时间戳

首页 > 解决方案 > 如何在 Dataflow 中创建引用服务帐户 json 文件的 GoogleCredential 对象?

google-cloud-dataflow - 如何在 Dataflow 中创建引用服务帐户 json 文件的 GoogleCredential 对象?

问题描述

我编写了一个管道来提取 G 套件活动日志,方法是参考G 套件 java-quickstart,其中代码读取 client_secret.json 文件,如下所示,

InputStream in = new FileInputStream("D://mypath/client_secret.json");
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));

管道在本地 (runner=DirectRunner) 中按预期运行,但是在云上执行时相同的代码失败并出现 java.io.FileNotFoundException 期望 (runner=DataflowRunner)

我了解在云上执行时本地路径无效。这里有什么建议吗?

更新:

我已经修改了如下代码,并且能够读取 client_secrets.json 文件

    InputStream in =
    Activities.class.getResourceAsStream("client_secret.json");

实际问题在于创建凭证对象

private static   java.io.File DATA_STORE_DIR = new java.io.File(System.getProperty("user.home"),
         ".credentials/admin-reports_v1-java-quickstart");
private static final List<String> SCOPES = Arrays.asList(ReportsScopes.ADMIN_REPORTS_AUDIT_READONLY);

static {
    try {
        HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
        DATA_STORE_FACTORY = new FileDataStoreFactory(DATA_STORE_DIR);
    } catch (Throwable t) {
        t.printStackTrace();
        System.exit(1);
    }
}

public static Credential authorize() throws IOException {
    // Load client secrets.
    InputStream in =
    Activities.class.getResourceAsStream("client_secret.json");

    GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));

    // Build flow and trigger user authorization request.
    GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(HTTP_TRANSPORT, JSON_FACTORY,
            clientSecrets, SCOPES).setDataStoreFactory(DATA_STORE_FACTORY).setAccessType("offline").build();
    Credential credential = new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver()).authorize("user");
    System.out.println("Credentials saved to " + DATA_STORE_DIR.getAbsolutePath());
    return credential;
}

观察:

本地执行:

  1. 在初始执行时,程序尝试打开浏览器以授权请求并将经过身份验证的对象存储在文件 - “StoredCredential”中。
  2. 在进一步执行时,存储的文件用于进行 API 调用。

在云端运行(DataFlowRunner):

  1. 当我检查日志时,数据流会尝试打开浏览器来验证请求并停在那里。

我需要的?

如何修改GoogleAuthorizationCodeFlow.Builder以便在作为数据流管道运行时可以创建凭证对象?

标签: google-cloud-dataflowgoogle-admin-sdkapache-beam

解决方案

我找到了使用服务帐户创建GoogleCredential对象的解决方案。下面是它的代码。

    public static Credential authorize() throws IOException, GeneralSecurityException {

        String emailAddress = "service_account.iam.gserviceaccount.com";
        GoogleCredential credential = new GoogleCredential.Builder()
                .setTransport(HTTP_TRANSPORT)
                .setJsonFactory(JSON_FACTORY)
                .setServiceAccountId(emailAddress)
                .setServiceAccountPrivateKeyFromP12File(Activities.class.getResourceAsStream("MYFILE.p12"))
                .setServiceAccountScopes(Collections.singleton(ReportsScopes.ADMIN_REPORTS_AUDIT_READONLY))
                .setServiceAccountUser("USER_NAME")
                .build();

        return credential;
    }

推荐阅读