对 GCP Cloud Tasks enqueue API 进行身份验证的正确方法是什么?
What is the right way to authenticate to the GCP Cloud Tasks enqueue API?
我有这个代码:
import {v2beta3} from "@google-cloud/tasks";
const project = 'xxxxxxx'
const location = 'yyyyyyy'
const queue = 'zzzzzzzzz'
const client = new v2beta3.CloudTasksClient()
const parent = client.queuePath(project, location, queue)
const payload = {eventId: "fred"}
const convertedPayload = JSON.stringify(payload)
const body = Buffer.from(convertedPayload).toString('base64');
const task = {
httpRequest: {
httpMethod: "POST",
url: "https://webhook.site/9sssssssssss",
oidcToken: {
serviceAccountEmail: "aaaaaaaaaa@appspot.gserviceaccount.com",
},
headers: {
'Content-Type': 'application/json',
},
body,
},
};
(async function() {
try {
const [response] = await client.createTask({parent, task});
console.log(`Created task ${response.name}`);
} catch (error) {
console.log(error)
}
}());
当我从我的笔记本电脑 运行 它时,它就可以正常工作,这对我来说似乎未经验证。现在任何人都可以在我的队列中加入任务。
对 GCP Cloud Tasks enqueue 进行身份验证的正确方法是什么 API?
正如 John Hanley 在评论中指出的那样,我的本地应用程序正在使用应用程序默认凭据来验证自身。当我通过这样做切换到不同的 gcloud 帐户时:
gcloud auth application-default login
当我尝试 运行 代码时收到此错误消息:
Error: 7 PERMISSION_DENIED: The principal (user or service account) lacks IAM permission "cloudtasks.tasks.create" for the resource "projects/yyyyyyy/locations/europe-west1/queues/default-xxxxxx" (or the resource may not exist).
我有这个代码:
import {v2beta3} from "@google-cloud/tasks";
const project = 'xxxxxxx'
const location = 'yyyyyyy'
const queue = 'zzzzzzzzz'
const client = new v2beta3.CloudTasksClient()
const parent = client.queuePath(project, location, queue)
const payload = {eventId: "fred"}
const convertedPayload = JSON.stringify(payload)
const body = Buffer.from(convertedPayload).toString('base64');
const task = {
httpRequest: {
httpMethod: "POST",
url: "https://webhook.site/9sssssssssss",
oidcToken: {
serviceAccountEmail: "aaaaaaaaaa@appspot.gserviceaccount.com",
},
headers: {
'Content-Type': 'application/json',
},
body,
},
};
(async function() {
try {
const [response] = await client.createTask({parent, task});
console.log(`Created task ${response.name}`);
} catch (error) {
console.log(error)
}
}());
当我从我的笔记本电脑 运行 它时,它就可以正常工作,这对我来说似乎未经验证。现在任何人都可以在我的队列中加入任务。
对 GCP Cloud Tasks enqueue 进行身份验证的正确方法是什么 API?
正如 John Hanley 在评论中指出的那样,我的本地应用程序正在使用应用程序默认凭据来验证自身。当我通过这样做切换到不同的 gcloud 帐户时:
gcloud auth application-default login
当我尝试 运行 代码时收到此错误消息:
Error: 7 PERMISSION_DENIED: The principal (user or service account) lacks IAM permission "cloudtasks.tasks.create" for the resource "projects/yyyyyyy/locations/europe-west1/queues/default-xxxxxx" (or the resource may not exist).