0

I'm using the following code in trainer application, which runs in Cloud ML engine:

credentials, project = google.auth.default(scopes=['https://www.googleapis.com/auth/cloudkms'])
kms_client = googleapiclient.discovery.build('cloudkms', 'v1', credentials=credentials)

And I'm getting the following error:

      File "/root/.local/lib/python2.7/site-packages/trainer/kms.py", line 110, in decrypt
    kms_client = googleapiclient.discovery.build('cloudkms', 'v1', credentials=credentials)
  File "/usr/local/lib/python2.7/dist-packages/oauth2client/util.py", line 135, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/googleapiclient/discovery.py", line 210, in build
    credentials=credentials)
  File "/usr/local/lib/python2.7/dist-packages/oauth2client/util.py", line 135, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/googleapiclient/discovery.py", line 341, in build_from_document
    http = credentials.authorize(http)
AttributeError: 'Credentials' object has no attribute 'authorize'

I'm able to run the same piece of code from my local machine which has Google cloud SDK installed, without any issues. Please let me know if I'm missing something here.

Fayaz Ahmed
  • 953
  • 1
  • 9
  • 23

1 Answers1

0

do you mind trying out the oauth2client.client.GoogleCredentials as specified here?

Then fetching credentials via credentials = GoogleCredentials.get_application_default()

The build() method will take care of injecting the proper scopes for the given service, although the method create_scoped can be used to do this explicitly.

I'm not entirely sure this will work for you but it is a step in the right direction.

Using ADC should definitely work... But eventually you may want to run as a service account for better audit logging of your key access.

Whiteout
  • 31
  • 3