如何使用 Go Google SDK 模拟用户?
[英]How to impersonate user using Go Google SDK?
问题描述
I have a user which I use to query the Reports API .
我有一个用户用来查询报告 API 。 I generated the token and read the credentials using the google.ConfigFromJSON method.我使用google.ConfigFromJSON方法生成了令牌并读取了凭据。
Although, now I need to do the same, but instead of a user, I need to use a service account.虽然,现在我需要做同样的事情,但我需要使用服务帐户而不是用户。 And accordingly to the documentation, I need to impersonate a user as it's not possible to call the API using a service account (correct me if I'm wrong).根据文档,我需要模拟用户,因为无法使用服务帐户调用 API(如果我错了,请纠正我)。
This is what I did to impersonate the user:这是我模拟用户所做的:
impersonatedOption := option.ImpersonateCredentials("user@project.iam.gserviceaccount.com")
credsOption := option.WithCredentialsFile("cert.json")
scopesOption := option.WithScopes(admin.AdminReportsAuditReadonlyScope)
httpClient, _, err := transport.NewHTTPClient(ctx, scopesOption, credsOption, impersonatedOption)
srv, err := admin.NewService(ctx, option.WithHTTPClient(httpClient))
But no success:但没有成功:
Get "https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/login?alt=json&eventName=account_disabled_spamming&prettyPrint=false": impersonate: status code 403:
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED"
}
}
The service account is configured as a SuperAdmin and should have all permissions.服务帐户被配置为超级管理员并且应该拥有所有权限。
1 个解决方案
解决方案1
2 2021-03-12 13:11:07
I just needed to load the cert, and set the Subject to be able to impersonate the user:我只需要加载证书,并将Subject设置为能够模拟用户:
config, err := google.JWTConfigFromJSON(b, scope...)
config.Subject = "impersonated_user@email.com"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.