[英]error 403: Your client does not have permission to get URL in python google cloud module
UPTADE: According to what our system expert told me, they fixed the problem as follows: v6 ips must be disabled in the operating systems they are in.更新:根据我们的系统专家告诉我的,他们解决了如下问题:必须在他们所在的操作系统中禁用 v6 ips。
I have a python file on the server that is scheduled to run every week.我在服务器上有一个 python 文件,计划每周运行一次。 like this:
像这样:
from google.cloud import bigquery
gbq_credentials = create_gc_credentials(settings)
client = bigquery.Client(credentials=gbq_credentials,project=project_id)
df = client.query(sql_query).to_dataframe()
#data processing
....
But the file that works every week, gave an error today:但是每周运行的文件今天出错了:
Error 403 (Forbidden)!!1
Your client does not have permission to get URL <code>/bigquery/v2/projects/xxxx/jobs</code> from this server.
when I run the same file on my local computer, I didn't get any errors.当我在本地计算机上运行相同的文件时,我没有收到任何错误。
I updated the outdated python libraries on the server .我更新了服务器上过时的 python 库。 But it didn't work.
但它没有用。 Also I get the same error on all files using the google cloud module.
此外,我在使用谷歌云模块的所有文件上都遇到了同样的错误。
What could this problem be caused by?这个问题可能是由什么引起的?
As Bushmaster commented, disabling IPV6 solved the issue.正如 Bushmaster 评论的那样,禁用 IPV6 解决了这个问题。
I'm writing down the steps for disabling it:我正在写下禁用它的步骤:
sudo echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf
sudo echo "net.ipv6.conf.default.disable_ipv6=1" >> /etc/sysctl.conf
sudo echo "net.ipv6.conf.lo.disable_ipv6=1" >> /etc/sysctl.conf
sudo sysctl -p
Hope it helps!希望能帮助到你!
How does the "create_gc_credentials" work? “create_gc_credentials”如何工作? From the error message, the service account running on the server does not have the permission.
从错误信息来看,服务器上运行的服务帐号没有权限。
It could be for many reasons.可能有很多原因。 You can consider these options:
您可以考虑以下选项:
Or或者
When using the BigQuery API, you need to create the client with OAuth credentials for the user.使用 BigQuery API 时,您需要为用户创建具有 OAuth 凭据的客户端。 For access with an API, this is often a Service Account identity.
对于使用 API 进行访问,这通常是服务帐户身份。 When you create a Service Account, that account is not automatically added a membership role to your project.
创建服务帐户时,该帐户不会自动将成员身份添加到您的项目中。 To update the users and service accounts that are members of your project, go to your project, select "Permissions" in the navigation panel, and make sure the user or service account identity you are calling with is a "Reader" on the project.
要将属于您的项目成员的用户和服务帐户 go 更新为您的项目 select 导航面板中的“权限”,并确保您调用的用户或服务帐户身份是项目的“读者”。
In case it is about permissions, you can see this documentation about it.如果它与权限有关,您可以查看有关它的文档。
(this is supposed to be a comment, but I don't have enough reputation) Can you share how you confirmed that server has been banned by google and how did you solve the problem? (这应该是评论,但我没有足够的声誉)您能否分享您如何确认该服务器已被谷歌禁止以及您如何解决问题?
We have the same issue.我们有同样的问题。 On our server we receive "Error 403: Your client does not have permission to get URL", but locally requests work just fine.
在我们的服务器上,我们收到“错误 403:您的客户端无权获取 URL”,但本地请求工作正常。 We tried moving to another server and everything worked at first, but now we are getting an error again.
我们尝试移动到另一台服务器,起初一切正常,但现在我们再次收到错误消息。 There are no errors or messages on google console and we only have basic support (= can't contact google directly).
谷歌控制台上没有错误或消息,我们只有基本支持(= 无法直接联系谷歌)。 Do we have to buy a support plan?
我们必须购买支持计划吗?
Most times, the error is related to whether a user agent's identity can be verified and/or the user agent has the required permission to access a protected service.大多数情况下,错误与用户代理的身份是否可以被验证和/或用户代理是否具有访问受保护服务所需的权限有关。
I got this error after sending a post request to a cloud function without the authorisation header .在没有授权标头的情况下向云函数发送发布请求后出现此错误。
As an example, if a cloud function was created with Allow unauthenticated
switched on, then the request goes through without this error.例如,如果创建云功能时启用了“
Allow unauthenticated
”,则请求会通过而不会出现此错误。
A quick test was to generate a bearer token by running gcloud auth print-identity-token
in cloud shell, and passing the generated token in the authorisation request header.一项快速测试是通过在 Cloud Shell 中运行
gcloud auth print-identity-token
并在授权请求标头中传递生成的令牌来生成不记名令牌。 No error!没有错误!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.