Can not fetch repository from Google Cloud Storage

5/28/2019

I have library hosted on Google Cloud storage. I am using Jenkins to deploy my application into GKE.

I am using CloudStorageMaven library (V1.0) to push project to GCS.

I am able to deploy my library project but, when I am trying to run test for microservice on Jenkins server, maven is not able to download my library.

I have tried making GCS bucket public but it did not make any difference.

Jenkinsfile

#!/usr/bin/env groovy
podTemplate(
    label: 'slavepod',
    containers: [
        containerTemplate (
            name: 'maven',
            image: 'maven:3.5.2-alpine',
            command: 'cat',
            ttyEnabled: true,
            resourceRequestCpu: '256m',
            resourceLimitCpu: '512m',
            resourceRequestMemory: '512Mi',
            resourceLimitMemory: '1024Mi'
        ),
        containerTemplate (
            name: 'docker',
            image: 'gcr.io/cloud-builders/docker',
            command: 'cat',
            ttyEnabled: true,
            resourceRequestCpu: '512m',
            resourceLimitCpu: '1024m',
            resourceRequestMemory: '512Mi',
            resourceLimitMemory: '1024Mi'
        ),
        containerTemplate (
            name: 'kubectl',
            image: 'gcr.io/cloud-builders/kubectl',
            command: 'cat',
            ttyEnabled: true,
            resourceRequestCpu: '512m',
            resourceLimitCpu: '1024m',
            resourceRequestMemory: '512Mi',
            resourceLimitMemory: '1024Mi'
        ),
        containerTemplate (
            name: 'gcloud',
            image: 'gcr.io/cloud-builders/gcloud',
            command: 'cat',
            ttyEnabled: true,
            resourceRequestCpu: '512m',
            resourceLimitCpu: '1024m',
            resourceRequestMemory: '512Mi',
            resourceLimitMemory: '1024Mi'
        )
    ],
    volumes: [
        hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock'),
        persistentVolumeClaim(claimName: 'maven-repo', mountPath: '/home/jenkins/.m2')
    ]
)
{
    node('slavepod') {

        stage('Clone repository') {
            checkout scm

        }

        stage('Unit Test') {    
          container('maven') {
              echo 'Running Maven tests'
              sh("mvn -Dmaven.repo.local=/home/jenkins/.m2/ test")
          }
      }

} // end of pipeline

I have extension and repository configured in pom.xml

<build>
....

<extensions>
    <extension>
        <groupId>com.gkatzioura.maven.cloud</groupId>
        <artifactId>google-storage-wagon</artifactId>
        <version>1.0</version>
    </extension>
</extensions>
</build>

<repositories>
    <repository>
        <id>ca.performance.common</id>
        <url>gs://performance-repository</url>
    </repository>
</repositories>

Error I am getting in Jenkins pipeline console is as below:

Downloading from ca.performance.common: gs://url/to/repository/jar-1.0.0.pom
[ERROR] Could not establish connection with google cloud
com.google.cloud.storage.StorageException: Insufficient Permission
    at com.google.cloud.storage.spi.v1.HttpStorageRpc.translate (HttpStorageRpc.java:219)
    at com.google.cloud.storage.spi.v1.HttpStorageRpc.list (HttpStorageRpc.java:314)
    at com.google.cloud.storage.StorageImpl$6.call (StorageImpl.java:272)
    at com.google.cloud.storage.StorageImpl$6.call (StorageImpl.java:269)
    at com.google.api.gax.retrying.DirectRetryingExecutor.submit (DirectRetryingExecutor.java:89)
    at com.google.cloud.RetryHelper.run (RetryHelper.java:74)
    at com.google.cloud.RetryHelper.runWithRetries (RetryHelper.java:51)
    at com.google.cloud.storage.StorageImpl.listBuckets (StorageImpl.java:268)
    at com.google.cloud.storage.StorageImpl.list (StorageImpl.java:257)
    at com.gkatzioura.maven.cloud.gcs.GoogleStorageRepository.connect (GoogleStorageRepository.java:55)
    at com.gkatzioura.maven.cloud.gcs.GoogleStorageWagon.connect (GoogleStorageWagon.java:135)
    at org.eclipse.aether.transport.wagon.WagonTransporter.connectWagon (WagonTransporter.java:342)
    at org.eclipse.aether.transport.wagon.WagonTransporter.pollWagon (WagonTransporter.java:382)
    at org.eclipse.aether.transport.wagon.WagonTransporter.execute (WagonTransporter.java:431)
    at org.eclipse.aether.transport.wagon.WagonTransporter.get (WagonTransporter.java:412)
    at org.eclipse.aether.connector.basic.BasicRepositoryConnector$GetTaskRunner.runTask (BasicRepositoryConnector.java:453)
    at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run (BasicRepositoryConnector.java:360)
    at org.eclipse.aether.util.concurrency.RunnableErrorForwarder$1.run (RunnableErrorForwarder.java:75)
    at org.eclipse.aether.connector.basic.BasicRepositoryConnector$DirectExecutor.execute (BasicRepositoryConnector.java:583)
    at org.eclipse.aether.connector.basic.BasicRepositoryConnector.get (BasicRepositoryConnector.java:259)
    at org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads (DefaultArtifactResolver.java:498)
    at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve (DefaultArtifactResolver.java:399)
    at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts (DefaultArtifactResolver.java:224)
    at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact (DefaultArtifactResolver.java:201)
    at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom (DefaultArtifactDescriptorReader.java:261)
    at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.readArtifactDescriptor (DefaultArtifactDescriptorReader.java:192)
    at org.eclipse.aether.internal.impl.DefaultDependencyCollector.resolveCachedArtifactDescriptor (DefaultDependencyCollector.java:539)
    at org.eclipse.aether.internal.impl.DefaultDependencyCollector.getArtifactDescriptorResult (DefaultDependencyCollector.java:522)
    at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency (DefaultDependencyCollector.java:411)
    at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency (DefaultDependencyCollector.java:365)
    at org.eclipse.aether.internal.impl.DefaultDependencyCollector.process (DefaultDependencyCollector.java:353)
    at org.eclipse.aether.internal.impl.DefaultDependencyCollector.collectDependencies (DefaultDependencyCollector.java:256)
    at org.eclipse.aether.internal.impl.DefaultRepositorySystem.collectDependencies (DefaultRepositorySystem.java:282)
    at org.apache.maven.project.DefaultProjectDependenciesResolver.resolve (DefaultProjectDependenciesResolver.java:169)
    at org.apache.maven.lifecycle.internal.LifecycleDependencyResolver.getDependencies (LifecycleDependencyResolver.java:223)
    at org.apache.maven.lifecycle.internal.LifecycleDependencyResolver.resolveProjectDependencies (LifecycleDependencyResolver.java:145)
    at org.apache.maven.lifecycle.internal.MojoExecutor.ensureDependenciesAreResolved (MojoExecutor.java:246)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:200)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:154)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:146)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:51)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:309)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:194)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:107)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:955)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:290)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:194)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Insufficient Permission",
    "reason" : "insufficientPermissions"
  } ],
  "message" : "Insufficient Permission"
}
-- Nirav
google-cloud-platform
google-cloud-storage
google-kubernetes-engine
jenkins
maven

1 Answer

5/29/2019

Ensure that you follow the instructions in the full guide from the CloudStorageMaven link you posted?

As the official docs states, you need to grant sufficient permissions to specific users, or allow public (allUsers) readability at bucket-level to make all objects in that given bucket accessible to specified users or allUsers.

The error code from your attempt points to access permission issues:

{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Insufficient Permission",
    "reason" : "insufficientPermissions"
  } ],
  "message" : "Insufficient Permission"
}

If you haven't already tried it, you could grant the allUsers access at the bucket-level by running:

$ gsutil iam ch allUsers:objectViewer gs://[BUCKET_NAME]

However, keeping with best practices, I would recommend granting granular access at the bucket-level for only the user accounts or service accounts you wish to have read/write access to the objects within a given bucket. You can read more about how to do that here.

If the problem persists then the "Insufficient Permissions" issue is with the GKE cluster. Check what Storage permissions your cluster has like so:

  • From the Cloud Console --> Click on Kubernets Engine

  • Click on the 'Cluster Name' ---> Find 'Storage' under Permissions section.

If you only have 'Read Only' then you'll need to recreate your cluster like so:

  1. Click Create a new cluster (as you defined before)
  2. Find 'Node pools' then click 'Advanced Edit'
  3. Select 'read write' from dropdown list on Storage
  4. Create the new cluster for your project
  5. Deploy your project to the new cluster and try it again.
-- Samuel N
Source: StackOverflow