[英]Appengine gcloud deploy using custom service account
我想將 API 部署到 App Engine 但它最終使用了錯誤的服務帳戶。 我在 gitlab 中使用了這 3 行 cmd:
- gcloud auth activate-service-account --key-file /tmp/$CI_PIPELINE_ID.json
- gcloud config set account NameOfServiceAccount.com
- gcloud app deploy
我得到的是
target service account: [App Engine default service account]
Do you want to continue (Y/n)?
Beginning deployment of service [lettering-back]...
╔════════════════════════════════════════════════════════════╗
╠═ Uploading 2 files to Google Cloud Storage ═╣
╚════════════════════════════════════════════════════════════╝
File upload done.
ERROR: (gcloud.app.deploy) PERMISSION_DENIED: You do not have permission to act as
要部署新版本,成員必須在 App Engine 默認服務帳戶上具有服務帳戶用戶 (roles/iam.serviceAccountUser) 角色,以及 Cloud Build Editor (roles/cloudbuild.builds.editor) 和 Cloud Storage Object Admin(角色/storage.objectAdmin) 項目上的角色。
更具體地說,對於您的錯誤消息,您需要在您的服務帳戶上使用roles/iam.serviceAccountUser
,其密鑰是您放置在/tmp/$CI_PIPELINE_ID.json
的密鑰
參考:第一表行在https://cloud.google.com/appengine/docs/standard/python/roles#predefined_roles
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.