我无法使用gcloud访问计算引擎API? [英] I am not able to access compute engine API with gcloud?
问题描述
我有一个实例,其访问范围为为每个API设置访问权限",并明确允许Compute Engine API具有读写访问权限,如下图所示.
I have an instance running with access scope 'Set Access for each API', and explicitly allowing Compute Engine API with Read-Write access as showing in this below image.
所以我通过SSH登录了实例,然后尝试运行此命令:-
So I logged inside the instance via SSH, and I tried to run this command:-
gcloud计算实例列表
我收到一个错误:
-'projects/dotted-hxxl-xxx'
我的用户已明确允许访问compute Engine API,但仍然出现错误.我不应该得到这个错误吗?我在这里想念什么?
My user is having explicitly allowing access to compute Engine API but still I am getting the error. I shouldn't get this error right? What am I missing here?
推荐答案
- 停止计算引擎实例
gcloud计算实例停止instance-1 --zone us-central1-c
- 获取实例的服务帐户
gcloud计算实例描述instance-1 --zone us-central1-c |grep电子邮件
- 将角色
roles/compute.instanceAdmin分配给服务帐户
- assign the role
roles/compute.instanceAdminto the service account
gcloud项目add-iam-policy-binding your_project-成员="serviceAccount:SERVICE_ACCOUNT_ID@your_project.iam.gserviceaccount.com"--role =" roles/compute.instanceAdmin"
- 启动实例
gcloud计算实例启动instance-1 --zone us-central1-c
- SSH到实例
gcloud computing ssh instance-1 --zone us-central1-c
- 运行gcloud命令
gcloud计算实例列表
还请阅读 IAM角色和OAuth范围之间的区别
设置实例以作为服务帐户运行时,您将确定您所拥有的IAM角色对服务帐户的访问级别授予服务帐户.如果服务帐户没有IAM角色,那么服务帐户就无法在该方法上运行任何API方法实例.
When you set up an instance to run as a service account, you determine the level of access the service account has by the IAM roles that you grant to the service account. If the service account has no IAM roles, then no API methods can be run by the service account on that instance.
此外,实例的访问范围决定了默认的OAuth通过gcloud工具和客户端库发出的请求的范围在实例上.结果,访问范围可能进一步受到限制通过OAuth进行身份验证时可以访问API方法
Furthermore, an instance's access scopes determine the default OAuth scopes for requests made through the gcloud tool and client libraries on the instance. As a result, access scopes potentially further limit access to API methods when authenticating through OAuth
这篇关于我无法使用gcloud访问计算引擎API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
