0

我正在使用工作流程开发 ELT。到目前为止非常好。但是,我的一张表是基于 Google 工作表的,并且该工作失败了"Access Denied: BigQuery BigQuery: Permission denied while getting Drive credentials."

我知道我需要将https://www.googleapis.com/auth/drive范围添加到请求中,并且工作流使用的服务帐户需要访问工作表。访问是正确的,如果我使用 curl 进行经过身份验证的插入,它工作正常。

我的逻辑是我应该添加驱动范围。但是我不知道在哪里/如何添加它。我错过了什么吗?

工作流程中的步骤:

        call: googleapis.bigquery.v2.jobs.insert
        args:
          projectId: ${sys.get_env("GOOGLE_CLOUD_PROJECT_ID")}
          body:
            configuration:
              query:
                query: select * from `*****.domains_sheet_view`
                destinationTable:
                  projectId: ${sys.get_env("GOOGLE_CLOUD_PROJECT_ID")}
                  datasetId: ***
                  tableId: domains
                create_disposition: CREATE_IF_NEEDED
                write_disposition: WRITE_TRUNCATE
                allowLargeResults: true
                useLegacySql: false```
4

1 回答 1

3

AFAIK 对于连接器,您无法自定义scope参数,但如果您HTTP自己将调用放在一起,则可以自定义。

  1. 将服务帐户添加为 Google Docs 上的查看器
  2. 然后运行工作流

这是我的程序

#workflow entrypoint
main:
  steps:
    - initialize:
        assign:
          - project: ${sys.get_env("GOOGLE_CLOUD_PROJECT_ID")}
    - makeBQJob:
        call: BQJobsInsertJobWithSheets
        args:
          project: ${project}
          configuration:
              query:
                query: SELECT * FROM `ndc.autoritati_publice` LIMIT 10
                destinationTable:
                  projectId: ${project}
                  datasetId: ndc
                  tableId: autoritati_destination
                create_disposition: CREATE_IF_NEEDED
                write_disposition: WRITE_TRUNCATE
                allowLargeResults: true
                useLegacySql: false
        result: res
    - final:
        return: ${res}
#subworkflow definitions
BQJobsInsertJobWithSheets:
  params: [project, configuration]
  steps:
    - runJob:
        try:
          call: http.post
          args:
            url: ${"https://bigquery.googleapis.com/bigquery/v2/projects/"+project+"/jobs"}
            headers:
              Content-type: "application/json"
            auth:
              type: OAuth2
              scope: ["https://www.googleapis.com/auth/drive","https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/bigquery"]
            body:
              configuration: ${configuration}
          result: queryResult
        except:
          as: e
          steps:
            - UnhandledException:
                raise: ${e}
        next: queryCompleted
    - pageNotFound:
        return: "Page not found."
    - authError:
        return: "Authentication error."
    - queryCompleted:
        return: ${queryResult.body}
于 2021-11-15T16:02:48.717 回答