Google 服务项目中的 Composer 创建失败
Google Composer creation failed in service project
虽然 Google 在服务项目中创建 composer 私有环境,但我正在尝试使用宿主项目中的子网。我已将编辑角色授予作曲家服务帐户以及作曲家 API 服务代理帐户以修复权限问题。我仍然低于错误。是防火墙问题吗?我们需要什么防火墙设置?
无法创建环境,但未出现任何错误。
This can be caused by a lack of proper permissions. Check if this environment's service account XXXXXX@YYYYYYY.iam.gserviceaccount.com has the 'roles/composer.worker' role and there is no firewall inhibiting internal communications set.
Http error status code: 400
Http error message: BAD REQUEST
Error messages:
{"ResourceType":"gcp-types/compute-v1:compute.networks.listPeeringRoutes","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"errors":[{"domain":"global","message":"Required 'compute.networks.listPeeringRoutes' permission for 'projects/HOST_PROJECT/global/networks/dev-networks'","reason":"forbidden"}],"message":"Required 'compute.networks.listPeeringRoutes' permission for 'projects/HOST_PROJECT/global/networks/dev-networks'","statusMessage":"Forbidden","requestPath":"https://compute.googleapis.com/compute/v1/projects/HOST_PROJECT/global/networks/dev-networks/listPeeringRoutes","httpMethod":"GET","suggestion":"Consider granting permissions to ZZZZZZ@cloudservices.gserviceaccount.com"}}
我能够通过以下解决方案解决此问题:
在宿主项目中向 Google API 服务代理帐户 (serviceAccount:@cloudservices.gserviceaccount.com) 提供 'host network user' 权限,特定于与服务项目共享的宿主项目网络(角色 =“roles/compute.networkUser")
虽然 Google 在服务项目中创建 composer 私有环境,但我正在尝试使用宿主项目中的子网。我已将编辑角色授予作曲家服务帐户以及作曲家 API 服务代理帐户以修复权限问题。我仍然低于错误。是防火墙问题吗?我们需要什么防火墙设置?
无法创建环境,但未出现任何错误。
This can be caused by a lack of proper permissions. Check if this environment's service account XXXXXX@YYYYYYY.iam.gserviceaccount.com has the 'roles/composer.worker' role and there is no firewall inhibiting internal communications set.
Http error status code: 400
Http error message: BAD REQUEST
Error messages:
{"ResourceType":"gcp-types/compute-v1:compute.networks.listPeeringRoutes","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"errors":[{"domain":"global","message":"Required 'compute.networks.listPeeringRoutes' permission for 'projects/HOST_PROJECT/global/networks/dev-networks'","reason":"forbidden"}],"message":"Required 'compute.networks.listPeeringRoutes' permission for 'projects/HOST_PROJECT/global/networks/dev-networks'","statusMessage":"Forbidden","requestPath":"https://compute.googleapis.com/compute/v1/projects/HOST_PROJECT/global/networks/dev-networks/listPeeringRoutes","httpMethod":"GET","suggestion":"Consider granting permissions to ZZZZZZ@cloudservices.gserviceaccount.com"}}
我能够通过以下解决方案解决此问题:
在宿主项目中向 Google API 服务代理帐户 (serviceAccount:@cloudservices.gserviceaccount.com) 提供 'host network user' 权限,特定于与服务项目共享的宿主项目网络(角色 =“roles/compute.networkUser")