How to properly authorize request to Google Cloud Storage API?

我与影子孤独终老i 提交于 2020-08-08 03:41:51

问题


I am trying to use the Google Cloud Storage JSON API to retrieve files from a bucket using http calls.

I am curling from a Container in GCE within the same project as the storage bucket, and the service account has read access to the bucket

Here is the pattern of the requests:

https://storage.googleapis.com/{bucket}/{object}

According to the API console, I don't need anything particular as the service account provides Application Default Credentials. However, I keep having this:

Anonymous caller does not have storage.objects.get

I also tried to create an API key for the project and appended it to the url (https://storage.googleapis.com/{bucket}/{object}?key={key})but I still got the same 401 error.

How can I authorize requests to query this API?


回答1:


The URL that you are using is not correct. The APIs use a URL that starts with https://www.googleapis.com/storage/v1/b.

Using API keys is not recommended. Instead you should use a Bearer: token. I will show both methods.

To get an access token for the gcloud default configuration:

gcloud auth print-access-token

Then use the token in your curl request. Replace TOKEN with the token from the gcloud command.

To list buckets:

curl -s -H "Authorization: Bearer TOKEN" https://www.googleapis.com/storage/v1/b

curl https://www.googleapis.com/storage/v1/b?key=APIKEY

To list objects:

curl -s -H "Authorization: Bearer TOKEN" https://www.googleapis.com/storage/v1/b/examplebucket/o

curl https://www.googleapis.com/storage/v1/b/examplebucket/o?key=APIKEY

API Reference: List Buckets




回答2:


If you are able to create another cluster you can obtain permission like this: Click in "avanced edit" next click in "Allow full access to all Cloud APIs"

And that's it :D



来源:https://stackoverflow.com/questions/53135841/how-to-properly-authorize-request-to-google-cloud-storage-api

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!