我正在开发一个小项目,并且我对使用Google云端硬盘易于使用感兴趣。该程序的主要前提是在激活lambda函数时在google工作表中插入一个新行。我更喜欢将Node.js用于此项目,但我对Java或Python开放。
从tutorial网站上可以很容易地看到这一切是如何运作的。你提出了一个请求,你有OAuth,然后程序就像它告诉你的那样。但是,我正在寻找一种让我的AWS lambda函数与我的google驱动器中的文件夹对话并随意更新工作表的方法。
教程中的代码如下:
var fs = require('fs');
var readline = require('readline');
var google = require('googleapis');
var googleAuth = require('google-auth-library');
// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/drive-nodejs-quickstart.json
var SCOPES = ['https://www.googleapis.com/auth/drive.metadata.readonly'];
var TOKEN_DIR = (process.env.HOME || process.env.HOMEPATH ||
process.env.USERPROFILE) + '/.credentials/';
var TOKEN_PATH = TOKEN_DIR + 'drive-nodejs-quickstart.json';
// Load client secrets from a local file.
fs.readFile('client_secret.json', function processClientSecrets(err, content) {
if (err) {
console.log('Error loading client secret file: ' + err);
return;
}
// Authorize a client with the loaded credentials, then call the
// Drive API.
authorize(JSON.parse(content), listFiles);
});
/**
* Create an OAuth2 client with the given credentials, and then execute the
* given callback function.
*
* @param {Object} credentials The authorization client credentials.
* @param {function} callback The callback to call with the authorized client.
*/
function authorize(credentials, callback) {
var clientSecret = credentials.installed.client_secret;
var clientId = credentials.installed.client_id;
var redirectUrl = credentials.installed.redirect_uris[0];
var auth = new googleAuth();
var oauth2Client = new auth.OAuth2(clientId, clientSecret, redirectUrl);
// Check if we have previously stored a token.
fs.readFile(TOKEN_PATH, function(err, token) {
if (err) {
getNewToken(oauth2Client, callback);
} else {
oauth2Client.credentials = JSON.parse(token);
callback(oauth2Client);
}
});
}
/**
* Get and store new token after prompting for user authorization, and then
* execute the given callback with the authorized OAuth2 client.
*
* @param {google.auth.OAuth2} oauth2Client The OAuth2 client to get token for.
* @param {getEventsCallback} callback The callback to call with the authorized
* client.
*/
function getNewToken(oauth2Client, callback) {
var authUrl = oauth2Client.generateAuthUrl({
access_type: 'offline',
scope: SCOPES
});
console.log('Authorize this app by visiting this url: ', authUrl);
var rl = readline.createInterface({
input: process.stdin,
output: process.stdout
});
rl.question('Enter the code from that page here: ', function(code) {
rl.close();
oauth2Client.getToken(code, function(err, token) {
if (err) {
console.log('Error while trying to retrieve access token', err);
return;
}
oauth2Client.credentials = token;
storeToken(token);
callback(oauth2Client);
});
});
}
/**
* Store token to disk be used in later program executions.
*
* @param {Object} token The token to store to disk.
*/
function storeToken(token) {
try {
fs.mkdirSync(TOKEN_DIR);
} catch (err) {
if (err.code != 'EEXIST') {
throw err;
}
}
fs.writeFile(TOKEN_PATH, JSON.stringify(token));
console.log('Token stored to ' + TOKEN_PATH);
}
/**
* Lists the names and IDs of up to 10 files.
*
* @param {google.auth.OAuth2} auth An authorized OAuth2 client.
*/
function listFiles(auth) {
var service = google.drive('v3');
service.files.list({
auth: auth,
pageSize: 10,
fields: "nextPageToken, files(id, name)"
}, function(err, response) {
if (err) {
console.log('The API returned an error: ' + err);
return;
}
var files = response.files;
if (files.length == 0) {
console.log('No files found.');
} else {
console.log('Files:');
for (var i = 0; i < files.length; i++) {
var file = files[i];
console.log('%s (%s)', file.name, file.id);
}
}
});
}
必须有一些方法可以让lambda函数特殊,授权,访问我的google驱动器文件夹,而无需选择OAuth选项(一个gmail帐户而不是另一个)。
此外,在开发者控制台中,可以选择将标题为授权JavaScript来源的网址列入白名单。有没有人知道从AWS Lambda发出标注时使用的URL?
答案 0 :(得分:1)
既然你对Python开放,可以使用如下代码:
#!/usr/bin/env python
# required layer: pip3 install --upgrade -t ./python google_auth_oauthlib google-api-python-client && zip -r9 layer.zip ./python
import sys
sys.path.append('python')
sys.path.append('../python')
import os
import gspread # API to handle communication with google spreadsheets
import json
from oauth2client.service_account import ServiceAccountCredentials # to authenticate
from datetime import date # to give the desired date format
import logging
# Below for
import boto3
import base64
from botocore.exceptions import ClientError
def get_json_credentials_from_aws_secret_manager():
secret_name = os.environ['SECRET_NAME']
region_name = os.environ['REGION_NAME']
# Create a Secrets Manager client
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
except ClientError as e:
if e.response['Error']['Code'] == 'DecryptionFailureException':
# Secrets Manager can't decrypt the protected secret text using the provided KMS key.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InternalServiceErrorException':
# An error occurred on the server side.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InvalidParameterException':
# You provided an invalid value for a parameter.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'InvalidRequestException':
# You provided a parameter value that is not valid for the current state of the resource.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response['Error']['Code'] == 'ResourceNotFoundException':
# We can't find the resource that you asked for.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
else:
# Decrypts secret using the associated KMS CMK.
# Depending on whether the secret is a string or binary, one of these fields will be populated.
if 'SecretString' in get_secret_value_response:
secret = get_secret_value_response['SecretString']
return secret
else:
decoded_binary_secret = base64.b64decode(get_secret_value_response['SecretBinary'])
return (decoded_binary_secret)
return {}
# utility function for one line code
def http_response(STATUS_CODE, DATA):
return {
'statusCode': STATUS_CODE,
'body': DATA
}
def append_users_count(sheet, users_nb=42):
current_day = date.today().strftime('%Y-%m-%d')
values = [current_day, users_nb]
sheet.append_row(values, value_input_option='USER_ENTERED')
return "Sucessfully Added Users' Count"
def display_spreadsheet(sheet):
list_of_hashes = sheet.get_all_records()
print(list_of_hashes)
def lambda_handler(context, event):
JSON_CREDENTIALS = json.loads(get_json_credentials_from_aws_secret_manager())
SCOPES = ["https://spreadsheets.google.com/feeds", 'https://www.googleapis.com/auth/spreadsheets',
"https://www.googleapis.com/auth/drive.file", "https://www.googleapis.com/auth/drive"]
try:
credentials = ServiceAccountCredentials.from_json_keyfile_dict(JSON_CREDENTIALS, SCOPES)
client = gspread.authorize(credentials)
sheet = client.open(os.environ['SPREADSHEET_NAME']).sheet1
append_users_count(sheet)
except Exception as ex:
error_msg = f'Could not succeed to update the google spreadsheet: {ex}'
logging.error(error_msg)
return http_response(e.Code, json.dumps(error_msg))
success_msg = f"Sucessfully added count of users to google spreadsheet at url {os.environ['SPREADSHEET_URL']}"
logging.info(success_msg)
return http_response(200, json.dumps(success_msg))
答案 1 :(得分:0)
您需要一个内部运行Google凭据的代理服务。这样您就不需要要求用户进行身份验证。代理服务已具有要访问的凭据。以下是我用于代理与Google API连接的服务。