获取服务帐户凭据(BigQuery)。

huangapple go评论66阅读模式
英文:

how to get services account credentials(bigquery)

问题

问题:当从拥有者帐户(USER A)创建具有特定角色(即bigquery用户和bigquery数据查看器)的新用户(称为USER B)时,我无法获取服务帐户凭据(来自USER B),以便在Python中使用这些凭据来访问项目。这个用户不应该具有管理员/编辑角色。

尝试赋予bigquery用户权限,但无法获取凭据。是否需要授予其他角色?

英文:

**Problem: ** When a new user(say USER B) is created with certain roles(i.e bigquery user and bigquery data viewer) from owner account(SAY USER A) I`m not able to get the service account credentials(from USER B) in order to use that credentials to access the projects from python.
This user should not have admin/editor role.

Tried giving bigquery user wasnt able to get the credentials. Is there any other roles need to be given.

答案1

得分: 1

为使用BigQuery API,您首先需要进行身份验证以验证您的客户端身份。您可以使用服务帐户进行身份验证。有两种身份验证方式:

1: 使用应用程序默认凭据进行身份验证

应用程序默认凭据允许您的应用程序使用服务帐户凭据访问BigQuery资源,就像它有自己的身份一样。

2: 使用服务帐户密钥文件进行身份验证

手动创建和获取服务帐户凭据以在应用程序部署在本地或其他公共云上时使用BigQuery。您可以设置环境变量以使用应用程序默认凭据加载凭据,或者您可以在应用程序代码中手动指定加载凭据的路径。

您可以参考下面的示例代码,其中我使用了服务帐户密钥文件进行身份验证。

from google.cloud import bigquery
import os

os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = '/home/demo.json'
def query_stackoverflow():
   client = bigquery.Client()
   query_job = client.query(
       """
       SELECT
         *
       FROM `bigquery-public-data.census_utility.fips_codes_all`

       LIMIT 10
       """
   )

   results = query_job.result()  # 等待作业完成。

   for row in results:
       print("{} : {} :{}".format(row.summary_level, row.summary_level_name, row.county_fips_code))

query_stackoverflow()

我使用具有BigQuery Job User角色的服务帐户运行上面的代码。有关适当的角色和权限的更多信息,您可以参考此链接

英文:

To use the BigQuery API, you must first authenticate to verify your client's identity.You can use a service account for authentication.There are two ways to authenticate:

1: Authenticating with Application Default Credentials.

Application Default Credentials let your application use service account credentials to access BigQuery resources as its own identity.

2: Authenticating with a service account key file.

Manually create and obtain service account credentials to use BigQuery when an application is deployed on premises or to other public clouds. You can set the environment variable to load the credentials using Application Default Credentials, or you can specify the path to load the credentials manually in your application code.

You can refer to the below sample code where I have authenticated with a service account key file.

from google.cloud import bigquery
import os

os.environ['GOOGLE_APPLICATION_CREDENTIALS']='/home/demo.json'
def query_stackoverflow():
   client = bigquery.Client()
   query_job = client.query(
       """
       SELECT
         *
       FROM `bigquery-public-data.census_utility.fips_codes_all`


       LIMIT 10"""
   )


   results = query_job.result()  # Waits for job to complete.


   for row in results:
           print("{} : {} :{}".format(row.summary_level, row.summary_level_name,row.county_fips_code))


query_stackoverflow()       

I run the above code with the service account that has the BigQuery Job User role.For more information on appropriate roles and permissions, you can follow this link.

huangapple
  • 本文由 发表于 2023年3月8日 19:23:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/75672380.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定