如何配置Google BigQuery命令行工具以使用服务帐户? [英] How do I configure Google BigQuery command line tool to use a Service Account?
问题描述
我使用Google API控制台创建了一个服务帐户,并希望将此服务帐户用于 Google BigQuery CLI (bq)工具。
我一直在使用命令行工具成功访问BigQuery服务, /.bigquery.v2.token,但我似乎无法找到任何有关如何修改此文件(或以其他方式配置工具)以使用服务帐户的文档。
这是我当前的.bigquery.v2.token文件
{
_module:oauth2client。客户端,
_class:OAuth2Credentials,
access_token:--my-access-token--,
token_uri:https:// accounts。 google.com/o/oauth2/token,
invalid:false,
client_id:--my-client-id--.apps.googleusercontent.com,
id_token:null,
client_secret:--my-client-secret--,
token_expiry:2012-11-06T15:57:12Z,
refresh_token:--my-refresh-token--,
user_agent:bq / 2.0
}
我的其他文件:〜/ .bigqueryrc通常如下所示:
project_id = --my-project-id--
credential_file =〜/ .bigquery.v2.token
我已经尝试将credential_file参数设置为我的服务帐户的.p12私钥文件,但没有运气,我回了以下错误
********************* *****************************************
* *找不到OAuth2凭证,开始授权过程**
*********************************** *******************************
并要求我在浏览器中再次建立我的OAuth2凭证。
命令行工具'initial配置选项init:
bq help init
不会显示有关如何设置此工具以使用服务帐户的有用信息。
解决方案我最终找到了一些关于如何设置它的文档
$ bq - 帮助
....
--service_account:使用此服务帐户电子邮件地址进行授权。例如,1234567890@developer.gserviceaccount.com。
(默认值:'')
--service_account_credential_file:用作服务帐户的凭证存储的文件。如果使用服务帐户,必须设置。
--service_account_private_key_file:包含服务帐户私钥的文件名。如果指定了--service_account,则为必需。
(默认:'')
--service_account_private_key_password:私钥的密码。此密码必须与您在Google API控制台中创建的密码相匹配。默认为默认的Google API控制台私钥密码。
(默认值:'notasecret')
....
<您可以在每个bq(bigquery命令行客户端)请求上专门设置这些参数,即:
$ bq --service_account - -my-client-id--.apps.googleusercontent.com - service_account_private_key_file〜/ .bigquery.v2.p12 ... [command]
或者你可以在你的〜/ .bigqueryrc文件中设置默认值,就像这样
project_id = --my-project-id--
service_account = --my-client-id--@developer.gserviceaccount.com
service_account_credential_file = /home/james/.bigquery.v2.cred
service_account_private_key_file = /home/james/.bigquery.v2.p12
可以找到服务帐户在Google API控制台中,并且在创建服务帐户时设置service_account_private_key_password(默认设置为notasecret)。
注意: .bigqueryrc中的文件路径必须是完整路径,我无法使用〜/ .bigquery ... p>
需要一些额外的依赖项,您需要通过yum / apt-get安装openssl
- yum--
$ yum install openssl-devel libssl-devel
- 或者apt-get--
$ apt-get install libssl- dev
和pyopenssl通过简易安装/ pip
- 易于安装 -
$ easy_install pyopenssl
- 或pip--
$ pip install pyopenssl
I've created a service account using the Google API Console and wish to use this service account with the Google BigQuery CLI (bq) tool.
I've been using the command line tool to successfully access the BigQuery service using my valid OAuth2 credentials in ~/.bigquery.v2.token, however I can't seem to find any documentation on how to modify this file (or otherwise configure the tool) to use a service account instead.
Here is my current .bigquery.v2.token file
{ "_module": "oauth2client.client", "_class": "OAuth2Credentials", "access_token": "--my-access-token--", "token_uri": "https://accounts.google.com/o/oauth2/token", "invalid": false, "client_id": "--my-client-id--.apps.googleusercontent.com", "id_token": null, "client_secret": "--my-client-secret--", "token_expiry": "2012-11-06T15:57:12Z", "refresh_token": "--my-refresh-token--", "user_agent": "bq/2.0" }My other file: ~/.bigqueryrc generally looks like this:
project_id = --my-project-id-- credential_file = ~/.bigquery.v2.tokenI've tried setting the credential_file paramater to the .p12 private key file for my service account but with no luck, it gives me back the following error
****************************************************************** ** No OAuth2 credentials found, beginning authorization process ** ******************************************************************And asks me to go to a link in my browser to set up my OAuth2 credentials again.
The command line tools' initial configuration option "init":
bq help initdisplays no helpful information about how to set up this tool to use a service account.
解决方案I ended up finding some documentation on how to set this up
$ bq --help .... --service_account: Use this service account email address for authorization. For example, 1234567890@developer.gserviceaccount.com. (default: '') --service_account_credential_file: File to be used as a credential store for service accounts. Must be set if using a service account. --service_account_private_key_file: Filename that contains the service account private key. Required if --service_account is specified. (default: '') --service_account_private_key_password: Password for private key. This password must match the password you set on the key when you created it in the Google APIs Console. Defaults to the default Google APIs Console private key password. (default: 'notasecret') ....You can either set these specifically on each bq (bigquery commandline client) request, ie:
$ bq --service_account --my-client-id--.apps.googleusercontent.com -- service_account_private_key_file ~/.bigquery.v2.p12 ... [command]Or you can set up defaults in your ~/.bigqueryrc file like so
project_id = --my-project-id-- service_account = --my-client-id--@developer.gserviceaccount.com service_account_credential_file = /home/james/.bigquery.v2.cred service_account_private_key_file = /home/james/.bigquery.v2.p12The service account can be found in the Google API Console, and you set up service_account_private_key_password when you created your service account (this defaults to "notasecret").
note: file paths in .bigqueryrc had to be the full path, I was unable to use ~/.bigquery...
Some additional dependencies were required, you will need to install openssl via yum/apt-get
--yum-- $ yum install openssl-devel libssl-devel --or apt-get-- $ apt-get install libssl-devand pyopenssl via easy install/pip
--easy install-- $ easy_install pyopenssl --or pip-- $ pip install pyopenssl
这篇关于如何配置Google BigQuery命令行工具以使用服务帐户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
