![](/img/trans.png)
[英]Generate google service account credentials without key in Cloud function
[英]Obtain a service account credentials within a Cloud Functions to call a google service outside GCP
我的场景:我需要使用服务帐户从 Cloud Function 中使用google-api-python-client
调用 Google DBM API。
更新
这是我尝试运行的示例代码:
import google.auth
from googleapiclient.discovery import build
from google.auth.transport import requests
API_NAME = 'doubleclickbidmanager'
API_VERSION = 'v1.1'
SCOPES = ['https://www.googleapis.com/auth/doubleclickbidmanager']
credentials, project_id = google.auth.default(scopes=SCOPES)
print(credentials.service_account_email)
# prints "default"
credentials.refresh(requests.Request())
print(credentials.service_account_email)
# prints "[service-account]@[project].iam.gserviceaccount.com"
service = build(API_NAME, API_VERSION, credentials=credentials)
service.queries().listqueries().execute()
# local: return the queries
# in CF: Encountered 403 Forbidden with reason "insufficientPermissions"
当我在本地运行时,设置环境变量GOOGLE_APPLICATION_CREDENTIALS=keyfile.json
工作正常。
但是在云 Function 中运行时,出现 403 错误。
keyfile.json
使用相同的服务帐户[service-account]@[project].iam.gserviceaccount.com
在云 Function 中设置。
您必须强制库生成令牌以强制它完成所有字段。 为此,只需调用一次重试,就像这样
import google.auth
credentials, project_id = google.auth.default(scopes=SCOPES)
from google.auth.transport import requests
credentials.refresh(requests.Request())
print(credentials._service_account_email)
build(API_NAME, API_VERSION, credentials=credentials)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.