如何使用python/列出docker映像获取GCR访问令牌 [英] how to obtain GCR access token with python / listing docker images
问题描述
通过gcloud auth print-access-token
获得的访问令牌显然不同于我通过一些基本的python代码获得的访问令牌:
The access token im getting with gcloud auth print-access-token
is obviously a different access token than the one i can get with some basic python code:
export GOOGLE_APPLICATION_CREDENTIALS=/the-credentials.json
from oauth2client.client import GoogleCredentials
credentials = GoogleCredentials.get_application_default()
credentials.get_access_token()
我想做的是获得一个可用于的令牌:
What i am trying to do is get a token that would work with:
curl -u _token:<mytoken> https://eu.gcr.io/v2/my-project/my-docker-image/tags/list
我不希望将gcloud实用程序安装为我的应用程序的依赖项,因此,我尝试通过誓约google凭据以编程方式获取访问令牌
I'd prefer not to install gcloud utility as a dependency for my app, hence my tries to obtain the access token progrmatically via oath google credentials
推荐答案
I know this is a very old question, but I just got faced with the exact same problem of requiring an ACCESS_TOKEN in Python and not being able to generate it, and managed to make it work.
您需要执行的操作是使用变量credentials.token
,不同之处在于,一旦您首次创建凭据对象并返回None
,该变量将不存在.为了生成令牌,凭据必须由google.cloud库使用,在我的情况下,这是通过googleapiclient.discovery.build
方法完成的:
What you need to do is to use the variable credentials.token
, except it won't exist once you first create the credentials object, returning None
. In order to generate a token, the credentials must be used by a google.cloud library, which in my case was done by using the googleapiclient.discovery.build
method:
sqladmin = googleapiclient.discovery.build('sqladmin', 'v1beta4', credentials=credentials)
response = sqladmin.instances().get(project=PROJECT_ID, instance=INSTANCE_ID).execute()
print(json.dumps(response))
之后,可以使用
access_token = credentials.token
我还使用google.cloud storage
作为测试凭据的一种方式对其进行了测试,并且它也可以通过尝试通过适当的Python库访问GCS中的存储桶来实现:
I've also tested it using google.cloud storage
as a way to test credentials, and it also worked, by just trying to access a bucket in GCS through the appropriate Python library:
from google.oauth2 import service_account
from google.cloud import storage
PROJECT_ID = your_project_id_here
SCOPES = ['https://www.googleapis.com/auth/sqlservice.admin']
SERVICE_ACCOUNT_FILE = '/path/to/service.json'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES)
try:
list(storage.Client(project=PROJECT_ID, credentials=credentials).bucket('random_bucket').list_blobs())
except:
print("Failed because no bucket exists named 'random_bucket' in your project... but that doesn't matter, what matters is that the library tried to use the credentials and in doing so generated an access_token, which is what we're interested in right now")
access_token = credentials.token
print(access_token)
这篇关于如何使用python/列出docker映像获取GCR访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!