google clouddatastore adams.py demo not working in GCE instance

2
votes

when running demo from google-cloud-datastore-1beta2-rev1-2.1.1/

    adams.py <project-id>

ERROR:root:Error while doing datastore operation
ERROR:root:RPCError: beginTransaction Unauthorized.
ERROR:root:HTTPError: 403 Forbidden
  1. I ensured the GCE instance has service account enabled (permissions below)
  2. Cloud datastore API is enable in cloud console for the project
  3. google cloud datastore is correctly installed in the GCE
  4. As I am inside a GCE instance I dont need the private key file

Permissions User info Enabled Compute Read Write Storage Full Task queue Enabled BigQuery Enabled Cloud SQL Enabled

What am I missing? Please help

1
google-compute-enginegoogle-cloud-datastore
Do you have the datastore scope enabled on your service account? You can check this by calling gcutil getinstance <my-instance> and looking at the scopes listed. - Patrick Costello
Yes datastore scope was missing, now solved. Thx - user3470928
You might also want to take a look at googlecloudplatform.github.io/gcloud-python - JJ Geewax

1 Answers

3
votes

Adding an answer so it's easier for others to find:

Make sure that your GCE instance is running with the datastore scope enabled.

Run the command gcutil getinstance <my-instance>. You should get something like this:

+-----------------+-------------------------------------------------------------+
| name            | <my-instance>                                               |
| ....            |                                                             |
| service-account |                                                             |
|   scopes        | [u'https://www.googleapis.com/auth/datastore',              |
|                 | u'https://www.googleapis.com/auth/userinfo.email']          |
+-----------------+-------------------------------------------------------------+

Importantly, make sure that you see the datastore scope in the list.

When you create your instance, make sure to enable the correct scope:

gcutil --project <PROJECT_ID> addinstance <INSTANCE_NAME> --service_account_scopes=\
https://www.googleapis.com/auth/userinfo.email,\
https://www.googleapis.com/auth/datastore