Can't get Google Cloud Platform to recognize JSON service account key file. Error: PyOpenSSL is not available. Suggests JSON but I'm using a JSON key

Question

I'm an utter newbie so forgive what may be a stupid question, but when I am trying to pass the location of my service account key file using Google Cloud Platform, I am receiving the message:

WARNING: .p12 service account keys are not recomended unless it is necessary for
 backwards compatability. Please switch to a newer .json service account key for
 this account.
ERROR: (gcloud.auth.activate-service-account) PyOpenSSL is not available. If you
 have already installed PyOpenSSL, you will need to enable site packages by sett
ing the environment variable CLOUDSDK_PYTHON_SITEPACKAGES to 1. If that does not
 work, see https://developers.google.com/cloud/sdk/crypto for details or consider using .json private key instead.

However I selected and downloaded a JSON key. Can anyone tell me what is happening and how to get around this? Not sure if I'm providing enough info so please ask if you need details. Thanks!

Answer 1

The error indicates that you're possibly using a deprecated p12 format service account key file (as well as unable to find the required crypto libraries for reading keys in that format) instead of the json format.

You might want to double confirm that the key file you downloaded is indeed JSON. A quick way to verify this is by opening this file in some text editor of if you're on *nix or OS X , you can just use cat . I've shown an example json service account key file:

$ cat my-service-account-key.json
{
  "type": "service_account",
  "project_id": "PROJECT_NAME",
  "private_key_id": "YOUR_PRIVATE_KEY_ID",
  "private_key": "-----BEGIN PRIVATE KEY-----\nYOUR_PRIVATE_KEY\n-----END PRIVATE KEY-----\n",
  "client_email": "SERVICE_ACCOUNT_NAME@PROJECT_NAME.iam.gserviceaccount.com",
  "client_id": "CLIENT_ID",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "URL",
}

To activate the service account you will have to run the gcloud auth activate-service-account command:

gcloud auth activate-service-account --key-file=/path/to/service-account-key.json

Answer 2

The key be encoded based on base64, you can do it with the following bash command:基于 base64 编码，您可以使用以下 bash 命令进行编码：

$ cat key_file.json | base64

take a look at gcloud setup instructions at: https://github.com/GoogleCloudPlatform/github-actions/tree/master/setup-gcloud#inputs查看 gcloud 设置说明： https ://github.com/GoogleCloudPlatform/github-actions/tree/master/setup-gcloud#inputs