0

We have created cloud spanner instance and databases on google cloud console.

Following code snippet which we are executing.

def getDatabaseList(self,):
    try:
        parent = "projects/"+self._PROJECT_NAME + "/instances/" + self._INSTANCE_NAME
        response = self.service.projects().instances().databases().list(parent=parent).execute()
    except Exception, e:
        logging.info("Exception while getDatabaseList %s", e)
        return False
    return response

In the above code snippet is self.service is object googleapiclinet library build object.

We are getting below exception while executing above code snippet using service account id.

Exception while getDatabaseList <HttpError 403 when requesting https://spanner.googleapis.com/v1/projects/<projectName>/instances/<instanceName>/databases?alt=json&key=<APIKEY>

returned "Resource projects/<projectName>/instances/<instanceName> is missing IAM permission: spanner.databases.list.">

Reference document cloud spanner IAM

Sagar Kanabar
  • 464
  • 4
  • 18

2 Answers2

1

The following link shows an example to list Databases in an instance using Python Spanner Client Library https://github.com/googleapis/python-spanner/blob/main/samples/samples/snippets.py#L144

Regarding the IAM permission issue it seems you have not set the GOOGLE_APPLICATION_CREDENTIALS. @ACimander answer is correct.

You can also use gcloud to authenticate using service account by

gcloud auth activate-service-account SERVICE_ACCOUNT@DOMAIN.COM --key-file=/path/key.json --project=PROJECT_ID

More information on this can be found in https://cloud.google.com/sdk/gcloud/reference/auth/activate-service-account

Sri Harsha
  • 11
  • 2
0

A little late, but hopefully this helps: Did you set path to your service-account's json file correctly? I wasted half a day playing with the permissions until I figured out that I simply missed a an env key.

set export GOOGLE_APPLICATION_CREDENTIALS=/path/to/your/service_account/key.json
ACimander
  • 1,852
  • 13
  • 17