GCP-The App Engine APIs are not available, with py 3

Question

I am trying to consume Admin SDK API from App Engine using a service account with domain wide delegation that allows it to impersonate an admin.

I found several guides t

Answer 1

You're using the python37 runtime (the 2nd generation standard environment) which isn't compatible with the app engine API (only the python27/1st generation one is). From Understanding differences between the Python 2 and Python 3 environments:

Proprietary App Engine APIs are not available in Python 3. This section lists recommended replacements.

The from google.auth import app_engine won't actually be usable since they're based on the App Identity API, one of those proprietary ones.

For authentication in the python37 runtime follow the Granting your app access to Cloud services section. Basically unlike the App Identity API in which you call Credentials() once and then use the app identity to access services, in python37 you authenticate for each service you need using the respective service API Client() call (or equivalent):

# If you don't specify credentials when constructing the client, the
# client library will look for credentials in the environment.
storage_client = storage.Client()

If the service account you want to use is not the app's default service account then you need to specify it:

You can override this default flow by doing any of the following:

• Set the GOOGLE_APPLICATION_CREDENTIALS environment variable. If this variable is set, Cloud services use the credentials specified by the variable instead of the default service account.

• Specify credentials when you instantiate the Client object for a Cloud service. For example, if your app is calling a Cloud service in a different project, you may need to pass credentials manually.