0

I am working on tekton pipeline that calls my java code which will make calls to the bigquery database and get the response into excel formatted file. By referencing google docs I have created tekton task and java code but I am getting java.io.IOException: Error reading credentials from stream, 'type' value 'external_account' not recognized. Expecting 'service_account'. error in java code. Below is my java code and tekton task

Tekton task :

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: generate-prod-audit-report
spec:
  description: This task updates or creates the cloudrun service  using gcloud.
  params:
    - default: /tekton/home
      description: >
        Absolute path to the user's home directory. Set this explicitly if you
        are running the image as a non-root user or have overridden the
        gitInitImage param with an image containing custom user configuration.
      name: userHome
      type: string
    - description: GCP Project where the remote bucket lives
      name: gcpProjectId
      type: string
    - default: us-central1
      description: gcp region
      name: region
      type: string
    - default: ''
      description: The name of the secret which holds google credentials.
      name: credentialName
      type: string
    - description: The image we will use to run the step.
      name: imageName
      type: string
  steps:
    - env:
        - name: GOOGLE_APPLICATION_CREDENTIALS
          value: /var/run/secrets/google/credentials_config.json
        - name: CUSTOMER_GCP_PROJECT_ID
          value: $(params.gcpProjectId)
        - name: HOME
          value: $(params.userHome)
      image: $(params.imageName)
      name: generate-report
      resources:
        limits:
          cpu: 800m
          memory: 1G
        requests:
          cpu: 500m
          memory: 500Mi
      script: >
        #!/usr/bin/env bash

        export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS}
        
        GCP_PROJECT_ID=$(params.gcpProjectId)

        REGION=$(params.region)

        gcloud config set project  $GCP_PROJECT_ID

        gcloud config set run/region $REGION

        gcloud auth login --cred-file=${GOOGLE_APPLICATION_CREDENTIALS}
        
        ./gradlew -i -PGOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_APPLICATION_CREDENTIALS} -PCLOUDSDK_AUTH_ACCESS_TOKEN=${CLOUDSDK_AUTH_ACCESS_TOKEN}
        --refresh-dependencies test --tests
        com.java.test.testscripts.ACMAuditReportGeneratorTest.auditProdDeployments

        
      volumeMounts:
        - mountPath: /var/run/secrets/google
          name: gcp-credentialsrequest-credentials-vol
          readOnly: true
        - mountPath: /var/run/secrets/openshift/serviceaccount
          name: bound-sa-token
          readOnly: true
      workingDir: $(workspaces.qg.path)
  volumes:
    - name: bound-sa-token
      projected:
        defaultMode: 420
        sources:
          - serviceAccountToken:
              audience: openshift
              expirationSeconds: 3600
              path: token
    - name: gcp-credentialsrequest-credentials-vol
      secret:
        defaultMode: 420
        secretName: $(params.credentialName)
  workspaces:
    - name: qg

Java code :

    /**
     * 
     */
    public static void auditProdDeployments() {

        System.setProperty("CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE",
                System.getProperty("GOOGLE_APPLICATION_CREDENTIALS"));
        System.setProperty("GOOGLE_APPLICATION_CREDENTIALS", System.getProperty("GOOGLE_APPLICATION_CREDENTIALS"));
        
        System.setProperty("CLOUDSDK_AUTH_ACCESS_TOKEN", System.getProperty("CLOUDSDK_AUTH_ACCESS_TOKEN"));     
        
        System.out.println("GOOGLE_APPLICATION_CREDENTIALS : "+System.getProperty("GOOGLE_APPLICATION_CREDENTIALS"));
        System.out.println("CLOUDSDK_AUTH_ACCESS_TOKEN : " + System.getProperty("CLOUDSDK_AUTH_ACCESS_TOKEN"));
        String projectId = System.getProperty("GCP_PROJECT_ID");
        System.out.println("GCP_PROJECT_ID : "+ System.getProperty("GCP_PROJECT_ID"));
        System.out.println("GOOGLE_APPLICATION_CREDENTIALS  - ENV : "+ System.getenv("GOOGLE_APPLICATION_CREDENTIALS"));
        String datasetName = "MYDATA_SET";
        String tableName = "TEST_TABLE";
        String query =
            "SELECT *  FROM `"
                + projectId
                + "."
                + datasetName
                + "."
                + tableName
                + "`";
        System.out.println("Query formed : "+query);
        query(query);
      }

      public static void query(String query) {
        try {
          // Initialize client that will be used to send requests. This client only needs to be created
          // once, and can be reused for multiple requests.
            BigQuery bigquery = BigQueryOptions.newBuilder().setProjectId(System.getProperty("GCP_PROJECT_ID"))
                    .setCredentials(
                            ServiceAccountCredentials.fromStream(new FileInputStream(System.getProperty("GOOGLE_APPLICATION_CREDENTIALS")))
                    ).build().getService();

          QueryJobConfiguration queryConfig = QueryJobConfiguration.newBuilder(query).build();

          TableResult results = bigquery.query(queryConfig);

          results
              .iterateAll()
              .forEach(row -> row.forEach(val -> System.out.printf("%s,", val.toString())));

          System.out.println("Query performed successfully.");
        } catch (Exception e) {
          System.out.println("Query not performed \n" + e.toString());
        }
      }

I have printed the logs, I am getting all the details that are passed from tekton pipeline.

enter image description here

Can someone help me to resolve this issue.

Karthik Peddineni
  • 81
  • 4

0 Answers0