google-cloud-platform - 当我尝试部署端点配置时,gcloud 抛出 PERMISSION_DENIED
问题描述
我正在尝试通过命令部署端点配置:
gcloud endpoints services deploy openapi-functions.yaml \
--project ESP_PROJECT_ID
我收到一个错误:
ERROR: (gcloud.endpoints.services.deploy) PERMISSION_DENIED: Ownership for domain name 'REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net' on project 'PROJECT_ID' cannot be verified.
我使用命令登录:
gcloud auth login
这是登录后在终端中的输出:
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?code_challenge=...
You are now logged in as [user@gmail.com].
Your current project is [PROJECT_ID]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
如果我再次运行部署命令,我会收到相同的错误消息。有什么问题?为什么是PERMISSION_DENIED?
openapi-functions.yaml
swagger: "2.0"
info:
description: "send email function."
title: "send-email"
version: "1.0.0"
host: "REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net"
security:
- api_key: []
schemes:
- https
produces:
- application/json
paths:
/send-email:
get:
summary: Greet a user
operationId: hello
x-google-backend:
address: https://REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net/send-email
protocol: h2
responses:
"200":
description: A successful response
schema:
type: string
securityDefinitions:
# This section configures basic authentication with an API key.
api_key:
type: "apiKey"
name: "key"
in: "query"
如果我运行:
gcloud endpoints services deploy openapi-functions.yaml --project ESP_PROJECT_ID --verbosity='debug'
输出是:
DEBUG: Running [gcloud.endpoints.services.deploy] with arguments: [--project: "PROJECT_ID", --verbosity: "debug", SERVICE_CONFIG_FILE:1: "[u'openapi-functions.yaml']"]
INFO: No JSON detected in service config. Trying YAML...
DEBUG: (gcloud.endpoints.services.deploy) PERMISSION_DENIED: Ownership for domain name 'us-central1-PROJECT_ID.cloudfunctions.net' on project 'PROJECT_ID' cannot be verified.
Traceback (most recent call last):
File "/dev/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 983, in Execute
resources = calliope_command.Run(cli=self, args=args)
File "/dev/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 807, in Run
resources = command_instance.Run(args)
File "/dev/google-cloud-sdk/lib/surface/endpoints/services/deploy.py", line 350, in Run
services_util.CreateService(self.service_name, project_id)
File "/dev/google-cloud-sdk/lib/googlecloudsdk/api_lib/endpoints/services_util.py", line 432, in CreateService
result = client.services.Create(create_request)
File "/dev/google-cloud-sdk/lib/googlecloudsdk/third_party/apis/servicemanagement/v1/servicemanagement_v1_client.py", line 657, in Create
config, request, global_params=global_params)
File "/dev/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 731, in _RunMethod
return self.ProcessHttpResponse(method_config, http_response, request)
File "/dev/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 737, in ProcessHttpResponse
self.__ProcessHttpResponse(method_config, http_response, request))
File "/dev/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 604, in __ProcessHttpResponse
http_response, method_config=method_config, request=request)
HttpForbiddenError: HttpError accessing <https://servicemanagement.googleapis.com/v1/services?alt=json>: response: <{'status': '403', 'content-length': '218', 'x-xss-protection': '0', 'x-content-type-options': 'nosniff', 'transfer-encoding': 'chunked', 'vary': 'Origin, X-Origin, Referer', 'server': 'ESF', '-content-encoding': 'gzip', 'cache-control': 'private', 'date': 'Sun, 31 May 2020 20:41:07 GMT', 'x-frame-options': 'SAMEORIGIN', 'alt-svc': 'h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"', 'content-type': 'application/json; charset=UTF-8'}>, content <{
"error": {
"code": 403,
"message": "Ownership for domain name 'us-central1-PROJECT_ID.cloudfunctions.net' on project 'PROJECT_ID' cannot be verified.",
"status": "PERMISSION_DENIED"
}
}
解决方案
您提供了错误的主机,文档说主机应该是CLOUD_RUN_HOSTNAME
:
在主机字段中,指定
CLOUD_RUN_HOSTNAME
Cloud Run 在上面部署 ESPv2 Beta 中部署 ESPv2 Beta 时创建的 URL 的主机名部分。不包括协议标识符,https://
而你正在使用host: "REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net"
。
推荐阅读
- python - pool.map() 无法识别在主线程中声明的变量
- jenkins - 如果工作不存在,如何从管道忽略构建 Jenkins 工作?
- angular - 如何在 Angular 6 中的解析器服务中使用路由器导航?
- c++ - VS2017 上 SFINAE 的编译错误
- python-3.x - 为 pandas 的 html 表格设置样式
- javascript - jquery .load() 外部内容在模态中失败
- airflow - 如何将 Apache Airflow 与 slack 集成?
- c# - 先决条件本身需要先决条件
- arrays - 如何在将对象值发送到 json 编码之前将 URL 的第一部分添加到对象值中
- c++ - 初始化类成员的更好做法是什么?