无法在 Google Cloud VM 上授权 bigrquery,但可以在本地计算机上授权
[英]Can't authorize bigrquery on Google Cloud VM, but can on local machine
问题描述
I posted an issue here: https://github.com/r-dbi/bigrquery/issues/487 and a similar one previously https://github.com/r-dbi/bigrquery/issues/449 .
我在这里发布了一个问题: https://github.com/r-dbi/bigrquery/issues/487和之前的类似问题https://github.com/r-dbi/bigrquery/issues/449 。 They have not been solved.他们还没有得到解决。 And, sadly, response to issues has dropped off to almost zero.而且,可悲的是,对问题的反应已经下降到几乎为零。
If anyone can help, that would be great.如果有人可以提供帮助,那就太好了。
My organization does not allow the use of service account keys.我的组织不允许使用服务帐户密钥。 So I have to use email authorization.所以我必须使用email授权。
On PC在电脑上
> library(bigrquery)
> bq_deauth()
> bq_auth(email="ariel.balter@providence.org")
> conn = dbConnect(bigrquery::bigquery(), project="???????????", dataset="test_dataset")
> DBI::dbListTables(conn)
character(0)
On cloud VM在云虚拟机上
> library(bigrquery)
> bq_deauth()
> bq_auth(email="ariel.balter@providence.org")
> conn = dbConnect(bigrquery::bigquery(), project="??????????", dataset="test_dataset")
> DBI::dbListTables(conn)
Error: Access Denied: Dataset ??????????:test_dataset: Permission bigquery.tables.list denied on dataset ???????????:test_dataset (or it may not exist). [accessDenied]
Run `rlang::last_error()` to see where the error occurred.
> rlang::last_error()
<error/bigrquery_accessDenied>
Access Denied: Dataset ??????????:test_dataset: Permission bigquery.tables.list denied on dataset ????????:test_dataset (or it may not exist). [accessDenied]
Backtrace:
1. DBI::dbListTables(conn)
2. DBI::dbListTables(conn)
3. bigrquery::bq_dataset_tables(ds, ...)
4. bigrquery:::bq_get_paginated(...)
5. bigrquery:::bq_get(url, ..., query = query, token = token)
6. bigrquery:::process_request(req, raw = raw)
7. bigrquery:::bq_check_response(status, type, content)
8. bigrquery:::signal_reason(json$error$errors[[1L]]$reason, json$error$message)
Run `rlang::last_trace()` to see the full context.
> rlang::last_trace()
<error/bigrquery_accessDenied>
Access Denied: Dataset ?????????:test_dataset: Permission bigquery.tables.list denied on dataset ????????:test_dataset (or it may not exist). [accessDenied]
Backtrace:
█
1. ├─DBI::dbListTables(conn)
2. └─DBI::dbListTables(conn)
3. └─bigrquery::bq_dataset_tables(ds, ...)
4. └─bigrquery:::bq_get_paginated(...)
5. └─bigrquery:::bq_get(url, ..., query = query, token = token)
6. └─bigrquery:::process_request(req, raw = raw)
7. └─bigrquery:::bq_check_response(status, type, content)
8. └─bigrquery:::signal_reason(json$error$errors[[1L]]$reason, json$error$message)
1 个解决方案
解决方案1
0 2022-03-04 19:29:24
Our cloud engineer was able to solve the issue.我们的云工程师能够解决这个问题。 He switched my authentication type on VMs to User rather than Service Account.他将我在 VM 上的身份验证类型切换为用户而不是服务帐户。 He posted this on our slack:他在我们的 slack 上发布了这个:
Since this came up again yesterday, here's a great primer on GCP authentication: https://codeburst.io/google-cloud-authentication-by-example-1481b02292e4 Couple of key takeaways when looking at authentication outside of the console:
- There are two different types of accounts that can be authenticated: User and Service Accounts.
- There are two separate components that are authenticated separately: Google Cloud SDK Command Line Tools and Google Cloud Client Libraries.
- One account can impersonate another
- One thing this article fails to mention, is usually (but not always) is a service account associated with a VM that the GCP Client Libraries will fall back to use if other methods aren't specified.
Unrelated, I also got an email from GCP this morning with the following:无关紧要,今天早上我还从 GCP 收到了 email,其中包含以下内容:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.