我正在尝试从在自定义容器中运行的AI Platform Training作业访问存储在Google Secret Manager中的机密。我正在使用以下Python代码来检索机密:
# Standard library imports
import os
# Import the Secret Manager client library.
from google.cloud import secretmanager
def access_secret_version(secret_id, version_id, project_id=os.environ.get("GCP_PROJECT")):
# Create the Secret Manager client.
client = secretmanager.SecretManagerServiceClient()
# Build the resource name of the secret version.
name = client.secret_version_path(project_id, secret_id, version_id)
# Access the secret version.
response = client.access_secret_version(name)
# Return the secret payload.
return response.payload.data.decode("UTF-8")
我已将Secret Manager Secret Accessor角色添加到默认的Cloud ML服务帐户(service-XXX@cloud-ml.google.com.iam.gserviceaccount.com),但是访问仍被拒绝:
google.api_core.exceptions.PermissionDenied: 403 Request had insufficient authentication scopes.
我是否已将正确的角色授予正确的服务帐户,或者我还缺少其他功能?
答案 0 :(得分:0)
我们有一个alpha功能可以启用您的用例。能否给我们发送电子邮件至cloudml-feedback@google.com?