1

我正在尝试部署我们app.yamlqueue.yaml使用以下命令:

gcloud --verbosity=debug --project PROJECT_ID app deploy app.yaml queue.yaml

我用角色创建了一个新的服务帐户

  • App Engine 部署程序
  • App Engine 服务管理员
  • Cloud Build 服务帐号

用于部署app.yaml,它本身就可以工作。尝试部署时queue.yaml,我收到以下错误:

DEBUG: Running [gcloud.app.deploy] with arguments: [--project: "PROJECT_ID", --verbosity: "debug", DEPLOYABLES:1: "[u'queue.yaml']"]
DEBUG: Loading runtimes experiment config from [gs://runtime-builders/experiments.yaml]
INFO: Reading [<googlecloudsdk.api_lib.storage.storage_util.ObjectReference object at 0x7fcc7dba0dd0>]
DEBUG: API endpoint: [https://appengine.googleapis.com/], API version: [v1]
Configurations to update:

descriptor:      [/home/dominic/workspace/PROJECT/api/queue.yaml]
type:            [task queues]
target project:  [PROJECT_ID]


DEBUG: (gcloud.app.deploy) PERMISSION_DENIED: The caller does not have permission
Traceback (most recent call last):
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 983, in Execute
    resources = calliope_command.Run(cli=self, args=args)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 807, in Run
    resources = command_instance.Run(args)
  File "/usr/lib/google-cloud-sdk/lib/surface/app/deploy.py", line 117, in Run
    default_strategy=flex_image_build_option_default))
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/command_lib/app/deploy_util.py", line 606, in RunDeploy
    app, project, services, configs, version_id, deploy_options.promote)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/command_lib/app/output_helpers.py", line 111, in DisplayProposedDeployment
    DisplayProposedConfigDeployments(project, configs)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/command_lib/app/output_helpers.py", line 134, in DisplayProposedConfigDeployments
    project, 'cloudtasks.googleapis.com')
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/api_lib/services/enable_api.py", line 43, in IsServiceEnabled
    service = serviceusage.GetService(project_id, service_name)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/api_lib/services/serviceusage.py", line 168, in GetService
    exceptions.ReraiseError(e, exceptions.GetServicePermissionDeniedException)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/api_lib/services/exceptions.py", line 96, in ReraiseError
    core_exceptions.reraise(klass(api_lib_exceptions.HttpException(err)))
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/core/exceptions.py", line 146, in reraise
    six.reraise(type(exc_value), exc_value, tb)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/api_lib/services/serviceusage.py", line 165, in GetService
    return client.services.Get(request)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/third_party/apis/serviceusage/v1/serviceusage_v1_client.py", line 297, in Get
    config, request, global_params=global_params)
  File "/usr/bin/../lib/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 731, in _RunMethod
    return self.ProcessHttpResponse(method_config, http_response, request)
  File "/usr/bin/../lib/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 737, in ProcessHttpResponse
    self.__ProcessHttpResponse(method_config, http_response, request))
  File "/usr/bin/../lib/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 604, in __ProcessHttpResponse
    http_response, method_config=method_config, request=request)
GetServicePermissionDeniedException: PERMISSION_DENIED: The caller does not have permission
ERROR: (gcloud.app.deploy) PERMISSION_DENIED: The caller does not have permission

我还尝试了以下角色:

  • 云任务管理员
  • 云任务队列管理员
  • 云任务服务代理

我现在正在使用项目编辑角色,它可以工作,但我只想允许实际需要的角色。

4

2 回答 2

0

我自己用这个把头撞到墙上一段时间,看起来“直觉上”你还需要“serviceusage.services.list”烫发,所以服务使用查看器角色

通过此问题找到 https://issuetracker.google.com/issues/137078982

于 2021-09-30T13:21:53.900 回答
0

除了 Cloud Tasks Queue Admin 角色外,您还必须添加Service Account User以允许 Cloud Task 的服务帐户代表服务帐户生成令牌。

于 2020-04-24T15:15:56.610 回答