使用服务帐户使用独立 Python 脚本连接到 Google 云存储
Connecting to Google Cloud Storage using standalone Python script using service account
我正在尝试使用服务帐户从独立的 python 脚本连接到 Google 云存储。我是来自本地系统的 运行 这个脚本。我还使用 gcloud auth 激活了服务帐户,并添加了 "GOOGLE_APPLICATION_CREDENTIALS" 以指向 client_secrets.json 文件。
身份验证无效,失败并显示以下日志:
Uploading object..
Traceback (most recent call last):
File "quickstart.py", line 122, in
main(args.bucket, args.filename, args.reader, args.owner)
File "quickstart.py", line 16, in main
resp = upload_object(bucket, filename, readers, owners)
File "quickstart.py", line 43, in upload_object
service = create_service()
File "quickstart.py", line 39, in create_service
return discovery.build('storage', 'v1', http=http_auth)
File "build/bdist.macosx-10.12-intel/egg/oauth2client/util.py", line 137, in positional_wrapper
File "build/bdist.macosx-10.12-intel/egg/googleapiclient/discovery.py", line 214, in build
File "build/bdist.macosx-10.12-intel/egg/googleapiclient/discovery.py", line 261, in _retrieve_discovery_doc
File "build/bdist.macosx-10.12-intel/egg/oauth2client/transport.py", line 153, in new_request
File "build/bdist.macosx-10.12-intel/egg/oauth2client/client.py", line 765, in _refresh
File "build/bdist.macosx-10.12-intel/egg/oauth2client/client.py", line 797, in _do_refresh_request
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1609, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1351, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1272, in _conn_request
conn.connect()
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1036, in connect
self.disable_ssl_certificate_validation, self.ca_certs)
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 80, in _ssl_wrap_socket
cert_reqs=cert_reqs, ca_certs=ca_certs)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 911, in wrap_socket
ciphers=ciphers)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 520, in __init__
self._context.load_verify_locations(ca_certs)
IOError: [Errno 13] Permission denied
这是我尝试 运行 验证的代码片段:
import oauth2client
from oauth2client.service_account import ServiceAccountCredentials
from httplib2 import Http
from googleapiclient import discovery
import argparse
import filecmp
import json
import tempfile
import logging
logging.basicConfig(filename='debug.log',level=logging.DEBUG)
def main(bucket, filename, readers=[], owners=[]):
print('Uploading object..')
resp = upload_object(bucket, filename, readers, owners)
print(json.dumps(resp, indent=2))
def create_service():
scopes = ['https://www.googleapis.com/auth/devstorage.read_write']
credentials = ServiceAccountCredentials.from_json_keyfile_name('client_secrets.json', scopes)
http_auth = credentials.authorize(Http())
return discovery.build('storage', 'v1', http=http_auth)
def upload_object(bucket, filename, readers, owners):
service = create_service()
# This is the request body as specified:
# http://g.co/cloud/storage/docs/json_api/v1/objects/insert#request
body = {
'name': filename,
}
# If specified, create the access control objects and add them to the
# request body
if readers or owners:
body['acl'] = []
for r in readers:
body['acl'].append({
'entity': 'user-%s' % r,
'role': 'READER',
'email': r
})
for o in owners:
body['acl'].append({
'entity': 'user-%s' % o,
'role': 'OWNER',
'email': o
})
# Now insert them into the specified bucket as a media insertion.
# http://g.co/dv/resources/api-libraries/documentation/storage/v1/python/latest/storage_v1.objects.html#insert
with open(filename, 'rb') as f:
req = service.objects().insert(
bucket=bucket, body=body,
# You can also just set media_body=filename, but for the sake of
# demonstration, pass in the more generic file handle, which could
# very well be a StringIO or similar.
media_body=http.MediaIoBaseUpload(f, 'application/octet-stream'))
resp = req.execute()
return resp
我尝试查看 google 开发者论坛和其他博客中的多个示例。都显示相同的代码。不确定这里出了什么问题。
回溯的最后一行表明您的 Python 脚本无法使用正确的权限访问磁盘上的资源。
IOError: [Errno 13] Permission denied
一个简单的修复方法是 运行 使用 sudo 来修复这个脚本。
从错误来看,它看起来像是一个简单的权限问题。您是否 运行 具有 root 权限的程序?如果不是,则 运行 来自命令行的文件以 sudo 开头。
注意:IDLE 不使用 root 运行。
我正在尝试使用服务帐户从独立的 python 脚本连接到 Google 云存储。我是来自本地系统的 运行 这个脚本。我还使用 gcloud auth 激活了服务帐户,并添加了 "GOOGLE_APPLICATION_CREDENTIALS" 以指向 client_secrets.json 文件。
身份验证无效,失败并显示以下日志:
Uploading object..
Traceback (most recent call last):
File "quickstart.py", line 122, in
main(args.bucket, args.filename, args.reader, args.owner)
File "quickstart.py", line 16, in main
resp = upload_object(bucket, filename, readers, owners)
File "quickstart.py", line 43, in upload_object
service = create_service()
File "quickstart.py", line 39, in create_service
return discovery.build('storage', 'v1', http=http_auth)
File "build/bdist.macosx-10.12-intel/egg/oauth2client/util.py", line 137, in positional_wrapper
File "build/bdist.macosx-10.12-intel/egg/googleapiclient/discovery.py", line 214, in build
File "build/bdist.macosx-10.12-intel/egg/googleapiclient/discovery.py", line 261, in _retrieve_discovery_doc
File "build/bdist.macosx-10.12-intel/egg/oauth2client/transport.py", line 153, in new_request
File "build/bdist.macosx-10.12-intel/egg/oauth2client/client.py", line 765, in _refresh
File "build/bdist.macosx-10.12-intel/egg/oauth2client/client.py", line 797, in _do_refresh_request
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1609, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1351, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1272, in _conn_request
conn.connect()
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1036, in connect
self.disable_ssl_certificate_validation, self.ca_certs)
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 80, in _ssl_wrap_socket
cert_reqs=cert_reqs, ca_certs=ca_certs)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 911, in wrap_socket
ciphers=ciphers)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 520, in __init__
self._context.load_verify_locations(ca_certs)
IOError: [Errno 13] Permission denied
这是我尝试 运行 验证的代码片段:
import oauth2client
from oauth2client.service_account import ServiceAccountCredentials
from httplib2 import Http
from googleapiclient import discovery
import argparse
import filecmp
import json
import tempfile
import logging
logging.basicConfig(filename='debug.log',level=logging.DEBUG)
def main(bucket, filename, readers=[], owners=[]):
print('Uploading object..')
resp = upload_object(bucket, filename, readers, owners)
print(json.dumps(resp, indent=2))
def create_service():
scopes = ['https://www.googleapis.com/auth/devstorage.read_write']
credentials = ServiceAccountCredentials.from_json_keyfile_name('client_secrets.json', scopes)
http_auth = credentials.authorize(Http())
return discovery.build('storage', 'v1', http=http_auth)
def upload_object(bucket, filename, readers, owners):
service = create_service()
# This is the request body as specified:
# http://g.co/cloud/storage/docs/json_api/v1/objects/insert#request
body = {
'name': filename,
}
# If specified, create the access control objects and add them to the
# request body
if readers or owners:
body['acl'] = []
for r in readers:
body['acl'].append({
'entity': 'user-%s' % r,
'role': 'READER',
'email': r
})
for o in owners:
body['acl'].append({
'entity': 'user-%s' % o,
'role': 'OWNER',
'email': o
})
# Now insert them into the specified bucket as a media insertion.
# http://g.co/dv/resources/api-libraries/documentation/storage/v1/python/latest/storage_v1.objects.html#insert
with open(filename, 'rb') as f:
req = service.objects().insert(
bucket=bucket, body=body,
# You can also just set media_body=filename, but for the sake of
# demonstration, pass in the more generic file handle, which could
# very well be a StringIO or similar.
media_body=http.MediaIoBaseUpload(f, 'application/octet-stream'))
resp = req.execute()
return resp
我尝试查看 google 开发者论坛和其他博客中的多个示例。都显示相同的代码。不确定这里出了什么问题。
回溯的最后一行表明您的 Python 脚本无法使用正确的权限访问磁盘上的资源。
IOError: [Errno 13] Permission denied
一个简单的修复方法是 运行 使用 sudo 来修复这个脚本。
从错误来看,它看起来像是一个简单的权限问题。您是否 运行 具有 root 权限的程序?如果不是,则 运行 来自命令行的文件以 sudo 开头。
注意:IDLE 不使用 root 运行。