Google cloud platform 谷歌云API:禁止使用服务帐户密钥访问启用的API
我在使用服务帐户P12密钥时遇到问题,并获得HttpError 403 但是,如果使用Web OAuth并使用客户机ID和Secret,则不会出现此问题。但是,我正在创建一个服务到服务的应用程序 谷歌云API JSON已启用Google cloud platform 谷歌云API:禁止使用服务帐户密钥访问启用的API,google-cloud-platform,google-api-python-client,Google Cloud Platform,Google Api Python Client,我在使用服务帐户P12密钥时遇到问题,并获得HttpError 403 但是,如果使用Web OAuth并使用客户机ID和Secret,则不会出现此问题。但是,我正在创建一个服务到服务的应用程序 谷歌云API JSON已启用 import os from httplib2 import Http from pprintpp import pprint from oauth2client.client import SignedJwtAssertionCredentials from apicl
import os
from httplib2 import Http
from pprintpp import pprint
from oauth2client.client import SignedJwtAssertionCredentials
from apiclient.discovery import build
from googleapiclient.errors import HttpError
SITE_ROOT = \
os.path.dirname(os.path.realpath(__file__))
P12_FILE = \
"REDACTED-0123456789.p12"
P12_PATH = os.path.join(SITE_ROOT, P12_FILE)
pprint(P12_PATH)
SCOPE = \
'https://www.googleapis.com/auth/devstorage.read_only'
PROJECT_NAME = \
'mobileapptracking-insights'
BUCKET_NAME = \
'pubsite_prod_rev_0123456789'
CLIENT_EMAIL = \
'REDACTED-service@foo-bar-0123456789.iam.gserviceaccount.com'
private_key = None
with open(P12_PATH, "rb") as p12_fp:
private_key = p12_fp.read()
credentials = SignedJwtAssertionCredentials(
CLIENT_EMAIL,
private_key,
SCOPE)
http_auth = credentials.authorize(Http())
storage = build('storage', version='v1', http=http_auth)
request = storage.objects().list(bucket=BUCKET_NAME)
try:
response = request.execute()
except HttpError as error:
print("HttpError: %s" % str(error))
raise
except Exception as error:
print("%s: %s" % (error.__class__.__name__, str(error)))
raise
print(response)
错误消息:
HttpError: <HttpError 403 when requesting https://www.googleapis.com/storage/v1/b/pubsite_prod_rev_0123456789/o?alt=json returned "Forbidden">
HttpError:
我需要做什么来解决这个问题?您的代码看起来很好(我只是粘贴了它,更改了相应的常量,并成功地运行了它)
我想再核实一下:
- 您的客户电子邮件是p12密钥的正确电子邮件
- 您列出的bucket可供该服务帐户访问
- 验证您是否可以列出公共
bucketuspto对
并设置导入httplib2
,并验证所发出的请求是否为预期的请求httplib2.debuglevel=1