0

I am using python and azure function app to send a document to be translated using the google cloud translation api.

I am trying to load the credentials from a tempfile (json) using the below code. The idea is to later download the json file from blob storage and store it in a temp file but I am not thinking about the blob storage for now.

key= {cred info}
f= tempfile.NamedTemporaryFile(suffix='.json', mode='a+')
json.dump(key, f)
f.flush()    
f.seek(0)
os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = f.name
client=  translate.TranslationServiceClient()

But when I run this I get the following error:

Exception: PermissionError: [Errno 13] Permission denied:

How can I correctly load the creds from a temp file?. Also what is the relationship between translate.TranslationServiceClient() and os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = f.name? Does the TranslationServiceClient() get the creds from the environment variable?

I have been looking at this problem for a while now and I cannot find a good solution. Any help would be amazing!

edit: when I change it to

os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = f.read()

I get a different error:

System.Private.CoreLib: Exception while executing function: 
Functions.Trigger. System.Private.CoreLib: Result: Failure
Exception: DefaultCredentialsError:

EDIT 2: Its really weird, but it works when I read the file just before like so:

contents= f.read()
os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = f.name
client=  translate.TranslationServiceClient()

Any ideas why?

Jane Mcguire
  • 11
  • 2
  • Hi Jane , If my answer addressed your question, consider upvoting and accepting it. If not, let me know so that the answer can be improved. Accepting an answer will help the community members with their research as well :) – Sayan Bhattacharya Jul 08 '22 at 06:11

1 Answers1

0

Any application which connects to any GCP Product requires credentials to authenticate. Now there are many ways how this authentication works. According to the Google doc

Additionally, we recommend you use Google Cloud Client Libraries for your application. Google Cloud Client Libraries use a library called Application Default Credentials (ADC) to automatically find your service account credentials. ADC looks for service account credentials in the following order:

  1. If the environment variable GOOGLE_APPLICATION_CREDENTIALS is set, ADC uses the service account key or configuration file that the variable points to.
  2. If the environment variable GOOGLE_APPLICATION_CREDENTIALS isn't set, ADC uses the service account that is attached to the resource that is running your code.
    This service account might be a default service account provided by Compute Engine, Google Kubernetes Engine, App Engine, Cloud Run, or Cloud Functions. It might also be a user-managed service account that you created.
  3. If ADC can't use any of the above credentials, an error occurs.

There are also modules provided by Google that can be used to pass the credentials.
If you already have the JSON value as dictionary then you can simply pass dictionary in from_service_account_info(key) Example:

key = json.load(open("JSON File Path"))  # loading my JSON file into dictionary
client = translate.TranslationServiceClient().from_service_account_info(key)

In your case you already have the key as dictionary

As for the error you are getting, I believe that has to be something with the temp file. Because GOOGLE_APPLICATION_CREDENTIALS needs full access to the JSON file path to read from it.

Sayan Bhattacharya
  • 1,365
  • 1
  • 4
  • 14