{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 唯我独甜 的问题《Google App Engine authorization for Google BigQuer》','https://www.manongdao.com/q-311425.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have followed the instructions in https://developers.google.com/bigquery/authorization#service-accounts-appengine to make some queries from app engine to bigquery.
In the step 2, I click on Team in Google Api Console and it redirects to App Engine > Administration > Permissions. I add the service account name as Email and as a role I select developer (the option "can edit" is not available), and then click "Invite user". After that, appears a message: "An email was sent to xxxxxx@appspot.gserviceaccount.com for verification." and the status is Pending. How I could confirm the email?, seems there is a bug here...
Next, I made a test using the following code:
#!/usr/bin/env python
import httplib2
import webapp2
from google.appengine.api import memcache
from apiclient.discovery import build
from google.appengine.ext import webapp
from google.appengine.ext.webapp.util import run_wsgi_app
from oauth2client.appengine import AppAssertionCredentials
# BigQuery API Settings
PROJECT_NUMBER = 'XXXXXXXX'
credentials = AppAssertionCredentials(scope='https://www.googleapis.com/auth/bigquery')
http = credentials.authorize(httplib2.Http(memcache))
service = build("bigquery", "v2", http=http)
class MainHandler(webapp2.RequestHandler):
def get(self):
query = {'query':'SELECT word,count(word) AS count FROM publicdata:samples.shakespeare GROUP BY word;',
'timeoutMs':10000}
jobRunner = service.jobs()
reply = jobRunner.query(projectId=PROJECT_NUMBER,body=query).execute()
self.response.out.write(reply)
app = webapp2.WSGIApplication([
('/', MainHandler)
], debug=True)
And the reply was (running from google):
HttpError: <HttpError 403 when requesting https://www.googleapis.com/bigquery/v2/projects/XXXXXXXX/queries?alt=json returned "Access Denied: Job YYYYYYYY:job_e57bdde0144c495dbc864ccbfb82b704: RUN_QUERY_JOB">
If I test from localhost, the answer is:
HttpError: <HttpError 401 when requesting https://www.googleapis.com/bigquery/v2/projects/XXXXXXXX/queries?alt=json returned "Invalid Credentials">
Someone could help me? :-)
Actually there are two areas from where you can add an account. If you go with old console code.google.com/api/console it would take you to your appengine.google.com dashboard i.e "Way-1" which actually has some problem of asking "Verification". The new https://cloud.google.com/console has solved this problem.
[Way-1] *Problemtic* hit http://appengine.google.com ==> your_app_name> ==> Permissions
[Way-2] *Works* hit http://cloud.google.com/console ==> Click your_app_name ==> Click Permissions on Left Pane ==> Click Add Member Button and add i.e xxxxxx@appspot.gserviceaccount.com with "Can Edit" rights
"If you already have added your account via Way-1 Follow below method"
"Way-1" seems to have some problem due to this your account will keep showing "Pending Status". If somehow you have added the account via Way-1 and try to follow "Way-2" afterwards you would keep seeing the same status at way-2 link. For it you'll have to delete that user with "delete icon" which appears on mouse hover. Delete the account from there and add xxxxxx@appspot.gserviceaccount.com with "Can Edit" permission.
You can add the xxxxxx@appspot.gserviceaccount.com to the project at http://cloud.google.com/console.
Expect this to be easier/ more straightforward soon!
Step by step, by @Christian: