英文:
Permission denied accessing Bigquery with Go from GAE using the API key
问题
我正在尝试通过我在Google App Engine上开发的应用程序访问存储在Bigquery中的数据。然而,每次我发出请求时,我都收到“权限被拒绝”的错误。
我已将该应用程序添加为项目的API团队的成员(我添加了地址
以下是我如何将API密钥附加到每个查询的代码:
transport := KeyedTransport{Key: <api key>, Transport: http.DefaultTransport}
client := &http.Client{Transport: transport}
err := errors.New("reached")
b, err := bigquery.New(client)
...
query := &bigquery.QueryRequest{
DefaultDataset: <之前定义的数据集>
Query: <查询,通过唯一ID在单个表中查找单个结果>,
Kind: "json",
MaxResults: 1,
...
b.Jobs.Query(ProjectID, query).Do()
以下是为KeyedTransport定义的内容
func (t KeyedTransport) RoundTrip(req *http.Request) (*http.Response, error){
u := *req.URL
args := u.Query()
args.Set("key", t.Key)
u.RawQuery = args.Encode()
r, err := http.NewRequest(req.Method, u.String(), newBody)
resp, err := t.Transport.RoundTrip(r)
if err != nil{
return nil, errors.New("error: "+err.Error())
}
return nil, errors.New("resp: "+toJson(resp))
}
我还确保API密钥与在Google API控制台中生成的密钥匹配。它由团队的另一成员生成,并标记为“用于浏览器应用程序的密钥(带有引用者)”,如果有帮助的话。
鉴于这给我带来了很多麻烦,我想转向Oauth2,因为对于Go来说,文档似乎更好。但是,我正在考虑与一些不希望要求用户拥有Google登录的组织合作。
英文:
I am trying to access data stored in Bigquery through an app I am developing on Google App Engine. However each time I make a request I receive the error "permission denied".
I have added the application as a member of the API team for the project (I added the address <app id>@appspot.gserviceaccount.com) and I am accessing bigquery through the package code.google.com/p/google-api-go-client/bigquery/v2
The following code is how I append the API key to each query:
transport := KeyedTransport{Key: <api key>, Transport: http.DefaultTransport}
client := &http.Client{Transport: transport}
err := errors.New("reached")
b, err := bigquery.New(client)
...
query := &bigquery.QueryRequest{
DefaultDataset: <perviously defined daset>
Query: <query that looks in a single table for a single result by a unique id>,
Kind: "json",
MaxResults: 1,
...
b.Jobs.Query(ProjectID, query).Do()
and the following is defined for KeyedTransport
func (t KeyedTransport) RoundTrip(req *http.Request) (*http.Response, error){
u := *req.URL
args := u.Query()
args.Set("key", t.Key)
u.RawQuery = args.Encode()
r, err := http.NewRequest(req.Method, u.String(), newBody)
resp, err := t.Transport.RoundTrip(r)
if err != nil{
return nil, errors.New("error: "+err.Error())
}
return nil, errors.New("resp: "+toJson(resp))
}
I have also ensured that the API key matches the one generated in Google API console. It was generated by another member of the team and is labeled as "Key for browser apps (with referers)" if that helps.
Seeing as this is giving me so much trouble, I would make the move to Oauth2 since that seems to be much better documented for Go, but I am looking at working with some organizations that will not want to require users to have a Google login.
答案1
得分: 0
我不是Go专家,但看起来您还需要通过使用服务帐号的OAuth 2.0流程来授权您的应用程序访问BigQuery API。App Engine的Python和Java运行时支持使用"App Engine服务帐号",可以使用AppAssertionCredentials类。
但是,也可以通过使用通过Google开发者控制台生成的JWT文件来启用服务器对服务器的授权。
也许可以使用能够处理JWT文件的go-lang库(例如这个)通过GAE Go运行时授权访问BigQuery。
英文:
I am not a Go expert, but it looks like you will also need to authorize your application to have access to the BigQuery API via an OAuth 2.0 flow that uses service accounts. The Python and Java runtimes for App Engine support "App Engine Service Accounts" using the AppAssertionCredentials class.
However, it is also possible to enable server-to-server using JWT files generated through the Google developer console.
It may be possible to authorize access to BigQuery from the GAE Go runtime using server to server OAuth via a go-lang library that can handle JWT files (like this, perhaps).
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论