Ever wish you could automatically remove your unwanted output files from a submission without having to manually review them? If so, take this two minute survey and tell us more.
Latest Release: 1/17/19
Release Notes can be found here.

Accessing firecloud workspace API with service acccount

I have made a service account through a non FC project. I saved the json file for this account with me. The following piece of code is written so that Firecloud api is accessed with service account credentials and a new workspace is created.

`
'''

set up workspace with billing project

service_acc_path: service acc key

source_dir: basename 

*return: response

'''

def workspace_setup(service_acc_path,source_dir):

       scopes=["https://www.googleapis.com/auth/admin.datatransfer"]

       credentials=ServiceAccountCredentials.from_json_keyfile_name(
                                            service_acc_path,
                                            scopes=scopes)

       data={"namespace":"regev-collab",
                   "name":source_dir,
                   "authorizationDomain":[{"membersGroupName":"regev-collab"}]}

       body=urllib.parse.urlencode(data)

       http_auth=credentials.authorize(Http())

       print(http_auth) 

       response,content=http_auth.request("https://api.firecloud.org/api/workspaces",
                                   method="POST",
                                   body=body)

       print(response)

       print(content)

       workspaceResult=response

       return(response)`

I keep getting the following permission errors:

Unauthorized This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Apache Server at api.firecloud.org Port 443

I have registered the service account with FC as well using script here and I get the same response:
https://github.com/broadinstitute/firecloud-tools/tree/master/scripts/register_service_account

I have run ./gcloud auth application-default login and ./gcloud auth list which results in this:
Credentialed Accounts
ACTIVE ACCOUNT

What should I do next?

Thanks
Asma

Comments

Sign In or Register to comment.