從 AWS Lambda 修改 Google Sheet
[英]Modify Google Sheet from AWS Lambda
問題描述
我正在開發一個小項目,我對使用 Google Drive 的易用性感興趣。 該程序的主要前提是在激活 lambda 函數時在谷歌表中插入一個新行。 我更願意在這個項目中使用 Node.js,但我對 Java 或 Python 持開放態度。
從教程站點很容易看到這一切是如何運作的。 你提出一個請求,你有 OAuth,然后程序按照它的指示去做。 但是,我正在尋找一種方法讓我的 AWS lambda 函數與我的谷歌驅動器中的文件夾進行對話並隨意更新工作表。
教程中的代碼如下:
var fs = require('fs');
var readline = require('readline');
var google = require('googleapis');
var googleAuth = require('google-auth-library');
// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/drive-nodejs-quickstart.json
var SCOPES = ['https://www.googleapis.com/auth/drive.metadata.readonly'];
var TOKEN_DIR = (process.env.HOME || process.env.HOMEPATH ||
process.env.USERPROFILE) + '/.credentials/';
var TOKEN_PATH = TOKEN_DIR + 'drive-nodejs-quickstart.json';
// Load client secrets from a local file.
fs.readFile('client_secret.json', function processClientSecrets(err, content) {
if (err) {
console.log('Error loading client secret file: ' + err);
return;
}
// Authorize a client with the loaded credentials, then call the
// Drive API.
authorize(JSON.parse(content), listFiles);
});
/**
* Create an OAuth2 client with the given credentials, and then execute the
* given callback function.
*
* @param {Object} credentials The authorization client credentials.
* @param {function} callback The callback to call with the authorized client.
*/
function authorize(credentials, callback) {
var clientSecret = credentials.installed.client_secret;
var clientId = credentials.installed.client_id;
var redirectUrl = credentials.installed.redirect_uris[0];
var auth = new googleAuth();
var oauth2Client = new auth.OAuth2(clientId, clientSecret, redirectUrl);
// Check if we have previously stored a token.
fs.readFile(TOKEN_PATH, function(err, token) {
if (err) {
getNewToken(oauth2Client, callback);
} else {
oauth2Client.credentials = JSON.parse(token);
callback(oauth2Client);
}
});
}
/**
* Get and store new token after prompting for user authorization, and then
* execute the given callback with the authorized OAuth2 client.
*
* @param {google.auth.OAuth2} oauth2Client The OAuth2 client to get token for.
* @param {getEventsCallback} callback The callback to call with the authorized
* client.
*/
function getNewToken(oauth2Client, callback) {
var authUrl = oauth2Client.generateAuthUrl({
access_type: 'offline',
scope: SCOPES
});
console.log('Authorize this app by visiting this url: ', authUrl);
var rl = readline.createInterface({
input: process.stdin,
output: process.stdout
});
rl.question('Enter the code from that page here: ', function(code) {
rl.close();
oauth2Client.getToken(code, function(err, token) {
if (err) {
console.log('Error while trying to retrieve access token', err);
return;
}
oauth2Client.credentials = token;
storeToken(token);
callback(oauth2Client);
});
});
}
/**
* Store token to disk be used in later program executions.
*
* @param {Object} token The token to store to disk.
*/
function storeToken(token) {
try {
fs.mkdirSync(TOKEN_DIR);
} catch (err) {
if (err.code != 'EEXIST') {
throw err;
}
}
fs.writeFile(TOKEN_PATH, JSON.stringify(token));
console.log('Token stored to ' + TOKEN_PATH);
}
/**
* Lists the names and IDs of up to 10 files.
*
* @param {google.auth.OAuth2} auth An authorized OAuth2 client.
*/
function listFiles(auth) {
var service = google.drive('v3');
service.files.list({
auth: auth,
pageSize: 10,
fields: "nextPageToken, files(id, name)"
}, function(err, response) {
if (err) {
console.log('The API returned an error: ' + err);
return;
}
var files = response.files;
if (files.length == 0) {
console.log('No files found.');
} else {
console.log('Files:');
for (var i = 0; i < files.length; i++) {
var file = files[i];
console.log('%s (%s)', file.name, file.id);
}
}
});
}
必須有某種方式讓我可以為 lambda 函數提供特殊的、授權的、訪問我的谷歌驅動器文件夾的權限,而無需選擇 OAuth 選項(一個 Gmail 帳戶而不是另一個)。
此外,在開發者控制台中,有一個選項可以將標題為Authorized JavaScript origins的 URL 列入白名單。 有誰知道從 AWS Lambda 進行調出時使用的 URL?
2 個解決方案
解決方案1
1 2021-02-21 09:02:49
由於您對 Python 開放,您可以使用以下代碼:
#!/usr/bin/env python
# required layer: pip3 install --upgrade -t ./python google_auth_oauthlib google-api-python-client && zip -r9 layer.zip ./python
import sys
sys.path.append('python')
sys.path.append('../python')
import os
import gspread # API to handle communication with google spreadsheets
import json
from oauth2client.service_account import ServiceAccountCredentials # to authenticate
from datetime import date # to give the desired date format
import logging
# Below for
import boto3
import base64
from botocore.exceptions import ClientError
def get_json_credentials_from_aws_secret_manager():
secret_name = os.environ['SECRET_NAME']
region_name = os.environ['REGION_NAME']
# Create a Secrets Manager client
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
except ClientError as e:
if e.response['Error']['Code'] == 'DecryptionFailureException':
# Secrets Manager can't decrypt the protected secret text using the provided KMS key.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InternalServiceErrorException':
# An error occurred on the server side.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InvalidParameterException':
# You provided an invalid value for a parameter.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InvalidRequestException':
# You provided a parameter value that is not valid for the current state of the resource.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'ResourceNotFoundException':
# We can't find the resource that you asked for.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
else:
# Decrypts secret using the associated KMS CMK.
# Depending on whether the secret is a string or binary, one of these fields will be populated.
if 'SecretString' in get_secret_value_response:
secret = get_secret_value_response['SecretString']
return secret
else:
decoded_binary_secret = base64.b64decode(get_secret_value_response['SecretBinary'])
return (decoded_binary_secret)
return {}
# utility function for one line code
def http_response(STATUS_CODE, DATA):
return {
'statusCode': STATUS_CODE,
'body': DATA
}
def append_users_count(sheet, users_nb=42):
current_day = date.today().strftime('%Y-%m-%d')
values = [current_day, users_nb]
sheet.append_row(values, value_input_option='USER_ENTERED')
return "Sucessfully Added Users' Count"
def display_spreadsheet(sheet):
list_of_hashes = sheet.get_all_records()
print(list_of_hashes)
def lambda_handler(context, event):
JSON_CREDENTIALS = json.loads(get_json_credentials_from_aws_secret_manager())
SCOPES = ["https://spreadsheets.google.com/feeds", 'https://www.googleapis.com/auth/spreadsheets',
"https://www.googleapis.com/auth/drive.file", "https://www.googleapis.com/auth/drive"]
try:
credentials = ServiceAccountCredentials.from_json_keyfile_dict(JSON_CREDENTIALS, SCOPES)
client = gspread.authorize(credentials)
sheet = client.open(os.environ['SPREADSHEET_NAME']).sheet1
append_users_count(sheet)
except Exception as ex:
error_msg = f'Could not succeed to update the google spreadsheet: {ex}'
logging.error(error_msg)
return http_response(e.Code, json.dumps(error_msg))
success_msg = f"Sucessfully added count of users to google spreadsheet at url {os.environ['SPREADSHEET_URL']}"
logging.info(success_msg)
return http_response(200, json.dumps(success_msg))
解決方案2
0 2017-01-02 03:14:05
您需要一個在內部運行 Google 憑據的代理服務。 這樣您就不需要要求用戶進行身份驗證。 代理服務已具有訪問憑據。 這是我用來代理與 Google API 的連接的服務。
AWS lambda 中的 Google Drive API
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.