Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Cannot use default service account in Compute Engine
See original GitHub issueI’m trying to figure out how I can use the service account associated with a Compute Engine without the need of a JSON file. I cant seem to be able to do that in gspread.
Google has an example here: https://cloud.google.com/docs/authentication/production
` from google.cloud import storage
# If you don't specify credentials when constructing the client, the
# client library will look for credentials in the environment.
storage_client = storage.Client()
# Make an authenticated API request
buckets = list(storage_client.list_buckets())
print(buckets)`
For them it just works. No JSON necessary. Can this be replicated in any way in gspread?
Issue Analytics
- State:
- Created 3 years ago
- Reactions:8
- Comments:23
Top Results From Across the Web
GCP: Compute Engine Default Service Account missing
In the cloud console, I can't find the "compute engine default service account" (I think, I accidentally deleted it last year).
Read more >Service accounts | Compute Engine Documentation
The Compute Engine default service account is created with the IAM basic Editor role, but you can modify your service account's roles to...
Read more >Instances use default service account with full access to cloud ...
Navigate to VM instances. · Select the impacted VM instance. · If the instance is not stopped, click Stop. · Click Edit. ·...
Read more >Compute Engine System service account service permissions ...
The default service account is assigned to the instance. · The Compute Engine Service Agent is used by Google services to manage your...
Read more >Google Cloud Default Service Account Lateral Movement
It is strongly recommended to not use the default service account but to create and manage your service accounts for compute engine instances....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@niczky12 Maybe try the following:
type(creds)it must returngoogle.oauth2.service_account.Credentialscreds.service_account_emailit must be the service account email you expectIf the two first steps fail, make sure your Compute Engine / Google Kubernetes Engine / App Engine / Cloud Run / Cloud Function have the right service account set in its configurations. If you don’t do that you’ll have the default service account which might not be the same you’re trying to use.
If you want to test that on your local computer, try setting the environment variable
GOOGLE_APPLICATION_CREDENTIALSto the path of the service account. That’s not exactly what happens inside the google engines butgoogle.auth.defaultshould treat the same.Finally, you can also try using
from googleapiclient._auth import default_credentialsinstead ofgoogle.auth.defaultsince that one is a bit more generic as it includesoauth2client.@niczky12 Oops. I spoke too soon it seems. I’ve updated my comment. The code ran fine on my local machine so I assumed it’d work on a compute engine as well. I should’ve tested it. My bad.
When running the same code in a Compute Engine Instance, I get the following error.
APIError: {'code': 403, 'message': 'Request had insufficient authentication scopes.', 'status': 'PERMISSION_DENIED'}The instance service account does have access to the google sheet I’m using.