Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Google App Engine authorization for Google BigQuery

I have followed the instructions in https://developers.google.com/bigquery/authorization#service-accounts-appengine to make some queries from app engine to bigquery.

In the step 2, I click on Team in Google Api Console and it redirects to App Engine > Administration > Permissions. I add the service account name as Email and as a role I select developer (the option "can edit" is not available), and then click "Invite user". After that, appears a message: "An email was sent to [email protected] for verification." and the status is Pending. How I could confirm the email?, seems there is a bug here...

Next, I made a test using the following code:

#!/usr/bin/env python
import httplib2
import webapp2
from google.appengine.api import memcache
from apiclient.discovery import build
from google.appengine.ext import webapp
from google.appengine.ext.webapp.util import run_wsgi_app
from oauth2client.appengine import AppAssertionCredentials 

# BigQuery API Settings
PROJECT_NUMBER        = 'XXXXXXXX' 

credentials = AppAssertionCredentials(scope='https://www.googleapis.com/auth/bigquery')
http        = credentials.authorize(httplib2.Http(memcache))
service     = build("bigquery", "v2", http=http)

class MainHandler(webapp2.RequestHandler):
    def get(self):
        query     = {'query':'SELECT word,count(word) AS count FROM publicdata:samples.shakespeare GROUP BY word;',
                     'timeoutMs':10000}
        jobRunner = service.jobs()
        reply     = jobRunner.query(projectId=PROJECT_NUMBER,body=query).execute()
        self.response.out.write(reply)

app = webapp2.WSGIApplication([
    ('/', MainHandler)
], debug=True)

And the reply was (running from google):

HttpError: <HttpError 403 when requesting https://www.googleapis.com/bigquery/v2/projects/XXXXXXXX/queries?alt=json returned "Access Denied: Job YYYYYYYY:job_e57bdde0144c495dbc864ccbfb82b704: RUN_QUERY_JOB">

If I test from localhost, the answer is:

HttpError: <HttpError 401 when requesting https://www.googleapis.com/bigquery/v2/projects/XXXXXXXX/queries?alt=json returned "Invalid Credentials">

Someone could help me? :-)

like image 286
Peña Avatar asked Jul 08 '13 19:07

Peña


People also ask

How do I access Google BigQuery?

Find BigQuery in the left side menu of the Google Cloud Platform Console, under Big Data. Open your project in the console. If you're new to the console, you may need to sign up for a Google account, access the console, and create a project. Find BigQuery in the left side menu of the console, under Big Data.

How to give permission in Google Cloud console?

Go to the API Console. Open the console left side menu and select IAM & Admin. From the projects list, select the project that you want to change the member's permissions for. You can either search for the member, or you can browse Role lists to locate the member whose permission you want to change.


2 Answers

You can add the [email protected] to the project at http://cloud.google.com/console.

Expect this to be easier/ more straightforward soon!


Step by step, by @Christian:

  1. Go to App Engine Dashboard of your application, click on Application Settings and copy the service account name ([email protected])
  2. Go to http://cloud.google.com/console
  3. Select your project
  4. Click on gear icon and select Teams
  5. Click on Add member
  6. Paste the service account name and select can edit permission, then click on add.
  7. Have fun!
like image 142
Felipe Hoffa Avatar answered Oct 31 '22 17:10

Felipe Hoffa


Actually there are two areas from where you can add an account. If you go with old console code.google.com/api/console it would take you to your appengine.google.com dashboard i.e "Way-1" which actually has some problem of asking "Verification". The new https://cloud.google.com/console has solved this problem.

  • [Way-1] *Problemtic* hit http://appengine.google.com ==> your_app_name> ==> Permissions

  • [Way-2] *Works* hit http://cloud.google.com/console ==> Click your_app_name ==> Click Permissions on Left Pane ==> Click Add Member Button and add i.e [email protected] with "Can Edit" rights

"If you already have added your account via Way-1 Follow below method"

"Way-1" seems to have some problem due to this your account will keep showing "Pending Status". If somehow you have added the account via Way-1 and try to follow "Way-2" afterwards you would keep seeing the same status at way-2 link. For it you'll have to delete that user with "delete icon" which appears on mouse hover. Delete the account from there and add [email protected] with "Can Edit" permission.

like image 29
Ahsan.Amin Avatar answered Oct 31 '22 17:10

Ahsan.Amin