This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Google Cloud Function - Authenticate with Google Cloud Storage

Posted on 03-18-2023 09:39 PM
vbgcp
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I am trying to write a Google Cloud Function which will allow the caller of the function to upload a file.

The uploaded file should be stored in specific bucket in GCS.

Below is my code :

import functions_framework import google.cloud.storage from google.auth import compute_engine import os

os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = '/path/to/service-account-key.json'

@functions_framework.http def gcftoloadfile1(request): # Use the default credentials for authentication #credentials = compute_engine.Credentials()

# Create a client object with the authenticated credentials
#storage_client = storage.Client()
storage_client = google.cloud.storage.Client.from_service_account_json('XXXXX-XXXXX-956803-94e3153efc1a.json')


#get the bucket Info
#bucket = storage_client.get_bucket('abcbucket')

#Retrieves a blob named "my-file.txt" from the bucket
#blob = bucket.blob('input/input.csv')

#Uploads the string "Hello, World!" to the blob
#blob.upload_from_string('Hello, World from GCF!')

#Confirms that the blob was uploaded successfully
#print(f'File uploaded to {bucket.name}/{blob.name}')
#print(f'Came Here')

return 'Service account downloaded successfully.'

When I try this, it throws the below error: No such file or directory: 'XXXXX-XXXXX-956803-94e3153efc1a.json'

I could not find a example where I can use "Application Default Credentials" to avoid using the key file.

Any help or pointers would be greatly appreciated.

Example shown above on what all I tried and the error

0 1 2,389
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
kolban
Staff
Reply posted on --/--/---- --:-- AM

When you run a Google Cloud Function, it runs with an identity that you get to specify.

See here: https://cloud.google.com/functions/docs/securing/function-identity

When you then use Google Cloud Client libraries, they implicitly know how to interact with the environment and when you make calls to them (eg. Google Cloud Storage read requests), they are implicitly authenticated as that identity.  The identity is a Service Account.  You should then grant that service account permissions applicable for what your function is doing.  Using this "Application Default Credentials" technique means that YOU don't have to mess with credentials and authentication within the logic of your own code.  When you deploy your function ... that is where you get to map your desired service account to the identity that the function will run with.

0 Likes
Top Solution Authors
View all