[英]How to change Google service account v- Cloud Storage when running from local eclipse
When starting spring boot app that uses cloud storage, I see this启动使用云存储的 spring 启动应用程序时,我看到了这个
m c.g.c.s.c.DefaultCredentialsProvider.<init> - Default credentials provider for service account lo*ideal@api-project-8##9.iam.gserviceaccount.com
Where is this id coming from, and how can I change it?这个 id 来自哪里,我该如何更改它?
In another computer it is admlocal****, how can I change it on this computer too?在另一台计算机上它是 admlocal****,我怎样才能在这台计算机上也更改它?
Error:错误:
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "l*eal@api-project-8##429.iam.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket.",
"reason" : "forbidden"
} ],
"message" : "l*deal@api-project-8##29.iam.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket."
}
What are service accounts ?什么是服务帐户? A service account is a special kind of account used by an application or a virtual machine (VM) instance, not a person.
服务帐户是应用程序或虚拟机 (VM) 实例而非个人使用的一种特殊帐户。 Applications use service accounts to make authorized API calls, authorized as either the service account itself, or as Google Workspace or Cloud Identity users through domain-wide delegation.
应用程序使用服务帐号进行授权的 API 调用,授权为服务帐号本身,或通过全域委派授权为 Google Workspace 或 Cloud Identity 用户。
For example, a Compute Engine VM can run as a service account, and that account can be given permissions to access the resources it needs.例如,Compute Engine VM 可以作为服务帐户运行,并且可以向该帐户授予访问所需资源的权限。 This way the service account is the identity of the service, and the service account's permissions control which resources the service can access.
这样服务账号就是服务的标识,服务账号的权限控制了服务可以访问哪些资源。
A service account is identified by its email address, which is unique to the account.服务帐户由其 email 地址标识,该地址对于该帐户是唯一的。
User-managed service accounts 用户管理的服务帐户
You can create user-managed service accounts in your project using the IAM API, the Cloud Console, or the gcloud command-line tool.您可以使用 IAM API、Cloud Console 或 gcloud 命令行工具在项目中创建用户管理的服务帐号。 You are responsible for managing and securing these accounts.
您负责管理和保护这些帐户。
You can start by checking the application.properties
file of your Springboot app.您可以首先检查Springboot应用程序的
application.properties
文件。 Credentials can be set either by means of,可以通过以下方式设置凭据,
spring.cloud.gcp.credentials.location=file:/usr/local/key.json
spring.cloud.gcp.credentials.encoded-key
If the credentials are not specified in the properties file, then you can check the credentials file pointed to by the GOOGLE_APPLICATION_CREDENTIALS
environment variable within Eclipse .如果属性文件中未指定凭据,则可以检查Eclipse中的
GOOGLE_APPLICATION_CREDENTIALS
环境变量指向的凭据文件。
In the event that you want to change the credentials associated to your app, you can reconfigure any of the following mentioned above in your own terms.如果您想更改与您的应用关联的凭据,您可以根据自己的条件重新配置上述任何一项。 Just make sure to remove any configuration that was previously set to avoid conflicts.
只需确保删除之前设置的任何配置以避免冲突。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.