FireCloud is now powered by Terra! -- STARTING MAY 1st, 2019 THIS WEBPAGE WILL NO LONGER BE UPDATED.
From now on, please visit the Terra Help Center for documentation, tutorials, roadmap and feature announcements.
Want to talk to a human? Email the helpdesk, post feature requests or chat with peers in the community forum.
FIRECLOUD | Doc #10934 | Support for requestor-pays buckets for gcr.io-based docker repository

Support for requestor-pays buckets for gcr.io-based docker repository
Feature Requests | Created 2017-12-13 | Last updated 2018-07-25


Comments (17)

I have some docker images I want to store on Google Cloud Repository (gcr.io). There is no IP precluding public access, so I don't need to jump through the hoops that would otherwise be required to make gcr.io work for Firecloud. However, I also don't want to be potentially hit with a bunch of data egress fees in case someone wants to download my images out of the Google network. I ought to be able to set the bucket to be 1) publicly readable, and 2) enable requestor-pays. Firecloud does work fine with the bucket set to publicly readable (via https://cloud.google.com/container-registry/docs/access-control), but fails when requestor-pays is also enabled:

error pulling image configuration: error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<?xml version='1.0' encoding='UTF-8'?><Error><Code>UserProjectMissing</Code><Message>Bucket is a requester pays bucket but no user project provided.</Message></Error>"

Since Firecloud is running on GCP, there should be no egress charges pulling from this multi-regional bucket.


Return to top Comment on this article