如何更改 Google Compute Engine 服务帐户的范围以将数据写入 Google Cloud Storage 存储桶? [英] How to change the scope of a Google Compute Engine service account to write data to a Google Cloud Storage bucket?
问题描述
在 GCE 上运行了一个实例,并且在同一个项目中有一个 GCS 存储桶.但我无法向其写入数据.如何将数据从 VM 实例写入存储桶?
更新:截至 2016 年 12 月 15 日,功能 setServiceAccount 现在处于测试版:
如果您想以不同的身份运行,或者您确定该实例需要一组不同的范围来调用所需的 API,您可以更改现有实例的服务帐号和/或访问范围.例如,您可以更改访问范围以授予对新 API 的访问权限或更改实例以使其作为您创建的服务帐户而不是 Compute Engine 默认服务帐户运行.
要更改实例的服务帐号和访问范围,必须暂时停止该实例.要停止您的实例,请阅读文档停止实例.更改服务帐户或访问范围后,请记住重启实例.
文档提供有关如何通过 Google Cloud Console、gcloud 使用此功能的说明CLI 工具,以及 API.这是一个使用 gcloud 的示例;有关更多信息,请参阅 文档信息.
gcloud beta 计算实例 set-scopes [INSTANCE_NAME] --服务帐户 [SERVICE_ACCOUNT_EMAIL] [--无范围 |--scopes [范围,...]]<小时>
上一个答案(2016 年 12 月 15 日之前有效):
您无法更改正在运行的虚拟机实例的范围.您可以:
创建一个新实例(可能重复使用您当前实例的磁盘)在创建时指定正确的范围,例如:
gcloud 计算实例创建 [...] --scopes storage-rw如果您想在虚拟机内部手动使用
gsutil,您可以运行gsutil config在虚拟机内并按照提示进行身份验证如果您计划通过 Google API 使用自动化工具,请使用 服务帐号
There is an instance running on GCE and there is a GCS bucket in same project. But I am not able to write data to it. How can I write data from a VM instance to the storage bucket?
Update: as of 15 Dec 2016, the feature setServiceAccount is now in beta:
You can change the service account and/or access scopes of an existing instance if you want to run as a different identity, or you determine that the instance needs a different set of scopes to call the required APIs. For example, you can change access scopes to grant access to a new API or change an instance so that it runs as a service account you created instead of the Compute Engine Default Service Account.
To change an instance's service account and access scopes, the instance must be temporarily stopped. To stop your instance, read the documentation for Stopping an instance. After changing the service account or access scopes, remember to restart the instance.
The documentation provides instructions for how to use this feature using the Google Cloud Console, gcloud CLI tool, as well as API. Here's an example using gcloud; see the docs for more info.
gcloud beta compute instances set-scopes [INSTANCE_NAME] --service-account [SERVICE_ACCOUNT_EMAIL] [--no-scopes | --scopes [SCOPES,...]]
Previous answer (valid prior to 15 Dec 2016):
You can't change the scopes of a running VM instance. You can either:
create a new instance (possibly reusing the disks of your current instance) with the right scopes specified at creation time, e.g.:
gcloud compute instances create [...] --scopes storage-rwif you want to use
gsutilmanually from inside the VM, you can rungsutil configinside the VM and authenticate by following its promptsif you are planning to use an automated tool using Google APIs, use a service account
这篇关于如何更改 Google Compute Engine 服务帐户的范围以将数据写入 Google Cloud Storage 存储桶?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
