从服务帐户重新获得所有权 [英] Retake ownership from service account

问题描述

我已将我的一个Google工作表的所有权分配给我正在从事的gcloud项目的服务帐户(我知道这不是一件聪明的事...).如何将此工作表的所有权重新分配给我的主要用户帐户?

I've assigned ownership of one of my google sheets to a service account from a gcloud project I am working on (not a smart thing to do, I know...). How can I re-assign ownership of this sheet to my main user account?

推荐答案

如果您拥有服务帐户的权限(例如，您是GCP项目的所有者)，则可以使用命令行工具来认证为服务帐户并在那里修改权限.

If you have permissions on the service account (e.g. you're owner of the GCP project), you can use the command line tools to authenticate as the service account and modify the permissions there.

逐步过程(您可能已经完成了其中一些步骤):

Step by step process (you might have already some of those steps done):

1. 下载并安装GCP SDK :

curl https://sdk.cloud.google.com | bash
exec -l $SHELL
gcloud init

1. 在初始化期间，请按照以下步骤向GCP项目的帐户所有者进行身份验证，然后选择相关项目.您可以忽略其余步骤.
2. 为服务帐户创建并下载密钥是文件的当前所有者(在此命令中更改服务帐户):

1. During the initialization, follow the steps to authenticate with the account owner of the GCP project, and select the project in question. You can ignore the rest of the steps.
2. Create and download a key for the service account that is the current owner of the file (change the service account in this command):

gcloud iam service-accounts keys create key --iam-account service_account_id@project_id.iam.gserviceaccount.com

1. 缺乏SDK来包含Drive范围:

sed -i 's/\(^CLOUDSDK_SCOPES = (\)/\1"https:\/\/www.googleapis.com\/auth\/drive",/' $(gcloud info --format 'value(installation.sdk_root)')/lib/googlecloudsdk/core/config.py

1. 激活服务帐户(在此命令中更改服务帐户):

gcloud auth activate-service-account service_account_id@project_id.iam.gserviceaccount.com --key-file key

1. 调用Drive API，以收回所有权(在此命令中更改驱动器文件ID和新的所有者电子邮件地址):

curl -H"Authorization: Bearer $(gcloud auth print-access-token)" https://www.googleapis.com/drive/v3/files/DRIVE_FILE_ID/permissions?transferOwnership=true -d '{"role":"owner","type":"user","emailAddress":"YOUR_EMAIL@example.com"}' -H'content-type:application/json'

完成这些步骤后，您的常规电子邮件帐户应为新所有者.

After these steps, your regular email account should be the new owner.

这是一个非常糟糕的解决方案(黑客攻击SDK等)，但是它几乎只有7条bash命令，因此我认为这可能是最快/最简单的，至少是一次性的情况.

This is a pretty bad solution (hacking the SDK, etc..), but it's barely 7 bash commands, so I think it's likely the fastest/simplest one, at least for a one-off situation.

如果这种情况经常发生(我想不是)，那么真实的脚本可能会更有用.

If this happens often (I guess not), it's likely that a real script would be more useful.

这篇关于从服务帐户重新获得所有权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！