網頁

2023/2/10

GCP 設定本機應用程式存取憑證 Application Default Credentials

本機的應用程式若要以GCP SDK操作GCP資源,可設定ADC憑證(Application Default Credentials)來達成。


範例環境:

  • macOS Ventura 13.0.1
  • zsh 5.8.1 (x86_64-apple-darwin22.0)
  • Google Cloud SDK 417.0.1


事前要求

安裝gcloud CLI初始化


設定

在命令列輸入gcloud auth application-default login會在瀏覽器開啟登入頁面並要求允許權限。

% gcloud auth application-default login
Your browser has been opened to visit:

    https://<log_in_and_grant_access_page_url>


Credentials saved to file: [/Users/<user>/.config/gcloud/application_default_credentials.json]

These credentials will be used by any library that requests Application Default Credentials (ADC).
WARNING:
Cannot add the project "<project-id-1>" to ADC as the quota project because the account in ADC does not have the "serviceusage.services.use" permission on this project. You might receive a "quota_exceeded" or "API not enabled" error. Run $ gcloud auth application-default set-quota-project to add a quota project.

點選[允許]。



設定完成後會在/Users/<user>/.config/gcloud($HOME/.config/gcloud)目錄下新增憑證檔application_default_credentials.json


設定GOOGLE_APPLICATION_CREDENTIALS環境變數

接著設定環境變數GOOGLE_APPLICATION_CREDENTIALS的值為application_default_credentials.json的路徑,即GOOGLE_APPLICATION_CREDENTIALS=$HOME/.config/gcloud/application_default_credentials.json

範例為zsh shell所以執行以下來設定環境變數

% echo 'export GOOGLE_APPLICATION_CREDENTIALS=$HOME/.config/gcloud/application_default_credentials.json' >> ~/.zshenv

輸入echo $GOOGLE_APPLICATION_CREDENTIALS顯示值是否設定正確。

% echo $GOOGLE_APPLICATION_CREDENTIALS
/Users/user/.config/gcloud/application_default_credentials.json


沒有留言:

張貼留言