我在 GCP 中有 PubSub 功能,它正在运行云托管规则,并具有发送邮件的通知功能,即 c7n 邮件程序和调用 c7n_mailer pubsub 函数。现在,我正在针对一个项目中的所有项目运行此功能。
我已经检查并提供了所有权限,cloudcustodian 成功地针对项目运行,但是当涉及到通知并针对 c7n_mailer pubsub 运行时,它给了我以下权限问题。
我已经通过在 xxx 项目中添加 pubsub list / get 等角色来提供许可,但仍然遇到问题。
Invalid JSON content from response: b'{\n "error": {\n "code": 403,\n "message": "Caller does not have required permission to use project xxx. Grant the caller the Owner or Editor role, or a custom role with the serviceusage.services.use permission, by visiting https://console.xxx.google.com/iam-admin/iam/project?project=xxx and then retry (propagation of new permission may take a few minutes).",\n "status": "PERMISSION_DENIED",\n "details": [\n {\n "@type": "type.googleapis.com/google.rpc.Help",\n "links": [\n {\n "description": "Google developer console IAM admin",\n "url": "https://console.developers.google.com/iam-admin/iam/project?project=xxx"\n }\n ]\n },\n {\n "@type": "type.googleapis.com/google.rpc.ErrorInfo",\n "reason": "USER_PROJECT_DENIED",\n "domain": "googleapis.com",\n "metadata": {\n "service": "pubsub.googleapis.com",\n "consumer": "projects/xxx"\n }\n }\n ]\n }\n}\n'