问题描述
我正在尝试从AWS lambda函数连接到Google Cloud Vision,唯一的身份验证方法似乎是通过设置某个环境变量,是否有一种使用代码进行身份验证的方法(我打算将凭证详细信息存储在AWS Secrets Manager,然后使用Python将其传递给Google Vision客户端。
vision.ImageAnnotatorClient的构造函数将凭据作为第一个参数,但令人沮丧的是,我无法为一组服务帐户凭据构造这样的对象!
希望有人可以提供帮助!
编辑 在此链接中,似乎除Python外的其他语言可以帮助解析凭据,而对于Python示例则无济于事!
https://cloud.google.com/docs/authentication/production#auth-cloud-explicit-python
解决方法
不是容易找到的:( 这是执行此操作的代码:
service_account_info_string = R"""{
"type": "service_account","project_id": "","private_key_id": "","private_key": "-----BEGIN PRIVATE KEY-----\n.......\n-----END PRIVATE KEY-----\n","client_email": "[email protected]","client_id": "545................45648","auth_uri": "https://accounts.google.com/o/oauth2/auth","token_uri": "https://oauth2.googleapis.com/token","auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/....%40....iam.gserviceaccount.com"
}
"""
service_account_info_json = json.loads(service_account_info_string)
service_account_creds = creds.from_service_account_info(service_account_info_json)
client = vision.ImageAnnotatorClient(credentials=service_account_creds)
您可以将凭据放入service_account.json文件中,然后执行以下操作:
from google.cloud import vision
client = vision.Client.from_service_account_json('service_account.json')