I am trying to create a project using the appengine urlfetch but I get a 403 "The caller does not have permission" error. I'm running this code in production, which should be given permission automatically.
Here's the code:
from google.appengine.api import app_identity
from google.appengine.api import urlfetch
import json
project_data = {
'projectId': 'test-project-84873',
'name': 'TEST PROJECT'
}
auth_token, _ = app_identity.get_access_token('https://www.googleapis.com/auth/cloud-platform')
response = urlfetch.fetch(
'https://cloudresourcemanager.googleapis.com/v1/projects',
payload = json.dumps(project_data),
method = urlfetch.POST,
headers = {
'Authorization': 'Bearer {}'.format(auth_token),
'Content-Type': 'application/json'
}
)
My API has been enabled, and I was able to successfully create a project using the APIs Explorer at the bottom of this page https://cloud.google.com/resource-manager/reference/rest/v1/projects/create
If I run the same code but with GET instead of POST, it successfully returns the current project information.
Thanks
EDIT
Strangely, this code works perfectly on my local development server, just not in production... ???
EDIT 2
I tried to use the Python Client Library which I found near the bottom of this page: https://cloud.google.com/docs/authentication
The code:
from oauth2client.client import GoogleCredentials
from apiclient.discovery import build
credentials = GoogleCredentials.get_application_default()
service = build('cloudresourcemanager', 'v1', credentials=credentials)
project_data = {
'projectId': 'project-test-12345',
'name': 'YAY NEW PROJECT'
}
projects = service.projects().create(body=project_data).execute()
I get the same result. It works locally, but not in production :(
