从云存储导入CSV到云SQL时，服务帐户的访问被拒绝(权限问题?) [英] Access denied for service account (permission issue?) when importing a csv from cloud storage to cloud sql

问题描述

我正在尝试使用云存储中的csv填充mysql db

I'm trying to populate a mysql db with a csv that i have in cloud storage

我正在使用 API资源管理器使用以下请求正文执行请求:

I'm using the API Explorer to execute the request with the following request body:

{
  "importContext": {
    "csvImportOptions": {
      "columns": [
        "col1",
        "col2",
        "col3"
      ],
      "table": "table_name"
    },
    "database": "db_name",
    "fileType": "CSV",
    "kind": "sql#importContext",
    "uri": "gs://some_bucket/somecsv.csv"
  }
}

当我按下执行按钮时，我收到以下内容的响应200

When i hit the execute button i receive a 200 response with the following body

{
 "kind": "sql#operation",
 "selfLink": "https://www.googleapis.com/sql/v1beta4/projects/somelink",
 "targetProject": "some-project",
 "targetId": "some-tarjet",
 "targetLink": "https://www.googleapis.com/sql/v1beta4/projects/somelink",
 "name": "some-name",
 "operationType": "IMPORT",
 "status": "PENDING",
 "user": "myuser@mydomain.com",
 "insertTime": "somedate",
 "importContext": {
  ...
 }
}

但是，如果我转到Google控制台中的详细实例页面，则会看到以下消息:

But if i go to the detail instance page in the google console i see this message:

gs://link-to-csv:拒绝访问该帐户 oosyrcl32gnzypxg4uhqw54uab@somename.iam.gserviceaccount.com (权限问题?)

gs://link-to-csv: Access denied for account oosyrcl32gnzypxg4uhqw54uab@somename.iam.gserviceaccount.com (permission issue?)

我已使用在csv所在的云存储中创建存储桶的同一帐户进行身份验证，并且使用python sdk也会发生这种情况.

I'm authenticated with the same account that created the bucket in cloud storage where the csv is and this also happens using the python sdk.

推荐答案

您正在尝试从存储桶中导入Cloud SQL实例，但是，该导入将由一个服务帐户(尤其是一个服务帐户)进行，您可以在服务帐户"部分中查看Cloud SQL实例的详细信息.

You are trying to do an import from your bucket to your Cloud SQL instance, but, said import is going to be made by a service account, one in particular, which can be seen in the "Service account" section while seeing the details of your Cloud SQL instance.

CloudSQL服务帐户可能没有适当的权限来访问带有要导入的数据的Cloud Storage存储桶.

It might be that the CloudSQL service account does not have appropriate permissions to access the Cloud Storage bucket with the data to import.

为了在SQL实例和存储桶之间创建成功的导入，应首先设置适当的权限.您应将存储对象查看器角色.

In order to create a successful import between SQL instance and Storage buckets, proper permissions should be set first. You should give to the service account "oosyrcl32gnzypxg4uhqw54uab@speckle-umbrella-27.iam.gserviceaccount.com" the Storage Object Viewer role.

这篇关于从云存储导入CSV到云SQL时，服务帐户的访问被拒绝(权限问题?)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！