Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Blob.generate_signed_url() failing to AttributeError

Tags:

python

google-compute-engine

google-cloud-storage

google-cloud-python

So I'm trying to produce temporary globally readable URLs for my Google Cloud Storage objects using the google-cloud-storage Python library (https://googlecloudplatform.github.io/google-cloud-python/latest/storage/blobs.html) - more specifically the Blob.generate_signed_url() method. I doing this from within a Compute Engine instance in a command line Python script. And I keep getting the following error:

AttributeError: you need a private key to sign credentials.the credentials you are currently using <class 'oauth2cl
ient.service_account.ServiceAccountCredentials'> just contains a token. see https://google-cloud-python.readthedocs
.io/en/latest/core/auth.html?highlight=authentication#setting-up-a-service-account for more details.

I am aware that there are issues with doing this from within GCE (https://github.com/GoogleCloudPlatform/google-auth-library-python/issues/50) but I have created a new Service Account credentials following the instructions here: https://cloud.google.com/storage/docs/access-control/create-signed-urls-program and my key.json file most certainly includes a private key. Still I am seeing that error.

This is my code: 

keyfile = "/path/to/my/key.json"
credentials = ServiceAccountCredentials.from_json_keyfile_name(keyfile)
expiration = timedelta(3) # valid for 3 days
url = blob.generate_signed_url(expiration, method="GET",
                               credentials=credentials)

I've read through the issue tracker here https://github.com/GoogleCloudPlatform/google-cloud-python/issues?page=2&q=is%3Aissue+is%3Aopen and nothing related jumps out so I am assuming this should work. Cannot see what's going wrong here.

like image 653
Matti Avatar asked Oct 03 '17 09:10

Matti

2 Answers

I was having the same issue. Ended up fixing it by starting the storage client directly from the service account json.

storage_client = storage.Client.from_service_account_json('path_to_service_account_key.json')

I know I'm late to the party but hopefully this helps!

like image 123
tomasn4a Avatar answered Nov 09 '22 06:11

tomasn4a

Currently, it's not possible to use blob.generate_signed_url without explicitly referencing credentials. (Source: Google-Cloud-Python documentation) However, you can do a workaround, as seen here, which consists of:

signing_credentials = compute_engine.IDTokenCredentials(
    auth_request,
    "",
    service_account_email=credentials.service_account_email
)
signed_url = signed_blob_path.generate_signed_url(
    expires_at_ms,
    credentials=signing_credentials,
    version="v4"
)
like image 24
Mito Avatar answered Nov 09 '22 06:11

Mito
Sign in to Comment

Related questions

Matlab equivalent of Python enumerate
How to use dill to serialize a class definition?
Displaying subprocess output to stdout and redirecting it
How to import own module for mocking? (import error: no module named my_module!)
How to change text of a label in the kivy language with python
Overriding Django REST ViewSet with custom post method and model
py.test doesn't find module
Python Unit Testing with two mock objects, how to verify call-order?
Grouping constants in python
django - using of related_name in ManyToMany and in ForeignKey
Draw Ellipse in Python PIL with line thickness
Can variables be decorated? [closed]
How to select cells greater than a value in a multi-index Pandas dataframe?
Does Seaborn distplot not support a range?
Optimization of arithmetic expressions - what is this technique called?
How do I include .dll file in executable using pyinstaller?
Python dynamic multiprocessing and signalling issues
Librosa pitch tracking - STFT
Parse pandas (multi)index to datetime
Visual Studio - "The environment IronPython|2.7-32 appears to be incorrectly configured or missing"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!