sef*_*rov 10 google-api google-api-client google-compute-engine google-api-php-client
我将Google SDK设置为使用Google API和Application Default Credentials.对于我的本地计算机,创建了凭证json文件并将其路径设置GOOGLE_APPLICATION_CREDENTIALS为环境变量.这是按预期工作没有问题.
但是,当应用程序部署到Google Cloud VM时,会引发以下错误:
[Google_Service_Exception]
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"errors": [
{
"message": "Request had insufficient authentication scopes.",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
根据文档,内置服务帐户应与虚拟机实例关联.为了使它工作,我尝试使用凭据json文件,就像我在本地机器上做的那样(工作正常)但它也没有用.
要注意,错误消息是关于范围但不是auth问题.如何使其在Compute Engine VM实例上运行?
给客户端初始化代码:
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
$client->addScope(Google_Service_Pubsub::PUBSUB);
更新
现在它得到了支持.您必须停止实例才能更改API范围. https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#changeserviceaccountandscopes
原始答案
事实证明,我必须为Google Cloud Console上的服务启用Cloud API访问范围,以获取VM实例详细信息:https://console.cloud.google.com/compute/instances
不幸的是,我无法改变它,因为Google Cloud暂时不支持它.我必须启动一个新实例来启用服务API访问. https://googlecloudplatform.uservoice.com/forums/302595-compute-engine/suggestions/13101552-ability-to-change-cloud-api-access-scopes-on-launc
| 归档时间: |
|
| 查看次数: |
11360 次 |
| 最近记录: |