I'm trying to automate creating Firewall Rules for my Python 3 Google App Engine. Per their docs, I can use the Admin API for that (which I've enabled in the Cloud Console). I've created an API Key too on the APIs & Keys/Credentials page (no restrictions). The Python library implies I can use this key with that library. However, When I use my API_KEY with the below code, I get:
googleapiclient.errors.HttpError: <HttpError 401 when requesting https://appengine.googleapis.com/v1beta/apps/{my project ID}/firewall/ingressRules?key={my API Key}&alt=json returned "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.". Details: "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.">
The URLs in the error are useless because I'm deliberately trying not to use Oauth2 (overkill). Here's the code producing the above error:
from googleapiclient.discovery import build
def set_firewall_rules(file_name):
infile = open(file_name)
service = build('appengine', 'v1beta', developerKey=API_KEY)
existing_rules = service.apps().firewall().ingressRules().list(appsId='{my project ID')
print(existing_rules.execute())
service.close()
return
Why is my API key insufficient? Are there settings on my app I need to change, or do I have to make a service account with scopes and all that Oauth2 stuff?
Also, I notice that if if I move my service.close() line before my print line, I get AttributeError: 'Http' object has no attribute 'http', so it seems I'm at least 2 steps away from success. It makes using gcloud in a bash script the easier way to go...
I'm using Python 3.8 in a virtual env with google-api-python-client 1.12.8.
