如何更改Google Compute Engine服务帐户的范围以将数据写入Google Cloud Storage存储桶? [英] How to change the scope of a Google Compute Engine service account to write data to a Google Cloud Storage bucket?
问题描述
有一个实例在GCE上运行,并且在同一项目中有一个GCS存储桶.但是我无法向其中写入数据.如何将数据从VM实例写入存储桶?
There is an instance running on GCE and there is a GCS bucket in same project. But I am not able to write data to it. How can I write data from a VM instance to the storage bucket?
推荐答案
更新:截至2016年12月15日,该功能
如果要以其他身份运行,则可以更改现有实例的服务帐户和/或访问范围,或者确定该实例需要一组不同的范围来调用所需的API.例如,您可以更改访问范围以授予对新API的访问权限或更改实例,以使其作为您创建的服务帐户(而不是Compute Engine默认服务帐户)运行.
You can change the service account and/or access scopes of an existing instance if you want to run as a different identity, or you determine that the instance needs a different set of scopes to call the required APIs. For example, you can change access scopes to grant access to a new API or change an instance so that it runs as a service account you created instead of the Compute Engine Default Service Account. 要更改实例的服务帐户和访问范围,必须暂时停止该实例.要停止实例,请阅读停止实例.更改服务帐户或访问范围后,请记住重新启动实例. To change an instance's service account and access scopes, the instance must be temporarily stopped. To stop your instance, read the documentation for Stopping an instance. After changing the service account or access scopes, remember to restart the instance. 文档还提供 Google Cloud Console , The documentation provides instructions for how to use this feature using the Google Cloud Console,
上一个答案(在2016年12月15日之前有效): 您不能更改正在运行的VM实例的范围.您可以: You can't change the scopes of a running VM instance. You can either: 创建新实例(可能会重复使用在创建时指定了正确范围的当前实例的磁盘),例如: create a new instance (possibly reusing the disks of your current instance) with the right scopes specified at creation time, e.g.:
如果要从VM内部手动使用 if you want to use 如果您打算使用通过Google API使用的自动化工具,请使用服务帐户 if you are planning to use an automated tool using Google APIs, use a service account 这篇关于如何更改Google Compute Engine服务帐户的范围以将数据写入Google Cloud Storage存储桶?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
gcloud CLI工具如何使用此功能的说明.作为API.这是使用gcloud的示例;有关更多信息,请参见 docs 信息.gcloud CLI tool, as well as API. Here's an example using gcloud; see the docs for more info.
gcloud beta compute instances set-scopes [INSTANCE_NAME] \
--service-account [SERVICE_ACCOUNT_EMAIL] \
[--no-scopes | --scopes [SCOPES,...]]
gcloud compute instances create [...] --scopes storage-rw
gsutil,则可以运行 gsutil config ,并按照其提示进行身份验证gsutil manually from inside the VM, you can run gsutil config inside the VM and authenticate by following its prompts
