod builds we get the following error-

GET http://metadata.google.internal./computeMetadata/v1/instance net::ERR_NAME_NOT_RESOLVED
Error: Unexpected error determining execution environment: Failed to fetch
    at GoogleAuth.<anonymous> (/Users/ritikrishu/Documents/Projects/sixgill/hl-opencv/dist/mas-dev/HyperLabel.app/Contents/Resources/app.asar/node_modules/google-auth-library/build/src/auth/googleauth.js:164)
    at Generator.throw (<anonymous>)
    at rejected (/Users/ritikrishu/Documents/Projects/sixgill/hl-opencv/dist/mas-dev/HyperLabel.app/Contents/Resources/app.asar/node_modules/google-auth-library/build/src/auth/googleauth.js:20)

Also, I wonder if the host name here is correct, https://github.com/googleapis/gcp-metadata/blob/aa708dd9788cf12e084be1a9bdfe8594288710ae/src/index.ts#L12. http://metadata.google.internal does not look right.
Thanks!

[JustinBeckwith]

Greetings! That host name is correct :) The trailing . tells DNS lookup to limit the scope to the local machine. In the context of calling a metadata server from inside of GCP, this makes sense! From an electron app .... it makes no sense 😆

The issue here is likely authentication. How are you expecting your electron users to authenticate to the backend API? Are you trying to embed a service account key with your app?

[ritikrishu]

Hey @JustinBeckwith, thanks for getting on this.
The functionality I am trying to achieve is if there is a public GCS bucket, and the user gives me the bucket name, I should be able to query list of all items in that bucket. As a workaround, for now, I am using the rest API version of same.
For @google-cloud/storage SDK to work, from the docs, I think this is what I need to do-

const gcs = new Storage()
await gcs.bucket(bucketName).getFiles()

But I am getting the same error as above.

Are you trying to embed a service account key with your app?

For private buckets, I am asking users to upload their service account JSON, and private buckets are working fine using the node SDK.

[ritikrishu]

Also, FYI. The SDK implementation for public buckets works fine in development mode for the electron app. It only breaks in production.

[stephenplusplus]

Without providing any sort of credentials, our libraries assume your app is running in a Google Cloud Platform environment. So, it tries to ping that internal metadata server.

However, it hasn't been doing that for me when I try to recreate the issue. I think I will need a more complete demonstration to reproduce. Could you make the smallest possible scenario-- something I can clone and run?

What I've
tried: https://gist.github.com/stephenplusplus/c697271308d779390a221be91c60cb18

Also feel free to just make edits directly to the gist to make it closer to how yours works.

[ritikrishu]

it works for me as well, in dev env. But in prod builds, it doesn't.
I'll try to give you a debuggable sample soon.

[stephenplusplus]

I deployed to the now servers when testing, which worked as well. I'm excited to find out what's going on!

[jkwlui]

@ritikrishu is your prod environment running under a proxy? This caused problems in another issue here

[stephenplusplus]

@ritikrishu is this still an issue? I'm going to close since I couldn't reproduce, but I'm happy to re-open if we can get more information. Thanks!