我正在尝试进行身份验证,但是python3中的请求库不允许我获取令牌。使用以下代码示例:https://cloud.google.com/run/docs/authenticating/service-to-service#python
# Requests is already installed, no need to add it to requirements.txt
import requests
receiving_service_url = "https://myproject....run.app"
# Set up metadata server request
# See https://cloud.google.com/compute/docs/instances/verifying-instance-identity#request_signature
metadata_server_token_url = 'http://metadata/computeMetadata/v1/instance/service-accounts/default/identity?audience='
token_request_url = metadata_server_token_url + receiving_service_url
token_request_headers = {'Metadata-Flavor': 'Google'}
# Fetch the token
### CRASHES HERE ###
token_response = requests.get(token_request_url, headers=token_request_headers) ###
### CRASHES HERE ###
jwt = token_response.content.decode("utf-8")
# Provide the token in the request to the receiving service
receiving_service_headers = {'Authorization': f'bearer {jwt}'}
service_response = requests.get(receiving_service_url, headers=receiving_service_headers)
print(service_response.content)
如果我使用iPython在gcp的控制台内运行相同的代码,则可以获取令牌。而且我可以在本地计算机上通过CURL使用它。
错误:
token_response = requests.get(token_request_url, headers=token_request_headers)
File "/Users/tim/anaconda3/envs/sklearn/lib/python3.8/site-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/Users/tim/anaconda3/envs/sklearn/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/Users/tim/anaconda3/envs/sklearn/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/Users/tim/anaconda3/envs/sklearn/lib/python3.8/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/Users/tim/anaconda3/envs/sklearn/lib/python3.8/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='metadata', port=80): Max retries exceeded with url: /computeMetadata/v1/instance/service-accounts/default/identity?audience=https://myproject....run.app (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f87f0573370>: Failed to establish a new connection: [Errno 8] nodename nor servname provided, or not known'))
INFO:werkzeug:127.0.0.1 - - [08/Oct/2020 23:54:14] "GET / HTTP/1.1" 200 -
为什么在本地计算机上运行此连接时无法建立连接?
答案 0 :(得分:1)
如果您的代码基于元数据服务器,则它将仅在Google Cloud上有效。昨天我回答了this question,我认为,您可以从中得到启发。
您可以使用IAM rest API来生成IDToken,而不是使用元数据服务器。这样,它就可以在本地和云中工作。
代码要长一点,而且我不知道IAM API是否像元数据服务器一样高效。
如果您需要详细信息和解释,请随时发表评论!