为 Cloud SQL API 获取 Google Cloud 访问令牌以在 Cloud Function 中导入 CSV
Obtaining a Google Cloud access token for the Cloud SQL API to import a CSV in a Cloud Function
我正在寻找有关如何获取访问令牌的 python 3 示例,以便我可以将来自 GCS 的 csv 文件从 Google 云导入云 SQL函数.
它来自 Cloud Function,因此期望运行它的服务帐户或 Cloud SQL 实例的服务帐户在获得访问权限的情况下具有访问权限,但事实并非如此。
Response HTTP Response Body: {
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED"
}
}
下面是代码,我很好奇是否有人有一些示例代码可以让我验证它。
response = requests.post(
url="https://www.googleapis.com/sql/v1beta4/projects/redacted-project/instances/redacted-instance/import",
headers={"Content-Type": "application/json; charset=utf-8"
},
data=json.dumps({
"importContext": {
"fileType": "CSV",
"csvImportOptions": {
"table": "service_data"
},
"uri": "gs://redacted-bucket/log/" + blob.name + "",
"database": "redacted-db"
}
})
)
print('Response HTTP Status Code: {status_code}'.format(status_code=response.status_code))
print('Response HTTP Response Body: {content}'.format(content=response.content))
您应该使用 google-api-python-client 为这个 API 构建服务,而不是尝试直接发出请求。这将允许它获取 Cloud Functions 的默认服务帐户:
from googleapiclient.discovery import build
service = build('sql', 'v1beta4')
...
此处有更多详细信息:https://github.com/googleapis/google-api-python-client/blob/master/docs/start.md
在 Google Cloud Functions 中,您可以通过 querying the metadata server.
获取授权令牌
不过,还有一个更简单的选择:使用 Cloud SQL Client Library。这将自动为您获取授权令牌。
这两个选项都将使用 PROJECT_ID@appspot.gserviceaccount.com 服务帐户进行身份验证。如果您正在进行跨项目调用等,您可能需要授予该帐户权限。
1.From 您的 Google Cloud Functions,通过查询元数据服务器获取身份验证令牌,假设您的 Cloud Functions 在默认服务帐户下运行,即 App Engine 默认服务帐户并具有 Editor.
import requests
import json
METADATA_URL = 'http://metadata.google.internal/computeMetadata/v1/'
METADATA_HEADERS = {'Metadata-Flavor': 'Google'}
SERVICE_ACCOUNT = 'default'
def import_table(request):
url = '{}instance/service-accounts/{}/token'.format(
METADATA_URL, SERVICE_ACCOUNT)
# Request an access token from the metadata server.
r = requests.get(url, headers=METADATA_HEADERS)
r.raise_for_status()
# Extract the access token from the response.
access_token = r.json()["access_token"]
body = json.dumps({'importContext': {'fileType': 'CSV',
'csvImportOptions': {'table': 'your_table'},
'uri': 'gs://temprun/your_dump_file',
'database': 'your_database'}})
response = requests.post(
url="https://www.googleapis.com/sql/v1beta4/projects/your_project/instances/your_sql_instance/import",
headers={"Content-Type": "application/json; charset=utf-8",
"Authorization": "Bearer {}".format(access_token)
},
data=body)
return str(response)
2.Using 客户端库 google-api-python-client:
def import_table(request):
from googleapiclient.discovery import build
service = build('sqladmin', 'v1beta4')
body = {'importContext': {'fileType': 'CSV',
'csvImportOptions': {'table': 'your_table'},
'uri': 'gs://temprun/your_dump_file',
'database': 'your_database'}}
service.instances().import_(project='your_project', instance='your_instance', body=body).execute()
return "Table was imported"
如果成功,响应主体包含一个操作实例。
{'kind': 'sql#operation',
'targetLink': 'https://sqladmin.googleapis.com/sql/v1beta4/projects/your-project/instances/instance',
'status': 'PENDING',
'user': 'youraccount,
'insertTime': '2020-03-18T09:02:55.437Z',
'operationType': 'IMPORT',
'importContext': {'uri': 'gs://yourbucket/dumpfile',
'database': 'yourdatabase',
'kind': 'sql#importContext',
'fileType': 'CSV',
'csvImportOptions': {'table': 'sql-table}},
'name': 'cdcd53d4-96fe-41cf-aee4-12cf6ec6394e',
'targetId': 'instance_name',
'selfLink': 'https://sqladmin.googleapis.com/sql/v1beta4/projects/project/operations/cdcd53d4-96fe-41cf-aee4-12cf6ec6394e',
'targetProject': 'your-project'}
我正在寻找有关如何获取访问令牌的 python 3 示例,以便我可以将来自 GCS 的 csv 文件从 Google 云导入云 SQL函数.
它来自 Cloud Function,因此期望运行它的服务帐户或 Cloud SQL 实例的服务帐户在获得访问权限的情况下具有访问权限,但事实并非如此。
Response HTTP Response Body: {
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED"
}
}
下面是代码,我很好奇是否有人有一些示例代码可以让我验证它。
response = requests.post(
url="https://www.googleapis.com/sql/v1beta4/projects/redacted-project/instances/redacted-instance/import",
headers={"Content-Type": "application/json; charset=utf-8"
},
data=json.dumps({
"importContext": {
"fileType": "CSV",
"csvImportOptions": {
"table": "service_data"
},
"uri": "gs://redacted-bucket/log/" + blob.name + "",
"database": "redacted-db"
}
})
)
print('Response HTTP Status Code: {status_code}'.format(status_code=response.status_code))
print('Response HTTP Response Body: {content}'.format(content=response.content))
您应该使用 google-api-python-client 为这个 API 构建服务,而不是尝试直接发出请求。这将允许它获取 Cloud Functions 的默认服务帐户:
from googleapiclient.discovery import build
service = build('sql', 'v1beta4')
...
此处有更多详细信息:https://github.com/googleapis/google-api-python-client/blob/master/docs/start.md
在 Google Cloud Functions 中,您可以通过 querying the metadata server.
获取授权令牌不过,还有一个更简单的选择:使用 Cloud SQL Client Library。这将自动为您获取授权令牌。
这两个选项都将使用 PROJECT_ID@appspot.gserviceaccount.com 服务帐户进行身份验证。如果您正在进行跨项目调用等,您可能需要授予该帐户权限。
1.From 您的 Google Cloud Functions,通过查询元数据服务器获取身份验证令牌,假设您的 Cloud Functions 在默认服务帐户下运行,即 App Engine 默认服务帐户并具有 Editor.
import requests
import json
METADATA_URL = 'http://metadata.google.internal/computeMetadata/v1/'
METADATA_HEADERS = {'Metadata-Flavor': 'Google'}
SERVICE_ACCOUNT = 'default'
def import_table(request):
url = '{}instance/service-accounts/{}/token'.format(
METADATA_URL, SERVICE_ACCOUNT)
# Request an access token from the metadata server.
r = requests.get(url, headers=METADATA_HEADERS)
r.raise_for_status()
# Extract the access token from the response.
access_token = r.json()["access_token"]
body = json.dumps({'importContext': {'fileType': 'CSV',
'csvImportOptions': {'table': 'your_table'},
'uri': 'gs://temprun/your_dump_file',
'database': 'your_database'}})
response = requests.post(
url="https://www.googleapis.com/sql/v1beta4/projects/your_project/instances/your_sql_instance/import",
headers={"Content-Type": "application/json; charset=utf-8",
"Authorization": "Bearer {}".format(access_token)
},
data=body)
return str(response)
2.Using 客户端库 google-api-python-client:
def import_table(request):
from googleapiclient.discovery import build
service = build('sqladmin', 'v1beta4')
body = {'importContext': {'fileType': 'CSV',
'csvImportOptions': {'table': 'your_table'},
'uri': 'gs://temprun/your_dump_file',
'database': 'your_database'}}
service.instances().import_(project='your_project', instance='your_instance', body=body).execute()
return "Table was imported"
如果成功,响应主体包含一个操作实例。
{'kind': 'sql#operation',
'targetLink': 'https://sqladmin.googleapis.com/sql/v1beta4/projects/your-project/instances/instance',
'status': 'PENDING',
'user': 'youraccount,
'insertTime': '2020-03-18T09:02:55.437Z',
'operationType': 'IMPORT',
'importContext': {'uri': 'gs://yourbucket/dumpfile',
'database': 'yourdatabase',
'kind': 'sql#importContext',
'fileType': 'CSV',
'csvImportOptions': {'table': 'sql-table}},
'name': 'cdcd53d4-96fe-41cf-aee4-12cf6ec6394e',
'targetId': 'instance_name',
'selfLink': 'https://sqladmin.googleapis.com/sql/v1beta4/projects/project/operations/cdcd53d4-96fe-41cf-aee4-12cf6ec6394e',
'targetProject': 'your-project'}