问题
I am trying to use the Google Cloud Storage JSON API to retrieve files from a bucket using http calls.
I am curling from a Container in GCE within the same project as the storage bucket, and the service account has read access to the bucket
Here is the pattern of the requests:
https://storage.googleapis.com/{bucket}/{object}
According to the API console, I don't need anything particular as the service account provides Application Default Credentials. However, I keep having this:
Anonymous caller does not have storage.objects.get
I also tried to create an API key for the project and appended it to the url (https://storage.googleapis.com/{bucket}/{object}?key={key}
)but I still got the same 401 error.
How can I authorize requests to query this API?
回答1:
The URL that you are using is not correct. The APIs use a URL that starts with https://www.googleapis.com/storage/v1/b
.
Using API keys is not recommended. Instead you should use a Bearer: token
. I will show both methods.
To get an access token for the gcloud default configuration:
gcloud auth print-access-token
Then use the token in your curl
request. Replace TOKEN with the token from the gcloud command.
To list buckets:
curl -s -H "Authorization: Bearer TOKEN" https://www.googleapis.com/storage/v1/b
curl https://www.googleapis.com/storage/v1/b?key=APIKEY
To list objects:
curl -s -H "Authorization: Bearer TOKEN" https://www.googleapis.com/storage/v1/b/examplebucket/o
curl https://www.googleapis.com/storage/v1/b/examplebucket/o?key=APIKEY
API Reference: List Buckets
回答2:
If you are able to create another cluster you can obtain permission like this: Click in "avanced edit" next click in "Allow full access to all Cloud APIs"
And that's it :D
来源:https://stackoverflow.com/questions/53135841/how-to-properly-authorize-request-to-google-cloud-storage-api