如何在Google和本地开发服务器中使用私钥文件和模拟用户(DWD)的服务帐户?
如何在Google和本地开发服务器中使用私钥文件和模拟用户(DWD)的服务帐户?
提问于 2018-03-05 17:40:42
应用程序: Google标准环境
目的:通过google-api-python-client (而不是云app )访问Google (而不是Cloud ),例如工作表API v4,通过使用服务帐户并模拟用户,因为应用程序应该代表这个用户。(2条腿的auth,用户不会被要求允许访问)
我已经在生产环境中运行了一个设置,但是它只在本地开发服务器(dev_appserver.py)上运行,用于测试某个环境变量是否会被删除。我正在寻找一种不用添加/删除环境变量就能工作的解决方案。
服务帐户是为应用程序创建的,并在管理控制台中配置了域范围的委托DWD。此项目打开了Sheets。
在许多可用的快速启动、示例和引用中,只有在阅读了用于Python文档的Google库 (google-auth)之后,我才注意到缺少的部分(环境变量和SSL库),并最终获得了在生产中运行的代码。
应用程序代码将使用从云控制台IAM下载的私钥JSON文件。
requirements.txt
# as suggested by almost all docs, but this isn't everything we need:
google-api-python-client==1.6.5
google-auth==1.4.0
google-auth-httplib2==0.0.3app.yaml
env_variables:
# enable socket support of paid app, needed for OAuth2 service-accounts
# see google-auth documentation, v1.4.1, chapter 1.2.4
GAE_USE_SOCKETS_HTTPLIB : true
# some other stuff
libraries:
# to make HTTPS calls to other services, needed for OAuth2 service-accounts
# see google-auth documentation, v1.4.1, chapter 1.2.4
- name: ssl
version: latestappengine_config.py (工作表API v4访问的部分示例)
from google.oauth2 import service_account
SCOPES = ["https://www.googleapis.com/auth/spreadsheets"]
APP_ROOT_DIR = os.path.abspath(os.path.dirname(__file__))
SERVICE_ACCOUNT_FILE = "service-account-private-key.json"
import googleapiclient.discovery
credentials = service_account.Credentials.from_service_account_file(SERVICE_ACCOUNT_FILE, scopes=SCOPES)
# impersonate as user@example.com (G Suite domain account)
credentials = credentials.with_subject('user@example.com')
service = googleapiclient.discovery.build('sheets', 'v4', credentials=credentials)
# until here, the code works in production and local dev server
result = service.spreadsheets().values().get(spreadsheetId="DOC-ID-HERE", range="A1:C5").execute()
# execute() will work only in production,
# on local dev, it will raise an ResponseNotReady exception溯源
ERROR 2018-03-05 16:32:03,183 wsgi.py:263]
Traceback (most recent call last):
File "/Users/user/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 240, in Handle
handler = _config_handle.add_wsgi_middleware(self._LoadHandler())
File "/Users/user/google-cloud-sdk/platform/google_appengine/google/appengine/api/lib_config.py", line 351, in __getattr__
self._update_configs()
File "/Users/user/google-cloud-sdk/platform/google_appengine/google/appengine/api/lib_config.py", line 287, in _update_configs
self._registry.initialize()
File "/Users/user/google-cloud-sdk/platform/google_appengine/google/appengine/api/lib_config.py", line 160, in initialize
import_func(self._modname)
File "/Users/user/git/project/gae/appengine_config.py", line 143, in <module>
spreadsheetId=spreadsheetId, range=rangeName).execute()
File "/Users/user/git/project/gae/_lib/oauth2client/_helpers.py", line 133, in positional_wrapper
return wrapped(*args, **kwargs)
File "/Users/user/git/project/gae/_lib/googleapiclient/http.py", line 839, in execute
method=str(self.method), body=self.body, headers=self.headers)
File "/Users/user/git/project/gae/_lib/googleapiclient/http.py", line 166, in _retry_request
resp, content = http.request(uri, method, *args, **kwargs)
File "/Users/user/git/project/gae/_lib/google_auth_httplib2.py", line 187, in request
self._request, method, uri, request_headers)
File "/Users/user/git/project/gae/_lib/google/auth/credentials.py", line 121, in before_request
self.refresh(request)
File "/Users/user/git/project/gae/_lib/google/oauth2/service_account.py", line 322, in refresh
request, self._token_uri, assertion)
File "/Users/user/git/project/gae/_lib/google/oauth2/_client.py", line 145, in jwt_grant
response_data = _token_endpoint_request(request, token_uri, body)
File "/Users/user/git/project/gae/_lib/google/oauth2/_client.py", line 106, in _token_endpoint_request
method='POST', url=token_uri, headers=headers, body=body)
File "/Users/user/git/project/gae/_lib/google_auth_httplib2.py", line 116, in __call__
url, method=method, body=body, headers=headers, **kwargs)
File "/Users/user/git/project/gae/_lib/httplib2/__init__.py", line 1659, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/Users/user/git/project/gae/_lib/httplib2/__init__.py", line 1399, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/Users/user/git/project/gae/_lib/httplib2/__init__.py", line 1355, in _conn_request
response = conn.getresponse()
File "/Users/user/google-cloud-sdk/platform/google_appengine/google/appengine/dist27/python_std_lib/httplib.py", line 1121, in getresponse
raise ResponseNotReady()我已经知道,如果我从app.yaml的GAE_USE_SOCKETS_HTTPLIB列表中删除env_variables,代码将在本地开发服务器上工作(但不再在生产中)。
我在这里做错什么了吗?对于这两种环境,我是否可以使用相同的代码(可能有一个小开关),而不需要手动地从app.yaml中添加/删除变量?
回答 1
Stack Overflow用户
回答已采纳
发布于 2018-03-16 11:29:04
- 目的:通过google- API -python-客户机访问Google API(不是云API),例如Sheets API v4,…。。
这里解释说:
私有、广播、多播和Google范围(以下白名单除外)被阻止:
- Google公共DNS: 8.8.8.8,8.8.4.4,2001:4860:4860:8888,2001:4860:4860:8844端口53
- Gmail SMTPS: smtp.gmail.com端口465和587
- Gmail POP3S: pop.gmail.com端口995
- Gmail IMAPS: imap.gmail.com端口993
- 我已经知道,如果我从app.yaml的
GAE_USE_SOCKETS_HTTPLIB列表中删除env_variables,代码将在本地开发服务器上工作(但不再在生产中)。
这是解释这里
与开发服务器一起使用套接字 您可以使用开发服务器上的套接字运行和测试代码,而无需使用任何特殊的命令行参数。
希望这对你有帮助:)
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/49116395
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号