我正在尝试使用具有域范围授权的服务帐户从 App Engine 使用 Admin SDK API,允许它模拟管理员。
我找到了几个指南来这样做,但没有一个能像我预期的那样工作。
以下代码已部署到 App Engine Standard。
主要.py
from flask import Flask
from google.auth import app_engine
import google.auth
try:
import googleclouddebugger
googleclouddebugger.enable()
except ImportError:
pass
SCOPES = ['https://www.googleapis.com/auth/admin.directory.user']
app = Flask(__name__)
@app.route('/')
def hello():
credentials, project = google.auth.default()
appIdentity = app_engine.app_identity
credentials = app_engine.Credentials(scopes=SCOPES)
ret = "Expired:{}".format(credentials.expired)
ret += "\nvalid:{}".format(credentials.valid)
return 'Hello World!\n'+ret
if __name__ == '__main__':
app.run(host='127.0.0.1', port=8080, debug=True)
应用.yaml
runtime: python37
代码 credentials = app_engine.Credentials(scopes=SCOPES)
将导致应用程序出现 500 错误消息,因为 app_engine.app_identity
始终是 none
.
"Traceback (most recent call last):
File "/env/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app
response = self.full_dispatch_request()
File "/env/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/env/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/env/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/env/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
rv = self.dispatch_request()
File "/env/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/srv/main.py", line 52, in hello
credentials = app_engine.Credentials(scopes=SCOPES)
File "/env/lib/python3.7/site-packages/google/auth/app_engine.py", line 107, in __init__
'The App Engine APIs are not available.')
OSError: The App Engine APIs are not available."
如您所见,错误报告The App Engine APIs are not available
但是 GCP 项目中没有同名的 API。
下面是我在项目中启用的所有 API,试图实现它的要求。当然,错误还是会出现。
这是一个测试环境,如果有人需要访问,请询问,我很乐意为您授予 GCP 项目的查看权限
感谢您的宝贵时间:)
最佳答案
您正在使用与应用引擎 API 不兼容的 python37 运行时(第二代标准环境)(只有 python27/第一代兼容)。来自 Understanding differences between the Python 2 and Python 3 environments :
Proprietary App Engine APIs are not available in Python 3. This section lists recommended replacements.
from google.auth import app_engine
实际上无法使用,因为它们基于 App Identity API ,那些专有的之一。
对于 python37 运行时中的身份验证,请遵循 Granting your app access to Cloud services部分。基本上不同于 App Identity API,您在其中调用 Credentials()
一次,然后使用应用程序身份访问服务,在 python37 中,您使用相应的服务 API Client( )
调用(或等价物):
# If you don't specify credentials when constructing the client, the # client library will look for credentials in the environment. storage_client = storage.Client()
如果您要使用的服务帐户不是应用程序的默认服务帐户,那么您需要指定它:
You can override this default flow by doing any of the following:
Set the
GOOGLE_APPLICATION_CREDENTIALS
environment variable. If this variable is set, Cloud services use the credentials specified by the variable instead of the default service account.Specify credentials when you instantiate the
Client
object for a Cloud service. For example, if your app is calling a Cloud service in a different project, you may need to pass credentials manually.
关于python-3.x - GCP-The App Engine APIs are not available, with py 3,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58039984/