如何从Google Cloud Functions NodeJS连接到Google云端存储
[英]How to connect to Google Cloud Storage from Google Cloud Functions NodeJS
问题描述
I have the following code sample that receives a bufferedImage along with it's mimeType and then uploads it to Google Cloud Storage. 
我有以下代码示例,它接收bufferedImage及其mimeType,然后将其上传到Google Cloud Storage。
Everything works fine, but for some reason my Google Cloud Function is getting an 403 error from the Storage API. 一切正常,但由于某种原因,我的Google Cloud功能从Storage API收到403错误。
What do i have to do so that my GC Function has access to GC Storage? 我必须做什么才能使我的GC功能可以访问GC存储?
I couldn't find anything in the documentation that would show me how to do this. 我在文档中找不到任何可以告诉我如何执行此操作的内容。
const { Storage } = require('@google-cloud/storage');
// Creates a client
const storage = new Storage();
// Lists all buckets in the current project
const buckets = storage.getBuckets();
exports.uploadImage = (bucketName, fileName, imageBuffer, mimeType) => {
return new Promise((resolve, reject) => {
let bucket = storage.bucket(bucketName);
let file = bucket.file(fileName);
file.save(imageBuffer,
{
metadata: { contentType: `image/${mimeType}` },
},
((error) => {
error ? reject(error) : resolve()
})
);
})
}
here is the error I'm getting 这是我得到的错误
{"code":403,"errors":[{"domain":"global","reason":"forbidden","message":"directed-galaxy-221521@appspot.gserviceaccount.com does not have storage.objects.create access to blog/e33f9c9d-65f0-4a7f-8332-29846f770e6d."}],"message":"directed-galaxy-221521@appspot.gserviceaccount.com does not have storage.objects.create access to blog/e33f9c9d-65f0-4a7f-8332-29846f770e6d."}
2 个解决方案
解决方案1
2 已采纳 2019-02-18 07:20:24
A Cloud Function (CF) is executed by a specific service account (in your case directed-galaxy-221521@appspot.gserviceaccount.com ). 云功能(CF)由特定服务帐户执行(在您的情况下为directed-galaxy-221521@appspot.gserviceaccount.com )。 From Runtime service account : 从运行时服务帐户 :
During function execution, Cloud Functions uses the service account
PROJECT_ID@appspot.gserviceaccount.comas an identity.PROJECT_ID@appspot.gserviceaccount.com作为标识。
Since you're getting 403 error when accessing your buckets/files it means they aren't publicly accessible, so you need to give the above-mentioned service account the necessary access permission(s) (at least storage.objects.create , mentioned in the error message) according to the Access Control Option you selected and configured for your storage. 由于您在访问存储桶/文件时遇到403错误,这意味着它们无法公开访问,因此您需要为上述服务帐户提供必要的访问权限(至少是storage.objects.create ,提到根据您为存储选择和配置的访问控制选项 ,在错误消息中)。
解决方案2
1 2019-02-22 23:05:47
So apparently Google Cloud has some glitches in it. 显然,Google Cloud存在一些问题。 For some reason, I'm not allowed to write to a bucket unless it has already been created. 出于某种原因,我不允许写入桶,除非它已经创建。 I changed the bucketName to an already existing bucket and I received a 200 response. 我将bucketName更改为已存在的存储桶,我收到了200响应。 Google Cloud should have sent a 404 response instead of a 403. 403 is misleading because 1. My service does have bucket creation privileges and 2. The bucket never existed in the first place. Google Cloud应该发送404响应而不是403. 403会产生误导,因为1.我的服务确实具有存储桶创建权限2.存储桶从未存在过。 That's means that 404 Not Found would be the appropriate response. 这意味着404 Not Found将是适当的响应。 I hope this helps somebody. 我希望这有助于某人。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.