从新创建的 Compute Engine 访问 Google Cloud Storage 时出现异常
Exception accessing Google Cloud Storage from newly created Compute Engine
我有一个在较旧的 google 计算引擎上运行的 nodejs 应用程序。将应用程序迁移到新的计算引擎后,我得到了这条线:
const [files] = await storage.bucket(GOOGLE_CLOUD_PROJECT_ID_PUBLIC).getFiles();
以下异常:
Error: Could not refresh access token: A Not Found error was returned while attempting to retrieve an accesstoken for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have any permission scopes specified: Could not refresh access token:
at Gaxios._request (/smar/backend.smar.shop/node_modules/gaxios/build/src/gaxios.js:129:23)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at async metadataAccessor (/smar/backend.smar.shop/node_modules/gcp-metadata/build/src/index.js:68:21)
at async Compute.refreshTokenNoCache (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/computeclient.js:53:20)
at async Compute.getRequestMetadataAsync (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/oauth2client.js:261:17)
at async Compute.getRequestHeaders (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/oauth2client.js:238:26)
at async GoogleAuth.authorizeRequest (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/googleauth.js:600:25)
at async Promise.all (index 1)
我想这里的重要部分是:因为 Compute Engine 实例没有指定任何权限范围
谁能解释一下这是什么意思,或者我在哪里可以找到这些权限范围?我必须修改 Compute Engine 的配置吗?
范围 https://www.googleapis.com/auth/cloud-platform
别名 cloud-platform
是 VM 最少需要的。可能另一个实例可能使用具有不同角色 and/or 不同 API 访问范围的不同服务帐户?
参见“Register your application for Google Cloud Storage JSON API in Google Cloud Platform"; that's at least what the NodeJS client documentation建议。另请参见:
我有一个在较旧的 google 计算引擎上运行的 nodejs 应用程序。将应用程序迁移到新的计算引擎后,我得到了这条线:
const [files] = await storage.bucket(GOOGLE_CLOUD_PROJECT_ID_PUBLIC).getFiles();
以下异常:
Error: Could not refresh access token: A Not Found error was returned while attempting to retrieve an accesstoken for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have any permission scopes specified: Could not refresh access token:
at Gaxios._request (/smar/backend.smar.shop/node_modules/gaxios/build/src/gaxios.js:129:23)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at async metadataAccessor (/smar/backend.smar.shop/node_modules/gcp-metadata/build/src/index.js:68:21)
at async Compute.refreshTokenNoCache (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/computeclient.js:53:20)
at async Compute.getRequestMetadataAsync (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/oauth2client.js:261:17)
at async Compute.getRequestHeaders (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/oauth2client.js:238:26)
at async GoogleAuth.authorizeRequest (/smar/backend.smar.shop/node_modules/google-auth-library/build/src/auth/googleauth.js:600:25)
at async Promise.all (index 1)
我想这里的重要部分是:因为 Compute Engine 实例没有指定任何权限范围
谁能解释一下这是什么意思,或者我在哪里可以找到这些权限范围?我必须修改 Compute Engine 的配置吗?
范围 https://www.googleapis.com/auth/cloud-platform
别名 cloud-platform
是 VM 最少需要的。可能另一个实例可能使用具有不同角色 and/or 不同 API 访问范围的不同服务帐户?
参见“Register your application for Google Cloud Storage JSON API in Google Cloud Platform"; that's at least what the NodeJS client documentation建议。另请参见: