我的困惑是为什么我需要包括“传统”云存储角色。我喜欢避免说“旧版”的东西,因为听起来好像这些天之一将被弃用。 我做错了吗?
这是我的情况:
我正在使用来自appengine项目的服务帐户来访问另一个项目中云存储中的文件。我正在使用Google Python客户端访问数据。
我已分配角色:
Storage Object Creator
Storage Object Viewer
但是当我尝试访问文件时出现错误:
<service account> does not have storage.buckets.get access
只有当我添加“旧版角色”后,它才最终具有访问权限:
Storage legacy bucket writer
Storage legacy bucket reader
代码如下:
def download_blob(bucket_name, source_blob_name, destination_file_name):
"""Downloads a blob from the bucket."""
bucket = storage_client.get_bucket(bucket_name)
blob = bucket.blob(source_blob_name)
blob.download_to_filename(destination_file_name)
print('Blob {} downloaded to {}.'.format(
source_blob_name,
destination_file_name))
def upload_blob(bucket_name, source_file_name, destination_blob_name):
"""Uploads a file to the bucket."""
bucket = storage_client.get_bucket(bucket_name)
blob = bucket.blob(destination_blob_name)
blob.upload_from_filename(source_file_name)
print('File {} uploaded to {}.'.format(
source_file_name,
destination_blob_name))
谢谢 罗布
答案 0 :(得分:1)
在您的代码中,我在下面添加了其他注释:
def download_blob(bucket_name, source_blob_name,
destination_file_name):
"""Downloads a blob from the bucket."""
"""The following .get_bucket() requires storage.buckets.get permission."""
bucket = storage_client.get_bucket(bucket_name)
"""The following doesn't"""
bucket = storage_client.bucket(bucket_name)
blob = bucket.blob(source_blob_name)
blob.download_to_filename(destination_file_name)
print('Blob {} downloaded to {}.'.format(
source_blob_name,
destination_file_name))
要重申:
storage_client.get_bucket(bucket_name)需要storage.bucket.get的权限,因为它正在执行存储区元数据GET请求。
storage_cilent.bucket(bucket_name)不需要此权限,因为它不执行GET请求,仅创建名称为bucket_name定义的存储桶对象。
用于上传以绕过storage.buckets.get问题:
from google.cloud import storage
storage_client = storage.Client()
bucket = storage_client.bucket(bucket_name)
blob = bucket.blob(source_blob_name)
blob.upload_from_filename(source_file_name)