Des*_*tor 3 node.js google-secret-manager
我使用 Google Secret Manager 的 Node.js 代码停止工作(前一段时间工作正常)。我已将 env 变量设置GOOGLE_APPLICATION_CREDENTIALS为有效路径并且console.log(process.env.GOOGLE_APPLICATION_CREDENTIALS); 打印正确。我什至尝试重新生成新的 .json 文件,但仍然遇到相同的错误。最初它没有 keyFilename,但两者给出相同的结果,即错误。密钥在管理网站中启用。await client.initialize();我也尝试过打电话。
有没有办法进一步调试这个?最近从冬季时间更改为夏季时间会产生影响吗?但是为什么重新生成的密钥不起作用呢?
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient({
keyFilename: 'path-to.json'
});
const projectId = 'project-number';
const parent = 'projects/' + projectId;
...
async function listSecrets() { // Calling this throws the error
const [secrets] = await client.listSecrets({
parent: parent
});
完整的错误堆栈:
[2021-04-12T09:14:56.366Z] (node:51988) UnhandledPromiseRejectionWarning: Error: 16 UNAUTHENTICATED: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
at Object.callErrorFromStatus (<super-secret-path>\node_modules\@grpc\grpc-js\build\src\call.js:31:26)
at Object.onReceiveStatus (<super-secret-path>\node_modules\@grpc\grpc-js\build\src\client.js:176:52)
at Object.onReceiveStatus (<super-secret-path>\node_modules\@grpc\grpc-js\build\src\client-interceptors.js:336:141)
at Object.onReceiveStatus (<super-secret-path>\node_modules\@grpc\grpc-js\build\src\client-interceptors.js:299:181)
at <super-secret-path>\node_modules\@grpc\grpc-js\build\src\call-stream.js:130:78
at processTicksAndRejections (internal/process/task_queues.js:75:11)
我已经安装了 Google Cloud SDK,gcloud auth activate-service-account在我的服务器上运行,它启动了
ERROR: (gcloud.auth.activate-service-account) There was a problem refreshing your current auth tokens: ('invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.', '{"error":"invalid_grant","error_description":"Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim."}')
经过进一步谷歌搜索后,我检查了服务器的时间,由于最近的冬季->夏季变化,现在晚了 2 小时,我想在晚了 1 小时之前仍然合适。 调整时间就解决了问题。(http://time.is有帮助)
有趣的是,我可以使用“人类”凭据登录。
| 归档时间: |
|
| 查看次数: |
7045 次 |
| 最近记录: |