使用云资源管理器API创建Google云项目 [英] Create Google Cloud Project with Cloud Resource Manager API

问题描述

我正尝试使用云资源管理器API 。
当我通过API浏览器使用它时，它一切正常，但是我不太明白如何将它用作API Explorer之外的http请求。

我运行这样的请求：

  curl -HContent-Type：application / json-X POST -d' {name：project example，projectId：my-project-example-1234}'https://cloudresourcemanager.googleapis.com/v1/projects?fields=response&key={MY_APY_KEY} 
  

回应：

 <$ c 
error：{
code：401，
message：请求没有有效的认证凭证。，
status ：UNAUTHENTICATED
} 
} 
  

文档说明此请求<一个href =https://cloud.google.com/resource-manager/reference/rest/v1/projects/create#authorization =nofollow>需要一个OAuth范围，这就是当事情变得混乱对我来说。
阅读文档我无法理解如何将其中一个必需的OAuth范围与URL一起传递给其他API时，我只是假设我缺少这些内容。

解决方案

与其仅仅告诉你如何使用工作令牌进行测试，我会尝试更广泛地回答你的目标

$ b 在相当高的水平上，您需要：

1. 为您的云启用资源管理器API 控制台项目。 创建OAuth
2. 云控制台中的Web应用程序的客户端ID。您需要注册您的授权重定向URI。当最终用户授权您的应用时，您的应用会从Google获得OAuth回复。请注意客户端ID，接下来您需要。
通过组装您的URL启动OAuth流程：



  https://accounts.google.com/o/oauth2/v2/auth？ 
 response_type = code& 
 client_id =< 123456789example> .apps.googleusercontent.com& 
 scope = https：//www.googleapis.com/auth/cloudplatformprojects& 
 redirect_uri = http：//< YOUR-APP-URL> /< YOUR-OAUTH-HANDLER> 
  

在该URL中替换客户端ID和重定向URI。我假设您的网站上有一个按钮或链接，您需要点击此按钮才能启动此流程。 编写您的OAuth处理程序。 Go中的一些更深入的代码可以从这个Go样本最初是为了G +登录，但其中的大部分逻辑都是一样的。您将获得传递到应用程序的代码查询参数，该值是一次性授权代码，应用程序必须交换您用于制作OAuth令牌的代码代表用户进行API调用。


3. 如果适用于您的应用和情况，请安全存储您的令牌以供稍后使用或在您的用户不活跃时进行处理在您的网站上（可能适用于批处理）。
   

4. 现在您已拥有访问令牌，您可以将其传递给资源管理器API并代表用户创建项目。您可以使用 Go客户端库，也可以直接在您的电话中调用HTTP端点代码。
   

如果你想用curl进行更多的测试，我会遵循我们写过的访问App Engine管理API 。替换资源管理器的管理API URL和名称，并获得整体流程。与以上不同的是，我使用了上面的代码流程，因为我假设您需要服务器端和可能的刷新标记，如果您需要能够进行这些API调用该用户在您的网站上不活跃。

I'm trying to create a new project in the Google Cloud Platform using the Cloud Resource Manager API. It all works fine when I use it through the API explorer however I don't quite understand how to use it as an http request outside of API Explorer.

I run the request like this:

curl -H "Content-Type: application/json" -X POST -d '{"name": "project example","projectId": "my-project-example-1234"}' https://cloudresourcemanager.googleapis.com/v1/projects?fields=response&key={MY_APY_KEY}

Response:

{
  "error": {
    "code": 401,
    "message": "The request does not have valid authentication credentials.",
    "status": "UNAUTHENTICATED"
  }
}

The documentation says that this request requires an OAuth scope and that's when things get confusing to me. Reading the documentation I could not understand how one of the required OAuth scopes can be passed with the URL when making the http request to the rest API which I'm only assuming is what I'm missing.

解决方案

Rather than just tell you how to test with a working token, I'm going to try to more broadly answer what you're aiming to do.

At a pretty high level, you will need to:

1. Enable the Resource Manager API for your Cloud Console project.

2. Create an OAuth client ID for Web applications in the Cloud Console. You will need to register your authorized redirect URI. This is where your app will get the OAuth response back from Google when the end user authorizes your app. Note the client ID, you will need that next.

3. Start the OAuth flow by assembling your URL:

   https://accounts.google.com/o/oauth2/v2/auth?
   response_type=code&
   client_id=<123456789example>.apps.googleusercontent.com&
   scope=https://www.googleapis.com/auth/cloudplatformprojects&
   redirect_uri=http://<YOUR-APP-URL>/<YOUR-OAUTH-HANDLER>
   

   Replace in that URL the client ID and the redirect URI. I assume you'd have a button or link on your site where you would have the user click to start this flow.

4. Code your OAuth handler. Some more in-depth code for doing this in Go can be gleaned from this Go Sample, which was originally for G+ sign-in but much of the logic is going to be the same. You are going to get a code query parameter passed to your application, the value is a one-time authorization code that your application must exchange for your OAuth tokens that you use to make API calls on behalf of the user.

5. If appropriate for your app and situation, securely store your tokens for use later or for processing while your user is not active on your site (might be appropriate for batch processing).

6. Now that you have an access token, you can pass that to the Resource Manager API and create projects on behalf of the user. You might use the Go client library or you could call the HTTP endpoints directly in your code.

If you want more testing with curl, I'd follow the process that we wrote up accessing the App Engine Admin API. Substitute Admin API URLs and names for Resource Manager and you've got the overall flow. The difference from what's above, is I used a code flow above because I assume you want server-side and possibly refresh tokens if you need to be able to make these API calls while the user is not active on your site.

这篇关于使用云资源管理器API创建Google云项目的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！