In bq command, I am using a google account to login or authentication.
However, I want to change this account to another account (google account).
What's command line I can try?
The command you are looking for is
gcloud auth login
After which you can switch between account by running bq auth list to see the credentialed accounts and then use bq config set account <jdoe#email.com> to switch between them.
Or if you just want to log out as asked in the question:
gcloud auth revoke
Related
I am trying to setup a Gcloud Auth Login for an account on a server that will cover all users.
i.e.
I login using an administrator account and issue the command..
e.g.
gcloud auth login auser#anemail.com
go through the steps required and when I issue the issue the Gcloud Auth List command I get the right result.
But other users cannot see it.
i.e. we use sap data services that use a proxy account on the server when it is running
e.g.
proxyaccount#mail.com
but that user cannot see the the authorized user I authorized using the administrator account.
I get error "you do not currently have an active account selected"
The "other" accounts do not have administration access nor do we want them to, and besides I don't want to have to go through this process for each and every account that connects to the server.
Ian
Each user gets its own gcloud configuration folder. You can see which configuration folder is used by gcloud by running gcloud info.
Note that if your server is a VM on GCP you do not need to configure credentials as they are obtained from metadata server for the VM.
Sharing user credentials is not a good practice. If you need to do this your users can set CLOUDSDK_CONFIG environment variable to point to one shared configuration folder. Also you should at least use service account for this purpose and activate it via gcloud auth activate-service-account instead of using credentials obtained via gcloud auth login.
I had a gcloud user authenticated and was running gsutils fine from the command line (Windows 8.1). But I needed to access gsutils from a python application so I followed the instructions here:
https://cloud.google.com/storage/docs/xml-api/gspythonlibrary#credentials
I got as far as creating a .boto file, but now not only does the my python code fail (boto.exception.NoAuthHandlerFound: No handler was ready to authenticate.). But I can't run bsutils from the command line any more. I get this error:
C:\>gsutil ls
You are attempting to access protected data with no configured
credentials. Please visit https://cloud.google.com/console#/project
and sign up for an account, and then run the "gcloud auth login"
command to configure gsutil to use these credentials.
I have run gcloud auth and it appears to work, I can query my users:
C:\>gcloud auth list
Credentialed Accounts:
- XXXserviceuser#XXXXX.iam.gserviceaccount.com ACTIVE
- myname#company.name
To set the active account, run:
$ gcloud config set account `ACCOUNT`
I have tried both with the account associated with my email active, and the new serveruser account (created following instructions above). Same "protected data with no configured credentials." error. I tried removing the .boto file, and adding the secret CLIENT_ID and CLIENT_SECRET to my .boto file.
Anyone any ideas what the issue could be?
So I think the latest documentation/examples showing how to use (and authenticate) Google Cloud storage via python is in this repo:
https://github.com/GoogleCloudPlatform/python-docs-samples/tree/master/storage/api
That just works for me without messing around with keys and service users.
Would be nice if there was a comment somewhere in the old gspythonlibrary docs pointing this out.
I followed Google's instructions to install Python and gsutil on Windows. When I attempt to download reviews with this command line:
c:\gsutil>c:\python27\python gsutil cp -r gs://pubsite_prod_rev_########/reviews/reviews_package.name_2015* c:/temp/xxx
I get this error message:
You are attempting to access protected data with no configured
credentials. Please visit https://cloud.google.com/console#/project
and sign up for an account, and then run the "gsutil config" command
to configure gsutil to use these credentials.
I don't have a Google Cloud Platform subscription. Do I need to pay for one to access the ratings?
You can use the account that is responsible for that app. You will have to install the Cloud SDK and authenticate using :
gcloud auth login
Once you do that and paste the link on a browser tab using the account that hosts the app you will receive the credentials that you can pass to gcloud and they will get saved.
Then you can use the command and won't get the error.
For every Google Compute instance, there is a default service account like this:
1234567890123-compute#developer.gserviceaccount.com
I can create my instance with the proper scope (i.e. https://www.googleapis.com/auth/devstorage.full_control) and use this account to make API requests.
On this page: https://cloud.google.com/storage/docs/authentication#service_accounts it says:
Every project has a service account associated with it, which may be used for authentication and to enable advanced features such as Signed URLs and browser uploads using POST.
This implies that I can use this service account to created Signed URLs. However, I have no idea how to create a signed URL with this service account since I can't seem to get the private key (.p12 file) associated with this account.
I can create a new, separate service account from the developer console, and that has the option of downloading a .p12 file for signing, but the project level service accounts do not appear under the "APIs and auth / Credentials" section. I can see them under "Project / Permissions", but I can't do anything with them there.
Am I missing some other way to retrieve the private key for these default accounts, or is there no way to sign urls when using them?
You can use p12 key of any of your service account while you're authenticated through your main account or a GCE service account or other services accounts that have appropriate permissions on the bucket and the file.
In this case, just create a service account download p12 key and use the following command to sign your URL:
$ gsutil signurl -d 10m privatekey.p12 gs://bucket/foo
Though you can authenticate using different service account using the following command:
gcloud auth activate-service-account service-account-email --key-file key.p12
You can list and switch your accounts using these commands:
$ gcloud auth list
$ gcloud config set account
I frequently use Google Cloud Storage with at least two accounts: personal#gmail.com and work#corp.com. I used gsutil config to create .boto files for both accounts, which I've renamed to personal.boto and work.boto.
It is tiring to have to remember to type cp personal.boto ~/.boto whenever I need to switch between these accounts. Is there a better way?
The Google Cloud SDK now includes the gcloud tool, which allows you to login and easily switch between accounts.
$ gcloud auth list
Credentialed accounts:
- youremail#gmail.com (active)
To set the active account, run
$ gcloud config set account <account>
To login to another account, simply run $ gcloud auth login and use another Google account.
Easiest way to do this is as follows:
$ BOTO_CONFIG=/path/to/personal.boto gsutil cp #...
For more detailed variations on this theme see this thread.
For this, use following command to switch to the account you want.
gcloud auth login
This will take you to the Google account switch page which can be used to switch to the relevant user.
under windows OS:
set BOTO_CONFIG=E:\.boto & e:\gsutil\gsutil.py ls s3://your_bucket/folder