将图像上传到Google云存储的权限错误,但我已经对IAM授予了适当的权限
Error: reportai-images@even-shuttle-250512.iam.gserviceaccount.com does not have storage.objects.create access to reportai-images/images.jpeg.
at Gaxios.request (/home/jvcabral/Projects/reportai_image_upload/node_modules/gaxios/build/src/gaxios.js:70:23)
at process._tickCallback (internal/process/next_tick.js:68:7)
答案 0 :(得分:0)
IAM成员帐户对您的项目没有权限storage.objects.create。
要列出分配给项目的IAM成员角色,请执行此命令。将PROJECT_ID替换为您的项目ID,该项目ID似乎为even-shuttle-250512。
gcloud projects get-iam-policy PROJECT_ID > project_roles.txt
查看成员的文件project_roles.txt,并确认为服务帐户分配了哪些角色:
reportai-images@even-shuttle-250512.iam.gserviceaccount.com
要将角色添加到授予服务帐户所需权限的项目中,请执行以下操作:
Windows语法:
gcloud projects add-iam-policy-binding PROJECT_ID ^
--member=serviceAccount:reportai-images@even-shuttle-250512.iam.gserviceaccount.com ^
--role=roles/storage.admin
Linux / macOS语法:
gcloud projects add-iam-policy-binding PROJECT_ID \
--member=serviceAccount:reportai-images@even-shuttle-250512.iam.gserviceaccount.com \
--role=roles/storage.admin
请注意,在上一个命令中,我分配了角色Storage Admin。选择一个满足您最低特权要求的角色。例如,roles/storage.legacyBucketWriter可能更合适。