[英]BQ Schedule Queries with Deployment Manager: “P4 service account needs iam.serviceAccounts.getAccessToken permission”
I'm trying to create a deployment manager template for bigquery data transfer to initiate a scheduled query.我正在尝试为 bigquery 数据传输创建部署管理器模板以启动计划查询。 I've created a type provider for transfer configs and when I call the type provider for a scheduled query, I get the following error: "P4 service account needs iam.serviceAccounts.getAccessToken permission."
我为传输配置创建了一个类型提供程序,当我为计划查询调用类型提供程序时,我收到以下错误:“P4 服务帐户需要 iam.serviceAccounts.getAccessToken 权限。”
However, I've already given it 'Service Account Token Creator' permission on with "gcloud project add-iam-policy-binding.." How else would I be able to solve this?但是,我已经通过“gcloud project add-iam-policy-binding..”授予它“服务帐户令牌创建者”权限。我还能如何解决这个问题?
Type Provider:类型提供者:
- name: custom-type-provider
type: deploymentmanager.v2beta.typeProvider
properties:
descriptorUrl: "https://bigquerydatatransfer.googleapis.com/$discovery/rest?version=v1"
options:
inputMappings:
- fieldName: Authorization
location: HEADER
value: >
$.concat("Bearer ", $.googleOauth2AccessToken())
Calling the type provider:调用类型提供者:
- name: test
type: project_id:custom-type-provider:projects.transferConfigs
properties:
parent: project/project_id
..
..
I think you've hit a limitation on Scheduled Queries, where you have to use user accounts instead of service accounts in order to do the queries.我认为您已经遇到了计划查询的限制,您必须使用用户帐户而不是服务帐户才能进行查询。
There is a feature request to allow service accounts to act on behalf for this particular action.有一个功能请求允许服务帐户代表此特定操作执行操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.