认证gitlab CI/CD中的gcloud服务帐户 [英] Athenticating gcloud service account within gitlab CI/CD

问题描述

我正在使用gcloud-service-key.json从gitlab-ci.yml文件向gcloud部署服务.我收到此错误

I am deploying a service to gcloud from gitlab-ci.yml file using gcloud-service-key.json. I get this error

$ google-cloud-sdk/bin/gcloud auth activate-service-account --key-file$ {HOME}/gcloud-service-key.json错误:gcloud崩溃了(ValueError):否可以检测到密钥.

$ google-cloud-sdk/bin/gcloud auth activate-service-account --key-file ${HOME}/gcloud-service-key.json ERROR: gcloud crashed (ValueError): No key could be detected.

在下面的代码片段中找到

Find below a subset of the code snippet

 - apk add --update make ca-certificates openssl python --repository https://alpine.global.ssl.fastly.net/alpine/v3.10/community --repository https://alpine.global.ssl.fastly.net/alpine/v3.10/main && rm -fR /var/cache/apk/*
  - update-ca-certificates
  # Write our GCP service account private key into a file
  - echo $GCLOUD_SERVICE_KEY > ${HOME}/gcloud-service-key.json
  # Download and install Google Cloud SDK
  - wget https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz
  - tar zxvf google-cloud-sdk.tar.gz && ./google-cloud-sdk/install.sh --usage-reporting=false --path-update=true
  - google-cloud-sdk/bin/gcloud --quiet components update
  - google-cloud-sdk/bin/gcloud auth activate-service-account --key-file ${HOME}/gcloud-service-key.json

任何帮助都会受到赞赏，我已经待了几天了.

Any help will be appraciated, I've been at this for several days now.

推荐答案

密钥文件似乎有问题.尝试使用gcloud生成新的:

It looks like there's an issue with you key-file. Try generating new one with gcloud:

$ gcloud iam service-accounts keys create key1.json --iam-account=test123@xxxxx.iam.gserviceaccount.com
created key [6ca5ffc929f31d1f1915d430887a7fa3689eb69d] of type [json] as [key1.json] for [test123@xxxxx.iam.gserviceaccount.com]

还有一个官方文档如何生成一个键-如有疑问，请随时查看.

There's also an official documentation how to generate a key - feel free to have a look if in doubt.

您的 json 密钥文件应如下所示:

Your json key-file should look like this:

{
  "type": "service_account",
  "project_id": "xxxxxx,
  "private_key_id": "6ca5ffc929f31d1f1915d430887a7fa3689eb69d",
  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAAsdfsd234fesSiAgEAAoIBAQDKnmI67Aw3DgHM\n1b25LH1jRAV0pt6hjTEeJGH$
  "client_email": "test123@xxxxx.iam.gserviceaccount.com",
  "client_id": "110107674812168412361",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test123@xxxxx.iam.gserviceaccount.com"
}

如果文件的外观不同，请检查 echo $ GCLOUD_SERVICE_KEY>$ {HOME}/gcloud-service-key.json 部分. $ GCLOUD_SERVICE_KEY 变量可能有问题.

If your file looks in a different way check the echo $GCLOUD_SERVICE_KEY > ${HOME}/gcloud-service-key.json part. It may be an issue with the $GCLOUD_SERVICE_KEY variable.

如果您对激活帐户有任何疑问，也可以另一篇有关如何执行此操作的文档.

Also if you have any doubts about activating an account there's also another piece of documentation on how to do it.

这篇关于认证gitlab CI/CD中的gcloud服务帐户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！