このページでは、ローカルマシンで Service Control API を設定し、curl
コマンドでテストするために必要な基本的な手順について説明します。
初期設定
Service Control API はマネージド サービスと連携します。Service Control API を使用するには、まず Service Management API を使用してマネージド サービスを作成する必要があります。詳細については、Service Management スタートガイドをご覧ください。
マネージド サービスを作成したら、マネージド サービスから Service Control API を使用する前に、以下の手順を完了する必要があります。
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Service Control API:
gcloud services enable servicecontrol.googleapis.com
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/servicemanagement.serviceController
gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE
- Replace
PROJECT_ID
with your project ID. -
Replace
USER_IDENTIFIER
with the identifier for your user account. For example,user:myemail@example.com
. - Replace
ROLE
with each individual role.
- Replace
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Service Control API:
gcloud services enable servicecontrol.googleapis.com
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/servicemanagement.serviceController
gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE
- Replace
PROJECT_ID
with your project ID. -
Replace
USER_IDENTIFIER
with the identifier for your user account. For example,user:myemail@example.com
. - Replace
ROLE
with each individual role.
- Replace
curl によるテスト
まず Google REST API の呼び出しに便利なシェル エイリアスを定義します。
alias gcurl='curl -H "Authorization: Bearer $(gcloud auth print-access-token)" -H "Content-Type: application/json" '
次のシェルコマンド シーケンスでは、段階的に Service Control API を呼び出しています。
# Call with invalid service name "invalid.com". For security and privacy # reasons, the permission check typically happens before other checks. $ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/invalid.com:check { "error": { "code": 403, "message": "Permission 'servicemanagement.services.check' denied on service 'invalid.com'.", "status": "PERMISSION_DENIED" } } # Call without proper permission on a service. $ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/servicecontrol.googleapis.com:check { "error": { "code": 403, "message": "Permission 'servicemanagement.services.check' denied on service 'servicecontrol.googleapis.com'.", "status": "PERMISSION_DENIED" } } # Call with invalid request. $ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check { "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } } # This and following call assume that the service, operation name and # project being checked are "endpointsapis.appspot.com", # "google.example.hello.v1.HelloService.GetHello" and # "endpointsapis-consumer" correspondingly. # Change to the name of your managed service, operation, and project. # Call with invalid request. $ gcurl -d '{ "operation": { "operationId": "123e4567-e89b-12d3-a456-426655440000", "consumerId": "project:endpointsapis-consumer", "startTime": "2016-06-12T22:00:15Z", "operationName": "google.example.hello.v1.HelloService.GetHello" } }' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check { "checkErrors": [ { "code": "SERVICE_NOT_ACTIVATED", "detail": "Service 'endpointsapis.appspot.com' is not enabled for consumer 'project:endpointsapis-consumer'." } ] } # Successful call to "services.check" method after the API is enabled for # the project. $ gcurl -d '{ "operation": { "operationId": "123e4567-e89b-12d3-a456-426655440000", "consumerId": "project:endpointsapis-consumer", "startTime":"2016-07-31T05:20:00Z", "operationName":"google.example.hello.v1.HelloService.GetHello" } }' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check { "operationId": "123e4567-e89b-12d3-a456-426655440000" }
前述の手順が完了すると、次のようになります。
- Google Cloud Platform API を呼び出す場合に使用できる便利なローカルテストが設定されます。
- Service Management API と Service Control API で使用できる便利なサービスが導入されます。
- サービスの実行に使用できる、適切な権限が付与されたサービス アカウントが作成されます。