[英]Google Cloud Storage permission denied
I set up a Cloud Run
which uses a Bucket
on Cloud Storage
.我设置了一个使用
Cloud Storage
上的Bucket
的Cloud Run
。 Locally I run it in a Docker Container
, the credentials are passed using a json
file, created and downloaded from IAM & Admin
, and it works.在本地,我在
Docker Container
中运行它,使用json
文件传递凭据,该文件是从IAM & Admin
创建和下载的,它可以正常工作。 When deployed, writing to the bucket throws an error:部署后,写入存储桶会引发错误:
{
500 unable to sign bytes: googleapi: Error 403: Permission 'iam.serviceAccounts.signBlob' denied on resource (or it may not exist).
Details:
[{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"domain": "iam.googleapis.com",
"metadata": {
"permission": "iam.serviceAccounts.signBlob"
},
"reason": "IAM_PERMISSION_DENIED"
}]
[]
}
Any idea?任何的想法?
I had to add the Service Account Token Creator
to the service account.我必须将
Service Account Token Creator
添加到服务帐户。 I did it, but it did not work anyway because there is the need to deploy a new version of the service, so:我做到了,但无论如何都没有用,因为需要部署新版本的服务,所以:
Service Account Token Creator
Service Account Token Creator
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.