云 Pub/Sub 演示:403 用户无权执行此操作。什么时候尝试推送通知
Cloud Pub/Sub Demo : 403 User not authorized to perform this action. when try to push notification
我正在学习 Google Cloud Pub/Sub 并关注此官方文档:Writing and Responding to Pub/Sub Messages - Python
当我将其部署到云端并尝试提交消息时,
我收到以下错误:
An internal error occurred:
403 User not authorized to perform this action. (POST https://pubsub.googleapis.com/v1/projects/your-project-id/topics/your-topic:publish)
See logs for full stacktrace.
我猜这是由于某些身份验证问题?任何帮助将不胜感激。
确保您使用的客户端有权发布到 Pub/Sub。参见 details here. If your client belongs to the same project as the topic, typically it won't require additional access control configuration. Make sure that your client is authenticated properly。
这里有一些注释来自 google 的文档 Troubleshooting 403 (Forbidden) error:
If you get this error, do the following:
- Make sure you've enabled the Google Cloud Pub/Sub API in the Cloud Platform Console.
- Make sure that the principal making the request has the required permissions on the relevant Google Cloud Pub/Sub resources,
especially if you are using Google Cloud Pub/Sub for cross-project
communication.
- If you're using Dataflow, make sure that both @cloudservices.gserviceaccount.com and the Compute Engine
Service account -compute@developer.gserviceaccount.com
have the required permissions on the relevant Google Cloud Pub/Sub
resource. See Google Cloud Dataflow Security and Permissions for more
information.
- If you're using App Engine, check your project's Permissions page to see if an App Engine Service Account listed as an Editor. If it
is not, add your App Engine Service Account as an Editor. Normally,
the App Engine Service Account is of the form
@appspot.gserviceaccount.com.
鉴于订阅和主题,您可以点击“权限”->“添加主体”,粘贴来自您的 json 的长电子邮件以及 select 中所述的服务帐户和 select 权限12=]
https://cloud.google.com/pubsub/docs/access-control
根据大牛的回答,我尝试给自己 Pub/Sub Editor 角色 Pub/Sub Publisher 角色但是没有用,对我有用的是 Pub/Sub Admin
最新的 python 演示有效,但 ruby API 需要 viewer 许可
python 视频系列 Google 第 3 集中的演示 #pubsubmadeeasy
Cloud Pub/Sub in Action 使用视频指示您添加的权限,特别是
使用更新的代码(见下面的注释)工作正常
Pub/Sub Publisher
Pub/Sub Subscriber
但是切换到 ruby API 需要将查看者权限添加到在演示中创建的服务帐户。注意:使用 ruby 3.1.0 和 gem 'google-cloud-pubsub', '~> 2.9', '>= 2.9.1'.
Pub/Sub Viewer
关于 python 示例设置的注释:
- 使用 python 3.10.1
- 示例代码
https://github.com/googleapis/python-pubsub.git
具体来说
https://github.com/googleapis/python-pubsub/tree/main/samples/snippets/quickstart
virtualenv venv && source venv/bin/activate
pip install --upgrade google-cloud-pubsub
export GOOGLE_APPLICATION_CREDENTIALS=downloaded_key.json
export PROJECT=`gcloud config get-value project`
错误示例:
订阅错误
/home/dever/.gem/ruby/3.1.0/gems/google-cloud-pubsub-v1-0.6.2/lib/google/cloud/pubsub/v1/subscriber/client.rb:499:
in `rescue in get_subscription':
7:User not authorized to perform this action.. debug_error_string:
{"created":"@1642638738.357361477",
"description":"Error received from peer ipv6:[2607:f8b0:4006:80a::200a]:443",
"file":"src/core/lib/surface/call.cc","file_line":1063,
"grpc_message":"User not authorized to perform this action.","grpc_status":7}
(Google::Cloud::PermissionDeniedError)
发布错误
/home/dever/.gem/ruby/3.1.0/gems/google-cloud-pubsub-v1-0.6.2/lib/google/cloud/pubsub/v1/publisher/client.rb:574:
in `rescue in get_topic':
7:User not authorized to perform this action..
debug_error_string:{"created":"@1642638676.763569110",
"description":"Error received from peer ipv6:[2607:f8b0:4006:80a::200a]:443",
"file":"src/core/lib/surface/call.cc","file_line":1063,
"grpc_message":"User not authorized to perform this action.","grpc_status":7}
(Google::Cloud::PermissionDeniedError)
我正在学习 Google Cloud Pub/Sub 并关注此官方文档:Writing and Responding to Pub/Sub Messages - Python
当我将其部署到云端并尝试提交消息时,
An internal error occurred: 403 User not authorized to perform this action. (POST https://pubsub.googleapis.com/v1/projects/your-project-id/topics/your-topic:publish) See logs for full stacktrace.
我猜这是由于某些身份验证问题?任何帮助将不胜感激。
确保您使用的客户端有权发布到 Pub/Sub。参见 details here. If your client belongs to the same project as the topic, typically it won't require additional access control configuration. Make sure that your client is authenticated properly。
这里有一些注释来自 google 的文档 Troubleshooting 403 (Forbidden) error:
If you get this error, do the following:
- Make sure you've enabled the Google Cloud Pub/Sub API in the Cloud Platform Console.
- Make sure that the principal making the request has the required permissions on the relevant Google Cloud Pub/Sub resources,
especially if you are using Google Cloud Pub/Sub for cross-project
communication.- If you're using Dataflow, make sure that both @cloudservices.gserviceaccount.com and the Compute Engine
Service account -compute@developer.gserviceaccount.com
have the required permissions on the relevant Google Cloud Pub/Sub
resource. See Google Cloud Dataflow Security and Permissions for more information.- If you're using App Engine, check your project's Permissions page to see if an App Engine Service Account listed as an Editor. If it is not, add your App Engine Service Account as an Editor. Normally, the App Engine Service Account is of the form
@appspot.gserviceaccount.com.
鉴于订阅和主题,您可以点击“权限”->“添加主体”,粘贴来自您的 json 的长电子邮件以及 select 中所述的服务帐户和 select 权限12=]
https://cloud.google.com/pubsub/docs/access-control
根据大牛的回答,我尝试给自己 Pub/Sub Editor 角色 Pub/Sub Publisher 角色但是没有用,对我有用的是 Pub/Sub Admin
最新的 python 演示有效,但 ruby API 需要 viewer 许可
python 视频系列 Google 第 3 集中的演示 #pubsubmadeeasy Cloud Pub/Sub in Action 使用视频指示您添加的权限,特别是
使用更新的代码(见下面的注释)工作正常Pub/Sub Publisher
Pub/Sub Subscriber
但是切换到 ruby API 需要将查看者权限添加到在演示中创建的服务帐户。注意:使用 ruby 3.1.0 和 gem 'google-cloud-pubsub', '~> 2.9', '>= 2.9.1'.
Pub/Sub Viewer
关于 python 示例设置的注释:
- 使用 python 3.10.1
- 示例代码
https://github.com/googleapis/python-pubsub.git具体来说https://github.com/googleapis/python-pubsub/tree/main/samples/snippets/quickstart
virtualenv venv && source venv/bin/activate
pip install --upgrade google-cloud-pubsub
export GOOGLE_APPLICATION_CREDENTIALS=downloaded_key.json
export PROJECT=`gcloud config get-value project`
错误示例:
订阅错误
/home/dever/.gem/ruby/3.1.0/gems/google-cloud-pubsub-v1-0.6.2/lib/google/cloud/pubsub/v1/subscriber/client.rb:499:
in `rescue in get_subscription':
7:User not authorized to perform this action.. debug_error_string:
{"created":"@1642638738.357361477",
"description":"Error received from peer ipv6:[2607:f8b0:4006:80a::200a]:443",
"file":"src/core/lib/surface/call.cc","file_line":1063,
"grpc_message":"User not authorized to perform this action.","grpc_status":7}
(Google::Cloud::PermissionDeniedError)
发布错误
/home/dever/.gem/ruby/3.1.0/gems/google-cloud-pubsub-v1-0.6.2/lib/google/cloud/pubsub/v1/publisher/client.rb:574:
in `rescue in get_topic':
7:User not authorized to perform this action..
debug_error_string:{"created":"@1642638676.763569110",
"description":"Error received from peer ipv6:[2607:f8b0:4006:80a::200a]:443",
"file":"src/core/lib/surface/call.cc","file_line":1063,
"grpc_message":"User not authorized to perform this action.","grpc_status":7}
(Google::Cloud::PermissionDeniedError)