Implement online predictions of Google Cloud Machine Learning Engine by Python

Question

I want to send requests from App Engine to the model of ML Engine.

I built the sample code for testing on my local machine. However, I received the error 'UNAUTHENTICATED':

WARNING:root:No ssl package found. urlfetch will not be able to validate SSL certificates.
91bnQuY34Oh8cJyF=....
{
  "error": {
    "code": 401,
    "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
    "status": "UNAUTHENTICATED"
  }
}

My sample code:

from google.appengine.api import urlfetch
import urllib
import time
import jwt

data_to_post = {"instances":[{"text":[185,15,14,124,370,832,112,120,...]}]}
encoded_data = urllib.urlencode(data_to_post)

model_url = 'https://ml.googleapis.com/v1/projects/myproject/models/analyizesentiment:predict'

from google.appengine.api import apiproxy_stub_map 
from google.appengine.api import urlfetch_stub
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap() 
apiproxy_stub_map.apiproxy.RegisterStub('urlfetch', urlfetch_stub.URLFetchServiceStub())

PRIVATE_KEY_ID_FROM_JSON = '??????????????????'
PRIVATE_KEY_FROM_JSON = "-----BEGIN PRIVATE KEY-----\n??????????\n-----END PRIVATE KEY-----\n"
iat = time.time()
exp = iat + 3600
payload = {'iss': 'accountname@myprojectname.iam.gserviceaccount.com',
           'sub': 'accountname@myprojectname.iam.gserviceaccount.com',
           'aud': 'https://ml.googleapis.com/v1/',
           'iat': iat,
           'exp': exp}
additional_headers = {'kid': PRIVATE_KEY_ID_FROM_JSON,
                      'alg': "RS256",
                      "typ": "JWT",}
signed_jwt = jwt.encode(payload, PRIVATE_KEY_FROM_JSON, headers=additional_headers, algorithm='RS256')
print(signed_jwt)

result = urlfetch.fetch(model_url, encoded_data, method=urlfetch.POST, headers={'Content-type': 'application/json', 'Authorization': 'Bearer ' + signed_jwt})
print(result.content)

score 4 · Accepted Answer · answered Apr 10 '18 at 20:40

What is lacking is a header with

headername: "Authorization" value: "Bearer $token"

where token is a oauth token. You can generate token using

gcloud auth login

Or you can download the token for a service account. A useful read: https://developers.google.com/api-client-library/python/guide/aaa_oauth

However, on a appengine, you should be able to get it from standard credentials apis

You can also modify your example to use a Credentials object and programmatically append that header.

from googleapiclient import discovery
from oauth2client.client import GoogleCredentials

PROJECT=''
MODEL=''
VERSION=''
credentials = GoogleCredentials.get_application_default()
api = discovery.build('ml', 'v1', credentials=credentials)

# Add your sample instances here.
request_data = {'instances':[] }

parent = 'projects/%s/models/%s/versions/%s' % (PROJECT, MODEL, VERSION)
response = api.projects().predict(body=request_data, name=parent).execute()
print "response={0}".format(response)

The execute() method above can take http object if you wanted to provide a different timeouts. And you should be able to provide the additional headers.

Thank you very much for your complete and clear answer. – Henry Chen Apr 11 '18 at 04:17 — Henry Chen, Apr 11 '18 at 04:17

Implement online predictions of Google Cloud Machine Learning Engine by Python

1 Answers1