Open in app

Sign in

Write

Sign in

I'm not sure why do you say "Cloud Run and Cloud Functions" haven't this scope limitation.
1

Zaar Hai

guillaume blaquiere
2 min readOct 2, 2020

Yes, my experience isn't the same. You can't re-scope the Compute Engine (or the GKE Node) on the fly, you need to create the VM with the correct scope to be able to add it.
It’s not because the type of the object is compute_engine that the behavior on Compute Engine and Cloud Run is the same!

For Cloud Function and Cloud Run, it works perfectly (I just tested it) Here the code of the main.py file

import os

from flask import Flask, request

app = Flask(__name__)


@app.route('/', methods=['GET', 'POST'])
def test_sheet():
    return test_sheet_function(request)


def test_sheet_function(request):

    from googleapiclient.discovery import build
    import google.auth

    SCOPES = ['https://www.googleapis.com/auth/spreadsheets.readonly', 'https://www.googleapis.com/auth/cloud-platform']

    default_credentials, project_id = google.auth.default(scopes=SCOPES)
    # The ID and range of a sample spreadsheet.
    SAMPLE_SPREADSHEET_ID = 'YOUR SHEET ID'
    SAMPLE_RANGE_NAME = 'A1:C1' #Set you relevant range for your sheet

    service = build('sheets', 'v4', credentials=default_credentials)

    sheet = service.spreadsheets()
    result = sheet.values().get(spreadsheetId=SAMPLE_SPREADSHEET_ID,
                                range=SAMPLE_RANGE_NAME).execute()
    values = result.get('values', [])

    to_ret = "Result \n"

    if not values:
        to_ret += "\n" + 'No data found.'
        print('No data found.')
    else:
        to_ret += "\n" + 'Results:'
        print('Results:')
        for row in values:
            # Print columns A and E, which correspond to indices 0 and 4.
            to_ret += "\n" + row[0]
            print(row)
            return to_ret, 200


if __name__ == "__main__":
    app.run(host='0.0.0.0', port=int(os.environ.get('PORT', 8080)))

The Dockerfile

FROM python:3.7-slim

WORKDIR /app

COPY requirements.txt .

RUN pip3 install --no-cache-dir -r requirements.txt

COPY . .
ENV PORT 8080

# Run the web service on container startup.
CMD [ "python3", "main.py" ]

And the requirements.txt

flask
google-auth
google-api-python-client

Then Build and deploy

Cloud Run

gcloud builds submit -t gcr.io/${PROJECT_ID}/test-sheet && \
gcloud run deploy --image=gcr.io/${PROJECT_ID}/test-sheet \
  --region=us-central1  --allow-unauthenticated \
  --service-account=SERVICE_ACCOUNT_EMAIL test-sheet

Cloud Functions

gcloud functions deploy --trigger-http \
  --entry-point=test_sheet_function --region=us-central1  \
  --runtime=python37 --allow-unauthenticated \
  --service-account=SERVICE_ACCOUNT_EMAIL test-sheet

Test

Grant SERVICE_ACCOUNT_EMAIL the reader role on your sheet. And call the URLs.

Deploy on GCE or GKE without sheet scope on the VM, it will fail.
Same in local if you didn’t scope your gcloud auth login command
It never works on App Engine.

Let me know if you need more assistance on this!

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

guillaume blaquiere
guillaume blaquiere

Written by guillaume blaquiere

2.9K Followers
4 Following

GDE cloud platform, Group Data Architect @Carrefour, speaker, writer and polyglot developer, Google Cloud platform 3x certified, serverless addict and Go fan.

Responses (1)

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams