Secret Manager我在 GCP 的服务中创造了一些秘密。然后为了在我的本地机器上访问这些秘密,我创建了一个service account和一个JSON密钥来从我的本地机器上验证该服务帐户。我还将角色授予该Secret Manager Secret Accessor服务帐户,以使其能够访问来自Secret Manager. 现在,它在我的本地机器上运行良好。
此外,我想将此代码部署到 GCP Compute Instance。因此,我创建了一个并将源代码发送到该实例。Secret Manager Secret Accessor我还向计算实例的默认服务帐户授予了相同的权限。现在,当我在实例上运行尝试此代码时,它会返回一个权限被拒绝错误,如下所述。
The above exception was the direct cause of the following exception:
ibdax |
ibdax | Traceback (most recent call last):
ibdax | File "manage.py", line 22, in <module>
ibdax | main()
ibdax | File "manage.py", line 18, in main
ibdax | execute_from_command_line(sys.argv)
ibdax | File "/usr/local/lib/python3.7/site-packages/django/core/management/__init__.py", line 419, in execute_from_command_line
ibdax | utility.execute()
ibdax | File "/usr/local/lib/python3.7/site-packages/django/core/management/__init__.py", line 363, in execute
ibdax | settings.INSTALLED_APPS
ibdax | File "/usr/local/lib/python3.7/site-packages/django/conf/__init__.py", line 82, in __getattr__
ibdax | self._setup(name)
ibdax | File "/usr/local/lib/python3.7/site-packages/django/conf/__init__.py", line 69, in _setup
ibdax | self._wrapped = Settings(settings_module)
ibdax | File "/usr/local/lib/python3.7/site-packages/django/conf/__init__.py", line 170, in __init__
ibdax | mod = importlib.import_module(self.SETTINGS_MODULE)
ibdax | File "/usr/local/lib/python3.7/importlib/__init__.py", line 127, in import_module
ibdax | return _bootstrap._gcd_import(name[level:], package, level)
ibdax | File "<frozen importlib._bootstrap>", line 1006, in _gcd_import
ibdax | File "<frozen importlib._bootstrap>", line 983, in _find_and_load
ibdax | File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked
ibdax | File "<frozen importlib._bootstrap>", line 677, in _load_unlocked
ibdax | File "<frozen importlib._bootstrap_external>", line 728, in exec_module
ibdax | File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
ibdax | File "/ibdax/ibdax/settings.py", line 19, in <module>
ibdax | from ibdax.constants import (
ibdax | File "/ibdax/ibdax/constants.py", line 30, in <module>
ibdax | DEV_DATABASE_HOST=secrets.get_secrets("dev-database-host")
ibdax | File "/ibdax/ibdax/gcp_secret_manager.py", line 23, in get_secrets
ibdax | response = self.client.access_secret_version(request)
ibdax | File "/usr/local/lib/python3.7/site-packages/google/cloud/secretmanager_v1/services/secret_manager_service/client.py", line 1155, in access_secret_version
ibdax | response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
ibdax | File "/usr/local/lib/python3.7/site-packages/google/api_core/gapic_v1/method.py", line 145, in __call__
ibdax | return wrapped_func(*args, **kwargs)
ibdax | File "/usr/local/lib/python3.7/site-packages/google/api_core/retry.py", line 286, in retry_wrapped_func
ibdax | on_error=on_error,
ibdax | File "/usr/local/lib/python3.7/site-packages/google/api_core/retry.py", line 184, in retry_target
ibdax | return target()
ibdax | File "/usr/local/lib/python3.7/site-packages/google/api_core/grpc_helpers.py", line 75, in error_remapped_callable
ibdax | six.raise_from(exceptions.from_grpc_error(exc), exc)
ibdax | File "<string>", line 3, in raise_from
ibdax | google.api_core.exceptions.PermissionDenied: 403 Request had insufficient authentication scopes.
我检查了Compute Instance's服务帐户的 IAM 角色,它有一些我无法理解的消息。这是它的屏幕截图 -
我该如何解决?