[英]Can't authorize bigrquery on Google Cloud VM, but can on local machine
I posted an issue here: https://github.com/r-dbi/bigrquery/issues/487 and a similar one previously https://github.com/r-dbi/bigrquery/issues/449 .我在这里发布了一个问题: https://github.com/r-dbi/bigrquery/issues/487和之前的类似问题https://github.com/r-dbi/bigrquery/issues/449 。 They have not been solved.
他们还没有得到解决。 And, sadly, response to issues has dropped off to almost zero.
而且,可悲的是,对问题的反应已经下降到几乎为零。
If anyone can help, that would be great.如果有人可以提供帮助,那就太好了。
My organization does not allow the use of service account keys.我的组织不允许使用服务帐户密钥。 So I have to use email authorization.
所以我必须使用email授权。
> library(bigrquery)
> bq_deauth()
> bq_auth(email="ariel.balter@providence.org")
> conn = dbConnect(bigrquery::bigquery(), project="???????????", dataset="test_dataset")
> DBI::dbListTables(conn)
character(0)
> library(bigrquery)
> bq_deauth()
> bq_auth(email="ariel.balter@providence.org")
> conn = dbConnect(bigrquery::bigquery(), project="??????????", dataset="test_dataset")
> DBI::dbListTables(conn)
Error: Access Denied: Dataset ??????????:test_dataset: Permission bigquery.tables.list denied on dataset ???????????:test_dataset (or it may not exist). [accessDenied]
Run `rlang::last_error()` to see where the error occurred.
> rlang::last_error()
<error/bigrquery_accessDenied>
Access Denied: Dataset ??????????:test_dataset: Permission bigquery.tables.list denied on dataset ????????:test_dataset (or it may not exist). [accessDenied]
Backtrace:
1. DBI::dbListTables(conn)
2. DBI::dbListTables(conn)
3. bigrquery::bq_dataset_tables(ds, ...)
4. bigrquery:::bq_get_paginated(...)
5. bigrquery:::bq_get(url, ..., query = query, token = token)
6. bigrquery:::process_request(req, raw = raw)
7. bigrquery:::bq_check_response(status, type, content)
8. bigrquery:::signal_reason(json$error$errors[[1L]]$reason, json$error$message)
Run `rlang::last_trace()` to see the full context.
> rlang::last_trace()
<error/bigrquery_accessDenied>
Access Denied: Dataset ?????????:test_dataset: Permission bigquery.tables.list denied on dataset ????????:test_dataset (or it may not exist). [accessDenied]
Backtrace:
█
1. ├─DBI::dbListTables(conn)
2. └─DBI::dbListTables(conn)
3. └─bigrquery::bq_dataset_tables(ds, ...)
4. └─bigrquery:::bq_get_paginated(...)
5. └─bigrquery:::bq_get(url, ..., query = query, token = token)
6. └─bigrquery:::process_request(req, raw = raw)
7. └─bigrquery:::bq_check_response(status, type, content)
8. └─bigrquery:::signal_reason(json$error$errors[[1L]]$reason, json$error$message)
Our cloud engineer was able to solve the issue.我们的云工程师能够解决这个问题。 He switched my authentication type on VMs to User rather than Service Account.
他将我在 VM 上的身份验证类型切换为用户而不是服务帐户。 He posted this on our slack:
他在我们的 slack 上发布了这个:
Since this came up again yesterday, here's a great primer on GCP authentication: https://codeburst.io/google-cloud-authentication-by-example-1481b02292e4 Couple of key takeaways when looking at authentication outside of the console:
由于昨天再次出现这种情况,这里有一个关于 GCP 身份验证的很好的入门: https://codeburst.io/google-cloud-authentication-by-example-1481b02292e4在控制台外部查看身份验证时的几个关键要点:
- There are two different types of accounts that can be authenticated: User and Service Accounts.
可以对两种不同类型的帐户进行身份验证:用户帐户和服务帐户。
- There are two separate components that are authenticated separately: Google Cloud SDK Command Line Tools and Google Cloud Client Libraries.
有两个单独的组件分别进行身份验证:Google Cloud SDK 命令行工具和 Google Cloud 客户端库。
- One account can impersonate another
一个帐户可以冒充另一个
- One thing this article fails to mention, is usually (but not always) is a service account associated with a VM that the GCP Client Libraries will fall back to use if other methods aren't specified.
本文没有提及的一件事通常(但并非总是)是与 VM 关联的服务帐户,如果未指定其他方法,GCP 客户端库将回退使用该服务帐户。
Unrelated, I also got an email from GCP this morning with the following:无关紧要,今天早上我还从 GCP 收到了 email,其中包含以下内容:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.