使用Appengine Flex服务帐户访问Drive文件夹的权限不足

时间:2016-05-10 16:27:53

标签: google-app-engine google-drive-api google-cloud-platform google-managed-vm

我编写了一个使用所有客户端/ sdks的应用程序正式记录。

credentials = GoogleCredentials \
    .get_application_default() \
    .create_scoped('https://www.googleapis.com/auth/drive')
drive = discovery.build(
    'drive',
    'v3',
    http=self.credentials.authorize(Http())
)
drive.files() \
    .get(fileId=file_id) \
    .execute()

通过面板生成的服务帐户在本地运行完美,但在部署应用程序时,AppEngine灵活环境中的服务帐户会出现问题。

17:15:04.000 /env/lib/python3.4/site-packages/oauth2client/contrib/gce.py:99: UserWarning: You have requested explicit scopes to be used with a GCE service account. 17:15:04.000 Using this argument will have no effect on the actual scopes for tokens 17:15:04.000 requested. These scopes are set at VM instance creation time and 17:15:04.000 can't be overridden in the request. 17:15:04.000 17:15:04.000 warnings.warn(_SCOPES_WARNING) 17:15:04.000 INFO:googleapiclient.discovery:URL being requested: GET https://www.googleapis.com/discovery/v1/apis/drive/v3/rest 17:15:04.000 INFO:oauth2client.client:Attempting refresh to obtain initial access_token 17:15:04.000 INFO:googleapiclient.discovery:URL being requested: GET https://www.googleapis.com/drive/v3/files/0B0Kn....M1pBNFE?alt=json 17:15:04.000 ERROR:root:Failed to retrieve file 0B0K....M1pBNFE. Is it shared with me? project-id@appspot.gserviceaccount.com 17:15:04.000 Traceback (most recent call last): 17:15:04.000 File "/home/vmagent/app/script.py", line 45, in get 17:15:04.000 .execute() 17:15:04.000 File "/env/lib/python3.4/site-packages/oauth2client/util.py", line 135, in positional_wrapper 17:15:04.000 return wrapped(*args, **kwargs) 17:15:04.000 File "/env/lib/python3.4/site-packages/googleapiclient/http.py", line 760, in execute 17:15:04.000 raise HttpError(resp, content, uri=self.uri) 17:15:04.000 googleapiclient.errors.HttpError: <HttpError 403 when requesting https://www.googleapis.com/drive/v3/files/0B0Kn....M1pBNFE?alt=json returned "Insufficient Permission">

我已经检查了权限,但它们都已设置完毕。问题可能是由于“使用此参数将无效...”消息,在尝试创建范围凭据时出现。

1 个答案:

答案 0 :(得分:1)

正如您在之前的评论中提到的那样,这是一个known issue。如araf...@google.com所述,灵活环境中的App Engine实例似乎将uderlying GCE VM的凭据视为应用程序默认凭据。

  

在此期间,根据Using OAuth 2.0 for Server to Server Applications,您可以使用手动创建的服务帐户导出为存储在应用中的JSON密钥。

对于受此问题影响或解决方法无效的任何人,请在said issue上发布任何相关信息。

相关问题
最新问题