Google Compute Engine权限和角色未授予必要的范围 [英] Google Compute Engine permissions and roles don't grant necessary scopes
问题描述
我正在尝试使用 appcfg.py update从GCE实例进行部署.--authenticate_service_account .无论我如何配置权限,我总是会得到
I'm trying to deploy from a GCE instance using appcfg.py update . --authenticate_service_account. No matter how I configure permissions, I always seem to get
RuntimeError: Required scopes ['https://www.googleapis.com/auth/appengine.admin', 'https://www.googleapis.com/auth/
userinfo.email'] missing from ['https://www.googleapis.com/auth/cloud-platform']. This VM instance probably needs t
o be recreated with the missing scopes.
我尝试过
- 具有"Compute Engine默认服务帐户"且具有允许对所有Cloud API的完全访问权限"的实例被选中
- 具有角色为"App Engine Deployer"的自定义服务帐户的实例
- 具有角色为"App Engine Admin"的自定义服务帐户的实例
如何创建具有必要作用域的GCE实例?
How can I create a GCE instance with the necessary scopes?
推荐答案
不推荐使用作用域,而是使用角色,但是过渡仍然不完整.在GUI中似乎无法为实例分配作用域和角色,这对于某些功能仍然是必需的.
Scopes are deprecated in favor of Roles, but the transition is still incomplete. It seems impossible in the GUI to assign both scopes and roles for an instance, which is still necessary for some functionality.
解决方法是使用 gcloud 命令.它支持作用域,但不支持角色.
The workaround is to use the gcloud command. It supports scopes but not roles.
我创建了用于管理部署的实例
I created my instance for managing deployments with
gcloud compute instances create deployer --zone us-east1-c --scopes bigquery,cloud-platform,datastore,logging-write,storage-full,taskqueue,useraccounts-ro,userinfo-email,monitoring-write,service-management,https://www.googleapis.com/auth/source.full_control,https://www.googleapis.com/auth/appengine.admin
这篇关于Google Compute Engine权限和角色未授予必要的范围的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
