堆栈内存溢出
  简体   繁体   English

gcloud:用户无权访问服务帐户“默认”

[英]gcloud: The user does not have access to service account “default”

 原文  2016-11-01 20:10:37       google-cloud-platform/ gcloud/ service-accounts

问题描述

I attempting to use an activated service account scoped to create and delete gcloud container clusters (k8s clusters), using the following commands:我尝试使用以下命令使用一个已激活的服务帐户来创建和删除 gcloud 容器集群(k8s 集群):

gcloud config configurations create my-svc-account \
   --no-activate \
   --project myProject


gcloud auth activate-service-account my-svc-account@my-project.iam.gserviceaccount.com \
   --key-file=/path/to/keyfile.json \
   --configuration my-svc-account

gcloud container clusters create a-new-cluster \
   --configuration my-svc-account \
   --project= my-project
   --zone "my-zone"

I always receive the error:我总是收到错误:

...ERROR: (gcloud.container.clusters.create) ResponseError: code=400, message=The user does not have access to service account "default".

How do I grant my-svc-account access to the default service account for GKE?如何授予 my-svc-account 访问 GKE 的默认服务帐号的权限?

4 个解决方案

解决方案1
 29  2016-11-11 21:11:56

After talking to Google Support, the issue was that the service account did not have a "Service Account User" permissions activated.与 Google 支持人员交谈后,问题是服务帐户没有激活“服务帐户用户”权限。 Adding "Service Account User" resolves this error.添加“服务帐户用户”可解决此错误。

解决方案2
 13  2018-08-28 09:36:59

Add the following role to the service account who makes the operation:将以下角色添加到执行操作的服务帐户:

Service Account User

Also see:另见:

解决方案3
 1  2018-12-05 05:56:45

For those that ended up here trying to do an Import of Firebase Firestore documents with a command such as:对于那些最终尝试使用以下命令导入 Firebase Firestore 文档的人

gcloud beta firestore import --collection-ids='collectionA','collectionB' gs://YOUR_BUCKET

I got around the issue by doing the following:我通过执行以下操作解决了这个问题:

  1. From the Google Cloud Console Storage Bucket Browser , add the service account completing the operation to the list of members with a role of Storage Admin .Google Cloud Console Storage Bucket Browser 中,将完成操作的服务帐户添加到具有Storage Admin角色的成员列表中。
  2. Re-attempt the operation.重新尝试操作。

For security, I revoked the role after the operation completed, but that's optional.为了安全起见,我在操作完成后撤销了角色,但这是可选的。

解决方案4
 0  2021-06-23 08:48:57

向服务帐户添加了服务帐户用户角色,它对我有用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 (gcloud.container.clusters.create)ResponseError:代码= 400,消息=用户无权访问服务帐户“默认” - (gcloud.container.clusters.create) ResponseError: code=400, message=The user does not have access to service account “default” “错误:(gcloud.asset.export) 用户没有权限”仅在使用服务帐户进行身份验证时 - "ERROR: (gcloud.asset.export) User does not have permission" only when authenticated with a service account 服务帐户是否必须模拟用户才能访问目录 Api? - Does a Service Account have to impersonate a user to access the Directory Api? 错误:(gcloud.builds.submit)错误 403:<service account> 没有 storage.objects.get 访问谷歌云存储 object</service> - ERROR: (gcloud.builds.submit) Error 403: <SERVICE ACCOUNT> does not have storage.objects.get access to the Google Cloud Storage object 允许 GCloud 服务帐号访问特定用户的 G Suite 帐号吗? - Allow GCloud service account to access specific user's G Suite account? 服务帐户如何在 gcloud 中进行身份验证而不更改环境中的默认 gcloud 帐户? - How can a service account authenticate in gcloud without changing the default gcloud account in the environment? GCloud App Engine(灵活)默认服务帐户 Scope - GCloud App Engine (flexible) Default Service Account Scope Gcloud:使用服务帐户进行身份验证 - Gcloud : Authenticating with Service Account gcloud auth activate-service-account需要访问.ssh文件夹? - gcloud auth activate-service-account needs access to .ssh folder? GCP 使用 gcloud auth(不是服务帐户)以最终用户身份进行身份验证 - GCP Authenticate as End User using gcloud auth (not service account)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM