Connecting to Prediction API from Google API Consol using service account

638 views Asked by At

I am trying to use the Google Prediction API for the first time.

I am just following the steps given in the article https://developers.google.com/appengine/articles/prediction_service_accounts.

I am getting a strange problem while executing step 2.4 in the above mentioned article.

I have followed the steps as below.

1) I have an application created in say xyz.com domain, and I have service account name of my application as "[email protected]".

2) Then I went to "Team" tab on the Google API Console, and tried to add the service account name of my application, to the project in which I have activated Prediction API and Google Cloud Storage.

While adding the serivce account to the project it gives me an error saying that "Only users in domain xyz.com may be added to the project". The same kind of message is also displayed on the bottom of the "Team" tab. xyz.com is the domain in wich my application is deployed.

Could any one please help me understand why this kind of message is comming? Are there any domain level admin settings required to add the service account to the Google Console API project?

Regards, Nirzari

2

There are 2 answers

0
alex On

Currently, if you created a project with your Apps account, you can only add members of that same domain.

What you'll have to do is create a new project from something like [email protected] account (NOT your Apps domain account). You can then add both @appspot.gserviceaccount.com and [email protected].

I think you can even remove [email protected] later on, once you've added [email protected]. Even activate billing for [email protected], not [email protected], if you need to.

0
someone1 On

Take from https://developers.google.com/appengine/docs/python/googlestorage/overview

You can modify the ACL of the bucket manually:

An alternate way to grant app access to a bucket is manually edit and set the bucket ACL and the default object ACL, using the gsutil utility:

  • Get the ACL for the bucket and save it to a file for editing: gsutil getacl gs://mybucket > myAcl.txt
  • Add the following Entry to the ACL file you just retrieved:

<Entry>
<Scope type="UserByEmail">
<EmailAddress>
[email protected]
</EmailAddress>
</Scope>
<Permission>
WRITE
</Permission>
</Entry>

  • If you are adding multiple apps to the ACL, repeat the above entry for each app, changing only the email address to reflect each app's service name.
  • Set the modified ACL on your bucket: gsutil setacl myAcl.txt gs://mybucket