I tried to run a docker container application which accesses Cloud Datastore in the Cloud Shell, but the access was refused. I suspect that the Cloud Shell doesn't have the scope to access Cloud Datastore.
Is it possible to add an appropriate scope the Cloud Shell instance?
There was a bug in Cloud Shell credential handling where using newer versions of Python oauth2client package (either directly or indirectly) would fail with error like
File "/usr/local/lib/python2.7/dist-packages/oauth2client/contrib/gce.py", line 117, in _retrieve_info
self.service_account_email = info['email']
TypeError: string indices must be integers
This should be fixed in the newer image release. New sessions of Cloud Shell should not have this issue. Here is a working example of using Cloud Datastore API in a container, running in Cloud Shell:
$ cat Dockerfile
FROM python
RUN pip install gcloud
COPY test.py .
CMD ["python", "test.py"]
$ cat test.py
from gcloud import datastore
client = datastore.Client(project='your-project-id-23242')
query = datastore.Query(client, kind='EntityKind')
print(list(query.fetch()))
$ docker build -t test .
... docker output ...
$ docker run -ti test
[]
The example prints out just an empty list because I don't have any entities of "EntityKind" kind in my project's datastore, but you get the idea.
P.S. I work at Google.