Google 通过服务帐户访问云存储
Google Cloud Storage access via service account
我的头一直在反复撞到众所周知的 GCP 存储砖墙 API。
我正在尝试应用 django-storages 模块连接 GCP 存储桶以存储我的静态文件以及我将来想用它做的任何其他事情。
根据 django-storages 文档 (https://django-storages.readthedocs.io/en/latest/backends/gcloud.html#usage),如果您在 GCP 虚拟环境中 运行,您可以通过 IAM 界面和所有内容将您的服务帐户设置为具有存储权限应该像 tickety-boo 一样工作。
所以,我的 GCP 云构建 运行ner 在部署我的 docker 图片到 CloudRun。构建 运行ner 使用名为 XXXX@cloudbuild.gserviceaccount.com 的服务帐户,因此进入 IAM,我添加了“云存储 - 存储管理员”角色,为了确定,我还添加了“云存储 -存储对象管理员”角色。
现在我触发了我的 cloudbuild 的重新运行 并且...在迁移阶段我收到错误:
...
Step #2 - "apply migrations": File "/usr/local/lib/python3.8/importlib/__init__.py", line 127, in import_module
Step #2 - "apply migrations": return _bootstrap._gcd_import(name[level:], package, level)
Step #2 - "apply migrations": File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
Step #2 - "apply migrations": File "<frozen importlib._bootstrap>", line 991, in _find_and_load
Step #2 - "apply migrations": File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
Step #2 - "apply migrations": File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
Step #2 - "apply migrations": File "<frozen importlib._bootstrap_external>", line 843, in exec_module
Step #2 - "apply migrations": File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
Step #2 - "apply migrations": File "/src/lang/urls.py", line 20, in <module>
Step #2 - "apply migrations": re_path('favicon.ico$', RedirectView.as_view(url=staticfiles_storage.url('images/apple_touch_icon.png'), permanent=False)),
Step #2 - "apply migrations": File "/usr/local/lib/python3.8/site-packages/storages/backends/gcloud.py", line 290, in url
Step #2 - "apply migrations": return blob.generate_signed_url(
Step #2 - "apply migrations": File "/usr/local/lib/python3.8/site-packages/google/cloud/storage/blob.py", line 620, in generate_signed_url
Step #2 - "apply migrations": return helper(
Step #2 - "apply migrations": File "/usr/local/lib/python3.8/site-packages/google/cloud/storage/_signing.py", line 550, in generate_signed_url_v4
Step #2 - "apply migrations": ensure_signed_credentials(credentials)
Step #2 - "apply migrations": File "/usr/local/lib/python3.8/site-packages/google/cloud/storage/_signing.py", line 52, in ensure_signed_credentials
Step #2 - "apply migrations": raise AttributeError(
Step #2 - "apply migrations": AttributeError: you need a private key to sign credentials.the credentials you are currently using <class 'google.auth.compute_engine.credentials.Credentials'> just contains a token. see https://googleapis.dev/python/google-api-core/latest/auth.html#setting-up-a-service-account for more details.
Finished Step #2 - "apply migrations"
嗯。我似乎无法通过 Service Worker 进行身份验证。
使用 django 上 google 示例教程中的代码,我的 settings.py 中有以下行:
credentials, project_id = google.auth.default()
但是我没有对返回的凭据变量做任何事情。在我看来,关于如何通过服务帐户访问存储桶的在线文档有点稀疏。有什么见解吗?
我找到了一个有类似问题的用户:https://pnote.eu/notes/django-app-engine-user-uploaded-files/
问题似乎出现在存储桶访问策略为 Uniform 而不是 fine-grained 的存储桶中。上述文章的作者提出了 django-storage 的问题,最终合并了一个修复程序。文档中现在有一个我错过的“注意”框,其中指出:
GS_DEFAULT_ACL: When using this setting, make sure you have fine-grained access control enabled on your bucket, as opposed to Uniform access control, or else, file uploads will return with HTTP 400. If you already have a bucket with Uniform access control set to public read, please keep GS_DEFAULT_ACL to None and set GS_QUERYSTRING_AUTH to False.
简而言之,解决方案是添加到您的 settings.py 文件:
GS_QUERYSTRING_AUTH = False
我的头一直在反复撞到众所周知的 GCP 存储砖墙 API。
我正在尝试应用 django-storages 模块连接 GCP 存储桶以存储我的静态文件以及我将来想用它做的任何其他事情。
根据 django-storages 文档 (https://django-storages.readthedocs.io/en/latest/backends/gcloud.html#usage),如果您在 GCP 虚拟环境中 运行,您可以通过 IAM 界面和所有内容将您的服务帐户设置为具有存储权限应该像 tickety-boo 一样工作。
所以,我的 GCP 云构建 运行ner 在部署我的 docker 图片到 CloudRun。构建 运行ner 使用名为 XXXX@cloudbuild.gserviceaccount.com 的服务帐户,因此进入 IAM,我添加了“云存储 - 存储管理员”角色,为了确定,我还添加了“云存储 -存储对象管理员”角色。
现在我触发了我的 cloudbuild 的重新运行 并且...在迁移阶段我收到错误:
...
Step #2 - "apply migrations": File "/usr/local/lib/python3.8/importlib/__init__.py", line 127, in import_module
Step #2 - "apply migrations": return _bootstrap._gcd_import(name[level:], package, level)
Step #2 - "apply migrations": File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
Step #2 - "apply migrations": File "<frozen importlib._bootstrap>", line 991, in _find_and_load
Step #2 - "apply migrations": File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
Step #2 - "apply migrations": File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
Step #2 - "apply migrations": File "<frozen importlib._bootstrap_external>", line 843, in exec_module
Step #2 - "apply migrations": File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
Step #2 - "apply migrations": File "/src/lang/urls.py", line 20, in <module>
Step #2 - "apply migrations": re_path('favicon.ico$', RedirectView.as_view(url=staticfiles_storage.url('images/apple_touch_icon.png'), permanent=False)),
Step #2 - "apply migrations": File "/usr/local/lib/python3.8/site-packages/storages/backends/gcloud.py", line 290, in url
Step #2 - "apply migrations": return blob.generate_signed_url(
Step #2 - "apply migrations": File "/usr/local/lib/python3.8/site-packages/google/cloud/storage/blob.py", line 620, in generate_signed_url
Step #2 - "apply migrations": return helper(
Step #2 - "apply migrations": File "/usr/local/lib/python3.8/site-packages/google/cloud/storage/_signing.py", line 550, in generate_signed_url_v4
Step #2 - "apply migrations": ensure_signed_credentials(credentials)
Step #2 - "apply migrations": File "/usr/local/lib/python3.8/site-packages/google/cloud/storage/_signing.py", line 52, in ensure_signed_credentials
Step #2 - "apply migrations": raise AttributeError(
Step #2 - "apply migrations": AttributeError: you need a private key to sign credentials.the credentials you are currently using <class 'google.auth.compute_engine.credentials.Credentials'> just contains a token. see https://googleapis.dev/python/google-api-core/latest/auth.html#setting-up-a-service-account for more details.
Finished Step #2 - "apply migrations"
嗯。我似乎无法通过 Service Worker 进行身份验证。
使用 django 上 google 示例教程中的代码,我的 settings.py 中有以下行:
credentials, project_id = google.auth.default()
但是我没有对返回的凭据变量做任何事情。在我看来,关于如何通过服务帐户访问存储桶的在线文档有点稀疏。有什么见解吗?
我找到了一个有类似问题的用户:https://pnote.eu/notes/django-app-engine-user-uploaded-files/
问题似乎出现在存储桶访问策略为 Uniform 而不是 fine-grained 的存储桶中。上述文章的作者提出了 django-storage 的问题,最终合并了一个修复程序。文档中现在有一个我错过的“注意”框,其中指出:
GS_DEFAULT_ACL: When using this setting, make sure you have fine-grained access control enabled on your bucket, as opposed to Uniform access control, or else, file uploads will return with HTTP 400. If you already have a bucket with Uniform access control set to public read, please keep GS_DEFAULT_ACL to None and set GS_QUERYSTRING_AUTH to False.
简而言之,解决方案是添加到您的 settings.py 文件:
GS_QUERYSTRING_AUTH = False