GCP Firestore Python凭证 [英] GCP Firestore Python Credentials

问题描述

我无法从Linux VM向GCP的Firestore发送数据. 我只是在尝试更新数据库中的一个项目.我遇到有关凭证的问题.根据我使用的方法，我会得到不同的错误，但是，我相信它们均源于同一问题.

I am having trouble sending data from my Linux VM to my GCP's Firestore. I am simply trying to update an item inside of the database. I am getting an issue regarding credentials. Depending on the method I use, I get different errors however, I believe they all stem from the same issue.

请注意，我有一个服务帐户，带有json凭证.我知道这些凭据仍然有效，因为我能够使用GCP的语音转文本功能.我得到的唯一奇怪的行为是访问Firestore时.

As a note, I have a service account, with the json credentials. I know that these credentials are still valid because I am able to use GCP's Speech-to-Text. The only strange behavior I am getting is when accessing the Firestore.

注意: 我从GCP控制台而不是Firebase控制台使用Firestore.我发现它们的使用方式(主要是安全性)略有不同.

Note: I am using the Firestore from the GCP console rather than the Firebase console. I see that there are slight differences in how they are used (mostly security stuff).

如果我只是打开一个新终端并运行我的python脚本(我未对我的凭据文件设置任何引用).数据已成功添加到数据库，但是出现以下警告:

If I simply open a new terminal and run my python script (I do not set any reference to my credentials file). The data is successfully added to the database, but I get the following warning:

UserWarning: Your application has authenticated using end user credentials from Google Cloud 
SDK. We recommend that most server applications use service accounts instead. If your 
application continues to use end user credentials from Cloud SDK, you might receive a "quota 
exceeded" or "API not enabled" error. For more information about service accounts, see 
https://cloud.google.com/docs/authentication/

另一方面，如果我在运行相同的python脚本之前先运行export GOOGLE_APPLICATION_CREDENTIALS="folder/file.json"行.我会收到此错误:

On the other hand, if I run the line export GOOGLE_APPLICATION_CREDENTIALS="folder/file.json" before running the same python script. I will get this error instead:

Traceback (most recent call last):
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/grpc_helpers.py", line 57, in error_remapped_callable
    return callable_(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/grpc/_channel.py", line 565, in __call__
    return _end_unary_response_blocking(state, call, False, None)
  File "/home/vagrant/.local/lib/python3.6/site-packages/grpc/_channel.py", line 467, in _end_unary_response_blocking
    raise _Rendezvous(state, None, None, deadline)
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
    status = StatusCode.PERMISSION_DENIED
    details = "Missing or insufficient permissions."
    debug_error_string = "{"created":"@653.64","description":"Error received 
from peer ipv4:...:","file":"src/core/lib/surface
/call.cc","file_line":1052,"grpc_message":"Missing or insufficient 
permissions.","grpc_status":7}"
>

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "sendToDB.py", line 28, in <module>
    update_create_if_missing(args.uid, args.words)
  File "sendToDB.py", line 16, in update_create_if_missing
    item.update({'text': firestore.ArrayUnion([words])})
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/document.py", line 382, in update
    write_results = batch.commit()
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/batch.py", line 147, in commit
    metadata=self._client._rpc_metadata,
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/gapic/firestore_client.py", line 1042, in commit
    request, retry=retry, timeout=timeout, metadata=metadata
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/gapic_v1/method.py", line 143, in __call__
    return wrapped_func(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/retry.py", line 273, in retry_wrapped_func
    on_error=on_error,
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/retry.py", line 182, in retry_target
    return target()
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/timeout.py", line 214, in func_with_timeout
    return func(*args, **kwargs)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/api_core/grpc_helpers.py", line 59, in error_remapped_callable
    six.raise_from(exceptions.from_grpc_error(exc), exc)
  File "<string>", line 3, in raise_from
google.api_core.exceptions.PermissionDenied: 403 Missing or insufficient permissions.

如果我使用类似于此db = firestore.Client(project="myproj-99999",credentials="folder/file.json")的行直接在python文件中声明凭据文件，则会出现此错误:

If I state the the credentials file directly in the python file using a line similar to this db = firestore.Client(project="myproj-99999",credentials="folder/file.json") I get this error:

Traceback (most recent call last):
  File "sendToDB.py", line 23, in <module>
    update_create_if_missing(args.uid, args.words)
  File "sendToDB.py", line 9, in update_create_if_missing
    db = firestore.Client(project="earningstotext-251320",credentials="keys/gcpcmdlineuser.json")
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/firestore_v1/client.py", line 105, in __init__
    project=project, credentials=credentials, _http=None
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/client.py", line 227, in __init__
    Client.__init__(self, credentials=credentials, _http=_http)
  File "/home/vagrant/.local/lib/python3.6/site-packages/google/cloud/client.py", line 130, in __init__
    raise ValueError(_GOOGLE_AUTH_CREDENTIALS_HELP)
ValueError: This library only supports credentials from google-auth-library-python. 
See https://google-cloud-python.readthedocs.io/en/latest/core/auth.html 
for help on authentication with this library.

请注意，此处的readthedocs链接已损坏.

从本质上讲，我希望能够使用python更新和读取Firestore中的内容，而不会出现任何错误或警告. 我也弄不明白为什么，它一次有效(当我收到警告时)是当我没有设置任何种类的凭据时.

Essentially, I would just like to be able to update and read from my Firestore using python without any errors or warnings. I also can't make sense why, the one time it does work (when I get the warning) is when I don't set any sort of credentials.

这是与我的上一个问题类似的问题，

This is a similar question to my previous question found here. However I think my new information warranted a seperate question.

推荐答案

您需要将"Cloud Datastore Owner"角色添加到正在使用的服务帐户中.

You need to add the "Cloud Datastore Owner" role to the service account you are using.

1. 转到IAM& admin> console.cloud.google.com
的IAM部分
2. 找到您正在使用的服务帐户，然后单击铅笔图标进行编辑.
3. 点击添加其他角色，然后搜索数据存储所有者.

1. Go to IAM & admin> IAM section of console.cloud.google.com
2. Look for the service account you are using and click the pencil icon to edit it.
3. Click Add Another Role, and search for datastore owner.

引用: https://cloud.google.com/firestore/docs/security /iam

这篇关于GCP Firestore Python凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！