Question about the orthanc-gcp plugin

Google Groups archive
1

Hi Authors,
According to this guide: https://book.orthanc-server.com/plugins/google-cloud-platform.html . Where executing the command: gcloud auth print-access-token --format json, it produces a json which includes three fields: client_id, client_secret, and refresh_token. But in my terminal, I only see one field:

./bin/gcloud auth print-access-token --format json
{
“token”: “XXX.XXXXXXXXXXXXXXXXX”
}

So seems like this plugins does not work with the new google health api ? Or I should find the client_id, client_secret, and refresh_token somewhere else (i.e google console) ?

Thanks,
Chris

2

Hello,

I can’t tell. This command was working some months ago.

Get in touch with the Google support team to ask a workaround for this feature that now seems to be missing.

In the meantime, I have checked and service accounts can still be used:
https://book.orthanc-server.com/plugins/google-cloud-platform.html#service-account

Sébastien-

3

Hi Sebastien,

I switched to use service account but the plugin keeps saying below
“”"

W1120 16:05:57.134206 PluginsManager.cpp:168] Cannot generate Google Cloud Platform token for account: my-google
W1120 16:06:07.263872 PluginsManager.cpp:168] Cannot generate Google Cloud Platform token for account: my-google
W1120 16:06:17.270795 PluginsManager.cpp:168] Cannot generate Google Cloud Platform token for account: my-google
I1120 16:06:27.075865 OrthancWebDav.cpp:1248] Cleaning up the empty WebDAV upload folders
W1120 16:06:27.262931 PluginsManager.cpp:168] Cannot generate Google Cloud Platform token for account: my-google
W1120 16:06:37.249161 PluginsManager.cpp:168] Cannot generate Google Cloud Platform token for account: my-google

“”"

Here is my orthanc configuration

“HttpVerbose”: true,

“HttpsCACertificates”: “/etc/ssl/certs/ca-certificates.crt”,
“GoogleCloudPlatform” : {
“Accounts”: {
“my-google” : {
“Project” : “orthanc-integration-testing”,
“Location” : “asia-southeast1”,
“Dataset” : “test”,
“DicomStore” : “dicom”,
“ServiceAccountFile” : “client_secret.json”
}

}
},

The client_secret.json I generated from below page. I choose new Service Account, role : Project : Owner. Can you please help to tell me what is the issue ?

Vào lúc 18:47:18 UTC+7 ngày Thứ Năm, 12 tháng 11, 2020, s.jo...@gmail.com đã viết:

4

I can’t tell. There is visibly a problem with your service account file.

Get in touch with Google support. You pay them for that.

5

More information, when I tried to debug the source code with google gcp client. In file: service_account_credentials.h, the response return from Oauth is

After this line: auto response = request_.MakeRequest(payload);

(gdb) print response
$3 = {status_ = {code_ = google::cloud::v0::StatusCode::kUnknown, message_ = “EasyPerform() - CURL error [60]=SSL peer certificate or SSH remote key was not OK”}, {value_ = {
status_code = 140734065823120, payload = “”, headers = std::multimap with 140737317185032 elements<error reading variable: Cannot access memory at address 0x697061656c676f7f>}}}

(gdb) bt
#0 google::cloud::storage::v1::oauth2::ServiceAccountCredentials<(anonymous namespace)::CurlBuilder, std::chrono::_V2::system_clock>::Refresh (this=0x7fff34004d90)
at /home/chris/workingspace/orthanc-gcp/build/google-cloud-cpp-0.10.0/google/cloud/storage/oauth2/service_account_credentials.h:222
#1 0x00007ffff5cc28b7 in google::cloud::storage::v1::oauth2::ServiceAccountCredentials<(anonymous namespace)::CurlBuilder, std::chrono::_V2::system_clock>::<lambda()>::operator()(void) const (__closure=0x7fff137fdb40) at /home/chris/workingspace/orthanc-gcp/build/google-cloud-cpp-0.10.0/google/cloud/storage/oauth2/service_account_credentials.h:118
#2 0x00007ffff5cc3e38 in google::cloud::storage::v1::oauth2::RefreshingCredentialsWrapper::AuthorizationHeader<google::cloud::storage::v1::oauth2::ServiceAccountCredentials<HttpRequestBuilderType, ClockType>::AuthorizationHeader() [with HttpRequestBuilderType = (anonymous namespace)::CurlBuilder; ClockType = std::chrono::_V2::system_clock]::<lambda()> >(std::chrono::_V2::system_clock::time_point, google::cloud::storage::v1::oauth2::ServiceAccountCredentials<(anonymous namespace)::CurlBuilder, std::chrono::_V2::system_clock>::<lambda()>) const (
this=0x7fff34005008, now=…, refresh_fn=…) at /home/chris/workingspace/orthanc-gcp/build/google-cloud-cpp-0.10.0/google/cloud/storage/oauth2/refreshing_credentials_wrapper.h:48
#3 0x00007ffff5cc2937 in google::cloud::storage::v1::oauth2::ServiceAccountCredentials<(anonymous namespace)::CurlBuilder, std::chrono::_V2::system_clock>::AuthorizationHeader (
this=0x7fff34004d90) at /home/chris/workingspace/orthanc-gcp/build/google-cloud-cpp-0.10.0/google/cloud/storage/oauth2/service_account_credentials.h:118
#4 0x00007ffff5cbf525 in GoogleUpdater::Worker (state=0x7ffff6613ca0 GoogleUpdater::GetInstance()::updater, account=0x2612ee0, refreshIntervalSeconds=10)
at /home/chris/workingspace/orthanc-gcp/Plugin/GoogleUpdater.cpp:164
#5 0x00007ffff5cd9d83 in boost::_bi::list3<boost::_bi::valueGoogleUpdater::State*, boost::_bi::value<GoogleAccount const*>, boost::_bi::value >::operator()<void ()(GoogleUpdater::State const, GoogleAccount const*, long), boost::_bi::list0> (this=0x2890400,
f=@0x28903f8: 0x7ffff5cbf1be <GoogleUpdater::Worker(GoogleUpdater::State const*, GoogleAccount const*, long)>, a=…)
at /home/chris/workingspace/orthanc-gcp/build/boost_1_69_0/boost/bind/bind.hpp:398
#6 0x00007ffff5cd95b2 in boost::_bi::bind_t<void, void ()(GoogleUpdater::State const, GoogleAccount const*, long), boost::_bi::list3<boost::_bi::valueGoogleUpdater::State*, boost::_bi::value<GoogleAccount const*>, boost::_bi::value > >::operator() (this=0x28903f8) at /home/chris/workingspace/orthanc-gcp/build/boost_1_69_0/boost/bind/bind.hpp:1294
#7 0x00007ffff5cd8e0a in boost::detail::thread_data<boost::_bi::bind_t<void, void ()(GoogleUpdater::State const, GoogleAccount const*, long), boost::_bi::list3<boost::_bi::valueGoogleUpdater::State*, boost::_bi::value<GoogleAccount const*>, boost::_bi::value > > >::run (this=0x28902c0)
at /home/chris/workingspace/orthanc-gcp/build/boost_1_69_0/boost/thread/detail/thread.hpp:117
#8 0x00007ffff6018bfc in boost::(anonymous namespace)::thread_proxy (param=0x28902c0) at /home/chris/workingspace/orthanc-gcp/build/boost_1_69_0/libs/thread/src/pthread/thread.cpp:177
#9 0x00007ffff7bbd6db in start_thread (arg=0x7fff137fe700) at pthread_create.c:463
#10 0x00007ffff6b9ba3f in clone () at …/sysdeps/unix/sysv/linux/x86_64/clone.S:95

I dont know how to add SSL certificate or SSH remote key to the environment so libcurl in orthanc can read that ?

Thanks,

Vào lúc 16:17:21 UTC+7 ngày Thứ Sáu, 20 tháng 11, 2020, Christopher đã viết:

6

You could try setting configuration option “HttpsVerifyPeers” to “false”, and make sure that “”/etc/ssl/certs/ca-certificates.crt" is recent enough:
https://hg.orthanc-server.com/orthanc/file/Orthanc-1.8.0/OrthancServer/Resources/Configuration.json#l339
https://curl.haxx.se/docs/caextract.html