使用Google Cloud SDK在gcloud app部署期间拒绝权限

时间:2018-01-16 19:42:56

标签: google-app-engine google-cloud-platform

使用Google Cloud SDK将应用部署到Google App Engine非常困难。

我曾尝试过以下2个命令

C:\Users\yccheok\Desktop\jstock-android-appengine>gcloud config set project jstock-android
Updated property [core/project].

C:\Users\yccheok\Desktop\jstock-android-appengine>gcloud app deploy app.yaml --log-http --verbosity=debug
DEBUG: Running [gcloud.app.deploy] with arguments: [--log-http: "true", --verbosity: "debug", DEPLOYABLES:1: "['app.yaml']"]
DEBUG: No staging command found for runtime [python27] and environment [STANDARD].
DEBUG: API endpoint: [https://appengine.googleapis.com/], API version: [v1]
=======================
==== request start ====
uri: https://appengine.googleapis.com/v1/apps/jstock-android?alt=json
method: GET
== headers start ==
Authorization: Bearer ya29.GlxEBb1XVP1JK93-ARiaN_ZgiMbvZmw5KWfvJVfibDJ4FK_ZaMRoU1jVDTiWzsY606GSduJKJd9Nm8zA-_Iql5mGn4AMk4QVl8mPRycfekeZnOOHtbUvpkBMgOLOQA
accept: application/json
accept-encoding: gzip, deflate
content-length: 0
user-agent: google-cloud-sdk x_Tw5K8nnjoRAqULM9PFAC2b gcloud/184.0.0 command/gcloud.app.deploy invocation-id/c9ae232d33b346d787b95a36e28c38c0 environment/None environment-version/None interactive/True python/2.7.13 (Windows NT 10.0.16299)
== headers end ==
== body start ==

== body end ==
==== request end ====
---- response start ----
-- headers start --
-content-encoding: gzip
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
cache-control: private
content-length: 335
content-type: application/json; charset=UTF-8
date: Tue, 16 Jan 2018 19:16:21 GMT
server: ESF
status: 403
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
-- headers end --
-- body start --
{
  "error": {
    "code": 403,
    "message": "Operation not allowed",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ResourceInfo",
        "resourceType": "gae.api",
        "description": "The \"appengine.applications.get\" permission is required."
      }
    ]
  }
}

-- body end --
total round trip time (request+response): 1.796 secs
---- response end ----
----------------------
DEBUG: (gcloud.app.deploy) Permissions error fetching application [apps/jstock-android]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.
Traceback (most recent call last):
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\calliope\cli.py", line 797, in Execute
    resources = calliope_command.Run(cli=self, args=args)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\calliope\backend.py", line 757, in Run
    resources = command_instance.Run(args)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\surface\app\deploy.py", line 65, in Run
    parallel_build=False)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\command_lib\app\deploy_util.py", line 543, in RunDeploy
    app = _PossiblyCreateApp(api_client, project)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\command_lib\app\deploy_util.py", line 703, in _PossiblyCreateApp
    api_client._FormatApp())))  # pylint: disable=protected-access
HttpException: Permissions error fetching application [apps/jstock-android]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.
ERROR: (gcloud.app.deploy) Permissions error fetching application [apps/jstock-android]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.

C:\Users\yccheok\Desktop\jstock-android-appengine>

然后,我浏览了https://cloud.google.com/appengine/docs/admin-api/accessing-the-api,它提到我需要使用 Admin API 。所以,我一步一步地做。

第1步

enter image description here

第2步

enter image description here

提到 Admin API 已启用。现在我需要凭证。

第3步

enter image description here

第4步

enter image description here

行。现在他们提到我不需要创建新的凭据。我可以使用应用程序默认凭据?!

第5步

所以,我去了https://developers.google.com/identity/protocols/application-default-credentials?hl=en_GB。我知道我需要运行

C:\Users\yccheok\Desktop\jstock-android-appengine>gcloud auth application-default login
Your browser has been opened to visit:

    https://accounts.google.com/o/oauth2/auth?redirect_uri=http%3A%2F%2Flocalhost%3A8085%2F&prompt=select_account&response_type=code&client_id=764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform&access_type=offline



Credentials saved to file: [C:\Users\yccheok\AppData\Roaming\gcloud\application_default_credentials.json]

These credentials will be used by any library that requests
Application Default Credentials.

第6步

enter image description here

第7步

enter image description here

在完成上述7个步骤后,我仍然会在尝试运行时收到完全相同的错误消息

gcloud app deploy app.yaml --log-http --verbosity=debug

为了使用Google Cloud SDK将我的Python应用程序部署到Google App Engine,有谁能让我知道,我还需要哪一步?

3 个答案:

答案 0 :(得分:4)

Admin API用于以编程方式部署应用,而不是使用gcloud app deploy进行部署,您甚至不需要为您的应用启用Admin API。

来自Deploying a Python App

  

要以编程方式部署您的应用,请使用the Admin API

     

开始之前

     

在部署应用之前:

     

(但我可以看到以上内容可能被错误地表述为使用Admin API的邀请)

gcloud app deploy实际使用的帐户很可能缺失或者没有所需的权限。

您可以查看gcloud auth list使用的帐户。在我的情况下,帐户是我的电子邮件地址,而不是服务帐户(我不确定是否可以使用服务帐户)。

如果您需要其他帐户,请使用gcloud auth login(以及gcloud auth revoke}。

您可以在the IAM Page上查看项目/应用中帐户的权限(如果有)。

答案 1 :(得分:4)

关于此的另一条注释, 启用App Engine API和云构建器api后,请确保“云构建服务帐户”也有权访问该项目。

启用正确的api后,我遇到了这个问题。

这是使用构建触发器。我可以从命令行本地部署,因为我已通过身份验证。但是,如果您使用构建触发器,它将使用需要访问的构建服务帐户。

希望这会有所帮助。

答案 2 :(得分:3)

我遇到了这个问题。就我而言,它是通过使用项目ID而不是项目名称来设置项目来解决的。看到这个答案

gcloud app deploy ERROR: Permissions error fetching application [apps/<PROJECT_NAME>]

相关问题
最新问题