stackoom
  简体   繁体   中英

How to change Google service account v- Cloud Storage when running from local eclipse

 原文  2021-09-23 22:22:53       google-cloud-platform/ google-cloud-storage

Question

When starting spring boot app that uses cloud storage, I see this

m c.g.c.s.c.DefaultCredentialsProvider.<init> - Default credentials provider for service account lo*ideal@api-project-8##9.iam.gserviceaccount.com

Where is this id coming from, and how can I change it?

In another computer it is admlocal****, how can I change it on this computer too?

Error:

{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "l*eal@api-project-8##429.iam.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket.",
    "reason" : "forbidden"
  } ],
  "message" : "l*deal@api-project-8##29.iam.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket."
}

2 answers

solution1
 0  2021-09-23 22:43:52

What are service accounts ? A service account is a special kind of account used by an application or a virtual machine (VM) instance, not a person. Applications use service accounts to make authorized API calls, authorized as either the service account itself, or as Google Workspace or Cloud Identity users through domain-wide delegation.

For example, a Compute Engine VM can run as a service account, and that account can be given permissions to access the resources it needs. This way the service account is the identity of the service, and the service account's permissions control which resources the service can access.

A service account is identified by its email address, which is unique to the account.

User-managed service accounts

You can create user-managed service accounts in your project using the IAM API, the Cloud Console, or the gcloud command-line tool. You are responsible for managing and securing these accounts.

solution2
 0  2021-09-29 05:15:05

You can start by checking the application.properties file of your Springboot app. Credentials can be set either by means of,

  • Setting the credentials location, or
spring.cloud.gcp.credentials.location=file:/usr/local/key.json
  • By directly setting the property value of
spring.cloud.gcp.credentials.encoded-key

If the credentials are not specified in the properties file, then you can check the credentials file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable within Eclipse .

In the event that you want to change the credentials associated to your app, you can reconfigure any of the following mentioned above in your own terms. Just make sure to remove any configuration that was previously set to avoid conflicts.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to access to a Google Cloud Storage bucket from a Cloud Run service without using a local Service Account key file? Google Cloud Storage access via service account How to create signed Google Cloud Storage URLs in Cloud Function using Cloud Function service account? How to init Google Cloud Storage NodeJS client library with service account credentials "Service account authorization without OAuth", can we get file from Google Cloud Storage via this approach? How to migrate local storage (active storage) to google cloud storage how to launch a cloud dataflow pipeline when particular set of files reaches Cloud storage from a google cloud function Which service account is used when running Firebase Cloud Functions? My service account which was given storage permissions does not have storage.objects.list access to the Google Cloud Storage bucket service account does not have storage.objects.get access for Google Cloud Storage
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM