GCP Firestore Python 凭据

【问题标题】:GCP Firestore Python CredentialsGCP Firestore Python 凭据
【发布时间】:2020-01-23 20:50:21
【问题描述】:

我无法将数据从我的 Linux 虚拟机发送到我的 GCP 的 Firestore。 我只是想更新数据库中的一个项目。我遇到了有关凭据的问题。根据我使用的方法,我会遇到不同的错误,但我相信它们都源于同一个问题。

请注意,我有一个带有 json 凭据的服务帐户。我知道这些凭据仍然有效,因为我能够使用 GCP 的 Speech-to-Text。我得到的唯一奇怪行为是访问 Firestore 时。

注意: 我从 GCP 控制台而不是 Firebase 控制台使用 Firestore。我发现它们的使用方式略有不同(主要是安全性)。

如果我只是打开一个新终端并运行我的 python 脚本(我没有设置对我的凭据文件的任何引用)。数据已成功添加到数据库,但我收到以下警告:

UserWarning: Your application has authenticated using end user credentials from Google Cloud 
SDK. We recommend that most server applications use service accounts instead. If your 
application continues to use end user credentials from Cloud SDK, you might receive a "quota 
exceeded" or "API not enabled" error. For more information about service accounts, see 
https://cloud.google.com/docs/authentication/

另一方面,如果我在运行相同的 python 脚本之前运行export GOOGLE_APPLICATION_CREDENTIALS="folder/file.json" 行。我会得到这个错误:

Traceback (most recent call last):
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/grpc_helpers.py", line 57, in error_remapped_callable
    return callable_(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/grpc/_channel.py", line 565, in __call__
    return _end_unary_response_blocking(state, call, False, None)
  File "/home/vagrant/.local/lib/python3.6/site-packages/grpc/_channel.py", line 467, in _end_unary_response_blocking
    raise _Rendezvous(state, None, None, deadline)
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
    status = StatusCode.PERMISSION_DENIED
    details = "Missing or insufficient permissions."
    debug_error_string = "{"created":"@653.64","description":"Error received 
from peer ipv4:...:","file":"src/core/lib/surface
/call.cc","file_line":1052,"grpc_message":"Missing or insufficient 
permissions.","grpc_status":7}"
>

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "sendToDB.py", line 28, in <module>
    update_create_if_missing(args.uid, args.words)
  File "sendToDB.py", line 16, in update_create_if_missing
    item.update({'text': firestore.ArrayUnion([words])})
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/document.py", line 382, in update
    write_results = batch.commit()
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/batch.py", line 147, in commit
    metadata=self._client._rpc_metadata,
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/gapic/firestore_client.py", line 1042, in commit
    request, retry=retry, timeout=timeout, metadata=metadata
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/gapic_v1/method.py", line 143, in __call__
    return wrapped_func(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/retry.py", line 273, in retry_wrapped_func
    on_error=on_error,
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/retry.py", line 182, in retry_target
    return target()
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/timeout.py", line 214, in func_with_timeout
    return func(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/grpc_helpers.py", line 59, in error_remapped_callable
    six.raise_from(exceptions.from_grpc_error(exc), exc)
  File "<string>", line 3, in raise_from
google.api_core.exceptions.PermissionDenied: 403 Missing or insufficient permissions.

如果我使用类似于db = firestore.Client(project="myproj-99999",credentials="folder/file.json") 的行直接在 python 文件中声明凭据文件,则会收到此错误:

Traceback (most recent call last):
  File "sendToDB.py", line 23, in <module>
    update_create_if_missing(args.uid, args.words)
  File "sendToDB.py", line 9, in update_create_if_missing
    db = firestore.Client(project="earningstotext-251320",credentials="keys/gcpcmdlineuser.json")
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/client.py", line 105, in __init__
    project=project, credentials=credentials, _http=None
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/client.py", line 227, in __init__
    Client.__init__(self, credentials=credentials, _http=_http)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/client.py", line 130, in __init__
    raise ValueError(_GOOGLE_AUTH_CREDENTIALS_HELP)
ValueError: This library only supports credentials from google-auth-library-python. 
See https://google-cloud-python.readthedocs.io/en/latest/core/auth.html 
for help on authentication with this library.

请注意此处的 readthedocs 链接已损坏。

基本上,我只是希望能够使用 python 从我的 Firestore 更新和读取,而不会出现任何错误或警告。 我也无法理解为什么,它确实起作用的一次(当我收到警告时)是当我没有设置任何类型的凭据时。

这是一个与 my 上一个问题相似的问题 here。不过,我认为我的新信息值得提出一个单独的问题。

【问题讨论】:

  • 您如何确定服务帐户具有您需要的权限? Speech to Text 的 API 与 Firestore 没有任何关系,并且具有与 Firestore 不同的 IAM 权限角色。我知道检查哪些角色与服务帐户关联的唯一真正好方法是使用 gcloud 命令行客户端并运行: gcloud projects get-iam-policy --flatten="bindings[].members " --format='table(bindings.role)' --filter="bindings.members:"

标签: python google-cloud-platform google-cloud-firestore service-accounts


【解决方案1】:

您需要将“Cloud Datastore Owner”角色添加到您正在使用的服务帐号。

  1. 转到 IAM 和管理>console.cloud.google.com 的 IAM 部分
  2. 查找您正在使用的服务帐户,然后点击铅笔图标进行编辑。
  3. 单击添加另一个角色,然后搜索数据存储所有者。

参考:https://cloud.google.com/firestore/docs/security/iam

【讨论】:

    猜你喜欢
    • 2021-05-10
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2018-10-12
    • 2021-12-31
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode