I am building a flask app to be hosted on App Engine.
A user will schedule a task to run on a weekly basis.
I have therefore been exploring how to connect to Cloud schedule API using Python and creating a scheduled task.
In the docs it looks like credentials are required to do this:
credentials = GoogleCredentials.get_application_default()
service = discovery.build('cloudscheduler', 'v1beta1', credentials=credentials)
# Required.
# The location name. For example:
# `projects/PROJECT_ID/locations/LOCATION_ID`.
parent = 'projects/my-project/locations/my-location' # TODO: Update placeholder value.
job_body = {
# TODO: Add desired entries to the request body.
}
request = service.projects().locations().jobs().create(parent=parent, body=job_body)
However i'm wondering if cloud schedule is set up in the same GCP project as where the flask / app engine application lives, do you even need credentials to connect?
As long as cloud schedule API is enabled, isn't that enough?
Or, are there other, specific credentials required when connecting to services in the same project that you control?
When you do a call to any of the Google APIs which are under googleapis.com, this call needs to be authenticated, even if it's coming from inside a GCP product or not. As you can see in the documentation, the API call can have OAuth 2.0 authentication or it can make use of an API key to authenticate.
Enabling the Cloud Scheduler API gives you authorization to interact with Cloud Scheduler, but even after that you need to authenticate with the service. So long story short, it is needed both authorization and authentication.