在生产环境中验证 google 云 运行 应用程序
Authenticate google cloud run application in production
根据https://cloud.google.com/docs/authentication/production,在云运行环境中,默认情况下,如果未设置GOOGLE_APPLICATION_CREDENTIALS环境变量,则使用默认计算服务帐户。
我刚刚部署了一个基本节点容器镜像,它使用 googleapis 库,如下所示:
const { google } = require('googleapis')
const auth = new google.auth.GoogleAuth({
scopes: [],
});
const client = await auth.getClient();
但是,在 Cloud 运行 日志中,我可以看到容器启动失败并出现以下错误:
Error: The file at credentials/service_account.json does not exist, or it is not a file. ENOENT: no such file or directory, lstat '/app/credentials' at Object.realpathSync (fs.js:1546:7) at GoogleAuth._getApplicationCredentialsFromFilePath (/app/node_modules/google-auth-library/build/src/auth/googleauth.js:250:27) at GoogleAuth._tryGetApplicationCredentialsFromEnvironmentVariable (/app/node_modules/google-auth-library/build/src/auth/googleauth.js:192:25) at GoogleAuth.getApplicationDefaultAsync (/app/node_modules/google-auth-library/build/src/auth/googleauth.js:130:33) at GoogleAuth.getClient (/app/node_modules/google-auth-library/build/src/auth/googleauth.js:502:28) at Object.authorize (/app/api.js:18:29) at Object.<anonymous> (/app/index.js:547:4) at Module._compile (internal/modules/cjs/loader.js:1158:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:1178:10) at Module.load (internal/modules/cjs/loader.js:1002:32) {
因此,出于某种原因,似乎没有使用默认服务帐户。有谁知道我在这里可能遗漏了什么?
原来,我在构建中包含了 .env 文件。该文件包含环境变量 GOOGLE_APPLICATION_CREDENTIALS。从 docker 构建中排除该文件修复了问题。
根据https://cloud.google.com/docs/authentication/production,在云运行环境中,默认情况下,如果未设置GOOGLE_APPLICATION_CREDENTIALS环境变量,则使用默认计算服务帐户。
我刚刚部署了一个基本节点容器镜像,它使用 googleapis 库,如下所示:
const { google } = require('googleapis')
const auth = new google.auth.GoogleAuth({
scopes: [],
});
const client = await auth.getClient();
但是,在 Cloud 运行 日志中,我可以看到容器启动失败并出现以下错误:
Error: The file at credentials/service_account.json does not exist, or it is not a file. ENOENT: no such file or directory, lstat '/app/credentials' at Object.realpathSync (fs.js:1546:7) at GoogleAuth._getApplicationCredentialsFromFilePath (/app/node_modules/google-auth-library/build/src/auth/googleauth.js:250:27) at GoogleAuth._tryGetApplicationCredentialsFromEnvironmentVariable (/app/node_modules/google-auth-library/build/src/auth/googleauth.js:192:25) at GoogleAuth.getApplicationDefaultAsync (/app/node_modules/google-auth-library/build/src/auth/googleauth.js:130:33) at GoogleAuth.getClient (/app/node_modules/google-auth-library/build/src/auth/googleauth.js:502:28) at Object.authorize (/app/api.js:18:29) at Object.<anonymous> (/app/index.js:547:4) at Module._compile (internal/modules/cjs/loader.js:1158:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:1178:10) at Module.load (internal/modules/cjs/loader.js:1002:32) {
因此,出于某种原因,似乎没有使用默认服务帐户。有谁知道我在这里可能遗漏了什么?
原来,我在构建中包含了 .env 文件。该文件包含环境变量 GOOGLE_APPLICATION_CREDENTIALS。从 docker 构建中排除该文件修复了问题。