Create Google Cloud Project with Cloud Resource Manager API

后端 未结 2 680
无人共我
无人共我 2021-01-17 00:40

I\'m trying to create a new project in the Google Cloud Platform using the Cloud Resource Manager API. It all works fine when I use it through the API explorer however I don

相关标签:
2条回答
  • 2021-01-17 01:17

    Rather than just tell you how to test with a working token, I'm going to try to more broadly answer what you're aiming to do.

    At a pretty high level, you will need to:

    1. Enable the Resource Manager API for your Cloud Console project.

    2. Create an OAuth client ID for Web applications in the Cloud Console. You will need to register your authorized redirect URI. This is where your app will get the OAuth response back from Google when the end user authorizes your app. Note the client ID, you will need that next.

    3. Start the OAuth flow by assembling your URL:

      https://accounts.google.com/o/oauth2/v2/auth?
      response_type=code&
      client_id=<123456789example>.apps.googleusercontent.com&
      scope=https://www.googleapis.com/auth/cloudplatformprojects&
      redirect_uri=http://<YOUR-APP-URL>/<YOUR-OAUTH-HANDLER>
      

      Replace in that URL the client ID and the redirect URI. I assume you'd have a button or link on your site where you would have the user click to start this flow.

    4. Code your OAuth handler. Some more in-depth code for doing this in Go can be gleaned from this Go Sample, which was originally for G+ sign-in but much of the logic is going to be the same. You are going to get a code query parameter passed to your application, the value is a one-time authorization code that your application must exchange for your OAuth tokens that you use to make API calls on behalf of the user.

    5. If appropriate for your app and situation, securely store your tokens for use later or for processing while your user is not active on your site (might be appropriate for batch processing).

    6. Now that you have an access token, you can pass that to the Resource Manager API and create projects on behalf of the user. You might use the Go client library or you could call the HTTP endpoints directly in your code.

    If you want more testing with curl, I'd follow the process that we wrote up accessing the App Engine Admin API. Substitute Admin API URLs and names for Resource Manager and you've got the overall flow. The difference from what's above, is I used a code flow above because I assume you want server-side and possibly refresh tokens if you need to be able to make these API calls while the user is not active on your site.

    0 讨论(0)
  • 2021-01-17 01:37

    Like Alex says, you ask for scopes during OAuth authentication. One way to easily authenticate and obtain a Oauth access token is doing:

    gcloud beta auth application-default login --scopes=https://www.googleapis.com/auth/cloudplatformprojects

    As you can see, you can specify the scopes you want to gcloud and it will take care of authentication for you.

    Then, you should be able to create a project calling:

    curl -H "Content-Type: application/json" -H "Authorization: Bearer $(gcloud beta auth application-default print-access-token)" -X POST -d '{"name": "project example","projectId": "my-project-example-1234"}' https://cloudresourcemanager.googleapis.com/v1/projects?fields=response

    Here, you are passing the access token obtained when you made Oauth authentication. This should be taken care of by the client libraries for you when you get the application default credentials.

    0 讨论(0)
提交回复
热议问题