Getting `Request had invalid authentication credentials` when using service account json key file in Go app

huangapple go评论99阅读模式
英文:

Getting `Request had invalid authentication credentials` when using service account json key file in Go app

问题

我正在开发一个在GCP项目上使用Google Cloud日志服务的Go应用程序。但是在运行应用程序时遇到了问题,它说我使用的服务帐号JSON密钥的身份验证凭据无效。

这是出现错误的代码片段:

c, cErr := Load(".env")
if cErr != nil {
    log.Fatalf("could not load config: %s", cErr)
    return
}

// 初始化写入stdout的日志记录器
ctx := context.Background()
opt := option.WithCredentialsFile(c.GoogleApplicationCredentials)
loggerClient, clientErr := logging.NewClient(ctx, "poc-projects-01", opt)
if clientErr != nil {
    log.Fatal(clientErr)
}

这是Load()函数的定义:

func Load(file string) (*Config, error) {
    viper.SetConfigFile(file)
    viper.AddConfigPath(".")
    viper.AutomaticEnv()
    if err := viper.ReadInConfig(); err != nil {
        return nil, err
    }
    
    c := &Config{
        GoogleApplicationCredentials: viper.GetString("GOOGLE_APPLICATION_CREDENTIALS"),
    }

    return c, nil
}

我有一个名为.env的文件,内容如下:
GOOGLE_APPLICATION_CREDENTIALS=json/path-to-json.json

我不知道为什么它会说令牌已过期,尽管这是我在GCP和本地机器上唯一的服务帐号JSON密钥。

英文:

I'm developing a Go app on a GCP project and I'm using google cloud logging service. I'm having problems in running the app since it's saying that I have invalid authentication credentials when I'm using a service account json key.

Here's the code snippet having the error:

c, cErr := Load(".env")
	if cErr != nil {
		log.Fatalf("could not load config: %s", cErr)
		return
	}

	// initializes logger which writes to stdout
	ctx := context.Background()
	opt := option.WithCredentialsFile(c.GoogleApplicationCredentials);
	loggerClient, clientErr := logging.NewClient(ctx, "poc-projects-01", opt)
	if clientErr != nil {
		log.Fatal(clientErr)
	}

And here's the definition of the Load() function:

func Load(file string) (*Config, error) {
	viper.SetConfigFile(file)
	viper.AddConfigPath(".")
	viper.AutomaticEnv()
	if err := viper.ReadInConfig(); err != nil {
		return nil, err
	}
	
	c := &Config{
		GoogleApplicationCredentials: viper.GetString("GOOGLE_APPLICATION_CREDENTIALS"),
	}

	return c, nil
}

I have a .env file with the following content:
GOOGLE_APPLICATION_CREDENTIALS=json/path-to-json.json

I don't know why it's saying token expired even though this is the only service account json key I have on GCP, and on my local machine.

答案1

得分: 2

你好!以下是翻译好的内容:

请运行 gcloud auth application-default login 命令,并确保将其设置为正确的项目。

检查 GOOGLE_APPLICATION_CREDENTIALS 是否设置了有效的 JSON 密钥,并且环境变量是否正确设置。运行以下命令进行检查:

echo $GOOGLE_APPLICATION_CREDENTIALS

如果该命令没有返回正确的 JSON 密钥路径,你可以使用以下命令设置环境变量:

export GOOGLE_APPLICATION_CREDENTIALS=/path/to/json/key.json

一旦确认 JSON 密钥有效且环境变量设置正确,你应该能够运行你的应用程序。或者,你可以尝试删除 .env 文件,然后使用 服务帐号 JSON 密钥 重新创建它,这将重新生成令牌并使其有效。

附上故障排除的 文档 供参考。

英文:

Can you run gcloud auth application-default login and make sure you have that set to the right project.

Check whether GOOGLEAPPLICATIONSCREDENTALS is set with valid JSON key and the environment variable are correctly set, for checking run the below command

echo $GOOGLE_APPLICATION_CREDENTIALS

If the command does not return the correct path to the JSON key, you can set the environment variable with this command:

export GOOGLE_APPLICATION_CREDENTIALS=/path/to/json/key.json

Once you have verified that the JSON key is valid and the environment variable is correctly set, you should be able to run your application.Alternatively, you can try to delete the .env file and then recreate it with the service account json key, which should re-generate the token and make it valid.

Attaching troubleshooting documentation for reference.

huangapple
  • 本文由 发表于 2023年2月9日 15:57:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/75395681.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定