Google Cloud 的 Micronaut 文档支持 https://micronaut-projects.github.io/micronaut-gcp/2.0.x/guide/
设置 GCP 支持
implementation("io.micronaut.gcp:micronaut-gcp-common:2.0.2")
在 application.yml
中设置凭据
gcp:
credentials:
location: classpath:googleStorageKey.json
googleStorageKey.json
与 application.yml
文件位于同一目录
谷歌服务帐户文件包含以下数据
{
"type": "service_account",
"project_id": "fetebird",
"private_key_id": "cf93ffffffjjhjyyuyu144842f20dc055763aa665",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEv--REDACTED--4XOs=\n-----END PRIVATE KEY-----\n",
"client_email": "fetebirdstorage@fetebird.iam.gserviceaccount.com",
"client_id": "106425305070351254286",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/fetebirdstorage%40fetebird.iam.gserviceaccount.com"
}
这是我用来创建带有选项的存储桶的代码
public Observable<Void> createBucketWithStorageClassAndLocation() {
Storage storage = StorageOptions.newBuilder().setProjectId(googleUploadObjectConfiguration.projectId()).build().getService();
StorageClass storageClass = StorageClass.COLDLINE;
try {
Bucket bucket =
storage.create(
BucketInfo.newBuilder(googleUploadObjectConfiguration.bucketName())
.setStorageClass(storageClass)
.setLocation(googleUploadObjectConfiguration.locationName())
.build());
LOG.info(String.format("Created bucket %s in %s with storage class %s", bucket.getName(), bucket.getLocation(), bucket.getStorageClass()));
} catch (Exception ex) {
LOG.error(ex.getMessage());
}
return Observable.empty();
}
参考 - https://cloud.google.com/storage/docs/samples/storage-create-bucket-clss-location
异常
401 Unauthorized
POST https://storage.googleapis.com/storage/v1/b?project=fetebird&projection=full
在 Storage.options
中,凭据为空,这就是我收到 401 的原因。它应该从 application.yml 文件位置选择凭据。
我哪里出错了?
按照此处的说明进行操作https://cloud.google.com/docs/authentication/production#automatically
暴露这个命令后
export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/my-key.json"
仍然无法进行身份验证,我想我遗漏了一些东西。
gcloud projects add-iam-policy-binding --member=serviceAccount:fetebird-storage@fetebird.iam.gserviceaccount.com --role=roles/storage.admin fetebird
答案 0 :(得分:2)
答案 1 :(得分:0)
注入 GoogleCredentials 并将其设置在存储对象上
答案 2 :(得分:0)
社区 Wiki 将评论中讨论的内容添加到@GuillaumeBlaqueire 对正确且单独的答案的回答中。
如果您的状态为 401,这不是因为您没有凭据,而是因为您的凭据无效或未经授权。您使用 gsutil -i <service account email> ls
命令进行的测试证明了这一点。
因此,为了解决此问题,您需要做的是添加角色,描述为 here,最适合您的服务帐户所需的权限。这将是 Storage Admin
角色。
答案 3 :(得分:0)