Generate google service account credentials without key in Cloud function
Question
How can I create credential without the service account key file?
My current setup.
I am calling cloud function from application using
curl -X POST CF_URL -H "Authorization: Bearer $TOKEN" -d@Key.json
In Cloud Functions
credentials = service_account.Credentials.from_service_account_info(request_json),
scopes=['https://www.googleapis.com/auth/cloud-platform'])
service = googleapiclient.discovery.build(
'cloudresourcemanager', 'v1', credentials=credentials,cache_discovery=False)
policy = (
service.projects()
.getIamPolicy(
resource=credentials.project_id,
body={},
)
.execute()
)
I am passing service account key as payload which has security issue. How can I avoid passing key file as payload.
1 answers
solution1
3 ACCPTED 2020-05-24 11:33:23
In Cloud Functions (and in all GCP product), you have a feature name function identity . That means that you can choose the service account that you want to attach to the Cloud Function when you it run. If no one is defined, this one by default is used.
Thereby, a default identity automatically exists in your cloud function. You can perform simply this, as described in this library
import google.auth
credentials, project_id = google.auth.default(scopes='https://www.googleapis.com/auth/cloud-platform']))
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.