从云存储导入CSV到云SQL时拒绝服务帐户访问(权限问题?)
[英]Access denied for service account (permission issue?) when importing a csv from cloud storage to cloud sql
问题描述
I'm trying to populate a mysql db with a csv that i have in cloud storage 
我正在尝试使用云存储中的csv填充mysql db
I'm using the API Explorer to execute the request with the following request body: 我正在使用API资源管理器通过以下请求正文执行请求:
{
"importContext": {
"csvImportOptions": {
"columns": [
"col1",
"col2",
"col3"
],
"table": "table_name"
},
"database": "db_name",
"fileType": "CSV",
"kind": "sql#importContext",
"uri": "gs://some_bucket/somecsv.csv"
}
}
When i hit the execute button i receive a 200 response with the following body 当我按下执行按钮时,我收到以下正文的200响应
{
"kind": "sql#operation",
"selfLink": "https://www.googleapis.com/sql/v1beta4/projects/somelink",
"targetProject": "some-project",
"targetId": "some-tarjet",
"targetLink": "https://www.googleapis.com/sql/v1beta4/projects/somelink",
"name": "some-name",
"operationType": "IMPORT",
"status": "PENDING",
"user": "myuser@mydomain.com",
"insertTime": "somedate",
"importContext": {
...
}
}
But if i go to the detail instance page in the google console i see this message: 但是,如果我转到Google控制台中的详细实例页面,则会看到以下消息:
gs://link-to-csv: Access denied for account oosyrcl32gnzypxg4uhqw54uab@somename.iam.gserviceaccount.com (permission issue?)
I'm authenticated with the same account that created the bucket in cloud storage where the csv is and this also happens using the python sdk. 我使用在csv所在的云存储中创建存储桶的同一帐户进行了身份验证,这也使用python sdk进行了验证。
2 个解决方案
解决方案1
3 已采纳 2018-07-20 10:16:09
You are trying to do an import from your bucket to your Cloud SQL instance, but, said import is going to be made by a service account, one in particular, which can be seen in the “Service account” section while seeing the details of your Cloud SQL instance. 您正在尝试从存储桶中导入Cloud SQL实例,但是,该导入将由一个服务帐户进行,尤其是一个服务帐户,可以在“服务帐户”部分中看到该帐户的详细信息,您的Cloud SQL实例。
It might be that the CloudSQL service account does not have appropriate permissions to access the Cloud Storage bucket with the data to import. CloudSQL服务帐户可能没有适当的权限来访问带有要导入的数据的Cloud Storage存储桶。
In order to create a successful import between SQL instance and Storage buckets, proper permissions should be set first. 为了在SQL实例和存储桶之间创建成功的导入,应首先设置适当的权限。 You should give to the service account "oosyrcl32gnzypxg4uhqw54uab@speckle-umbrella-27.iam.gserviceaccount.com" the Storage Object Viewer role . 您应该为服务帐户“ oosyrcl32gnzypxg4uhqw54uab@speckle-umbrella-27.iam.gserviceaccount.com”赋予“ 存储对象查看器”角色 。
解决方案2
0 2018-11-07 12:50:46
- Go to: https://console.cloud.google.com/iam-admin/iam 前往: https : //console.cloud.google.com/iam-admin/iam
- Click Add, to add a new member. 单击添加,添加新成员。
- Paste the gserviceaccount.com email address that was presented in the error message into the New Members field. 将错误消息中显示的gserviceaccount.com电子邮件地址粘贴到“新成员”字段中。
- Add 2 roles: 添加2个角色:
- Cloud SQL Viewer Cloud SQL查看器
- Storage Object Admin 存储对象管理
- Cloud SQL Viewer
- Click Save. 单击保存。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.