堆栈内存溢出
  简体   繁体   English

使用 Deployment Manager 进行 BQ 计划查询:“P4 服务帐户需要 iam.serviceAccounts.getAccessToken 权限”

[英]BQ Schedule Queries with Deployment Manager: “P4 service account needs iam.serviceAccounts.getAccessToken permission”

 原文  2019-09-25 05:27:38       google-cloud-platform/ google-bigquery/ schedule/ data-transfer/ google-deployment-manager

问题描述

I'm trying to create a deployment manager template for bigquery data transfer to initiate a scheduled query.我正在尝试为 bigquery 数据传输创建部署管理器模板以启动计划查询。 I've created a type provider for transfer configs and when I call the type provider for a scheduled query, I get the following error: "P4 service account needs iam.serviceAccounts.getAccessToken permission."我为传输配置创建了一个类型提供程序,当我为计划查询调用类型提供程序时,我收到以下错误:“P4 服务帐户需要 iam.serviceAccounts.getAccessToken 权限。”

However, I've already given it 'Service Account Token Creator' permission on with "gcloud project add-iam-policy-binding.." How else would I be able to solve this?但是,我已经通过“gcloud project add-iam-policy-binding..”授予它“服务帐户令牌创建者”权限。我还能如何解决这个问题?

Type Provider:类型提供者:

- name: custom-type-provider
  type: deploymentmanager.v2beta.typeProvider
  properties:
    descriptorUrl: "https://bigquerydatatransfer.googleapis.com/$discovery/rest?version=v1"
    options:
      inputMappings:
      - fieldName: Authorization
        location: HEADER
        value: >
          $.concat("Bearer ", $.googleOauth2AccessToken())

Calling the type provider:调用类型提供者:

- name: test
  type: project_id:custom-type-provider:projects.transferConfigs
  properties:
    parent: project/project_id
    ..
    ..

1 个解决方案

解决方案1
 0  2019-09-26 13:42:12

I think you've hit a limitation on Scheduled Queries, where you have to use user accounts instead of service accounts in order to do the queries.我认为您已经遇到了计划查询的限制,您必须使用用户帐户而不是服务帐户才能进行查询。

There is a feature request to allow service accounts to act on behalf for this particular action.有一个功能请求允许服务帐户代表此特定操作执行操作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Terraform 抛出为服务帐户设置 IAM 策略时出错...需要权限 iam.serviceAccounts.setIamPolicy - Terraform throws Error setting IAM policy for service account ... Permission iam.serviceAccounts.setIamPolicy is required 在云运行上部署时,服务帐户的权限“iam.serviceaccounts.actAs”被拒绝 - Permission 'iam.serviceaccounts.actAs' denied on service account when deploying on cloud run 需要 iam.serviceAccounts.getIamPolicy 才能对服务帐户执行此操作 - iam.serviceAccounts.getIamPolicy is required to perform this operation on service account (GCP,Terraform)创建服务帐户时出错:googleapi:错误 403:需要权限 iam.serviceAccounts.create 才能执行此操作 - (GCP, Terraform) Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on (Terraform,GCP)错误 403:需要权限 iam.serviceAccounts.setIamPolicy 才能对服务帐户项目/myproject-17 执行此操作 - (Terraform, GCP) Error 403: Permission iam.serviceAccounts.setIamPolicy is required to perform this operation on service account projects/myproject-17 GCP授予服务帐户权限以使用Deployment Manager写入GCS存储桶 - GCP grant a service account permission to write in a GCS bucket with Deployment Manager 无法分配 iam.serviceAccounts.signBlob 权限 - Unable to assign iam.serviceAccounts.signBlob permission 使用自定义服务帐号部署到 Cloud Run 失败并出现 iam.serviceaccounts.actAs 错误 - Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error 如何使用 Google Cloud Deployment Manager 将 IAM 策略绑定添加到服务帐户? - How to add IAM policy binding to a service account using Google Cloud Deployment Manager? 为什么使用部署管理器模板创建资源时不需要服务帐户用户角色(roles/iam.serviceAccountUser)? - why service account user role(roles/iam.serviceAccountUser) is not required when creating resources with deployment manager template?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM