Reputation: 17
Can I check if a script is running inside a Compute Engine or in a local environment?
I just wanted to know if there is a way to check whether a Python script is running inside a Compute Engine or in a local environment?
I want to check that in order to know how to authenticate, for example when a script runs on a Compute Engine and I want to initiate a BigQuery client I do not need to authenticate but when it comes to running a script locally I need to authenticate using a service account JSON file.
If I knew whether a script is running locally or in a Compute Engine I would be able to initiate Google services accordingly.
I could put initialization into a try-except statement but maybe there is another way?
Any help is appreciated.
Upvotes: 0
Views: 1938
Answers (3)
Reputation: 75
A little hacky but works just fine:
def in_google_network():
url = "http://metadata.google.internal/computeMetadata/v1/project/project-id"
try:
urllib.request.urlopen(
urllib.request.Request(url, headers={"Metadata-Flavor": "Google"})
).read().decode()
logging.info("Running inside of google network.")
return True
except Exception:
logging.info("Running outside of google network.")
return False
You can't reach this endpoint from any other place than GCP
Upvotes: 2
Reputation: 17
So I read a bit on the Google Cloud authentication and came up with this solution:
import google.auth
from google.oauth2 import service_account
try:
credentials, project = google.auth.default()
except:
credentials = service_account.Credentials.from_service_account_file('/path/to/service_account_json_file.json')
client = storage.Client(credentials=credentials)
What this does is it tries to retrieve the default Google Cloud credentials (in environments such as Compute Engine) and if it fails it tries to authenticate using a service account JSON file.
It might not be the best solution but it works and I hope it will help someone else too.
Upvotes: 0
Reputation: 40061
If I understand your question correctly, I think a better solution is provided by Google called Application Default Credentials. See Best practices to securely auth apps in Google Cloud (thanks @sethvargo) and Application Default Credentials
Using this mechanism, authentication becomes consistent regardless of where you run your app (on- or off-GCP). See finding credentials automatically
When you run off-GCP, you set GOOGLE_APPLICATION_CREDENTIALS to point to the Service Account. When you run on-GCP (and, to be clear, you are still authenticating, it's just transparent), you don't set the environment variable because the library obtains the e.g. Compute Engine instance's service account for you.
Upvotes: 4
Related Questions
- How to check whether if I'm running the code on a GCP / AWS instance?
- Check in bash if I am in a Google Compute Engine instance
- How to check if script is running locally or on azure devops
- Python3 Determine if a Program is Running on GCP?
- How to test if process is "in cloud" on AWS
- Node.js check if running locally or in google cloud VM?
- How to check if code is run locally or on a cluster in Python
- Check if application is running on server or local
- How do I know if my code is running deployed on GAE or running local?
- How to determine if your app is running on local Python Development Server?