Reputation: 107
Log Google Cloud Service Account key created in Python API script
I managed to create a service account and a key of itself via the Python API iamcredetials.googleapis.com but I can't log it in since the key is in P12 format and received as a dict, and I can't find the way to log the key in. is there a way to create a p12 file or something so I can use the key?
I tried using the functions available in the oauth2clinet.service_account.ServiceAccountCredentials() module but none of them loads it successfully, I understand there's some grade of deprecation in this library and maybe I'm using obsolete methods.
The closer I was to a successfully log-in was when using the _from_p12_keyfile_contents() function which gave an "encoding routines" error, which is beyond my understanding.
from oauth2client.service_account import ServiceAccountCredentials
from googleapiclient import discovery, errors, logging
default_creds = google_application_defaults()
service = discovery.build("iam", "v1", credentials=default_creds, cache_discovery = False)
key = service.projects().serviceAccounts().keys().create( name = serviceAccMail, body={}).execute()
creds = ServiceAccountCredentials._from_p12_keyfile_contents(accountEmail, newkey["privateKeyData"], "notasecret")
Error: [('asn1 encoding routines', 'asn1_check_tlen', 'wrong tag'), ('asn1 encoding routines', 'asn1_item_embed_d2i', 'nested asn1 error')]
What's the correct way to log this key in?
Upvotes: 0
Views: 1328
Answers (1)
Reputation: 81386
The PFX (P12) service account format is deprecated. Go back to the Google Console and download the service account credentials in Json format.
Once you have download your credentials in Json format, change your code:
from google.oauth2 import service_account
sa_file = 'full/path/to/service_account.json'
default_creds = service_account.Credentials.from_service_account_file(sa_file)
[Update: The following code will show how to use P12 credentials]
Note: The P12 credentials do not work with all Google APIs (the credential type is different). This example is for the Google Discovery API. This example will not work with google.cloud.storage for example.
'''
Test program to use P12 credentials with Google Cloud Storage
'''
from oauth2client.service_account import ServiceAccountCredentials
import googleapiclient.discovery
# Details on the Google Service Account. The email must match the Google Console.
project_id = 'development-123456'
sa_filename = 'compute-engine.p12'
sa_password = 'notasecret'
sa_email = '[email protected]'
SCOPES = ["https://www.googleapis.com/auth/cloud-platform"]
cred = ServiceAccountCredentials.from_p12_keyfile(
sa_email,
sa_filename,
private_key_password=sa_password,
scopes=SCOPES)
client = googleapiclient.discovery.build('storage', 'v1', credentials=cred)
buckets = client.buckets().list(project=project_id).execute()
print('')
print('Listing buckets:')
for bucket in buckets['items']:
print(bucket['name'])
Upvotes: 2
Related Questions
- How to Auth to Google Cloud using Service Account in Python?
- How do I define my Google Cloud Platform service account's key in a python program?
- Google Service account authentication for API call using python
- How to get Access Token from Google Service Account key file?
- How do I create/manage GCP API keys using Python
- Generate google service account credentials without key in Cloud function
- How to use service account generated key for authentication using googleapi client
- Logging Python and Google Cloud
- Unable to authenticate using google cloud service account key created by python API
- creating a Public/private key for google using API call