问题
I'm trying to access a pull queue from google compute with the compute OAuth token using python
from oauth2client import gce
from apiclient.discovery import build
import httplib2
credentials = gce.AppAssertionCredentials('')
http = httplib2.Http()
http=credentials.authorize(http)
credentials.refresh(http)
service = build('taskqueue', 'v1beta2', http=http)
tq=service.taskqueues()
tq.get(project=MY_APPENGINE_PROJECT, taskqueue=PULL_QUEUE_NAME, getStats=True).execute()
I keep getting HttpError 403 "you are not allowed to make this api call"
please help, what configure have I missing?
thanks, Shay
回答1:
UPDATE: Thanks to @Shay for asking this question, the issue he encountered is no longer an issue, as we have allowed aliases to work (when relevant) in the Task Queue API.
For posterity here is the original answer below:
Two of the most common mistakes I have seen are:
Forgetting to include the
s~in your App Engine Project. For example, if your application ID ismy-awesome-app, then you are callingtq.get(project='my-awesome-app', taskqueue=PULL_QUEUE_NAME...when you should be calling
tq.get(project='s~my-awesome-app', taskqueue=PULL_QUEUE_NAME...Forgetting to add the Compute service account to the task queue ACL in
queue.yaml. To do this, you need to get the service account associated with your project and add it to theacl:queue: - name: pull-queue mode: pull acl: - writer_email: 123845678986@project.gserviceaccount.com # can do alland of course this would mean
PULL_QUEUE_NAME = 'pull-queue'here. Also note,123845678986@project.gserviceaccount.comshould be replaced with the service account for your Compute Engine instance.
来源:https://stackoverflow.com/questions/17063073/pull-queues-authorization-from-compute