2

我正在尝试通过 API 获取 gsuite 警报。我根据他们的文档创建了一个服务帐户,并将该服务帐户分配给我的谷歌云功能。

我不想使用环境变量或与源代码一起上传凭据,但我想利用函数使用的默认服务帐户。

from googleapiclient.discovery import build

def get_credentials():

    # if one knows credentials file location(when one uploads the json credentials file or specify them in environment variable) one can easily get the credentials by specify the path.
    # In case of google cloud functions atleast I couldn't find it the path as the GOOGLE_APPLICATION_CREDENTIALS is empty in python runtime

    # the below code work find if one uncomments the below line
    #credentials = ServiceAccountCredentials.from_json_keyfile_name(key_file_location)

    credentials = < how to get default credentials object for default service account?>

    delegated_credentials = credentials.create_delegated('admin@alertcenter1.bigr.name').create_scoped(SCOPES)
    return delegated_credentials

def get_alerts(api_name, api_version, key_file_location=None):

    delegated_credentials = get_credentials()
    alertcli = build(api_name, api_version, credentials=delegated_credentials)
    resp = alertcli.alerts().list(pageToken=None).execute()
    print(resp)


有什么方法可以创建默认凭据对象。我尝试使用 from google.auth import credentials 但这不包含 create_delegated 函数,我也尝试过 ServiceAccountCredentials() 但这需要签名者。

4

2 回答 2

1

您可以使用该google.auth.default函数获取默认凭证并使用它们来创建一个 IAM 签名者,该签名者可用于创建新的服务帐户凭证,其委托电子邮件地址为subject. 对于类似的问题,我有更详细的答案。

还有 Google Cloud Platform Github 存储库,其中包含有关此方法的一些文档。

于 2019-07-18T11:42:29.887 回答
1

下面是一个将 Gmail API 与委派凭据一起使用的示例。服务帐户凭据需要启用“启用 G Suite 域范围委派”。

from google.oauth2 import service_account
from googleapiclient.discovery import build

credentials = service_account.Credentials.from_service_account_file(
                        credentials_file,
                        scopes=['https://www.googleapis.com/auth/gmail.send'])

impersonate = 'username@example.com'

credentials = credentials.with_subject(impersonate)

service = build('gmail', 'v1', credentials=credentials)
于 2019-03-26T22:54:46.420 回答