如何使用json凭证文件对gcloud大查询进行身份验证?

时间:2016-02-20 21:34:05

标签: python json authentication google-bigquery google-cloud-python

gcloud documentation for google bigquery中,它声明可以从from_service_account_json确定身份验证。

我尝试了以下

from gcloud import bigquery
client = bigquery.Client.from_service_account_json('/Library/gcloud_api_credentials.json')

json文件如下所示(注意:加扰的凭据因此现在是假的)。

{"type": "service_account",
"project_id": "example_project",
  "private_key_id": "c7e371776ab6e2dsfafdsaff97edf9377178c8",
  "private_key": "-----BEGIN PRIVATE KEY-----\nXXXXXXXXAgEAAoIBAQDBIAaPzRVOT12J\nfPKzJ/tgVTJWHWiO29C/OpjRbd4WUFNEfX3mdShYoVo9+F7u3QSlCxA4SgZmro0s\n/yQKyhCrpcmrmWJyr5VqqIvqScJVJzBvLHCto/JoydCSzYQJz89vltZ11NZE1n+W\ncvF2ygX9oM/dyUK/1eVsJOIoj4qj2jpRuQhxgh0ag2HVYlmAfnP9wfTdLeoV0e/z\n0WtBNesCrekh/ooldbxcDa6KvLJpBKu6BJg0nYWtnB0Q2hEZl1msNDs9lsMIWI/4\nRwz4iEv67HDTDaTerF89sFsPW5dyybnspxuNXlNSjtdABpHTU4mm1bwgRSEomuyZ\nptMp+Ck/AgMBAAECggEAYXyDE2/Yw3D4rIBwGtOh5tzazfGGaCa51u4DWiR1qRnf\nDoGyXfTh6ut4HDQV58mVoKJXC7MCTC7sgLxCO1gI1jyX8pE4yt+rMu3lwtx8xnND\n1bq/HkfWA+Nr787iSfmmopOnqk9H4fPM7+sRzH7qSz8z7qa7lQ6qAs8TgpoCx/Zt\nQsfAUDBFHP2x2msngZVkW2rZiCJyiWDE62KI7uxlUXlnqkC9j6vXL+n/SBmVGYSn\n2crQ0CONdBXvk753E4e3AhhA7VUcQorhEnYGFcsI2L9s1mK2SOGnakAukyZpoqQG\n//UmCX/lSu4SpfKi+NFedtQLfZqpfU6tOhS90OzYwQKBgQD1v1FdJ05X92RzRlSb\nQUUqWNKC3OwSlFAEZnBrpY8xSlK8alLXQRQWhBjdugtnfRfvPokILoxtZcgC6rUY\ntyauXPdDbv8+U4+YtcRSf3ZqNQmIajwt/pS/aj9CpY+ZL62codVmXOnpjiaIEZLk\nECJC947oYpxBb6k5OIrecZHuzwKBgQDJLq5H4i3JNpmIHiC/xgDcL9ROrPJBZhaS\fdafsdafddsffdsf/+\nCzA/tpS/dn0i5bf4E/SFWJdFHXk/rIooEGypFNw9e2Sw5rElI3B9DYKkXpHWDLvS\ne0vHm7s6kQKBgQDAH0ZY8XXKR9r8VCupBSoxpSdOr7DQBatZBU02m0SLYHO2YdlJ\n99Lgl31pOx3XVnDz1YwEHYAjtsLbpOrX27gd8QhOa+SYsXM+DDzj0kqdVcGSKJvL\nyZA45bN3Q0A0npW4Mr1HPbSRp1RwZGzWZ9ahTDEpdI58ifNejNnkdh2E+QKBgQCQ\nkSDfuuJX8wpEzBGQfUJk92HC33h+ElQp8MOyl+2qrzTt5KQIkJ+7gbG1F2lQ/Qhc\nqaIDTPTozJds1YfpLARc/fdsfddfd/ovcaSayzV8dEGeXDKU7GrVds5\niwPqRHk3HRJwJHYrT9onoqu8XdDCVggp6ju8RmY2YQKBgQC+r2aGJTOE5BNEwoZa\nT5q5lda+ADFm9JQj9zcF6OI4UFQqJaW0KVlPdr2pH5h6PoRtyVsZ5ZbDSjbZ2+Jp\nT1fW54HoK2S+faXWEmHPIYbRGSSDRJ/Kphu28D4C8Jo8YJKn4rwd8dnWmYC/73cx\naqUiJ7TdFLUYNwl/tg/XGR3PTQ==\n-----END PRIVATE KEY-----\n",
  "client_email": "example_project@appspot.gserviceaccount.com",
  "client_id": "123422110336236066294",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/example-project%40appspot.gserviceaccount.com"
}

我收到以下错误:

Traceback (most recent call last):
  File "/Applications/PyCharm.app/Contents/helpers/pydev/pydevd.py", line 2217, in <module>
    globals = debugger.run(setup['file'], None, None)
  File "/Applications/PyCharm.app/Contents/helpers/pydev/pydevd.py", line 1643, in run
    pydev_imports.execfile(file, globals, locals)  # execute the script
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/Shippy/API/google_big_query_api.py", line 69, in <module>
    try2()
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/Shippy/API/google_big_query_api.py", line 62, in try2
    client = bigquery.Client.from_service_account_json('/Library/gcloud_api_credentials.json')
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/gcloud-0.10.1-py2.7.egg/gcloud/client.py", line 59, in from_service_account_json
    credentials = get_for_service_account_json(json_credentials_path)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/gcloud-0.10.1-py2.7.egg/gcloud/credentials.py", line 128, in get_for_service_account_json
    json_credentials_path, scopes=scope)
  File "build/bdist.macosx-10.6-x86_64/egg/oauth2client/service_account.py", line 195, in from_json_keyfile_name
  File "build/bdist.macosx-10.6-x86_64/egg/oauth2client/service_account.py", line 171, in _from_parsed_json_keyfile
  File "build/bdist.macosx-10.6-x86_64/egg/oauth2client/service_account.py", line 108, in __init__
  File "build/bdist.macosx-10.6-x86_64/egg/oauth2client/util.py", line 163, in scopes_to_string
TypeError

我想我可能错误地创建了json凭证文件,但我不确定这是怎么做的。

我也尝试从谷歌下载json文件,但现在出现以下错误:

---------------------------------------------------------------------------
TypeError                                 Traceback (most recent call last)
<ipython-input-3-79ea8cfc1391> in <module>()
----> 1 client = bigquery.Client.from_service_account_json('/Users/Chris/Desktop/Shippy-abc820f485e5.json')

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/gcloud-0.10.1-py2.7.egg/gcloud/client.pyc in from_service_account_json(cls, json_credentials_path, *args, **kwargs)
     57         if 'credentials' in kwargs:
     58             raise TypeError('credentials must not be in keyword arguments')
---> 59         credentials = get_for_service_account_json(json_credentials_path)
     60         kwargs['credentials'] = credentials
     61         return cls(*args, **kwargs)

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/gcloud-0.10.1-py2.7.egg/gcloud/credentials.pyc in get_for_service_account_json(json_credentials_path, scope)
    126     """
    127     return ServiceAccountCredentials.from_json_keyfile_name(
--> 128         json_credentials_path, scopes=scope)
    129 
    130 

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oauth2client-2.0.0.post1-py2.7.egg/oauth2client/service_account.pyc in from_json_keyfile_name(cls, filename, scopes)
    193         with open(filename, 'r') as file_obj:
    194             client_credentials = json.load(file_obj)
--> 195         return cls._from_parsed_json_keyfile(client_credentials, scopes)
    196 
    197     @classmethod

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oauth2client-2.0.0.post1-py2.7.egg/oauth2client/service_account.pyc in _from_parsed_json_keyfile(cls, keyfile_dict, scopes)
    169         credentials = cls(service_account_email, signer, scopes=scopes,
    170                           private_key_id=private_key_id,
--> 171                           client_id=client_id)
    172         credentials._private_key_pkcs8_pem = private_key_pkcs8_pem
    173         return credentials

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oauth2client-2.0.0.post1-py2.7.egg/oauth2client/service_account.pyc in __init__(self, service_account_email, signer, scopes, private_key_id, client_id, user_agent, **kwargs)
    106         self._service_account_email = service_account_email
    107         self._signer = signer
--> 108         self._scopes = util.scopes_to_string(scopes)
    109         self._private_key_id = private_key_id
    110         self.client_id = client_id

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oauth2client-2.0.0.post1-py2.7.egg/oauth2client/util.pyc in scopes_to_string(scopes)
    161         return scopes
    162     else:
--> 163         return ' '.join(scopes)
    164 
    165 

TypeError: 

我也尝试过下载p12文件

bigquery.Client.from_service_account_p12('chris@curalate.com”, '/用户/克里斯/桌面/ Shippy-e824e0396911.p12')

然后我收到以下错误:

---------------------------------------------------------------------------
TypeError                                 Traceback (most recent call last)
<ipython-input-9-e71586550945> in <module>()
----> 1 client = bigquery.Client.from_service_account_p12('chris@curalate.com','/Users/Chris/Desktop/Shippy-e824e0396911.p12')

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/gcloud-0.10.1-py2.7.egg/gcloud/client.pyc in from_service_account_p12(cls, client_email, private_key_path, *args, **kwargs)
     92             raise TypeError('credentials must not be in keyword arguments')
     93         credentials = get_for_service_account_p12(client_email,
---> 94                                                   private_key_path)
     95         kwargs['credentials'] = credentials
     96         return cls(*args, **kwargs)

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/gcloud-0.10.1-py2.7.egg/gcloud/credentials.pyc in get_for_service_account_p12(client_email, private_key_path, scope)
    157     """
    158     return ServiceAccountCredentials.from_p12_keyfile(
--> 159         client_email, private_key_path, scopes=scope)
    160 
    161 

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oauth2client-2.0.0.post1-py2.7.egg/oauth2client/service_account.pyc in from_p12_keyfile(cls, service_account_email, filename, private_key_password, scopes)
    276         return cls._from_p12_keyfile_contents(
    277             service_account_email, private_key_pkcs12,
--> 278             private_key_password=private_key_password, scopes=scopes)
    279 
    280     @classmethod

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oauth2client-2.0.0.post1-py2.7.egg/oauth2client/service_account.pyc in _from_p12_keyfile_contents(cls, service_account_email, private_key_pkcs12, private_key_password, scopes)
    245         signer = crypt.Signer.from_string(private_key_pkcs12,
    246                                           private_key_password)
--> 247         credentials = cls(service_account_email, signer, scopes=scopes)
    248         credentials._private_key_pkcs12 = private_key_pkcs12
    249         credentials._private_key_password = private_key_password

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oauth2client-2.0.0.post1-py2.7.egg/oauth2client/service_account.pyc in __init__(self, service_account_email, signer, scopes, private_key_id, client_id, user_agent, **kwargs)
    106         self._service_account_email = service_account_email
    107         self._signer = signer
--> 108         self._scopes = util.scopes_to_string(scopes)
    109         self._private_key_id = private_key_id
    110         self.client_id = client_id

/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oauth2client-2.0.0.post1-py2.7.egg/oauth2client/util.pyc in scopes_to_string(scopes)
    161         return scopes
    162     else:
--> 163         return ' '.join(scopes)
    164 
    165 

TypeError: 

1 个答案:

答案 0 :(得分:3)

来自https://googlecloudplatform.github.io/gcloud-python/latest/gcloud-api.html

  

json_credentials_path(string) - 私钥文件的路径(this   您在创建服务帐户时向您提供了文件。这个文件   必须包含带有私钥和其他凭据的JSON对象   信息(从Google API控制台下载)。

在您创建服务帐户时,应该已经下载了该文件。我们来看看服务帐户的创建。隐藏在存储文档中,我们发现了创建JSON凭证文件的一个很好的步骤。

来自https://cloud.google.com/storage/docs/authentication#generating-a-private-key

  

以JSON或PKCS12格式生成私钥:

     
      
  1. 在Google云端平台控制台中打开现有凭据列表。
  2.   
  3. 点击新凭据,然后选择服务帐户。
  4.   
  5. 在“创建服务帐户”窗口中,选择“密钥类型”,“JSON”或“P12”。
  6.   
  7. 点击“创建”。
  8.   
  9. 将显示一个新的公钥/私钥对窗口,并自动下载您选择的密钥类型的私钥。如果你   选择了一个P12键,私钥的密码(“notasecret”)是   显示。
  10.   
  11. 点击关闭。
  12.