从GitLab CI将应用程序部署到App Engine时,权限被拒绝

时间:2019-12-13 19:45:18

标签: python google-app-engine google-cloud-platform gitlab-ci

使用GitLab CI将Python 3应用程序自动部署到App Engine标准时遇到问题。

出现以下错误:

DEBUG: (gcloud.app.deploy) Error Response: [7] Failed to create cloud build: Permission denied
 Traceback (most recent call last):
   File "/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 984, in Execute
     resources = calliope_command.Run(cli=self, args=args)
   File "/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 807, in Run
     resources = command_instance.Run(args)
   File "/google-cloud-sdk/lib/surface/app/deploy.py", line 110, in Run
     default_strategy=flex_image_build_option_default))
   File "/google-cloud-sdk/lib/googlecloudsdk/command_lib/app/deploy_util.py", line 642, in RunDeploy
     ignore_file=args.ignore_file)
   File "/google-cloud-sdk/lib/googlecloudsdk/command_lib/app/deploy_util.py", line 432, in Deploy
     extra_config_settings)
   File "/google-cloud-sdk/lib/googlecloudsdk/api_lib/app/appengine_api_client.py", line 208, in DeployService
     poller=done_poller)
   File "/google-cloud-sdk/lib/googlecloudsdk/api_lib/app/operations_util.py", line 314, in WaitForOperation
     sleep_ms=retry_interval)
   File "/google-cloud-sdk/lib/googlecloudsdk/api_lib/util/waiter.py", line 264, in WaitFor
     sleep_ms, _StatusUpdate)
   File "/google-cloud-sdk/lib/googlecloudsdk/api_lib/util/waiter.py", line 326, in PollUntilDone
     sleep_ms=sleep_ms)
   File "/google-cloud-sdk/lib/googlecloudsdk/core/util/retry.py", line 229, in RetryOnResult
     if not should_retry(result, state):
   File "/google-cloud-sdk/lib/googlecloudsdk/api_lib/util/waiter.py", line 320, in _IsNotDone
     return not poller.IsDone(operation)
   File "/google-cloud-sdk/lib/googlecloudsdk/api_lib/app/operations_util.py", line 183, in IsDone
     encoding.MessageToPyValue(operation.error)))
 OperationError: Error Response: [7] Failed to create cloud build: Permission denied
 ERROR: (gcloud.app.deploy) Error Response: [7] Failed to create cloud build: Permission denied

.gitlab-ci.yml 

image: google/cloud-sdk:alpine

stages:
  - Deploy

deploy:
  stage: Deploy
  only:
  - tags
  script:
  - echo $SERVICE_ACCOUNT > /tmp/$CI_PIPELINE_ID.json
  - gcloud auth activate-service-account --key-file /tmp/$CI_PIPELINE_ID.json
  - gcloud app deploy app.yaml --project $PROJECT_ID --verbosity=debug

after_script:
- rm /tmp/$CI_PIPELINE_ID.json

app.yaml 

service: api
runtime: python37

我启用了App Engine Admin API,并为GitLab CI创建了一个具有以下角色的服务帐户:

  • App Engine Deployer
  • App Engine服务管理员
  • 存储对象创建者
  • 存储对象查看器

GitLab CI变量$ PROJECT_ID和$ SERVICE_ACCOUNT已分别由GCP项目ID和服务帐户的密钥填充。

1 个答案:

答案 0 :(得分:2)

自己修复:

我需要启用Cloud Build API,并将Cloud Build服务帐户角色分配给我的服务帐户。

相关问题
最新问题