GCP 日志记录路由器接收器更新的权限错误
permission error for GCP logging router sink update
调用 sink.reload() 时,出现权限错误。 403 The caller does not have permission
如有任何帮助,我们将不胜感激。
代码如下:
def update_sink(creds, sink_name, filter_):
logging_client = logging.Client(credentials=creds)
sink = logging_client.sink(sink_name)
sink.reload()
sink.filter_ = filter_
print("Updated sink {}".format(sink.name))
response = sink.update()
return response
if __name__ == "__main__":
# Scope
# "https://www.googleapis.com/auth/cloud-platform",
# "https://www.googleapis.com/auth/cloud-platform.read-only",
# "https://www.googleapis.com/auth/cloudplatformprojects",
# "https://www.googleapis.com/auth/cloudplatformprojects.readonly",
# "https://www.googleapis.com/auth/compute",
# "https://www.googleapis.com/auth/cloudkms",
# "https://www.googleapis.com/auth/pubsub",
# "https://www.googleapis.com/auth/logging.read",
# "https://www.googleapis.com/auth/logging.write",
# "https://www.googleapis.com/auth/logging.admin"
creds = {} # OAuth Credentials with above scope
sink_name = "<sink path with project>"
filter_ = "<filter>"
response = update_sink(creds, sink_name, filter_)
print(response)
如果您将日志从项目路由到接收器,则服务 account/account 运行 代码需要对项目具有“Logging Admin”角色。
请验证服务帐户 运行 代码是否具有登录到 modify/update 接收器的管理员角色。
我认为,我早期程序中的一个错误是项目没有作为 Client 初始化的一部分通过。
此外,不需要sink.reload()。也可以不调用 reload() 直接更新接收器。
这是工作代码:
logging_client = logging.Client(project=project_id, credentials=self.creds)
sink = logging_client.sink(sink_name)
sink.filter_ = filter_
sink.destination = destination
response = sink.update(unique_writer_identity=True)
调用 sink.reload() 时,出现权限错误。 403 The caller does not have permission
如有任何帮助,我们将不胜感激。
代码如下:
def update_sink(creds, sink_name, filter_):
logging_client = logging.Client(credentials=creds)
sink = logging_client.sink(sink_name)
sink.reload()
sink.filter_ = filter_
print("Updated sink {}".format(sink.name))
response = sink.update()
return response
if __name__ == "__main__":
# Scope
# "https://www.googleapis.com/auth/cloud-platform",
# "https://www.googleapis.com/auth/cloud-platform.read-only",
# "https://www.googleapis.com/auth/cloudplatformprojects",
# "https://www.googleapis.com/auth/cloudplatformprojects.readonly",
# "https://www.googleapis.com/auth/compute",
# "https://www.googleapis.com/auth/cloudkms",
# "https://www.googleapis.com/auth/pubsub",
# "https://www.googleapis.com/auth/logging.read",
# "https://www.googleapis.com/auth/logging.write",
# "https://www.googleapis.com/auth/logging.admin"
creds = {} # OAuth Credentials with above scope
sink_name = "<sink path with project>"
filter_ = "<filter>"
response = update_sink(creds, sink_name, filter_)
print(response)
如果您将日志从项目路由到接收器,则服务 account/account 运行 代码需要对项目具有“Logging Admin”角色。 请验证服务帐户 运行 代码是否具有登录到 modify/update 接收器的管理员角色。
我认为,我早期程序中的一个错误是项目没有作为 Client 初始化的一部分通过。
此外,不需要sink.reload()。也可以不调用 reload() 直接更新接收器。
这是工作代码:
logging_client = logging.Client(project=project_id, credentials=self.creds)
sink = logging_client.sink(sink_name)
sink.filter_ = filter_
sink.destination = destination
response = sink.update(unique_writer_identity=True)