add-iam-policy-binding 到 ESP 端点服务 GCloud 时出错
[英]error in add-iam-policy-binding to ESP end point service GCloud
问题描述
I am trying to create an end point for an API to be deployed into existing GKE cluster by following the instructions in Getting started with Cloud Endpoints for GKE with ESPv2
我正在尝试按照Getting started with Cloud Endpoints for GKE with ESPv2 中的说明,为要部署到现有 GKE 集群的 API 创建端点
I clone the sample code in the repo and modified the content of openapi.yaml:我在repo中克隆了示例代码并修改了openapi.yaml的内容:
# [START swagger]
swagger: "2.0"
info:
description: "A simple Google Cloud Endpoints API example."
title: "Endpoints Example"
version: "1.0.0"
host: "my-api.endpoints.my-project.cloud.goog"
I then deployed it via the command:然后我通过命令部署它:
endpoints/getting-started (master) $ gcloud endpoints services deploy openapi.yaml
Now I can see that it has been created:现在我可以看到它已经创建:
$ gcloud endpoints services list
NAME TITLE
my-api.endpoints.my-project.cloud.goog
I also have postgreSQL service account:我也有 postgreSQL 服务帐户:
$ gcloud iam service-accounts list
DISPLAY NAME EMAIL DISABLED
my-postgresql-service-account my-postgresql-service-acco@my-project.iam.gserviceaccount.com False
In the section Endpoint Service Configuration of documentation it says to add the role to the attached service account for the endpoint service as follows, but I get this error:在文档的端点服务配置部分中,它说将角色添加到端点服务的附加服务帐户,如下所示,但我收到此错误:
$ gcloud endpoints services add-iam-policy-binding my-api.endpoints.my-project.cloud.goog
--member serviceAccount:my-postgresql-service-acco@my-project.iam.gserviceaccount.com
--role roles/servicemanagement.serviceController
ERROR: (gcloud.endpoints.services.add-iam-policy-binding) User [myusername@mycompany.com] does not have permission to access services instance [my-api.endpoints.my-project.cloud.goog:getIamPolicy] (or it may not exist): No access to resource: services/my-api.my-project.cloud.goog
The previous lines show the service exits, I guess?前几行显示服务退出,我猜? Now I am not sure how to resolve this?现在我不确定如何解决这个问题? What permissions do I need?我需要什么权限? who can give me permission and what permissions he should have?谁能给我权限,他应该有什么权限? how can I check?我该如何检查? Is there any other solution?还有其他解决方案吗?
1 个解决方案
解决方案1
1 已采纳 2021-10-11 21:19:11
The issue got resolved after I was assigned the role of "Project_Admin".在我被分配“Project_Admin”角色后,问题得到了解决。 It was not ideal as it was giving too much permission to me.这并不理想,因为它给了我太多的许可。 The role "roles/endpoints.portalAdmin" was also tried but did not help.也尝试了角色“roles/endpoints.portalAdmin”,但没有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.