Google Compute Engine VM上的gsutil无法使用密钥文件进行服务帐户身份验证

时间:2014-09-19 09:56:29

标签: google-compute-engine google-api-dotnet-client

我从google .net API启动了一个实例,尽管我付出了最大的努力,但我还是无法将任何内容复制到存储中或从存储中复制任何内容。目前,我正在使用开发人员控制台服务帐户进行身份验证,如下所示: -

string ServiceAccountEmail = "blahblah@developer.gserviceaccount.com";

var certificate = new X509Certificate2(@"key.p12", "notasecret", X509KeyStorageFlags.Exportable);

ServiceAccountCredential credential = new ServiceAccountCredential(
    new ServiceAccountCredential.Initializer(ServiceAccountEmail)
    {
        Scopes = new[] { ComputeService.Scope.Compute, ComputeService.Scope.DevstorageFullControl }
    }.FromCertificate(certificate));

var cs = new ComputeService(new BaseClientService.Initializer
{
    ApplicationName = "appname",
    HttpClientInitializer = (Google.Apis.Http.IConfigurableHttpClientInitializer)credential,
});


Google.Apis.Compute.v1.Data.Instance newinst = new Google.Apis.Compute.v1.Data.Instance();
newinst.Name = "generatedinstance";
newinst.MachineType = "https://www.googleapis.com/compute/v1/projects/projectid/zones/zone/machineTypes/n1-standard-1";

Google.Apis.Compute.v1.Data.AttachedDisk ad = new Google.Apis.Compute.v1.Data.AttachedDisk();
ad.AutoDelete = true;
ad.Boot = true;
ad.Type = "PERSISTENT";
ad.InitializeParams = new Google.Apis.Compute.v1.Data.AttachedDiskInitializeParams();
ad.InitializeParams.DiskName = "newdisk";
ad.InitializeParams.SourceImage = "https://www.googleapis.com/compute/v1/projects/projectid/global/images/customimage";
ad.InitializeParams.DiskType = "https://www.googleapis.com/compute/v1/projects/projectid/zones/zone/diskTypes/pd-standard";
ad.Mode = "READ_WRITE";
newinst.Disks = new List<Google.Apis.Compute.v1.Data.AttachedDisk>();
newinst.Disks.Add(ad);

Google.Apis.Compute.v1.Data.NetworkInterface ni = new Google.Apis.Compute.v1.Data.NetworkInterface();
ni.Network = "https://www.googleapis.com/compute/v1/projects/projectid/global/networks/default";
ni.AccessConfigs = new List<Google.Apis.Compute.v1.Data.AccessConfig>();
ni.AccessConfigs.Add(new Google.Apis.Compute.v1.Data.AccessConfig
{
    Type = "ONE_TO_ONE_NAT",
    Name = "External NAT",
});
newinst.NetworkInterfaces = new List<Google.Apis.Compute.v1.Data.NetworkInterface>();
newinst.NetworkInterfaces.Add(ni);
var start = new Google.Apis.Compute.v1.Data.Metadata.ItemsData();
start.Key = "startup-script";
start.Value = "*startup script* includes gsutil cp which won't work without service account attached";
newinst.Metadata = new Google.Apis.Compute.v1.Data.Metadata();
newinst.Metadata.Kind = "compute#metadata";
newinst.Metadata.Items = new List<Google.Apis.Compute.v1.Data.Metadata.ItemsData>();
newinst.Metadata.Items.Add(start);
newinst.ServiceAccounts = new List<Google.Apis.Compute.v1.Data.ServiceAccount>();

//var sa = new Google.Apis.Compute.v1.Data.ServiceAccount();|with this section
//sa.Email = "blahblah@developer.gserviceaccount.com";      |the instance won't
//sa.Scopes = new[] { ComputeService.Scope.Compute,         |start. (An equivalent
    ComputeService.Scope.DevstorageFullControl };           |is found in instance
//newinst.ServiceAccounts.Add(sa);                          |start REST request)

var instinsert = new InstancesResource.InsertRequest(cs, newinst, "projectid", "zone");
var insertresponse = instinsert.Execute();

我尝试使用gsutil cp时收到的消息是&#34;您目前没有选择有效帐户。&#34; 。谁能告诉我哪里出错?

3 个答案:

答案 0 :(得分:0)

您需要运行gcloud auth activate-service-account blahblah@developer.gserviceaccount.com --key-file path_to_key.p12告诉Cloud SDK(包括gsutil)您的服务帐户。

答案 1 :(得分:0)

根据提供的代码,我可以看到original示例有

var certificate = new X509Certificate2(@"key.p12", "notasecret", X509KeyStorageFlags.Exportable);

我发现你错过了代码中的&#39; @&#39;我对.Net不是很熟悉。我已在python和此one中测试了这些示例。在创建我的实例时,我添加了GCS的服务帐户,并正确上传文件。

答案 2 :(得分:0)

OKAY!问题解决了。我错误的部分是问题中的评论 -

var sa = new Google.Apis.Compute.v1.Data.ServiceAccount();
sa.Email = "blahblah@developer.gserviceaccount.com";
sa.Scopes = new[] { ComputeService.Scope.Compute,
    ComputeService.Scope.DevstorageFullControl };
newinst.ServiceAccounts.Add(sa);

我需要在此部分中为开发者控制台的主服务帐户发送电子邮件,而不是我用于创建凭据的相同服务帐户,但不要问我为什么。 Point是实例启动,gsutil现在很高兴地复制了 感谢您的时间,并帮助大家! 罗斯