使用Google Cloud SDK部署gcloud应用程序期间,权限被拒绝
Che*_*eng 10 google-app-engine google-cloud-platform
使用Google Cloud SDK将应用程序部署到Google App Engine十分困难。
我尝试了以下2个命令
C:\Users\yccheok\Desktop\jstock-android-appengine>gcloud config set project jstock-android
Updated property [core/project].
C:\Users\yccheok\Desktop\jstock-android-appengine>gcloud app deploy app.yaml --log-http --verbosity=debug
DEBUG: Running [gcloud.app.deploy] with arguments: [--log-http: "true", --verbosity: "debug", DEPLOYABLES:1: "['app.yaml']"]
DEBUG: No staging command found for runtime [python27] and environment [STANDARD].
DEBUG: API endpoint: [https://appengine.googleapis.com/], API version: [v1]
=======================
==== request start ====
uri: https://appengine.googleapis.com/v1/apps/jstock-android?alt=json
method: GET
== headers start ==
Authorization: Bearer ya29.GlxEBb1XVP1JK93-ARiaN_ZgiMbvZmw5KWfvJVfibDJ4FK_ZaMRoU1jVDTiWzsY606GSduJKJd9Nm8zA-_Iql5mGn4AMk4QVl8mPRycfekeZnOOHtbUvpkBMgOLOQA
accept: application/json
accept-encoding: gzip, deflate
content-length: 0
user-agent: google-cloud-sdk x_Tw5K8nnjoRAqULM9PFAC2b gcloud/184.0.0 command/gcloud.app.deploy invocation-id/c9ae232d33b346d787b95a36e28c38c0 environment/None environment-version/None interactive/True python/2.7.13 (Windows NT 10.0.16299)
== headers end ==
== body start ==
== body end ==
==== request end ====
---- response start ----
-- headers start --
-content-encoding: gzip
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
cache-control: private
content-length: 335
content-type: application/json; charset=UTF-8
date: Tue, 16 Jan 2018 19:16:21 GMT
server: ESF
status: 403
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
-- headers end --
-- body start --
{
"error": {
"code": 403,
"message": "Operation not allowed",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"resourceType": "gae.api",
"description": "The \"appengine.applications.get\" permission is required."
}
]
}
}
-- body end --
total round trip time (request+response): 1.796 secs
---- response end ----
----------------------
DEBUG: (gcloud.app.deploy) Permissions error fetching application [apps/jstock-android]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.
Traceback (most recent call last):
File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\calliope\cli.py", line 797, in Execute
resources = calliope_command.Run(cli=self, args=args)
File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\calliope\backend.py", line 757, in Run
resources = command_instance.Run(args)
File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\surface\app\deploy.py", line 65, in Run
parallel_build=False)
File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\command_lib\app\deploy_util.py", line 543, in RunDeploy
app = _PossiblyCreateApp(api_client, project)
File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\command_lib\app\deploy_util.py", line 703, in _PossiblyCreateApp
api_client._FormatApp()))) # pylint: disable=protected-access
HttpException: Permissions error fetching application [apps/jstock-android]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.
ERROR: (gcloud.app.deploy) Permissions error fetching application [apps/jstock-android]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.
C:\Users\yccheok\Desktop\jstock-android-appengine>
然后,我浏览了https://cloud.google.com/appengine/docs/admin-api/accessing-the-api,它提到我需要使用Admin API。因此,我会逐步仔细地进行操作。
步骤1
第2步
它提到了Admin API已启用。现在我需要凭证。
第三步
第四步
好。现在他们提到我不需要创建新的凭据。我可以使用应用程序默认凭据吗?
第5步
因此,我去了https://developers.google.com/identity/protocols/application-default-credentials?hl=zh_CN。我知道我需要跑步
C:\Users\yccheok\Desktop\jstock-android-appengine>gcloud auth application-default login
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?redirect_uri=http%3A%2F%2Flocalhost%3A8085%2F&prompt=select_account&response_type=code&client_id=764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform&access_type=offline
Credentials saved to file: [C:\Users\yccheok\AppData\Roaming\gcloud\application_default_credentials.json]
These credentials will be used by any library that requests
Application Default Credentials.
第6步
步骤7
尽管如此,在完成上述7个步骤后,在尝试运行时我仍然收到完全相同的错误消息
gcloud app deploy app.yaml --log-http --verbosity=debug
谁能告诉我,要使用Google Cloud SDK将Python应用程序部署到Google App Engine,我还需要执行什么步骤?
Dan*_*scu 10
Admin API是用于以编程方式部署应用程序,而不是用于使用进行部署gcloud app deploy,您甚至不需要为此应用程序启用Admin API。
要以编程方式部署您的应用,请使用Admin API。
在你开始之前
在部署应用程序之前:
GCP项目的所有者必须创建App Engine应用程序。
确保您的用户帐户包含必需的特权。
(但是我可以看到以上内容可能会误解为使用Admin API的邀请)
实际使用的帐户很可能gcloud app deploy丢失或没有所需的权限。
您可以检查用于的帐户gcloud auth list。就我而言,该帐户是我的电子邮件地址,而不是服务帐户(我不确定是否可以使用服务帐户)。
如果需要其他帐户,请使用gcloud auth login(也许使用gcloud auth revoke)。
而且,您可以在IAM页面上的项目/应用程序上检查帐户的特权(如果有)。
关于此的另一点说明,当启用App Engine API和Cloud Builder API时,请确保Cloud Build Service帐户也有权访问该项目。
启用正确的api后,我遇到了这个问题。
这是使用构建触发器。我可以从命令行本地部署,因为我已通过身份验证。但是,如果使用的是构建触发器,它将使用需要访问的构建服务帐户。
希望这可以帮助。
- 您的回答帮助我解决了我的问题:我的[默认的Cloud Build Service帐户缺少“ App Engine Deployer”角色)[https://cloud.google.com/cloud-build/docs/securing-builds/set-服务帐户权限#granting_additional_access)。谢谢! (3认同)
| 归档时间: |
|
| 查看次数: |
12441 次 |
| 最近记录: |