[英]gcloud: The user does not have access to service account “default”
I attempting to use an activated service account scoped to create and delete gcloud container clusters (k8s clusters), using the following commands:我尝试使用以下命令使用一个已激活的服务帐户来创建和删除 gcloud 容器集群(k8s 集群):
gcloud config configurations create my-svc-account \
--no-activate \
--project myProject
gcloud auth activate-service-account my-svc-account@my-project.iam.gserviceaccount.com \
--key-file=/path/to/keyfile.json \
--configuration my-svc-account
gcloud container clusters create a-new-cluster \
--configuration my-svc-account \
--project= my-project
--zone "my-zone"
I always receive the error:我总是收到错误:
...ERROR: (gcloud.container.clusters.create) ResponseError: code=400, message=The user does not have access to service account "default".
How do I grant my-svc-account access to the default service account for GKE?如何授予 my-svc-account 访问 GKE 的默认服务帐号的权限?
After talking to Google Support, the issue was that the service account did not have a "Service Account User" permissions activated.与 Google 支持人员交谈后,问题是服务帐户没有激活“服务帐户用户”权限。 Adding "Service Account User" resolves this error.
添加“服务帐户用户”可解决此错误。
Add the following role to the service account who makes the operation:将以下角色添加到执行操作的服务帐户:
Service Account User
Also see:另见:
https://cloud.google.com/kubernetes-engine/docs/how-to/iam#service_account_user https://cloud.google.com/kubernetes-engine/docs/how-to/iam#service_account_user
https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role
https://cloud.google.com/iam/docs/understanding-roles https://cloud.google.com/iam/docs/understanding-roles
For those that ended up here trying to do an Import of Firebase Firestore documents with a command such as:对于那些最终尝试使用以下命令导入 Firebase Firestore 文档的人:
gcloud beta firestore import --collection-ids='collectionA','collectionB' gs://YOUR_BUCKET
I got around the issue by doing the following:我通过执行以下操作解决了这个问题:
Storage Admin
.Storage Admin
角色的成员列表中。 For security, I revoked the role after the operation completed, but that's optional.为了安全起见,我在操作完成后撤销了角色,但这是可选的。
向服务帐户添加了服务帐户用户角色,它对我有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.