TPU-VM 在访问 Bucket 时拒绝访问
[英]TPU-VM gives access denied when accessing Bucket
问题描述
I have a number of Google cloud TPU-VMs which need to write to a Bucket.
我有许多需要写入存储桶的 Google 云 TPU-VM。
Most of them work fine, but the one I created this morning is giving me Access Denied when I run gsutil -m cp test_file.txt gs://MY_BUCKET_NAME :它们中的大多数都工作正常,但是我今天早上创建的那个在我运行gsutil -m cp test_file.txt gs://MY_BUCKET_NAME时让我拒绝访问:
"error": {
"code": 403,
"message": "Access denied.",
"errors": [
{
"message": "Access denied.",
"domain": "global",
"reason": "forbidden"
}
]
The VM is identical to all the others as far as I can see (same project, same versions, same region, same service account, gcloud config list and gcloud auth list give identical results) - any ideas why it's behaving differently?据我所知,该 VM 与所有其他虚拟机相同(相同的项目、相同的版本、相同的区域、相同的服务帐户、 gcloud config list和gcloud auth list给出相同的结果)——知道为什么它的行为不同吗?
This still happens even when I give allUsers public permissions to write to the bucket.即使我授予allUsers写入存储桶的公共权限,这仍然会发生。
1 个解决方案
解决方案1
0 2022-12-29 19:44:30
Have you checked the scope of the machine ( link )?您是否检查过机器的 scope( 链接)? It sounds like your machine has read-only scope instead of read_write .听起来您的机器是read-only scope 而不是read_write 。
How to verify:如何验证:
- Go to the console, and select your TPU Go 到控制台,select 你的 TPU
- In the
DETAILStab, clickEquivalent REST在DETAILS信息选项卡中,单击Equivalent REST - Check the
scopeunderserviceAccount, and make sure you havehttps://www.googleapis.com/auth/devstorage.read_write检查serviceAccount下的scope,确保你有https://www.googleapis.com/auth/devstorage.read_write
It likely happens when you create a TPU via GCP console as the default scope is read-only.当您通过 GCP 控制台创建 TPU 时可能会发生这种情况,因为默认值 scope 是只读的。 But creating the machine with gCloud CLI won't cause this problem.但是使用 gCloud CLI 创建机器不会导致这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.