google-app-engine - 错误:(gcloud.app.deploy)您没有权限访问应用程序[my-app](或它可能不存在):调用者没有权限
问题描述
我正在尝试通过 Bitbucket Pipelines 部署我的 Google App Engine 应用程序。但是,我在尝试部署时收到以下权限错误。
这是我的 bitbucket-pipelines.yml 脚本:
script:
# Install Google App Engine SDK
- curl -o /tmp/google-cloud-sdk.tar.gz https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-155.0.0-linux-x86_64.tar.gz
- tar -xvf /tmp/google-cloud-sdk.tar.gz -C /tmp/
- /tmp/google-cloud-sdk/install.sh -q
- source /tmp/google-cloud-sdk/path.bash.inc
# Authenticating with the service account key file
- echo $GOOGLE_CLIENT_SECRET > ./gcloud-api-key.json
- gcloud auth activate-service-account --key-file gcloud-api-key.json
# Linking to the Google Cloud project
- gcloud config list
- gcloud config set project $CLOUDSDK_CORE_PROJECT
- gcloud app deploy --log-http --verbosity=debug app.yaml
请在下面找到调试日志。
DEBUG: API endpoint: [https://appengine.googleapis.com/], API version: [v1]
=======================
==== request start ====
uri: https://appengine.googleapis.com/v1/apps/my-app?alt=json
method: GET
== headers start ==
Authorization: Bearer [hidden]
accept: application/json
accept-encoding: gzip, deflate
content-length: 0
user-agent: google-cloud-sdk x_Tw5K8nnjoRAqULM9PFAC2b gcloud/155.0.0 command/gcloud.app.deploy invocation-id/234e7fc5072e448aaa6870de17b900f2 environment/None environment-version/None interactive/False python/2.7.13 (Linux 4.19.43-coreos)
== headers end ==
== body start ==
== body end ==
==== request end ====
---- response start ----
-- headers start --
-content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private
content-length: 126
content-type: application/json; charset=UTF-8
date: Sun, 09 Jun 2019 22:39:11 GMT
server: ESF
status: 403
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
-- headers end --
-- body start --
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
-- body end --
total round trip time (request+response): 0.389 secs
---- response end ----
----------------------
DEBUG: HttpError accessing <https://appengine.googleapis.com/v1/apps/my-app?alt=json>: response: <{'status': '403', 'content-length': '126', 'x-xss-protection': '0', 'x-content-type-options': 'nosniff', 'transfer-encoding': 'chunked', 'vary': 'Origin, X-Origin, Referer', 'server': 'ESF', '-content-encoding': 'gzip', 'cache-control': 'private', 'date': 'Sun, 09 Jun 2019 22:39:11 GMT', 'x-frame-options': 'SAMEORIGIN', 'alt-svc': 'quic=":443"; ma=2592000; v="46,44,43,39"', 'content-type': 'application/json; charset=UTF-8'}>, content <{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
>
DEBUG: (gcloud.app.deploy) You do not have permission to access app [my-app] (or it may not exist): The caller does not have permission
Traceback (most recent call last):
File "/tmp/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 712, in Execute
resources = args.calliope_command.Run(cli=self, args=args)
File "/tmp/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 784, in Run
resources = command_instance.Run(args)
File "/tmp/google-cloud-sdk/lib/surface/app/deploy.py", line 61, in Run
args, runtime_builder_strategy=runtime_builder_strategy)
File "/tmp/google-cloud-sdk/lib/googlecloudsdk/command_lib/app/deploy_util.py", line 369, in RunDeploy
app = _PossiblyCreateApp(api_client, project)
File "/tmp/google-cloud-sdk/lib/googlecloudsdk/command_lib/app/deploy_util.py", line 499, in _PossiblyCreateApp
return api_client.GetApplication()
File "/tmp/google-cloud-sdk/lib/googlecloudsdk/api_lib/app/appengine_api_client.py", line 48, in GetApplication
return requests.MakeRequest(self.client.apps.Get, request)
File "/tmp/google-cloud-sdk/lib/googlecloudsdk/api_lib/app/api/requests.py", line 85, in MakeRequest
raise api_lib_exceptions.HttpException(error, error_message=error_message)
HttpException: You do not have permission to access app [my-app] (or it may not exist): The caller does not have permission
ERROR: (gcloud.app.deploy) You do not have permission to access app [my-app] (or it may not exist): The caller does not have permission
我已经为我的服务帐户设置了一个大的权限列表,并且我不断收到相同的错误:
- App 引擎管理员
- App Engine 部署程序
- App Engine 服务管理员
- App Engine 柔性环境服务代理
- 浏览器
- 云构建编辑器
- 云构建服务代理
- 环境和存储对象管理员
- 计算管理员
- 计算实例管理员 (v1)
- 计算存储管理员
- 服务帐号管理员
- 存储管理员
- 存储对象管理查看器
解决方案
我找到了这篇文章。使用 bitbucket 管道部署到 Google Cloud
首先,您需要创建一个 Google 服务帐户密钥。如需更多指导,请参阅 Google创建服务密钥的指南。
- 打开你的终端
- 浏览到您的密钥文件的位置
- 将您的文件编码为 base64 格式:base64 -w 0 注意:对于某些版本的 MacOS,-w 0 不是必需的。
- 复制命令的输出
- 转到 Bitbucket 中的存储库设置,然后转到 Pipelines > 存储库变量
- 创建一个名为 KEY_FILE 的新变量并粘贴编码的服务帐户凭据。
bitbucket-pipelines.yml
image: node:10.15.1
pipelines:
default:
- step:
name: Build and Test
script:
- npm install
- npm test
- step:
name: Deploy
script:
- pipe: atlassian/google-app-engine-deploy:0.2.1
variables:
KEY_FILE: $KEY_FILE
PROJECT: 'my-project'
推荐阅读
- python - 这个 python 代码中的“x=sorted(list(set(x for name,x in marksheet)))”是什么意思?
- r - dplyr 无法计算向量中的子字符串
- php - 如何检查相关表是否没有记录
- list - 从数据框列表中制作单个数据框
- node.js - 如何使用 Mongoose/MongoDB 获取 mongoose 查询以仅返回文档内的特定字段?
- r - 在R中按组将列中的元素转置为多列
- android - Drive API v3 的 Google Oauth2 范围请求不起作用
- arrays - 如何在c中使用while循环将字符串值存储在数组的特定索引中
- python - 图表有什么问题
- python - 用 Python 编写 Discord 机器人 - 如何让它自动发送消息?