简体繁体 English

服务帐户需要什么权限才能为 gcp 中的云存储上的 blob 生成签名 url

[英]What permissions are needed for an service account to generate signed url for blobs on cloud storage in gcp

原文 2023-01-11 19:56:33 4 1 google-cloud-platform/ google-cloud-storage/ pre-signed-url

I would like to know exact permissions needed by a service account to be able to generate signed urls (GET and PUT) on any object in a specific bucket B1.我想知道服务帐户需要的确切权限才能在特定存储桶 B1 中的任何 object 上生成签名 url（GET 和 PUT）。 A terraform script is welcome.欢迎使用 terraform 脚本。 Currently I just use default app engine service account which has a lot of extra permissions目前我只使用默认的应用引擎服务帐户，它有很多额外的权限

1 个解决方案

To generate a GET signed url, your service account needs to have storage.objects.get permission要生成 GET 签名 url，您的服务帐户需要具有storage.objects.get权限

To generate a PUT signed url, your service account needs to have storage.objects.create permission要生成 PUT 签名 url，您的服务帐户需要具有storage.objects.create权限

So ideally I would create a new role - generate_signed_url and grant these 2 permissions on that role.所以理想情况下，我会创建一个新角色 - generate_signed_url并授予该角色的这两个权限。 Then assign that role to the service account that's being used to generate a signed url.然后将该角色分配给用于生成签名 url 的服务帐户。

读取和写入服务帐户的 Google 表格需要哪些确切权限？ - What exact permissions are needed to read and write to Google Sheets for a service account?

如何使用 Cloud Function 服务帐户在 Cloud Function 中创建签名的 Google Cloud Storage URL？ - How to create signed Google Cloud Storage URLs in Cloud Function using Cloud Function service account?

从云 function 生成签名 url 时出现 Google 存储权限错误 - Google storage permissions error while generating signed url from cloud function

GCP - 存储服务帐户访问问题 - GCP - Storage Service Account Access Issue

我获得存储权限的服务帐户没有对 Google Cloud Storage 存储桶的 storage.objects.list 访问权限 - My service account which was given storage permissions does not have storage.objects.list access to the Google Cloud Storage bucket

GCP API 云功能网关默认服务帐户身份验证：“您的客户端无权访问请求的 URL” - GCP API Gateway to Cloud Functions default service account authentication: "Your client does not have permission to the requested URL""

在 GCP 中的组织级别创建服务帐户并分配权限/角色 - create service account and assign permissions/roles at the organization level in GCP

如何授予在 GCP 上随机创建服务帐户的权限？ - How to granting permissions to randomly create service account on GCP?

将 Google Load Balancer 设置为 GCP 存储桶时，“$[DEFAULT_SERVICE_URL]”指的是什么？ - What does "$[DEFAULT_SERVICE_URL]" refer to when setting Google Load Balancer towards a GCP Storage Bucket?

如何生成签名的 url 供 GCP 下载 Java 中的文件？ - How to generate a signed url for GCP to download a file in Java?

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 读取和写入服务帐户的 Google 表格需要哪些确切权限？ - What exact permissions are needed to read and write to Google Sheets for a service account? 如何使用 Cloud Function 服务帐户在 Cloud Function 中创建签名的 Google Cloud Storage URL？ - How to create signed Google Cloud Storage URLs in Cloud Function using Cloud Function service account? 从云 function 生成签名 url 时出现 Google 存储权限错误 - Google storage permissions error while generating signed url from cloud function GCP - 存储服务帐户访问问题 - GCP - Storage Service Account Access Issue 我获得存储权限的服务帐户没有对 Google Cloud Storage 存储桶的 storage.objects.list 访问权限 - My service account which was given storage permissions does not have storage.objects.list access to the Google Cloud Storage bucket GCP API 云功能网关默认服务帐户身份验证：“您的客户端无权访问请求的 URL” - GCP API Gateway to Cloud Functions default service account authentication: "Your client does not have permission to the requested URL"" 在 GCP 中的组织级别创建服务帐户并分配权限/角色 - create service account and assign permissions/roles at the organization level in GCP 如何授予在 GCP 上随机创建服务帐户的权限？ - How to granting permissions to randomly create service account on GCP? 将 Google Load Balancer 设置为 GCP 存储桶时，“$[DEFAULT_SERVICE_URL]”指的是什么？ - What does "$[DEFAULT_SERVICE_URL]" refer to when setting Google Load Balancer towards a GCP Storage Bucket? 如何生成签名的 url 供 GCP 下载 Java 中的文件？ - How to generate a signed url for GCP to download a file in Java?

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM