服务帐户需要什么作用域/角色才能提交容器构建器作业? [英] What scopes / roles are required for a service account to be able to submit container builder jobs?
本文介绍了服务帐户需要什么作用域/角色才能提交容器构建器作业?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
创建新的服务帐户以处理Container Builder作业时,尽管服务帐户具有 Cloud Container Builder
, Logs Viewer
和私人日志查看器
:
When creating a new service account to handle Container Builder jobs, the jobs fail with the following error despite the service account having Cloud Container Builder
, Logs Viewer
and Private Logs viewer
:
ERROR: (gcloud.container.builds.submit) HTTPError 403:
<?xml version='1.0' encoding='UTF-8'?>
<Error>
<Code>AccessDenied</Code>
<Message>Access denied.</Message>
<Details>v2-container-builder@redacted.iam.gserviceaccount.com does not have storage.objects.get access to object redacted.cloudbuild-logs.googleusercontent.com/log-20117c17-f2b4-4159-9883-104ddd7bb232.txt.
</Details>
</Error>
我了解错误指向云存储上文件的 storage.objects.get
权限,但这不是我们可以设置 acl
的存储桶吗?
I understand the error points to storage.objects.get
permissions over a file on cloud storage, but this is not a bucket we can set acl
for is it ?
推荐答案
查看全文