从新创建的 Compute Engine 访问 Google Cloud Storage 时出现异常

Exception accessing Google Cloud Storage from newly created Compute Engine

我有一个在较旧的 google 计算引擎上运行的 nodejs 应用程序。将应用程序迁移到新的计算引擎后,我得到了这条线:

const [files] = await storage.bucket(GOOGLE_CLOUD_PROJECT_ID_PUBLIC).getFiles();

以下异常:

Error: Could not refresh access token: A Not Found error was returned while attempting to retrieve an accesstoken for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have any permission scopes specified: Could not refresh access token: 
at Gaxios._request (/smar/backend.smar.shop/node_modules/gaxios/build/src/gaxios.js:129:23)                                                                                                                                                                                       
at processTicksAndRejections (internal/process/task_queues.js:93:5)                                                                                                                                                                                                                           
at async metadataAccessor (/smar/backend.smar.shop/node_modules/gcp-metadata/build/src/index.js:68:21)                                                                                                                                                                            
at async Compute.refreshTokenNoCache (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/computeclient.js:53:20)                                                                                                                                             
at async Compute.getRequestMetadataAsync (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/oauth2client.js:261:17)                                                                                                                                         
at async Compute.getRequestHeaders (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/oauth2client.js:238:26)                                                                                                                                               
at async GoogleAuth.authorizeRequest (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/googleauth.js:600:25)                                                                                                                                               
at async Promise.all (index 1) 

我想这里的重要部分是:因为 Compute Engine 实例没有指定任何权限范围

谁能解释一下这是什么意思,或者我在哪里可以找到这些权限范围?我必须修改 Compute Engine 的配置吗?

范围 https://www.googleapis.com/auth/cloud-platform 别名 cloud-platform 是 VM 最少需要的。可能另一个实例可能使用具有不同角色 and/or 不同 API 访问范围的不同服务帐户?

参见“Register your application for Google Cloud Storage JSON API in Google Cloud Platform"; that's at least what the NodeJS client documentation建议。另请参见: