Google云存储:调用者没有权限 [英] Google cloud storage: The caller does not have permission

问题描述

我正在尝试使用服务帐户和API旋转密钥以访问GCS存储桶.我已经为我的服务帐户启用了所有角色，但是仍然出现如下错误.

I am trying to rotate key to access GCS bucket using service account and API. I have enabled all roles to my service accounts but still i am getting error as follows.

{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "The caller does not have permission",
    "reason" : "forbidden"
  } ],
  "message" : "The caller does not have permission",
  "status" : "PERMISSION_DENIED"
}

这是我的代码:

public static void main(String[] args) {

        HttpTransport transport;
        try {
            transport = GoogleNetHttpTransport.newTrustedTransport();

        JsonFactory jsonFactory = new JacksonFactory();

        Iam iam = new Iam(transport,jsonFactory,new HttpRequestInitializer() {
            public void initialize(HttpRequest httpRequest) {
                httpRequest.setConnectTimeout(0);
                httpRequest.setReadTimeout(0);
            }
        });

        CreateServiceAccountKeyRequest createServiceAccountKeyRequest = new CreateServiceAccountKeyRequest();

        Create create = iam.projects().serviceAccounts().keys().create("projects/mysampleproject/serviceAccounts/myserviceaccount@newsampleproject-123465.iam.gserviceaccount.com", createServiceAccountKeyRequest);
        create.setKey("AIzaSyC_YlBg_UXEFgdsspbGLvyb-THrTCbbZA");
        ServiceAccountKey serviceAccountKey =create.execute();
        System.out.println(serviceAccountKey.getPrivateKeyData());
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

我从同一条发布.请有人能建议我哪里错了或如何以正确的方式实现它吗?

I tried from my same post. Please can anyone suggest me where i am wrong or how to achieve it in right way?

推荐答案

"mysampleproject"需要匹配"newsampleproject-123465.iam.gserviceaccount.com"中的"newsampleproject-123465"

"mysampleproject" needs to match "newsampleproject-123465" in "newsampleproject-123465.iam.gserviceaccount.com"

还值得尝试使用Google应用程序默认凭据

Also it's worth to try using Google Application Default Credentials

     HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();    
     JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();

     // Authenticate using Google Application Default Credentials.
     GoogleCredential c= GoogleCredential.getApplicationDefault();

     Iam iam = new Iam(httpTransport, jsonFactory, credential);

这篇关于Google云存储:调用者没有权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！