在 Google Compute Engine 上使用应用程序默认凭据访问工作表 API
Use Application Default Credentials on Google Compute Engine to access Sheets API
ADC(应用程序默认凭据)工作流是否仅支持 Google Cloud APIs(例如,支持 Google Cloud Storage API,但不支持Google Sheet API)?
我指的是 google.auth's default method - 无需使用代码存储任何私钥是一个巨大的胜利,也是有效使用 ADC(应用程序默认凭据)设置的主要好处。
如果我将 GOOGLE_APPLICATION_CREDENTIALS 环境变量设置为私钥文件,则以下代码有效,比如 key.json。根据 google.auth 包的第 1 步,这与 default 方法内联:1. If the environment variable GOOGLE_APPLICATION_CREDENTIALS is set to the path of a valid service account JSON private key file, then it is loaded and returned.
import google.auth
from apiclient import discovery
credentials, project_id = google.auth.default(scopes=['https://www.googleapis.com/auth/spreadsheets'])
sheets = discovery.build('sheets', 'v4', credentials=credentials)
SPREADSHEETID = '....'
result = sheets.spreadsheets().values().get(spreadsheetId=SPREADSHEETID, range='Sheet1!A:B').execute()
print result.get('values', [])
现在,查看方法的第 4 步:4. If the application is running in Compute Engine or the App Engine flexible environment then the credentials and project ID are obtained from the Metadata Service.
如果我删除 Google 计算实例上的 GOOGLE_APPLICATION_CREDENTIALS 环境变量,我会收到以下错误:
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://sheets.googleapis.com/v4/spreadsheets/..../values/Sheet1%21A%3AB?alt=json returned "Request had insufficient authentication scopes.">
根据 Cloud Console,这与 Google 的向导不一致:
根据this documentation, the scope that you're using requires Oauth 2.0授权。因此,需要用户登录并同意。
构建构造函数的凭据是可选的。省略它们,Cloud Function 服务帐户将用于针对 Sheet.
进行身份验证
from apiclient import discovery
sheets = discovery.build('sheets', 'v4')
SPREADSHEETID = '....'
result = sheets.spreadsheets().values().get(spreadsheetId=SPREADSHEETID, range='Sheet1!A:B').execute()
print result.get('values', [])
ADC(应用程序默认凭据)工作流是否仅支持 Google Cloud APIs(例如,支持 Google Cloud Storage API,但不支持Google Sheet API)?
我指的是 google.auth's default method - 无需使用代码存储任何私钥是一个巨大的胜利,也是有效使用 ADC(应用程序默认凭据)设置的主要好处。
如果我将 GOOGLE_APPLICATION_CREDENTIALS 环境变量设置为私钥文件,则以下代码有效,比如 key.json。根据 google.auth 包的第 1 步,这与 default 方法内联:1. If the environment variable GOOGLE_APPLICATION_CREDENTIALS is set to the path of a valid service account JSON private key file, then it is loaded and returned.
import google.auth
from apiclient import discovery
credentials, project_id = google.auth.default(scopes=['https://www.googleapis.com/auth/spreadsheets'])
sheets = discovery.build('sheets', 'v4', credentials=credentials)
SPREADSHEETID = '....'
result = sheets.spreadsheets().values().get(spreadsheetId=SPREADSHEETID, range='Sheet1!A:B').execute()
print result.get('values', [])
现在,查看方法的第 4 步:4. If the application is running in Compute Engine or the App Engine flexible environment then the credentials and project ID are obtained from the Metadata Service.
如果我删除 Google 计算实例上的 GOOGLE_APPLICATION_CREDENTIALS 环境变量,我会收到以下错误:
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://sheets.googleapis.com/v4/spreadsheets/..../values/Sheet1%21A%3AB?alt=json returned "Request had insufficient authentication scopes.">
根据 Cloud Console,这与 Google 的向导不一致:
根据this documentation, the scope that you're using requires Oauth 2.0授权。因此,需要用户登录并同意。
构建构造函数的凭据是可选的。省略它们,Cloud Function 服务帐户将用于针对 Sheet.
进行身份验证from apiclient import discovery
sheets = discovery.build('sheets', 'v4')
SPREADSHEETID = '....'
result = sheets.spreadsheets().values().get(spreadsheetId=SPREADSHEETID, range='Sheet1!A:B').execute()
print result.get('values', [])