Google app engine Google云函数中的JWT认证
在使用Google Cloud函数中的模块“googleapis”调用时,我无法排除Google Dataflow API发出403响应的原因 该代码在我的PC上运行时使用的代码与在云函数上运行的代码相同。 正在从存储在Google存储桶中的对象检索JWT.json文件 代码如下所示:Google app engine Google云函数中的JWT认证,google-app-engine,google-cloud-dataflow,google-api-nodejs-client,Google App Engine,Google Cloud Dataflow,Google Api Nodejs Client,在使用Google Cloud函数中的模块“googleapis”调用时,我无法排除Google Dataflow API发出403响应的原因 该代码在我的PC上运行时使用的代码与在云函数上运行的代码相同。 正在从存储在Google存储桶中的对象检索JWT.json文件 代码如下所示: ... return getToken(). //Retrieves the JWT Client from Google Storage then(function (jwtToken) {
...
return getToken(). //Retrieves the JWT Client from Google Storage
then(function (jwtToken) {
console.log("Token: ", JSON.stringify(jwtToken));
return dataFlowList({
projectId: adc.projectId,
auth: jwtToken,
filter: "TERMINATED"
}).then(list => filterDataflowJobList(list))
...
这里是getToken
函数:
...
let storage: CloudStorage.Storage = CloudStorage({
projectId: adc.projectId
});
var bucket: CloudStorage.Bucket = storage.bucket(bucketName);
var bucketGetFiles = PromiseLab.denodeify(bucket.getFiles);
var stream = bucket.file(jwtJsonFileName).createReadStream();
return toString(stream)
.then(function (msg) {
var jsonJwt = JSON.parse(msg);
var jwtClient = new google.auth.JWT(
jsonJwt.client_email,
null,
jsonJwt.private_key,
['https://www.googleapis.com/auth/cloud-platform'], // an array of auth scopes
null
);
return jwtClient;
}).catch(function (error) {
console.log("Error while trying to retrieve JWT json");
throw error;
})
}
...
我的总部设在欧盟,云功能受美国约束,会是这样吗?
数据流作业也在美国运行在Google Function上运行时,我使用的身份验证检索方法没有检索projectId,因此未经授权
async function getADC() {
// Acquire a client and the projectId based on the environment. This method looks
// for the GCLOUD_PROJECT and GOOGLE_APPLICATION_CREDENTIALS environment variables.
const res = await auth.getApplicationDefault();
let client = res.credential;
// The createScopedRequired method returns true when running on GAE or a local developer
// machine. In that case, the desired scopes must be passed in manually. When the code is
// running in GCE or a Managed VM, the scopes are pulled from the GCE metadata server.
// See https://cloud.google.com/compute/docs/authentication for more information.
if (client.createScopedRequired && client.createScopedRequired()) {
// Scopes can be specified either as an array or as a single, space-delimited string.
const scopes = ['https://www.googleapis.com/auth/cloud-platform'];
client = client.createScoped(scopes);
}
return {
client: client,
projectId: res.projectId
}
}
我通过查看错误日志中的头请求发现了它,它的形式为:url:“”(注意项目和作业之间的双“/”