将服务账号密钥文件传递给Go BigQuery客户端。

huangapple go评论77阅读模式
英文:

Pass service account keyfile to go bigquery client

问题

我正在尝试使用服务账号与Go BigQuery客户端。由于某种原因,在创建客户端时,没有关于如何传递服务文件的Go示例。我在这里看到了https://cloud.google.com/docs/authentication/production,但这种模式与任何已显示的内容不符。在https://godoc.org/cloud.google.com/go/bigquery中也没有显示。

我有以下代码:

//bigquery_caller.go
package main

import "C"
import "fmt"
import "cloud.google.com/go/bigquery"
import "golang.org/x/net/context"


func main() {
    ctx := context.Background()
    client, err := bigquery.NewClient(ctx, "project-name")
    if err != nil {
        fmt.Println("Had an error")
    }

    q := client.Query(`
        select * from mytables
    `)

    it, err := q.Read(ctx)

    fmt.Println(it)
    fmt.Println(err)
}

代码可以运行,但我得到了以下错误:

googleapi: Error 403: Access Denied: Project project-name:

我该如何将服务密钥文件传递给Go客户端?

英文:

I am trying to use service account with go bigquery client. For some reason, there's no Go example of how to pass a service file in when you make a client. I see here https://cloud.google.com/docs/authentication/production but this pattern doesn't follow anything shown. It also isn't shown at https://godoc.org/cloud.google.com/go/bigquery

I have

//bigquery_caller.go
package main

import "C"
import "fmt"
import "cloud.google.com/go/bigquery"
import "golang.org/x/net/context"


func main() {
    ctx := context.Background()
    client, err := bigquery.NewClient(ctx, "project-name")
    if err != nil {
        fmt.Println("Had an error")
    }

    q := client.Query(`
        select * from mytables
    `)

    it, err := q.Read(ctx)

    fmt.Println(it)
    fmt.Println(err)
}

The code works, I get

googleapi: Error 403: Access Denied: Project project-name:

How can I pass a service key file in to go client?

答案1

得分: 1

你需要在你的项目中创建一个服务账号,并提供一个新的JSON私钥。

然后确保GOOGLE_APPLICATION_CREDENTIALS环境变量设置为该文件的完整路径。例如,在Linux上:

GOOGLE_APPLICATION_CREDENTIALS=/home/user/Downloads/key.json go run main.go

另外,最佳实践是确保保护对该私钥文件的访问,并确保服务账号具有执行其角色所需的最低权限。

英文:

You need to create a service account in your project and furnish a new JSON private key.

Then ensure that the GOOGLE_APPLICATION_CREDENTIALS environmental variable is set to the full path of this file. For example, on Linux:

GOOGLE_APPLICATION_CREDENTIALS=/home/user/Downloads/key.json go run main.go

As an aside, it is best practice to make sure you protect access to this private key file and ensure the service account has the minimum privileges required to perform its role.

huangapple
  • 本文由 发表于 2017年7月24日 22:13:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/45282854.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定