stackoom
  简体   繁体   中英

How can I see the service account that the python bigquery client uses?

 原文  2022-05-11 15:39:33       python/ google-cloud-platform/ google-bigquery

Question

To create a default bigquery client I use:

from google.cloud import bigquery
client = bigquery.Client()

This uses the (default) credentials available in the environment.

But how I see then which (default) service account is used?

3 answers

solution1
 1  2022-05-11 15:39:33

This led me in the right direction:
Google BigQuery Python Client using the wrong credentials

To see the service-account used you can do:

client._credentials.service_account_email

However:
This statement above works when you run it on a jupyter notebook (in Vertex AI), but when you run it in a cloud function with print(client._credentials.service_account_email) then it just logs 'default' to Cloud Logging. But the default service account for a Cloud Function should be: <project_id>@appspot.gserviceaccount.com .


This will also give you the wrong answer:

client.get_service_account_email()

The call to client.get_service_account_email() does not return the credential's service account email address. Instead, it returns the BigQuery service account email address used for KMS encryption/decryption.

solution2
 1 ACCPTED  2022-05-14 15:19:52

While you can interrogate the credentials directly (be it json keys, metadata server, etc), I have occasionally found it valuable to simply query bigquery using the SESSION_USER() function.

Something quick like this should suffice:

client = bigquery.Client()
query_job = client.query("SELECT SESSION_USER() as whoami")
results = query_job.result()
for row in results:
    print("i am {}".format(row.whoami))

solution3
 0  2022-05-14 18:24:48

Following John Hanley's comment (when running on a Compute Engine) you can query the metadata service to get the email user name:
https://cloud.google.com/compute/docs/metadata/default-metadata-values

So you can either use linux:

curl "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email" -H "Metadata-Flavor: Google"

Or python:

import requests

headers = {'Metadata-Flavor': 'Google'}
response = requests.get(
    "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email", 
    headers=headers
)
print(response.text)

The default in the url used is the alias of the actual service account used.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to create BigQuery Data Transfer w/ Python + Service Account? How can get list of multiple - GCP projects assigned under one service account ? ( GCP )( python-client library files) How to initialize a Google BigQuery Client within a Cloud Function using the JWT of a service account passed by API Gateway to the Cloud Function Can I create a Google Drive folder using service account with Python? How can I access a google sheet shared with my client_email from the service account created on the cloud console how can Python see changes made to MariaDB by another client? How can i make an API wrapper for a HTTP service that uses json? How to determine the status of a Google BigQuery job using a Service Account? How do I see if a domain uses DNSSEC How do I pass SSL Context into a Python Client that Uses the Autogenerated OpenAPI Python Client Library
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM