We are working on a project to solve VRP with Google optimization AI RESTapi. In there documentation
Note: The following command assumes that you have logged in to the
gcloud CLI with your user account by executing gcloud init or gcloud
auth login, or by using Cloud Shell, which automatically logs you into
the gcloud CLI. You can check the currently active account by
executing gcloud auth list.
We need to pass a print-access-token to the RESTapi which can be generated via gcloud cli.
We want to generate this token programmatically with Node.js RESTapi, So then we can call the https://cloudoptimization.googleapis.com/v1/projects/project-id:optimizeTours endpoint directly from our backend.
Related
I am Trying to connect to GCP PUSUB Services using IAM authentication. I want to do this without the .json file.
I tried using
GoogleCredentials credential = GoogleCredentials.getApplicationDefault(() -> httpTransport);
But this is too required application_default_credentials.json file to get Authenticated .
Basically , I want to get Authorized using GCP IAM API to use GCP PUBSUB Services .
Plan - I Want to run a sample Java code from my local , connecting to GCP PUBSUB instance and test and after testing , Deploying the same at GCP container and then test the same PUBSUB.
to Connect to GCP PUBSUB instance from my local system I want to do that Via IAM Authentication mechanism .
Any reference ? Please help
thanks
Application default credentials can be setup with gcloud CLI. Once you install gcloud, gcloud auth application-default login will allow all the client libraries and Spring Cloud GCP modules to get your credentials from the environment.
I am configuring rundeck to issue api calls to the google cloud compute api
I have tried both basic and oath 2.0 for authentication
Has anyone gotten this to work
You have two options:
Configure the google cloud CLI tool for "rundeck" user, (home at /var/lib/rundeck) or:
Use local sudo rundeck plugin to call the command using the user profile which you have the google cloud CLI configured.
In the first option you can use command steps/script steps to call the Google Cloud CLI tool and in the second one using the Local Command Workflow Step and the Local Script Workflow Step.
I am trying to perform a very basic command like:
gcloud compute machine-types list
And I get this error:
ERROR: (gcloud.compute.machine-types.list) There was a problem
refreshing your current auth tokens: invalid_grant: Bad Request Please
run:
It tells me to login using 'gcloud auth login' which opens up the browser.
Is it possible to use a ssh key to skip this authentication process or I have to do this always? ssh keys are for accessing compute instances only?
Just trying to understand what SSH keys are used for and how this web based authorization fits into the picture here.
Generally, you authenticate to gcloud (and GCP services) using credentials from a Google (often Gmail) account. Such accounts use 3-legged (O)Auth and this requires the browser prompt for the human to confirm the scopes etc.
If you haven't, you should confirm the prompt, copy the token provided and paste that back into gcloud so that auth will occur transparently.
This process is different than SSH'ing to Compute Engine instances.
When you run gcloud compute machine-types list, you're authenticating (and being authorized) by Google Cloud Platform to invoke (meta)services.
When you run gcloud compute ssh ..., the command uses ssh to connect you to the (Linux) instance.
NOTE gcloud auth login --no-launch-browser is available too (link). This requires you to separately launch a browser and complete the process but it doesn't launch the browser directly from the command.
If you are trying to automate some sort of service, that runs cloud commands on-demand, without operator/browser involved - your best bet would be to create a Service Account for that task, get the key for that account and activate it, using
gcloud auth activate-service-account --key-file=my-service-account-key-file.json
If this service runs on Google Cloud platform - you don't even need to deal with the key. Just associate the service account with an instance you are running.
https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances
I am trying to setup a Gcloud Auth Login for an account on a server that will cover all users.
i.e.
I login using an administrator account and issue the command..
e.g.
gcloud auth login auser#anemail.com
go through the steps required and when I issue the issue the Gcloud Auth List command I get the right result.
But other users cannot see it.
i.e. we use sap data services that use a proxy account on the server when it is running
e.g.
proxyaccount#mail.com
but that user cannot see the the authorized user I authorized using the administrator account.
I get error "you do not currently have an active account selected"
The "other" accounts do not have administration access nor do we want them to, and besides I don't want to have to go through this process for each and every account that connects to the server.
Ian
Each user gets its own gcloud configuration folder. You can see which configuration folder is used by gcloud by running gcloud info.
Note that if your server is a VM on GCP you do not need to configure credentials as they are obtained from metadata server for the VM.
Sharing user credentials is not a good practice. If you need to do this your users can set CLOUDSDK_CONFIG environment variable to point to one shared configuration folder. Also you should at least use service account for this purpose and activate it via gcloud auth activate-service-account instead of using credentials obtained via gcloud auth login.
I was sure it will be simple but couldn't find any documentation or resolution.
I'm trying to write a script using gcloud to perform some operations in my GCP instances.
Is there anyway to login/authenticate using gcloud via command line only?
Thanks
You have a couple of options here (depending on what exactly you're trying to do).
The first option is to log in using the --no-launch-browser option. This still requires interaction from a human user, but doesn't require a browser on the machine you're using:
> gcloud auth login --no-launch-browser
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&prompt=select_account&response_type=code&client_id=32555940559.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute&access_type=offline
Enter verification code: *********************************************
Saved Application Default Credentials.
You are now logged in as [user#example.com].
Your current project is [None]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
The non-interactive option involves service accounts. The linked documentation explains them better than I can, but the short version of what you need to do is as follows:
Create a service account in the Google Developers Console. Make sure it has the appropriate "scopes" (these are permissions that determine what this service account can do. Download the corresponding JSON key file.
Run gcloud auth activate-service-account --key-file <path to key file>.
Note that Google Compute Engine VMs come with a slightly-different service account; the difference is described here.