I am trying to access data stored in Bigquery through an app I am developing on Google App Engine. However each time I make a request I receive the error "permission denied".
I have added the application as a member of the API team for the project (I added the address @appspot.gserviceaccount.com) and I am accessing bigquery through the package code.google.com/p/google-api-go-client/bigquery/v2
The following code is how I append the API key to each query:
transport := KeyedTransport{Key: <api key>, Transport: http.DefaultTransport}
client := &http.Client{Transport: transport}
err := errors.New("reached")
b, err := bigquery.New(client)
...
query := &bigquery.QueryRequest{
DefaultDataset: <perviously defined daset>
Query: <query that looks in a single table for a single result by a unique id>,
Kind: "json",
MaxResults: 1,
...
b.Jobs.Query(ProjectID, query).Do()
and the following is defined for KeyedTransport
func (t KeyedTransport) RoundTrip(req *http.Request) (*http.Response, error){
u := *req.URL
args := u.Query()
args.Set("key", t.Key)
u.RawQuery = args.Encode()
r, err := http.NewRequest(req.Method, u.String(), newBody)
resp, err := t.Transport.RoundTrip(r)
if err != nil{
return nil, errors.New("error: "+err.Error())
}
return nil, errors.New("resp: "+toJson(resp))
}
I have also ensured that the API key matches the one generated in Google API console. It was generated by another member of the team and is labeled as "Key for browser apps (with referers)" if that helps.
Seeing as this is giving me so much trouble, I would make the move to Oauth2 since that seems to be much better documented for Go, but I am looking at working with some organizations that will not want to require users to have a Google login.
I am not a Go expert, but it looks like you will also need to authorize your application to have access to the BigQuery API via an OAuth 2.0 flow that uses service accounts. The Python and Java runtimes for App Engine support "App Engine Service Accounts" using the AppAssertionCredentials class.
However, it is also possible to enable server-to-server using JWT files generated through the Google developer console.
It may be possible to authorize access to BigQuery from the GAE Go runtime using server to server OAuth via a go-lang library that can handle JWT files (like this, perhaps).