I have a Google Cloud Platform service account with domain-wide authority. I can add it to a Google Analytics API call from my terminal and it works correctly. However, I would like to run that same script as a Google Cloud Function and reference the service account in GCP without including the client_secret_service_account.json file (like below) in the repository or anywhere outside of GCP. Is that possible?
KEY_FILE_LOCATION = 'client_secret_service_account.json'
You can now reference the service account when deploying Cloud Functions. Check documentation for gcloud.
When using GCP console, expand "Advanced options" to inform the service account
Related
I am using two different Google accounts for Google Developer and Google Cloud Services. I have a live Android app and now I want enable real-time-notifications for monetisation. Is there any way that I can link my Google Developer account to Google Cloud Services Account So I can integrate Pub/Sub service?
If I understand correctly this you could use Cloud IAM and give needed roles Developer account. So you can give ex. Project Owner rights to your Google Developer account and than this account can control the project as the owner.
But I don't think you need project owner for Pub/Sub integration. Please check this document that shows such process.
As well there is possibility to merge accounts via Google Workspace Support, however again I don't think this is needed to integrate pub/sub.
I know this question is probably a bit vague. I was trying to run one of the examples of Google NLP Library in Google Shell.
I have 0 experience with using API, JSON, Nodejs... I don't understand what they are and how to use them.
Please help
Here is the snapshot of the error:
The error message means that you are using user credentials instead of service account credentials.
When you connect to Google Cloud Shell, you are using your Google Accounts User Credentials. Those credentials are the ones that you used to log in to the Google Cloud Console. When you run an application in Google Cloud Shell, your application is using those credentials unless you explicitly specify different credentials.
The solution is to create a service account in the Google Cloud Console. Then in your program use the service account for credentials for your application.
Google Cloud Service Accounts
When you do not specify the application credentials, the Google Client libraries use a method to locate credentials called ADC (Application Default Credentials). I wrote an article that might help you understand ADC:
Google Cloud Application Default Credentials
The simplest method for you is to create the environment variable GOOGLE_APPLICATION_CREDENTIALS to point to the service account full path location before running your application. Change the path below to point to where the service account is stored on Cloud Shell. You will need to first create the service acount, download it and then upload to Cloud Shell.
export GOOGLE_APPLICATION_CREDENTIALS="$HOME/service-account.json"
Managing files with Cloud Shell
This link will provide more information on how to write applications that use service accounts.
Setting Up Authentication for Server to Server Production Applications
I have created a GCP cloud function. I can deploy the package via CLI or Console in my account. But the thing is that, How do I ship the GCP cloud function app(package) to the customer account in a secure way?. I don't want to share the source code.
I want to access Youtube Content Owner API with Google Cloud Functions. For that the service account used by GCF has to have access to that API.
When I create a Google Cloud Function, it's automatically assigned a service account. In this case the "App Engine default service account". I have a few questions about this.
Does Google Cloud Function always use "App Engine default service account" as the service account?
While editing the cloud function, I cannot see any way to change a service account of a Google Cloud Function. Once it is set up for a Cloud Function, the service account can not be changed, right?
If the default service account is given access to Youtube Content Owner API then Google Cloud Functions will have it, too?
Yes, Cloud Functions use the App Engine default service account, as explained here.
Indeed there is no such option yet. There is a public Feature Request opened for this if you are interested.
True, Cloud Function will inherit all the access right from the default service account.
Alternatively, to use credentials with Cloud Functions other then the App Engine Default service account you could:
use an authentication token
upload a non-default service account directly with your Cloud Function and use it from with in it as described here
It seems like using service accounts with Dataproc is not possible because when using a service account with Cloud Dataproc I'm getting permission errors.
For example, running the command gcloud beta dataproc clusters list yeilds an error which says (gcloud.beta.dataproc.clusters.list) Request had insufficient authentication scopes
Does Cloud Dataproc allow for the use of service accounts?
Yes, you can use service accounts with Cloud Dataproc.
This error is due to the requirement that the cloud-platform scope be enabled. The long name for this scope is https://www.googleapis.com/auth/cloud-platform.
When creating a Google Compute Engine instance it means skipping the dropdown scopes and just clicking the top-level Allow API access to all Google Cloud services in the same project.