I am trying to publish a message to GCP PubSub using the same credentials that the gcloud
CLI does but not having a lot of success.
I can confirm that I can post to a topic by doing
gcloud pubsub topics publish myTopic --project "myProject" --message "Hello World!"
However when I try using the exact same credentials as gcloud using the code below
creds, err := google.FindDefaultCredentials(context.Background())
if err != nil {
panic(fmt.Sprintf("Unable to retrieve default credentials: %v", err))
}
client, err := pubsub.NewClient(ctx, "myproject", option.WithCredentials(creds))
if err != nil {
panic(fmt.Sprintf("unable to create GCP storage client: %v", err))
}
topic := client.Topic("myTopic")
r := topic.Publish(ctx, &pubsub.Message{
Data: []byte("Hello World!"),
})
_, err = r.Get(ctx)
if err != nil {
panic(fmt.Sprintf("failed to publish message: %v", err))
}
I get the following error message
panic: failed to publish message: rpc error: code = Unauthenticated desc = transport: oauth2: cannot fetch token: 400 Bad Request
Response: {
"error": "invalid_grant",
"error_description": "Bad Request"
}
I have also tried loading the json file directly to make sure it is not picking up some other default credentials somewhere but got the same error.
How can I use the same credentials as the gcloud CLI to publish to a pubsub topic I have permissions to?
You need to set up authentication in your Go script. By default, it will use the same credentials as the ones present in the environment where you run your code.
This is an example for setting up a new client with default credentials when creating a bucket:
package main
import (
"context"
"fmt"
"log"
"time"
"cloud.google.com/go/storage"
func main() {
ctx := context.Background()
// Sets your Google Cloud Platform project ID.
projectID := "YOUR_PROJECT_ID"
// Creates a client.
client, err := storage.NewClient(ctx)
if err != nil {
log.Fatalf("Failed to create client: %v", err)
}
Accordingly, try this in your code:
ctx := context.Background()
client := pubsub.NewClient(ctx)
Did you to try the option impersonate-service-account? [1] Perhaps this is what you are looking for. Hoping it helps...
[1] https://cloud.google.com/sdk/gcloud/reference#--impersonate-service-account
When I configure my local environment, I'm doing this
gcloud auth application-default login
The result of the command should display something like this
Credentials saved to file: [/path/to/application_default_credentials.json]
These credentials will be used by any library that requests Application Default Credentials (ADC).
/path/to/application_default_credentials.json
GOOGLE_APPLICATION_CREDENTIALS
with this value. In linux: export GOOGLE_APPLICATION_CREDENTIALS=/path/to/application_default_credentials.json
Now, your personal credentials are also defined as the default credentials for your apps running on your local environment.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.