我正在尝试创建一个基于NodeJS的云函数,该函数使用域范围的委托访问来使用API方法gmail.users.settings.delegates.list。
我正在寻找一种不使用服务帐户JSON密钥的解决方案,而是要使用默认凭据。
我使用此launch.json文件将本地env配置为模拟云函数env
{
"version": "0.2.0",
"configurations": [
{
"type": "node",
"request": "launch",
"name": "Launch usersOnBehalfCheck",
"skipFiles": [
"<node_internals>/**"
],
"env": {
"GCP_PROJECT":"projectId",
"GOOGLE_APPLICATION_CREDENTIALS": "pathToJsonFile.json"
},
"program": "${workspaceFolder}/index.js"
}
]
}
将GOOGLE_APPLICATION_CREDENTIALS env变量输出到GCF中似乎根本不存在该变量,但是我不知道如何更好地模拟GCF env
谈论auth对象时,我发现了两种方法:
const gmailDWDAuth = new GoogleAuth({ clientOptions: { subject: inputData.userPrimaryEmail }, scopes: ['https://www.googleapis.com/auth/gmail.settings.basic'] });
console.info({ gmailDWDAuth: gmailDWDAuth }, null, 2);
return gmail.users.settings.delegates.list({ userId: 'me', auth: gmailDWDAuth })
const gmailDWDAuth = await google.auth.getClient({ clientOptions: { subject: inputData.userPrimaryEmail }, scopes: ['https://www.googleapis.com/auth/gmail.settings.basic'] });
console.info({ gmailDWDAuth: gmailDWDAuth }, null, 2);
return gmail.users.settings.delegates.list({ userId: 'me', auth: gmailDWDAuth })
inputData.userPrimaryEmail在与服务帐户相同的组织中包含有效的GSuite帐户。
当我将GCF发布到GCP中时,这两种方法在本地都可以正常工作,但是由于Bad Request错误而停止工作。
有人可以帮忙吗?
几个小时后,我发现this post在谈论它
我按照他的指示修改了代码
const DWDAuth = await google.auth.getClient({ scopes: ['https://www.googleapis.com/auth/gmail.settings.basic'] });
DWDAuth.subject = inputData.userPrimaryEmail;
console.info(util.inspect({ DWDAuth: DWDAuth }));
return gmail.users.settings.delegates.list({ userId: inputData.userPrimaryEmail, auth: DWDAuth })
const DWDAuth = new GoogleAuth({ scopes: ['https://www.googleapis.com/auth/gmail.settings.basic'] });
const DWDAuthClient = await DWDAuth.getClient();
DWDAuthClient.subject = inputData.userPrimaryEmail;
console.info(util.inspect({ DWDAuthClient: DWDAuthClient }));
return gmail.users.settings.delegates.list({ userId: inputData.userPrimaryEmail, auth: DWDAuthClient })
和以前一样,所有这些在本地都可以正常工作,但我对GCF的要求不高