堆栈内存溢出
  简体   繁体   English

错误:(gcloud.builds.submit)错误 403:<service account> 没有 storage.objects.get 访问谷歌云存储 object</service>

[英]ERROR: (gcloud.builds.submit) Error 403: <SERVICE ACCOUNT> does not have storage.objects.get access to the Google Cloud Storage object

 原文  2021-10-31 19:00:50       google-cloud-platform/ google-cloud-storage/ service-accounts/ google-cloud-build/ google-cloud-shell

问题描述

I am trying to build a docker image from the Pub/Sub tutorial on Google (link here ).我正在尝试从 Google 上的 Pub/Sub 教程(此处链接)构建一个 docker 图像。 I am running this command: gcloud builds submit --tag gcr.io/project_id/pubsub but for some reason I get the error mentioned in the title: ERROR: (gcloud.builds.submit) INVALID_ARGUMENT: could not resolve source: googleapi: Error 403: <SERVICE ACCOUNT> does not have storage.objects.get access to the Google Cloud Storage object., forbidden .我正在运行此命令: gcloud builds submit --tag gcr.io/project_id/pubsub但由于某种原因我收到标题中提到的错误: ERROR: (gcloud.builds.submit) INVALID_ARGUMENT: could not resolve source: googleapi: Error 403: <SERVICE ACCOUNT> does not have storage.objects.get access to the Google Cloud Storage object., forbidden I gave the service account the roles/storage.admin role and that didn't work.我为服务帐户授予了roles/storage.admin角色,但没有用。 I even went as far as made the service account an owner and I still got the same error.我什至将服务帐户设为所有者,但我仍然遇到同样的错误。

1 个解决方案

解决方案1
 0  2021-10-31 20:26:06

I figured it out.我想到了。 When using Cloud Build, GCP uses an entirely separate service account for this.使用 Cloud Build 时,GCP 为此使用一个完全独立的服务帐号。 It looks something like: <random-id>@cloudbuild.gserviceaccount.com .它看起来像: <random-id>@cloudbuild.gserviceaccount.com Add the Cloud Build Service Account role and the Storage Admin role to this service account fixed the problem.Cloud Build 服务帐户角色和存储管理员角色添加到此服务帐户即可解决此问题。

解决方案2
 0  2022-01-14 05:55:00

In my case, after running the almost similar command to yours:就我而言,在运行与您的几乎相似的命令后:

gcloud builds submit --tag gcr.io/my_project_id/hello_world

I was asked whether or not enabling and retrying "API [cloudbuild.googleapis.com]" then I put and ran "y" :有人问我是否启用并重试“API [cloudbuild.googleapis.com]”然后我输入并运行“y”

Creating temporary tarball archive of 2 file(s) totalling 478 bytes before compression.在压缩前创建 2 个文件的临时 tarball 存档,总计 478 字节。 Uploading tarball of [.] to [gs://my_project_id_cloudbuild/source/1642137449.192753-983fc894e2f24fa086f55fa3b56d58aa.tgz] API [cloudbuild.googleapis.com] not enabled on project [354778943856].将 [.] 的压缩包上传到 [gs://my_project_id_cloudbuild/source/1642137449.192753-983fc894e2f24fa086f55fa3b56d58aa.tgz] API [cloudbuild.googleapis.com] 未在项目 [354778943856] 上启用。 Would you like to enable and retry (this will take a few minutes)?是否要启用并重试(这需要几分钟)? (y/N)? (是/否)? y是的

Then, I also got the almost same error as yours:然后,我也遇到了和你几乎一样的错误:

Enabling service [cloudbuild.googleapis.com] on project [354778943856]... Operation "operations/acf.p2-354778943856-e99f6fd8-78ec-4cbd-94a2-07e0697d5455" finished successfully.在项目 [354778943856] 上启用服务 [cloudbuild.googleapis.com] ... 操作“operations/acf.p2-354778943856-e99f6fd8-78ec-4cbd-94a2-07e0697d5455”成功完成。 ERROR: (gcloud.builds.submit) INVALID_ARGUMENT: could not resolve source: googleapi: Error 403: 354778943856@cloudbuild.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object., forbidden错误:(gcloud.builds.submit)INVALID_ARGUMENT:无法解析来源:googleapi:错误 403:354778943856@cloudbuild.gserviceaccount.com 没有 storage.objects.get 访问 Google Cloud Storage 对象。,禁止

But a few minutes later, I ran the command again:但几分钟后,我再次运行命令:

gcloud builds submit --tag gcr.io/my_project_id/hello_world

Then, it was successful:然后,就成功了:

ID: f4478e51-557b-407d-9c30-c379ef707258 CREATE_TIME: 2022-01-14T05:22:29+00:00 DURATION: 19S SOURCE: gs://my_project_id_cloudbuild/source/1642137748.745566-d75b61b6c6bc4acb9aba900650f201b2.tgz IMAGES: gcr.io/my_project_id/hello_world(+1 more) STATUS: SUCCESS ID:F4478E51-557B-407D-9C30-C379EF707258 CREATE_TIME:2022-01-14T05:22:29 + 00:00持续时间:19S源:GS://my_Project_ID_CLoudBuild/source/16425566-D75B61B63328.745566535B61B6C6335B61B6C6M2ACB9ABA900650F201B2.TGZ图片:GCR.IO/ my_project_id/hello_world(+1 更多)状态:成功

In my case, after the error, waiting a few minutes then running the command is fine but I don't know what's going on to your case.就我而言,在出现错误后,等待几分钟然后运行命令就可以了,但我不知道您的情况如何。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 服务帐户没有对 Google Cloud Storage 的 storage.objects.get 访问权限 - service account does not have storage.objects.get access for Google Cloud Storage 如何处理匿名调用者没有 storage.objects.get 访问 Google Cloud Storage object - How to handle Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object StorageException:匿名调用者没有 storage.objects.get 访问权限 - StorageException: Anonymous caller does not have storage.objects.get access 我获得存储权限的服务帐户没有对 Google Cloud Storage 存储桶的 storage.objects.list 访问权限 - My service account which was given storage permissions does not have storage.objects.list access to the Google Cloud Storage bucket 公共 GC 存储访问失败,匿名调用者没有 storage.objects.get 访问权限 - public GC storage access fails with Anonymous caller does not have storage.objects.get access 通过服务帐户访问 Google Cloud Storage - Google Cloud Storage access via service account 错误 403:您的客户端没有在 python google 云模块中获取 URL 的权限 - error 403: Your client does not have permission to get URL in python google cloud module 防止 Google Cloud Storage 帐户所有者对用户存储桶对象的可见性 - Preventing Google Cloud Storage account owner visibility into user bucket objects Google Cloud Storage Transfer Service 失败并出现 PERMISSION_DENIED 错误 - Google Cloud Storage Transfer Service fails with PERMISSION_DENIED error 如何在不使用本地服务帐户密钥文件的情况下从 Cloud Run 服务访问 Google Cloud Storage 存储桶? - How to access to a Google Cloud Storage bucket from a Cloud Run service without using a local Service Account key file?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM