Cette page décrit les étapes de base nécessaires à la configuration de l'API Service Control sur votre ordinateur local et à son test à l'aide de la commande curl
.
Configuration initiale
L'API Service Control fonctionne avec les services gérés. Pour utiliser l'API Service Control, vous devez d'abord créer un service géré à l'aide de l'API Service Management. Pour plus d'informations, consultez la page Premiers pas avec l'API Service Management.
Après avoir créé un service géré, vous devez effectuer les étapes suivantes pour pouvoir utiliser l'API Service Control à partir du service géré.
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Service Control API:
gcloud services enable servicecontrol.googleapis.com
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/servicemanagement.serviceController
gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
- Replace
PROJECT_ID
with your project ID. -
Replace
USER_IDENTIFIER
with the identifier for your user account. For example,user:myemail@example.com
. - Replace
ROLE
with each individual role.
- Replace
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Service Control API:
gcloud services enable servicecontrol.googleapis.com
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/servicemanagement.serviceController
gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
- Replace
PROJECT_ID
with your project ID. -
Replace
USER_IDENTIFIER
with the identifier for your user account. For example,user:myemail@example.com
. - Replace
ROLE
with each individual role.
- Replace
Tester avec curl
Commencez par définir un alias de shell pratique pour appeler les API REST de Google:
alias gcurl='curl -H "Authorization: Bearer $(gcloud auth print-access-token)" -H "Content-Type: application/json" '
La séquence de commandes d'interface système suivante illustre les étapes incrémentielles permettant d'appeler l'API Service Control.
# Call with invalid service name "invalid.com". For security and privacy # reasons, the permission check typically happens before other checks. $ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/invalid.com:check { "error": { "code": 403, "message": "Permission 'servicemanagement.services.check' denied on service 'invalid.com'.", "status": "PERMISSION_DENIED" } } # Call without proper permission on a service. $ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/servicecontrol.googleapis.com:check { "error": { "code": 403, "message": "Permission 'servicemanagement.services.check' denied on service 'servicecontrol.googleapis.com'.", "status": "PERMISSION_DENIED" } } # Call with invalid request. $ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check { "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } } # This and following call assume that the service, operation name and # project being checked are "endpointsapis.appspot.com", # "google.example.hello.v1.HelloService.GetHello" and # "endpointsapis-consumer" correspondingly. # Change to the name of your managed service, operation, and project. # Call with invalid request. $ gcurl -d '{ "operation": { "operationId": "123e4567-e89b-12d3-a456-426655440000", "consumerId": "project:endpointsapis-consumer", "startTime": "2016-06-12T22:00:15Z", "operationName": "google.example.hello.v1.HelloService.GetHello" } }' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check { "checkErrors": [ { "code": "SERVICE_NOT_ACTIVATED", "detail": "Service 'endpointsapis.appspot.com' is not enabled for consumer 'project:endpointsapis-consumer'." } ] } # Successful call to "services.check" method after the API is enabled for # the project. $ gcurl -d '{ "operation": { "operationId": "123e4567-e89b-12d3-a456-426655440000", "consumerId": "project:endpointsapis-consumer", "startTime":"2016-07-31T05:20:00Z", "operationName":"google.example.hello.v1.HelloService.GetHello" } }' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check { "operationId": "123e4567-e89b-12d3-a456-426655440000" }
Après avoir terminé les étapes précédentes, vous disposez des éléments suivants :
- Une configuration fonctionnelle pour réaliser des tests locaux et appeler toutes les API de Google Cloud Platform
- Un service fonctionnel que vous pouvez utiliser avec l'API Service Management et l'API Service Control
- Un compte de service doté des autorisations appropriées pour exécuter votre service