使用API密钥从GAE使用Go访问BigQuery时出现权限被拒绝的问题。

huangapple go评论94阅读模式
英文:

Permission denied accessing Bigquery with Go from GAE using the API key

问题

我正在尝试通过我在Google App Engine上开发的应用程序访问存储在Bigquery中的数据。然而,每次我发出请求时,我都收到“权限被拒绝”的错误。

我已将该应用程序添加为项目的API团队的成员(我添加了地址@appspot.gserviceaccount.com),并且我通过code.google.com/p/google-api-go-client/bigquery/v2包访问bigquery。

以下是我如何将API密钥附加到每个查询的代码:

transport := KeyedTransport{Key: <api key>, Transport: http.DefaultTransport}
client := &http.Client{Transport: transport}
err := errors.New("reached")
b, err := bigquery.New(client)

...
query := &bigquery.QueryRequest{
            DefaultDataset: <之前定义的数据集>
            Query: <查询,通过唯一ID在单个表中查找单个结果>,
            Kind: "json",
            MaxResults: 1,


...

b.Jobs.Query(ProjectID, query).Do()

以下是为KeyedTransport定义的内容

func (t KeyedTransport)  RoundTrip(req *http.Request) (*http.Response, error){
        u := *req.URL
        args := u.Query()
        args.Set("key", t.Key)
        u.RawQuery = args.Encode()

        r, err := http.NewRequest(req.Method, u.String(), newBody)

        resp, err := t.Transport.RoundTrip(r)
        if err != nil{
                return nil, errors.New("error: "+err.Error())
        }
        return nil, errors.New("resp: "+toJson(resp))
        
}

我还确保API密钥与在Google API控制台中生成的密钥匹配。它由团队的另一成员生成,并标记为“用于浏览器应用程序的密钥(带有引用者)”,如果有帮助的话。

鉴于这给我带来了很多麻烦,我想转向Oauth2,因为对于Go来说,文档似乎更好。但是,我正在考虑与一些不希望要求用户拥有Google登录的组织合作。

英文:

I am trying to access data stored in Bigquery through an app I am developing on Google App Engine. However each time I make a request I receive the error "permission denied".

I have added the application as a member of the API team for the project (I added the address <app id>@appspot.gserviceaccount.com) and I am accessing bigquery through the package code.google.com/p/google-api-go-client/bigquery/v2

The following code is how I append the API key to each query:

transport := KeyedTransport{Key: &lt;api key&gt;, Transport: http.DefaultTransport}
client := &amp;http.Client{Transport: transport}
err := errors.New(&quot;reached&quot;)
b, err := bigquery.New(client)

...
query := &amp;bigquery.QueryRequest{
            DefaultDataset: &lt;perviously defined daset&gt; 
            Query: &lt;query that looks in a single table for a single result by a unique id&gt;,
            Kind: &quot;json&quot;,
            MaxResults: 1,


...

b.Jobs.Query(ProjectID, query).Do()

and the following is defined for KeyedTransport

func (t KeyedTransport)  RoundTrip(req *http.Request) (*http.Response, error){
        u := *req.URL
        args := u.Query()
        args.Set(&quot;key&quot;, t.Key)
        u.RawQuery = args.Encode()

        r, err := http.NewRequest(req.Method, u.String(), newBody)

        resp, err := t.Transport.RoundTrip(r)
        if err != nil{
                return nil, errors.New(&quot;error: &quot;+err.Error())
        }
        return nil, errors.New(&quot;resp: &quot;+toJson(resp))
        
}

I have also ensured that the API key matches the one generated in Google API console. It was generated by another member of the team and is labeled as "Key for browser apps (with referers)" if that helps.

Seeing as this is giving me so much trouble, I would make the move to Oauth2 since that seems to be much better documented for Go, but I am looking at working with some organizations that will not want to require users to have a Google login.

答案1

得分: 0

我不是Go专家,但看起来您还需要通过使用服务帐号的OAuth 2.0流程来授权您的应用程序访问BigQuery API。App Engine的Python和Java运行时支持使用"App Engine服务帐号",可以使用AppAssertionCredentials类。

但是,也可以通过使用通过Google开发者控制台生成的JWT文件来启用服务器对服务器的授权。

也许可以使用能够处理JWT文件的go-lang库(例如这个)通过GAE Go运行时授权访问BigQuery。

英文:

I am not a Go expert, but it looks like you will also need to authorize your application to have access to the BigQuery API via an OAuth 2.0 flow that uses service accounts. The Python and Java runtimes for App Engine support "App Engine Service Accounts" using the AppAssertionCredentials class.

However, it is also possible to enable server-to-server using JWT files generated through the Google developer console.

It may be possible to authorize access to BigQuery from the GAE Go runtime using server to server OAuth via a go-lang library that can handle JWT files (like this, perhaps).

huangapple
  • 本文由 发表于 2012年7月22日 00:38:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/11593989.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定