使用Cloud Resource Manager API创建Google Cloud Project
[英]Create Google Cloud Project with Cloud Resource Manager API
问题描述
I'm trying to create a new project in the Google Cloud Platform using the Cloud Resource Manager API . 
我正在尝试使用Cloud Resource Manager API在Google Cloud Platform中创建一个新项目。 It all works fine when I use it through the API explorer however I don't quite understand how to use it as an http request outside of API Explorer. 当我通过API资源管理器使用它时,一切正常,但是我不太了解如何在API Explorer之外将其用作http请求。
I run the request like this: 我这样运行请求:
curl -H "Content-Type: application/json" -X POST -d '{"name": "project example","projectId": "my-project-example-1234"}' https://cloudresourcemanager.googleapis.com/v1/projects?fields=response&key={MY_APY_KEY}
Response: 响应:
{
"error": {
"code": 401,
"message": "The request does not have valid authentication credentials.",
"status": "UNAUTHENTICATED"
}
}
The documentation says that this request requires an OAuth scope and that's when things get confusing to me. 该文档说,此请求需要OAuth范围 ,这会让我感到困惑。 Reading the documentation I could not understand how one of the required OAuth scopes can be passed with the URL when making the http request to the rest API which I'm only assuming is what I'm missing. 阅读文档时,我无法理解在向其余API发出http请求时如何随URL传递所需的OAuth范围之一,我只是假设这是我所缺少的。
2 个解决方案
解决方案1
2 已采纳 2016-10-02 07:40:34
Rather than just tell you how to test with a working token, I'm going to try to more broadly answer what you're aiming to do. 我将不只是告诉您如何使用有效的令牌进行测试,而是将尝试更广泛地回答您的目标。
At a pretty high level, you will need to: 在相当高的水平上,您将需要:
Enable the Resource Manager API for your Cloud Console project.
为您的Cloud Console项目启用Resource Manager API 。 Create an OAuth client ID for Web applications in the Cloud Console.
在Cloud Console中为Web应用程序创建OAuth客户端ID 。 You will need to register your authorized redirect URI. 您将需要注册您的授权重定向URI。 This is where your app will get the OAuth response back from Google when the end user authorizes your app. 当最终用户授权您的应用程序时,您的应用程序将在此从Google获得OAuth响应。 Note the client ID, you will need that next. 注意客户端ID,接下来将需要该ID。 Start the OAuth flow by assembling your URL:
通过组装URL开始OAuth流程: https://accounts.google.com/o/oauth2/v2/auth? response_type=code& client_id=<123456789example>.apps.googleusercontent.com& scope=https://www.googleapis.com/auth/cloudplatformprojects& redirect_uri=http://<YOUR-APP-URL>/<YOUR-OAUTH-HANDLER>Replace in that URL the client ID and the redirect URI.
在该URL中替换客户端ID和重定向URI。 I assume you'd have a button or link on your site where you would have the user click to start this flow. 我假设您的网站上会有一个按钮或链接,您可以在其中单击用户以启动此流程。 Code your OAuth handler.
编码您的OAuth处理程序。 Some more in-depth code for doing this in Go can be gleaned from this Go Sample , which was originally for G+ sign-in but much of the logic is going to be the same. 可以从此Go Sample中收集一些在Go中执行此操作的更深入的代码,该示例最初是用于G +登录的,但大多数逻辑将是相同的。 You are going to get a codequery parameter passed to your application, the value is a one-time authorization code that your application must exchange for your OAuth tokens that you use to make API calls on behalf of the user.您将获得一个传递给您的应用程序的code查询参数,该值是一次性授权代码,您的应用程序必须交换该一次性授权代码,以用于代表用户进行API调用的OAuth令牌。If appropriate for your app and situation, securely store your tokens for use later or for processing while your user is not active on your site (might be appropriate for batch processing).
如果适合您的应用和情况,请安全地存储令牌,以供以后使用或在用户在您的站点上不活跃时进行处理(可能适合于批处理)。 Now that you have an access token, you can pass that to the Resource Manager API and create projects on behalf of the user.
现在您有了访问令牌,可以将其传递给Resource Manager API并代表用户创建项目。 You might use the Go client library or you could call the HTTP endpoints directly in your code. 您可以使用Go客户端库 ,也可以直接在代码中调用HTTP端点。
If you want more testing with curl, I'd follow the process that we wrote up accessing the App Engine Admin API . 如果您想对curl进行更多测试,请按照我们编写的访问App Engine Admin API的过程进行操作 。 Substitute Admin API URLs and names for Resource Manager and you've got the overall flow. 用Admin API URL和名称代替Resource Manager,就可以了解整个流程。 The difference from what's above, is I used a code flow above because I assume you want server-side and possibly refresh tokens if you need to be able to make these API calls while the user is not active on your site. 与上面的区别是,我使用了上面的code流,因为我假设您需要服务器端的令牌,并且如果需要在用户不活跃于您的站点时能够进行这些API调用,则可以刷新令牌。
解决方案2
0 2016-10-01 22:13:57
Like Alex says, you ask for scopes during OAuth authentication. 就像Alex所说的那样,您在OAuth身份验证期间要求范围。 One way to easily authenticate and obtain a Oauth access token is doing: 轻松进行身份验证和获取Oauth访问令牌的一种方法是:
gcloud beta auth application-default login --scopes= https://www.googleapis.com/auth/cloudplatformprojects gcloud beta auth应用程序-默认登录--scopes = https://www.googleapis.com/auth/cloudplatformprojects
As you can see, you can specify the scopes you want to gcloud and it will take care of authentication for you. 如您所见,您可以指定要gcloud的作用域,它将为您完成身份验证。
Then, you should be able to create a project calling: 然后,您应该能够创建一个调用项目:
curl -H "Content-Type: application/json" -H "Authorization: Bearer $(gcloud beta auth application-default print-access-token)" -X POST -d '{"name": "project example","projectId": "my-project-example-1234"}' https://cloudresourcemanager.googleapis.com/v1/projects?fields=response curl -H“内容类型:应用程序/ json” -H“授权:承载$(gcloud beta auth应用程序默认打印访问令牌)” -X POST -d'{“ name”:“项目示例”,“ projectId“:” my-project-example-1234“}'' https://cloudresourcemanager.googleapis.com/v1/projects?fields=response
Here, you are passing the access token obtained when you made Oauth authentication. 在这里,您传递的是进行Oauth身份验证时获得的访问令牌。 This should be taken care of by the client libraries for you when you get the application default credentials. 当您获得应用程序默认凭据时,客户端库应为您解决这一问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.