是否有人成功使用了Google Admin SDK和Google Cloud功能?
我的组织是Google Auth的新手,我们已经倾注了无数小时的文档读数。任务很简单:通过目录API查看我们的Google组中的成员。
我们的设置:云函数通过适当的范围授予域范围访问的服务帐户进行部署和
运行-sdk/directory/v1/guides/委托书“ rel =“ nofollow noreferrer”> https://developers.google.com/admin-sdk/directory/v1/guides/guides/delegation
当我在我本地运行该功能时从文件路径中拉出服务帐户键,我会收到错误:“错误403:未被授权访问此资源/API,禁止”,
我注意到,当通过inline Text部署云函数或上传的zip部署云功能时,它无法读取.json或.Text文件类型当我将其包含在软件包中时。我知道这是不好的习惯,但是只是为了看到我在主文件中安装了JSON密钥。
并且仍然有一个“错误403:无权访问此资源/API,禁止”
我要在哪里出错?
import (
"encoding/json"
"fmt"
_"io/ioutil"
"log"
"net/http"
_ "os"
"time"
"golang.org/x/net/context"
"golang.org/x/oauth2/google"
admin "google.golang.org/api/admin/directory/v1"
"google.golang.org/api/option"
)
var User_email = <user>
func createAdminDirectoryService(serviceAccountFilePath, gsuiteAdminUserEmail string) *admin.Service {
jsonCredentials,_ := json.Marshal(map[string]string{<SERVICE KEY FILE>})
log.Println("Json creds: ", jsonCredentials)
config, err := google.JWTConfigFromJSON(
jsonCredentials,
"https://www.googleapis.com/auth/admin.directory.group.member.readonly",
)
if err != nil {
log.Printf("Json Config error:%v", err.Error())
}
config.Subject = gsuiteAdminUserEmail
fmt.Println(serviceAccountFilePath)//vestigial of previous version reading key from file
fmt.Println(gsuiteAdminUserEmail)
ctx, _ := context.WithDeadline(context.Background(), time.Now().Add(20*time.Second))
ts := config.TokenSource(ctx)
srv, err := admin.NewService(ctx, option.WithTokenSource(ts))
if err != nil {
log.Println("Admin Service error:", err.Error())
}
return srv
}
func listUsersInGroup(srv *admin.Service, groupEmail string) ([]string, error) {
membersEmails := make([]string, 1)
members, err := srv.Members.List(groupEmail).Do()
if err != nil {
log.Fatal("fatalerror list users: ", err)
membersEmails[0] = "Nope"
} else {
membersEmails := make([]string, len(members.Members))
for i, member := range members.Members {
membersEmails[i] = member.Email
}
}
return membersEmails, err
}
func Main(w http.ResponseWriter, r *http.Request) {
groupEmail := <groupemail>
path := "./key.json" //vestigial of previous version reading key from file
fmt.Println("Path:", path)
srv := createAdminDirectoryService(
path,
User_email,
)
members, err := listUsersInGroup(srv, groupEmail)
if err != nil {
log.Println(members)
} else {
log.Println("sorry bud")
}
}
My org is new to Google Auth and we have poured countless hours into documentation readings. The mission was simple: view members in our google groups through the Directory API.
Our setup: The cloud function deploys and runs with a service account that has been granted domain-wide access with the proper scopes, and impersonates an admin user detailed here:
https://developers.google.com/admin-sdk/directory/v1/guides/delegation
When I run the function locally and pull the service account key from a file path I get the error: "Error 403: Not Authorized to access this resource/api, forbidden"
I noticed that when deploying the Cloud Function via inline text or an uploaded zip it was unable to read a .json or .text file type when I included it in the package. I know this is bad practice but just to see I put in marshaled the JSON key in the main file.
And still got a "Error 403: Not Authorized to access this resource/api, forbidden"
Where am I going wrong?
import (
"encoding/json"
"fmt"
_"io/ioutil"
"log"
"net/http"
_ "os"
"time"
"golang.org/x/net/context"
"golang.org/x/oauth2/google"
admin "google.golang.org/api/admin/directory/v1"
"google.golang.org/api/option"
)
var User_email = <user>
func createAdminDirectoryService(serviceAccountFilePath, gsuiteAdminUserEmail string) *admin.Service {
jsonCredentials,_ := json.Marshal(map[string]string{<SERVICE KEY FILE>})
log.Println("Json creds: ", jsonCredentials)
config, err := google.JWTConfigFromJSON(
jsonCredentials,
"https://www.googleapis.com/auth/admin.directory.group.member.readonly",
)
if err != nil {
log.Printf("Json Config error:%v", err.Error())
}
config.Subject = gsuiteAdminUserEmail
fmt.Println(serviceAccountFilePath)//vestigial of previous version reading key from file
fmt.Println(gsuiteAdminUserEmail)
ctx, _ := context.WithDeadline(context.Background(), time.Now().Add(20*time.Second))
ts := config.TokenSource(ctx)
srv, err := admin.NewService(ctx, option.WithTokenSource(ts))
if err != nil {
log.Println("Admin Service error:", err.Error())
}
return srv
}
func listUsersInGroup(srv *admin.Service, groupEmail string) ([]string, error) {
membersEmails := make([]string, 1)
members, err := srv.Members.List(groupEmail).Do()
if err != nil {
log.Fatal("fatalerror list users: ", err)
membersEmails[0] = "Nope"
} else {
membersEmails := make([]string, len(members.Members))
for i, member := range members.Members {
membersEmails[i] = member.Email
}
}
return membersEmails, err
}
func Main(w http.ResponseWriter, r *http.Request) {
groupEmail := <groupemail>
path := "./key.json" //vestigial of previous version reading key from file
fmt.Println("Path:", path)
srv := createAdminDirectoryService(
path,
User_email,
)
members, err := listUsersInGroup(srv, groupEmail)
if err != nil {
log.Println(members)
} else {
log.Println("sorry bud")
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论