我正在尝试访问安全的云运行服务。如果我在使用SDK的计算机上尝试正常运行:
curl --header "Authorization: Bearer $(gcloud auth print-identity-token)"
但是,我无法使用同一服务帐户使用Python API来使其正常工作,我曾尝试使用google-auth获取访问令牌,但这给了我401身份验证错误。这是我用来尝试获得令牌的代码:
import google.auth
import google.auth.transport.requests
scopes = ['https://www.googleapis.com/auth/cloud-platform']
creds, projects = google.auth.default(scopes=scopes)
auth_req = google.auth.transport.requests.Request()
creds.refresh(auth_req)
# then using creds.token
查看文档:https://cloud.google.com/run/docs/authenticating/service-to-service#calling_from_outside_gcp它说要在此处遵循示例代码:https://cloud.google.com/iap/docs/authentication-howto#iap_make_request-python我似乎无法遵循该指南,因为它说来启用了IAP,但看来IAP仅适用于应用程序引擎,而不是云运行?
有人对此有何建议?
谢谢
https://google-auth.readthedocs.io/en/latest/reference/google.oauth2.service_account.html
from google.oauth2 import service_account
from google.auth.transport.requests import AuthorizedSession
service_url = 'example.com'
key_file = 'key.json'
credentials = service_account.IDTokenCredentials.from_service_account_file(
key_file, target_audience=service_url)
authed_session = AuthorizedSession(credentials)
response = authed_session.get(service_url)
[这很令人困惑,因为我在文档中没有看到它,这使我对IAP有其他了解,但我认为它与Cloud Run无关。