【发布时间】:2015-11-09 10:06:50
【问题描述】:
我在我的项目 Project 1 中创建了一个主题,并且我在 Google 应用引擎上有一个应用程序,它每分钟都会向该主题发布一条消息。
我在第二个项目(项目 2)中有一台谷歌云计算机,它订阅了这个主题并接收消息。
我没有在我的 Project 2 上授予对机器的任何访问权限,但即使没有访问权限,它也设法接收消息。更准确地说,我没有写与我创建的主题相关的特定权限。
我的问题是:
1- 这正常吗? Project 2 上的机器不应该出现“禁止访问错误”吗?
2- 如何限制对某个主题的访问?
这是我订阅部分的代码:
import httplib2
import base64
import pandas
import json
from apiclient import discovery
from oauth2client import client as oauth2client
from oauth2client.client import SignedJwtAssertionCredentials
from oauth2client.client import GoogleCredentials
def create_pubsub_client(http=None):
credentials = GoogleCredentials.get_application_default()
if not http:
http = httplib2.Http()
credentials.authorize(http)
return discovery.build('pubsub', 'v1', http=http)
client = create_pubsub_client()
# You can fetch multiple messages with a single API call.
batch_size = 1
subscription_str = 'projects/<myproject1>/subscriptions/testo'
# Create a POST body for the Pub/Sub request
body = {
# Setting ReturnImmediately to false instructs the API to wait
# to collect the message up to the size of MaxEvents, or until
# the timeout.
'returnImmediately': False,
'maxMessages': batch_size,
}
while True:
resp = client.projects().subscriptions().pull(
subscription=subscription_str, body=body).execute()
received_messages = resp.get('receivedMessages')
if received_messages is not None:
ack_ids = []
for received_message in received_messages:
pubsub_message = received_message.get('message')
if pubsub_message:
# Process messages
msg = base64.b64decode(str(pubsub_message.get('data')))
treatment(msg)
# Get the message's ack ID
ack_ids.append(received_message.get('ackId'))
# Create a POST body for the acknowledge request
ack_body = {'ackIds': ack_ids}
# Acknowledge the message.
client.projects().subscriptions().acknowledge(
subscription=subscription_str, body=ack_body).execute()
【问题讨论】:
标签: google-app-engine google-compute-engine credentials google-cloud-pubsub