【发布时间】:2017-11-23 05:32:34
【问题描述】:
我很难让应用程序默认凭据/OAuth2.0 在我的程序中工作...
背景:
我有一个收集图像的传感器设备,我想将这些图像存储在存储桶中的谷歌云存储中。理想情况下,代码只需按一下按钮即可运行,因此需要在程序运行时进行授权。
通过阅读和重新阅读文档,这就是我到目前为止所做的:
from oauth2client.client import GoogleCredentials
from google.cloud import storage
import google.auth
import os
# Establish cloud credientials with a locally
# stored service account key
home_path = os.path.expanduser('~') + "/Project/"
auth_file = "<service account access key file>.json"
auth_file_path = home_path + auth_file
# I'm trying two different ways to verify my credentials..
os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = auth_file_path
credentials, project_id = google.auth.default()
# Get storage bucket for image files
storage = storage.Client(project_id)
bucket = storage.lookup_bucket('bucket0000')
因此,我得到一个回溯错误:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "<string>", line 110, in <module>
File "/Users/joshua/anaconda/lib/python3.5/site-packages/google/cloud/storage/client.py", line 193, in lookup_bucket
return self.get_bucket(bucket_name)
File "/Users/joshua/anaconda/lib/python3.5/site-packages/google/cloud/storage/client.py", line 173, in get_bucket
bucket.reload(client=self)
File "/Users/joshua/anaconda/lib/python3.5/site-packages/google/cloud/storage/_helpers.py", line 99, in reload
_target_object=self)
File "/Users/joshua/anaconda/lib/python3.5/site-packages/google/cloud/_http.py", line 303, in api_request
error_info=method + ' ' + url)
google.cloud.exceptions.Forbidden: 403 Caller does not have storage.buckets.get access to bucket bucket0000. (GET https://www.googleapis.com/storage/v1/b/bucket0000?projection=noAcl)
我似乎仍被视为匿名用户(根据回溯中的 googleapis.com 链接)
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Anonymous users does not have storage.buckets.get access to bucket bucket0000.",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Anonymous users does not have storage.buckets.get access to bucket bucket0000."
}
}
再次尝试,这次使用 google.auth,我创建了一个凭据变量,并观察打印的内容似乎有效:<oauth2client.service_account._JWTAccessCredentials object at 0x107df0358>
我尝试将此凭据变量放入 storage.Client(),但这似乎不起作用。
# Get storage bucket for image files
storage = storage.Client(project_id, credentials=credentials)
bucket = storage.lookup_bucket('bucket0000')
>>> Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "<string>", line 6, in <module>
File "/Users/joshua/anaconda/lib/python3.5/site-packages/google/cloud/storage/client.py", line 59, in __init__
_http=_http)
File "/Users/joshua/anaconda/lib/python3.5/site-packages/google/cloud/client.py", line 212, in __init__
Client.__init__(self, credentials=credentials, _http=_http)
File "/Users/joshua/anaconda/lib/python3.5/site-packages/google/cloud/client.py", line 126, in __init__
raise ValueError(_GOOGLE_AUTH_CREDENTIALS_HELP)
ValueError: This library only supports credentials from google-auth-library-python. See https://google-cloud-python.readthedocs.io/en/latest/google-cloud-auth.html for help on authentication with this library
当然,此回溯将我引导至页面 google-cloud-python.readthedocs.io ... 不存在 ...
有什么方法可以在不使用控制台/Web 登录的情况下让对云存储的 API 调用正常工作?
非常感谢!
【问题讨论】:
标签: python google-app-engine oauth-2.0 google-authentication