"DatastoreException:缺少权限或权限不足"在被取代的Cloud Datastore上 [英] "DatastoreException: Missing or insufficient permissions" on superseded Cloud Datastore
问题描述
我们有一个基于AppEngine SDK(现已弃用)和被取代的Cloud Datastore的旧版应用程序. 在迁移到Google Cloud SDK的过程中,我们还决定从JPA/Datanucleus迁移到Objectify.
We have an older application based on the AppEngine SDK (now deprecated) and the superseded Cloud Datastore. In the process of migrating to Google Cloud SDK we also decided to move from JPA/Datanucleus to Objectify.
鉴于将来某个时候Cloud Datastore将以Datastore模式自动升级到Cloud Firestore,我们决定按照此页面底部的说明测试我们的应用程序: https://cloud.google.com/datastore/docs/upgrade- to-firestore#testing_an_existing_application
Given that the Cloud Datastore will be automatically upgraded to Cloud Firestore in Datastore mode sometime in the future, we decided to test our application as described at the bottom of this page: https://cloud.google.com/datastore/docs/upgrade-to-firestore#testing_an_existing_application
1)创建一个新项目.在此项目中,以数据存储方式数据库创建Cloud Firestore.
1) Create a new project. In this project, create a Cloud Firestore in Datastore mode database.
2)使用托管导出服务,将您的应用程序的某些数据导出到Cloud Storage.
2) Using the managed export service, export some of your application's data to Cloud Storage.
3)使用托管导入服务,将应用程序的数据导入到新项目中.
3) Using the managed import service, import your application's data to your new project.
4)将要测试的应用逻辑复制到新项目或针对新项目模拟应用行为.
4) Copy app logic you want to test to the new project or simulate app behaviour against the new project.
这就是我们的工作,在出现一些问题之后,我们可以使应用程序的一部分在单独的测试项目中使用新的数据存储正常运行.
That's what we did and after some issues we could make a portion of our application run fine with the new datastore in a separate test project.
现在是实际问题...
我们想测试更新的应用程序是否也可以与被取代的Cloud Datastore一起运行,因此我们不必担心何时进行自动升级(因为我们的应用程序已经准备就绪). 因此,我们将其部署为现有AppEngine项目(v2-dot -.....)的新版本:不幸的是,一旦应用尝试读取数据存储,运行新版本就会引发权限错误:
We wanted to test if the updated application could also run with the superseded Cloud Datastore, so we won't have to worry when the automatic upgrade occurs (as our app will be already ready). So we deployed it as a new version of the existing AppEngine project (v2-dot-.....): unfortunately running the new version throws a permission error as soon as the app tries to read the datastore:
com.google.cloud.datastore.DatastoreException: Missing or insufficient permissions
所以问题是: -这可能与我们的项目尚未将Cloud Datastore升级到Data Store模式下的Cloud Firestore有关吗? -有什么我们可以做的(也许要添加特定的权限)才能使它正常工作吗?
So the questions are: - could this be related to the Cloud Datastore not being upgraded to Cloud Firestore in Datastore mode for our project yet? - is there anything we can do (add specific permissions maybe) to make it work anyway?
我们担心的是,我们需要在2020年7月之前部署新版本的应用程序(那时旧的AppEngine SDK将停止工作),并且我们担心数据存储区的自动升级将在以后发生.
Our concern is that we need to have the new version of the app deployed before July 2020 (that's when the older AppEngine SDK will stop working), and we are worried that the automatic upgrade of the datastore will occur later.
谢谢您的帮助.
推荐答案
原来,我们的项目在IAM中没有 PROJECT_ID@appspot.gserviceaccount.com 成员.
Turned out our project doesn't have the PROJECT_ID@appspot.gserviceaccount.com member in IAM.
它具有大量其他成员(例如: PROJECT_NUMBER-compute@developer.gserviceaccount.com , PROJECT_NUMBER@cloudservices.gserviceaccount.com , service -PROJECT_NUMBER@compute-system.iam.gserviceaccount.com 等),我猜这是以前版本的Google App Engine中使用的旧成员.
It has a pletora of other members (for example: PROJECT_NUMBER-compute@developer.gserviceaccount.com, PROJECT_NUMBER@cloudservices.gserviceaccount.com, service-PROJECT_NUMBER@compute-system.iam.gserviceaccount.com, etc) which I guess are legacy members used in previous versions of Google App Engine.
添加具有 Editor 角色的 PROJECT_ID@appspot.gserviceaccount.com 可以解决此问题:现在可以将新版本部署到旧项目中,即使该数据存储区尚未以数据存储区模式转换为Cloud Firestore.
Adding PROJECT_ID@appspot.gserviceaccount.com with the role Editor fixed the issue: now the new version can be deployed to the old projects and it works fine even if the datastore has not yet been converted to Cloud Firestore in Datastore Mode.
这篇关于"DatastoreException:缺少权限或权限不足"在被取代的Cloud Datastore上的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
