GCP Firestore Python凭证

时间:2019-09-23 18:34:40

标签: python google-cloud-platform google-cloud-firestore service-accounts

我无法从Linux VM向GCP的Firestore发送数据。 我只是试图更新数据库中的项目。我遇到有关凭证的问题。根据我使用的方法,我会得到不同的错误,但是我相信它们均源于同一问题。

请注意,我有一个服务帐户,带有json凭证。我知道这些凭据仍然有效,因为我能够使用GCP的语音转文本功能。我得到的唯一奇怪的行为是访问Firestore时。

注意: 我从GCP控制台而不是Firebase控制台使用Firestore。我发现它们的使用方式(主要是安全性)略有不同。

如果我只是打开一个新终端并运行我的python脚本(我未对我的凭据文件设置任何引用)。数据已成功添加到数据库,但出现以下警告:

UserWarning: Your application has authenticated using end user credentials from Google Cloud 
SDK. We recommend that most server applications use service accounts instead. If your 
application continues to use end user credentials from Cloud SDK, you might receive a "quota 
exceeded" or "API not enabled" error. For more information about service accounts, see 
https://cloud.google.com/docs/authentication/

另一方面,如果我在运行相同的python脚本之前先运行export GOOGLE_APPLICATION_CREDENTIALS="folder/file.json"行。我会收到此错误:

Traceback (most recent call last):
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/grpc_helpers.py", line 57, in error_remapped_callable
    return callable_(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/grpc/_channel.py", line 565, in __call__
    return _end_unary_response_blocking(state, call, False, None)
  File "/home/vagrant/.local/lib/python3.6/site-packages/grpc/_channel.py", line 467, in _end_unary_response_blocking
    raise _Rendezvous(state, None, None, deadline)
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
    status = StatusCode.PERMISSION_DENIED
    details = "Missing or insufficient permissions."
    debug_error_string = "{"created":"@653.64","description":"Error received 
from peer ipv4:...:","file":"src/core/lib/surface
/call.cc","file_line":1052,"grpc_message":"Missing or insufficient 
permissions.","grpc_status":7}"
>

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "sendToDB.py", line 28, in <module>
    update_create_if_missing(args.uid, args.words)
  File "sendToDB.py", line 16, in update_create_if_missing
    item.update({'text': firestore.ArrayUnion([words])})
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/document.py", line 382, in update
    write_results = batch.commit()
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/batch.py", line 147, in commit
    metadata=self._client._rpc_metadata,
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/gapic/firestore_client.py", line 1042, in commit
    request, retry=retry, timeout=timeout, metadata=metadata
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/gapic_v1/method.py", line 143, in __call__
    return wrapped_func(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/retry.py", line 273, in retry_wrapped_func
    on_error=on_error,
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/retry.py", line 182, in retry_target
    return target()
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/timeout.py", line 214, in func_with_timeout
    return func(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/grpc_helpers.py", line 59, in error_remapped_callable
    six.raise_from(exceptions.from_grpc_error(exc), exc)
  File "<string>", line 3, in raise_from
google.api_core.exceptions.PermissionDenied: 403 Missing or insufficient permissions.

如果使用类似于此db = firestore.Client(project="myproj-99999",credentials="folder/file.json")的行直接在python文件中声明凭证文件,则会出现此错误:

Traceback (most recent call last):
  File "sendToDB.py", line 23, in <module>
    update_create_if_missing(args.uid, args.words)
  File "sendToDB.py", line 9, in update_create_if_missing
    db = firestore.Client(project="earningstotext-251320",credentials="keys/gcpcmdlineuser.json")
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/client.py", line 105, in __init__
    project=project, credentials=credentials, _http=None
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/client.py", line 227, in __init__
    Client.__init__(self, credentials=credentials, _http=_http)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/client.py", line 130, in __init__
    raise ValueError(_GOOGLE_AUTH_CREDENTIALS_HELP)
ValueError: This library only supports credentials from google-auth-library-python. 
See https://google-cloud-python.readthedocs.io/en/latest/core/auth.html 
for help on authentication with this library.

请注意,此处的readthedocs链接已损坏。

基本上,我只想能够使用python更新和从Firestore中读取内容,而不会出现任何错误或警告。 我也弄不明白为什么,它一次起作用(当我收到警告时)是当我没有设置任何种类的凭据时。

这与我的上一个here发现的问题类似。但是,我认为我的新信息值得一个单独的问题。

1 个答案:

答案 0 :(得分:2)

您需要将“ Cloud Datastore Owner”角色添加到您正在使用的服务帐户中。

  1. 转到console.cloud.google.com的IAM和admin> IAM部分
  2. 找到您正在使用的服务帐户,然后单击铅笔图标进行编辑。
  3. 点击添加其他角色,然后搜索数据存储所有者。

参考:https://cloud.google.com/firestore/docs/security/iam

相关问题
最新问题