python-3.x - GCP-The App Engine APIs are not available, with py 3

Question

我正在尝试使用具有域范围授权的服务帐户从 App Engine 使用 Admin SDK API，允许它模拟管理员。

我找到了几个指南来这样做，但没有一个能像我预期的那样工作。

以下代码已部署到 App Engine Standard。

主要.py

from flask import Flask
from google.auth import app_engine
import google.auth


try:
    import googleclouddebugger
    googleclouddebugger.enable()
except ImportError:
    pass

SCOPES = ['https://www.googleapis.com/auth/admin.directory.user']

app = Flask(__name__)

@app.route('/')
def hello():
    credentials, project = google.auth.default()

    appIdentity = app_engine.app_identity

    credentials = app_engine.Credentials(scopes=SCOPES)

    ret = "Expired:{}".format(credentials.expired)
    ret += "\nvalid:{}".format(credentials.valid)
    return 'Hello World!\n'+ret


if __name__ == '__main__':
    app.run(host='127.0.0.1', port=8080, debug=True)

应用.yaml

runtime: python37

代码 credentials = app_engine.Credentials(scopes=SCOPES) 将导致应用程序出现 500 错误消息，因为 app_engine.app_identity 始终是 none.

"Traceback (most recent call last):
  File "/env/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app
    response = self.full_dispatch_request()
  File "/env/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/env/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/env/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/env/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
    rv = self.dispatch_request()
  File "/env/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/srv/main.py", line 52, in hello
    credentials = app_engine.Credentials(scopes=SCOPES)
  File "/env/lib/python3.7/site-packages/google/auth/app_engine.py", line 107, in __init__
    'The App Engine APIs are not available.')
OSError: The App Engine APIs are not available." 

如您所见，错误报告The App Engine APIs are not available 但是 GCP 项目中没有同名的 API。

下面是我在项目中启用的所有 API，试图实现它的要求。当然，错误还是会出现。

这是一个测试环境，如果有人需要访问，请询问，我很乐意为您授予 GCP 项目的查看权限

感谢您的宝贵时间:)

Answer 1

您正在使用与应用引擎 API 不兼容的 python37 运行时(第二代标准环境)(只有 python27/第一代兼容)。来自 Understanding differences between the Python 2 and Python 3 environments :

Proprietary App Engine APIs are not available in Python 3. This section lists recommended replacements.

from google.auth import app_engine 实际上无法使用，因为它们基于 App Identity API ，那些专有的之一。

对于 python37 运行时中的身份验证，请遵循 Granting your app access to Cloud services部分。基本上不同于 App Identity API，您在其中调用 Credentials() 一次，然后使用应用程序身份访问服务，在 python37 中，您使用相应的服务 API Client( ) 调用(或等价物):

# If you don't specify credentials when constructing the client, the
# client library will look for credentials in the environment.
storage_client = storage.Client()

如果您要使用的服务帐户不是应用程序的默认服务帐户，那么您需要指定它:

You can override this default flow by doing any of the following:

• Set the GOOGLE_APPLICATION_CREDENTIALS environment variable. If this variable is set, Cloud services use the credentials specified by the variable instead of the default service account.

• Specify credentials when you instantiate the Client object for a Cloud service. For example, if your app is calling a Cloud service in a different project, you may need to pass credentials manually.