Cloud Function get access token for `getIamPolicy`












0















I'm using cloud functions with python as the serverless to my project
I by triggering the Cloud Function to add a user to my BigQuery project so he can have access to some tables.



I need to get access token from gsutil in order to use the API to give user access permissions.



How can I give IAM role or get access token to my project so I can use it from my Cloud Function to give users (by email) access to my BigQuery.



I'm using those API endpoints:



ENDPOING_GETIAMPOLICY = 'https://cloudresourcemanager.googleapis.com/v1/projects/{resource}:getIamPolicy'
ENDPOING_SETIAMPOLICY = 'https://cloudresourcemanager.googleapis.com/v1/projects/{resource}:setIamPolicy'


In order to use this ENDPOING_GETIAMPOLICY endpoint, I need ACCESS_TOKEN



# Preparing get all the current iam users
params = {
'access_token': ACCESS_TOKEN
}
resp = requests.post(ENDPOING_GETIAMPOLICY.format(resource=resource), params=params)


I'm open to other suggestions for how to do it.










share|improve this question





























    0















    I'm using cloud functions with python as the serverless to my project
    I by triggering the Cloud Function to add a user to my BigQuery project so he can have access to some tables.



    I need to get access token from gsutil in order to use the API to give user access permissions.



    How can I give IAM role or get access token to my project so I can use it from my Cloud Function to give users (by email) access to my BigQuery.



    I'm using those API endpoints:



    ENDPOING_GETIAMPOLICY = 'https://cloudresourcemanager.googleapis.com/v1/projects/{resource}:getIamPolicy'
    ENDPOING_SETIAMPOLICY = 'https://cloudresourcemanager.googleapis.com/v1/projects/{resource}:setIamPolicy'


    In order to use this ENDPOING_GETIAMPOLICY endpoint, I need ACCESS_TOKEN



    # Preparing get all the current iam users
    params = {
    'access_token': ACCESS_TOKEN
    }
    resp = requests.post(ENDPOING_GETIAMPOLICY.format(resource=resource), params=params)


    I'm open to other suggestions for how to do it.










    share|improve this question



























      0












      0








      0








      I'm using cloud functions with python as the serverless to my project
      I by triggering the Cloud Function to add a user to my BigQuery project so he can have access to some tables.



      I need to get access token from gsutil in order to use the API to give user access permissions.



      How can I give IAM role or get access token to my project so I can use it from my Cloud Function to give users (by email) access to my BigQuery.



      I'm using those API endpoints:



      ENDPOING_GETIAMPOLICY = 'https://cloudresourcemanager.googleapis.com/v1/projects/{resource}:getIamPolicy'
      ENDPOING_SETIAMPOLICY = 'https://cloudresourcemanager.googleapis.com/v1/projects/{resource}:setIamPolicy'


      In order to use this ENDPOING_GETIAMPOLICY endpoint, I need ACCESS_TOKEN



      # Preparing get all the current iam users
      params = {
      'access_token': ACCESS_TOKEN
      }
      resp = requests.post(ENDPOING_GETIAMPOLICY.format(resource=resource), params=params)


      I'm open to other suggestions for how to do it.










      share|improve this question
















      I'm using cloud functions with python as the serverless to my project
      I by triggering the Cloud Function to add a user to my BigQuery project so he can have access to some tables.



      I need to get access token from gsutil in order to use the API to give user access permissions.



      How can I give IAM role or get access token to my project so I can use it from my Cloud Function to give users (by email) access to my BigQuery.



      I'm using those API endpoints:



      ENDPOING_GETIAMPOLICY = 'https://cloudresourcemanager.googleapis.com/v1/projects/{resource}:getIamPolicy'
      ENDPOING_SETIAMPOLICY = 'https://cloudresourcemanager.googleapis.com/v1/projects/{resource}:setIamPolicy'


      In order to use this ENDPOING_GETIAMPOLICY endpoint, I need ACCESS_TOKEN



      # Preparing get all the current iam users
      params = {
      'access_token': ACCESS_TOKEN
      }
      resp = requests.post(ENDPOING_GETIAMPOLICY.format(resource=resource), params=params)


      I'm open to other suggestions for how to do it.







      authentication oauth oauth-2.0 google-cloud-functions






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 17 '18 at 14:00









      Andrei Cusnir

      2561210




      2561210










      asked Nov 15 '18 at 7:44









      DkovaDkova

      3763719




      3763719
























          1 Answer
          1






          active

          oldest

          votes


















          1














          In order to get the token using Python, you can do something similar to this:



          Add this to requirements.txt:



          oauth2client>=4.1.2


          Retrieve the token in the Cloud Function like this:



          def getAccessToken():

          from oauth2client.client import GoogleCredentials
          credentials = GoogleCredentials.get_application_default()
          credentials.get_access_token()
          token = credentials.access_token

          return verifyToken(token)

          def verifyToken(token):
          import requests
          response = requests.get('https://www.googleapis.com/bigquery/v2/projects/[PROJECT_ID]/datasets', headers={'Authorization': 'Bearer ' + token})

          return (response.content)


          This will return you the Access Token in String format, you can then add it to the JSON if that is what you need.






          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53314576%2fcloud-function-get-access-token-for-getiampolicy%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            In order to get the token using Python, you can do something similar to this:



            Add this to requirements.txt:



            oauth2client>=4.1.2


            Retrieve the token in the Cloud Function like this:



            def getAccessToken():

            from oauth2client.client import GoogleCredentials
            credentials = GoogleCredentials.get_application_default()
            credentials.get_access_token()
            token = credentials.access_token

            return verifyToken(token)

            def verifyToken(token):
            import requests
            response = requests.get('https://www.googleapis.com/bigquery/v2/projects/[PROJECT_ID]/datasets', headers={'Authorization': 'Bearer ' + token})

            return (response.content)


            This will return you the Access Token in String format, you can then add it to the JSON if that is what you need.






            share|improve this answer




























              1














              In order to get the token using Python, you can do something similar to this:



              Add this to requirements.txt:



              oauth2client>=4.1.2


              Retrieve the token in the Cloud Function like this:



              def getAccessToken():

              from oauth2client.client import GoogleCredentials
              credentials = GoogleCredentials.get_application_default()
              credentials.get_access_token()
              token = credentials.access_token

              return verifyToken(token)

              def verifyToken(token):
              import requests
              response = requests.get('https://www.googleapis.com/bigquery/v2/projects/[PROJECT_ID]/datasets', headers={'Authorization': 'Bearer ' + token})

              return (response.content)


              This will return you the Access Token in String format, you can then add it to the JSON if that is what you need.






              share|improve this answer


























                1












                1








                1







                In order to get the token using Python, you can do something similar to this:



                Add this to requirements.txt:



                oauth2client>=4.1.2


                Retrieve the token in the Cloud Function like this:



                def getAccessToken():

                from oauth2client.client import GoogleCredentials
                credentials = GoogleCredentials.get_application_default()
                credentials.get_access_token()
                token = credentials.access_token

                return verifyToken(token)

                def verifyToken(token):
                import requests
                response = requests.get('https://www.googleapis.com/bigquery/v2/projects/[PROJECT_ID]/datasets', headers={'Authorization': 'Bearer ' + token})

                return (response.content)


                This will return you the Access Token in String format, you can then add it to the JSON if that is what you need.






                share|improve this answer













                In order to get the token using Python, you can do something similar to this:



                Add this to requirements.txt:



                oauth2client>=4.1.2


                Retrieve the token in the Cloud Function like this:



                def getAccessToken():

                from oauth2client.client import GoogleCredentials
                credentials = GoogleCredentials.get_application_default()
                credentials.get_access_token()
                token = credentials.access_token

                return verifyToken(token)

                def verifyToken(token):
                import requests
                response = requests.get('https://www.googleapis.com/bigquery/v2/projects/[PROJECT_ID]/datasets', headers={'Authorization': 'Bearer ' + token})

                return (response.content)


                This will return you the Access Token in String format, you can then add it to the JSON if that is what you need.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 17 '18 at 16:37









                Andrei CusnirAndrei Cusnir

                2561210




                2561210






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53314576%2fcloud-function-get-access-token-for-getiampolicy%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    這個網誌中的熱門文章

                    Xamarin.form Move up view when keyboard appear

                    Post-Redirect-Get with Spring WebFlux and Thymeleaf

                    Anylogic : not able to use stopDelay()