How to authenticate http request, for accessing gcp API services (python)

Question

In order to get the enabled GCP-api services list, I am trying to get the service.list as per this HTTP request in this link.

Here's my code:

import json
from requests.auth import HTTPBasicAuth
import requests
from google.oauth2 import service_account


auth = HTTPBasicAuth('myusername@gmail.com','xyz....')

url = 'https://serviceusage.googleapis.com/v1/projects/my-proj-id123/services'

headers = {
   "Accept": "application/json"
 }

response = requests.request(
   "GET",
   url,
   headers=headers,
   auth=auth
 )
# a=json.loads(response.text)
print(response.text) 

But I am getting this error:

{
  "error": {
    "code": 403,
    "message": "The request is missing a valid API key.",
    "status": "PERMISSION_DENIED"
  }
}

NOTE: I need a way to get the respond as per this link, either by service account or by api token . I have service account key (credential.json) but I don't know where to put for http request. kindly suggest me the procedures.

Answer 1

I encourage you to consider using Google's SDKs whenever you interact with Google's services.

Not only do the services provide language-specific resource types that facilitate creating requests and responses, but you get simpler auth, logging etc. etc. etc.

Documented:

• google_auth
• Python Client for Service Management API
• list_services --> ListServicesPager --> ListServicesResponse --> ManagedService
• APIs Explorer --> Service Management --> services.list --> Response --> ManagedService

Setup:

PROJECT=[[YOUR-PROJECT]]
ACCOUNT=[[YOUR-ACCOUNT]]

python3 -m venv venv
source venv/bin/activate

python3 -m pip install google-auth
python3 -m pip install google-cloud-service-management

gcloud iam service-accounts create ${ACCOUNT} \
--project=${PROJECT}

EMAIL="${ACCOUNT}@${PROJECT}.iam.gserviceaccount.com"

gcloud projects add-iam-policy-binding ${PROJECT} \
--member=serviceAccount:${EMAIL} \
--role=roles/viewer

gcloud iam service-accounts keys create ${PWD}/${ACCOUNT}.json \
--iam-account=${EMAIL}

export GOOGLE_APPLICATION_CREDENTIALS=${PWD}/${ACCOUNT}.json

python3 ./main.py

main.py:

import google.auth
from google.cloud import servicemanagement_v1

credentials,project = google.auth.default()

client = servicemanagement_v1.ServiceManagerClient()

# How to construct the Request
rqst = {
     # Purely for example
    "pageSize": 5,
     # List only project's services
    "consumer_id: "project:{project}".format(
        project=project
    )
}

# Response is a ServiceListPager
resp = client.list_services(request=rqst)

# Which is iterable
for managed_service in resp:
    try:
        # This is a quirk of gRPC Transcoding
        # Convert a ManagedService to JSON
        j=servicemanagement_v1.ManagedService.to_json(managed_service)
        print(j)
    except Exception as e:
        print(e)

Yields:

{
  "serviceName": "abusiveexperiencereport.googleapis.com",
  "producerProjectId": ""
}
{
  "serviceName": "acceleratedmobilepageurl.googleapis.com",
  "producerProjectId": ""
}
{
  "serviceName": "accessapproval.googleapis.com",
  "producerProjectId": ""
}
...