From acb944094ce6c19d5ff1891d8bf0a0373a227ce7 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 11 Jul 2017 14:48:56 -0700 Subject: [PATCH] CREDENTIAL_SCOPES: Add /auth/drive for bigquery tables backed by sheets - Allow service accounts to query bq tables backed by sheets - Without this scope you get the following 403 error from bq, where "globbing file pattern" appears to come from gdrive: ``` datalab.utils._http.RequestException: HTTP request failed (status 403): Access Denied: BigQuery BigQuery: Permission denied while globbing file pattern. ``` - Repro'ing is a bit complicated: - In gcp, make a "service account" - In gcp, create a "client id" for the service account - In gsuite, enable "domain-wide delegation" for the client id - Make a sheet - Share the sheet with the service account id (maybe not required?) - Make a bq table backed by the sheet - Query the table using the service account creds - Here's the most helpful reference I found: - https://stackoverflow.com/a/41676921/397334 --- datalab/context/_utils.py | 1 + google/datalab/utils/_utils.py | 1 + 2 files changed, 2 insertions(+) diff --git a/datalab/context/_utils.py b/datalab/context/_utils.py index c7c87081a..d34e248ab 100644 --- a/datalab/context/_utils.py +++ b/datalab/context/_utils.py @@ -29,6 +29,7 @@ # that the user can define for themselves which scopes they want to use. CREDENTIAL_SCOPES = [ 'https://www.googleapis.com/auth/cloud-platform', + 'https://www.googleapis.com/auth/drive', ] diff --git a/google/datalab/utils/_utils.py b/google/datalab/utils/_utils.py index 522ca13eb..9f14e5684 100644 --- a/google/datalab/utils/_utils.py +++ b/google/datalab/utils/_utils.py @@ -138,6 +138,7 @@ def gcs_copy_file(source, dest): # that the user can define for themselves which scopes they want to use. CREDENTIAL_SCOPES = [ 'https://www.googleapis.com/auth/cloud-platform', + 'https://www.googleapis.com/auth/drive', ]