Google Cloud Storage 权限被拒绝
[英]Google Cloud Storage permission denied
问题描述
I set up a Cloud Run which uses a Bucket on Cloud Storage .
我设置了一个使用Cloud Storage上的Bucket的Cloud Run 。 Locally I run it in a Docker Container , the credentials are passed using a json file, created and downloaded from IAM & Admin , and it works.在本地,我在Docker Container中运行它,使用json文件传递凭据,该文件是从IAM & Admin创建和下载的,它可以正常工作。 When deployed, writing to the bucket throws an error:部署后,写入存储桶会引发错误:
{
500 unable to sign bytes: googleapi: Error 403: Permission 'iam.serviceAccounts.signBlob' denied on resource (or it may not exist).
Details:
[{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"domain": "iam.googleapis.com",
"metadata": {
"permission": "iam.serviceAccounts.signBlob"
},
"reason": "IAM_PERMISSION_DENIED"
}]
[]
}
Any idea?任何的想法?
1 个解决方案
解决方案1
0 2023-01-11 14:39:07
I had to add the Service Account Token Creator to the service account.我必须将Service Account Token Creator添加到服务帐户。 I did it, but it did not work anyway because there is the need to deploy a new version of the service, so:我做到了,但无论如何都没有用,因为需要部署新版本的服务,所以:
- Add the role
Service Account Token Creator添加角色Service Account Token Creator - Deploy new version of the service部署新版本的服务
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.