Appengine gcloud 部署使用自定义服务帐户
[英]Appengine gcloud deploy using custom service account
问题描述
I want to deploy an API to app engine But it ends up using the wrong service account.
我想将 API 部署到 App Engine 但它最终使用了错误的服务帐户。 I use these 3 cmd lines in gitlab:我在 gitlab 中使用了这 3 行 cmd:
- gcloud auth activate-service-account --key-file /tmp/$CI_PIPELINE_ID.json
- gcloud config set account NameOfServiceAccount.com
- gcloud app deploy
What I get is我得到的是
target service account: [App Engine default service account]
Do you want to continue (Y/n)?
Beginning deployment of service [lettering-back]...
╔════════════════════════════════════════════════════════════╗
╠═ Uploading 2 files to Google Cloud Storage ═╣
╚════════════════════════════════════════════════════════════╝
File upload done.
ERROR: (gcloud.app.deploy) PERMISSION_DENIED: You do not have permission to act as
1 个解决方案
解决方案1
2 已采纳 2021-08-24 15:36:44
To deploy new versions, a member must have the Service Account User (roles/iam.serviceAccountUser) role on the App Engine default service account, and the Cloud Build Editor (roles/cloudbuild.builds.editor) and Cloud Storage Object Admin (roles/storage.objectAdmin) roles on the project.
More specifically for your error message you gonna need roles/iam.serviceAccountUser on your service account whose key is the one you placed at /tmp/$CI_PIPELINE_ID.json更具体地说,对于您的错误消息,您需要在您的服务帐户上使用roles/iam.serviceAccountUser ,其密钥是您放置在/tmp/$CI_PIPELINE_ID.json的密钥
Reference: the first table row at https://cloud.google.com/appengine/docs/standard/python/roles#predefined_roles参考:第一表行在https://cloud.google.com/appengine/docs/standard/python/roles#predefined_roles
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.