Reputation: 138
The access scope of Cloud Shell
I tried to run a docker container application which accesses Cloud Datastore in the Cloud Shell, but the access was refused. I suspect that the Cloud Shell doesn't have the scope to access Cloud Datastore.
Is it possible to add an appropriate scope the Cloud Shell instance?
Upvotes: 2
Views: 676
Answers (1)
Reputation: 3129
There was a bug in Cloud Shell credential handling where using newer versions of Python oauth2client package (either directly or indirectly) would fail with error like
File "/usr/local/lib/python2.7/dist-packages/oauth2client/contrib/gce.py", line 117, in _retrieve_info
self.service_account_email = info['email']
TypeError: string indices must be integers
This should be fixed in the newer image release. New sessions of Cloud Shell should not have this issue. Here is a working example of using Cloud Datastore API in a container, running in Cloud Shell:
$ cat Dockerfile
FROM python
RUN pip install gcloud
COPY test.py .
CMD ["python", "test.py"]
$ cat test.py
from gcloud import datastore
client = datastore.Client(project='your-project-id-23242')
query = datastore.Query(client, kind='EntityKind')
print(list(query.fetch()))
$ docker build -t test .
... docker output ...
$ docker run -ti test
[]
The example prints out just an empty list because I don't have any entities of "EntityKind" kind in my project's datastore, but you get the idea.
P.S. I work at Google.
Upvotes: 1
Related Questions
- What are access scopes in gcloud auth, and why do they differ in Cloud Shell vs. my local machine?
- How give Cloud Shell only access in GCP
- Cloud API access scopes
- customizing environments in Google cloud shell
- How to setup properly Google Cloud Shell?
- What is difference between cloud shell and SSH?
- Google Cloud permissions
- Setup Google cloud shell environment for Cloud ML
- Google Cloud Shell and Cloud Storage - Permission to access the GCS address is denied
- Google Compute Engine permissions and roles don't grant necessary scopes