【发布时间】:2020-10-21 06:18:40
【问题描述】:
我的场景:我需要使用服务帐户从云函数中使用 google-api-python-client 调用 Google DBM API。
更新
这里是我尝试运行的示例代码:
import google.auth
from googleapiclient.discovery import build
from google.auth.transport import requests
API_NAME = 'doubleclickbidmanager'
API_VERSION = 'v1.1'
SCOPES = ['https://www.googleapis.com/auth/doubleclickbidmanager']
credentials, project_id = google.auth.default(scopes=SCOPES)
print(credentials.service_account_email)
# prints "default"
credentials.refresh(requests.Request())
print(credentials.service_account_email)
# prints "[service-account]@[project].iam.gserviceaccount.com"
service = build(API_NAME, API_VERSION, credentials=credentials)
service.queries().listqueries().execute()
# local: return the queries
# in CF: Encountered 403 Forbidden with reason "insufficientPermissions"
当我在本地运行时,设置环境变量GOOGLE_APPLICATION_CREDENTIALS=keyfile.json 工作正常。
但是在 Cloud Function 中运行时出现 403 错误。
keyfile.json 使用云函数中设置的相同服务帐户[service-account]@[project].iam.gserviceaccount.com。
【问题讨论】:
-
But the emails in the returned credentials was default是什么意思?您能否解释并显示日志跟踪以及如何打印此日志? -
我的意思是 credential.service_account_email=
default不是服务帐户电子邮件。我想这个属性应该等于 FUNCTION_IDENTITY 环境变量
标签: python google-cloud-platform google-cloud-functions google-api-python-client