如何更改 Google Compute Engine 服务帐户的范围以将数据写入 Google Cloud Storage 存储桶?
How to change the scope of a Google Compute Engine service account to write data to a Google Cloud Storage bucket?
GCE 上有一个实例 运行,同一项目中有一个 GCS 存储桶。但是我无法向其中写入数据。如何将数据从 VM 实例写入存储桶?
更新:截至 2016 年 12 月 15 日,功能 setServiceAccount 现已进入 beta:
You can change the service account and/or access scopes of an existing instance if you want to run as a different identity, or you determine that the instance needs a different set of scopes to call the required APIs. For example, you can change access scopes to grant access to a new API or change an instance so that it runs as a service account you created instead of the Compute Engine Default Service Account.
To change an instance's service account and access scopes, the instance must be temporarily stopped. To stop your instance, read the documentation for Stopping an instance. After changing the service account or access scopes, remember to restart the instance.
documentation provides instructions for how to use this feature using the Google Cloud Console, gcloud CLI tool, as well as API. Here's an example using gcloud; see the docs了解更多信息。
gcloud beta compute instances set-scopes [INSTANCE_NAME] \
--service-account [SERVICE_ACCOUNT_EMAIL] \
[--no-scopes | --scopes [SCOPES,...]]
上一个答案(2016 年 12 月 15 日之前有效):
您无法更改 运行ning 虚拟机实例的范围。您可以:
create a new instance(可能重复使用当前实例的磁盘)在创建时指定正确的范围,例如:
gcloud compute instances create [...] --scopes storage-rw
如果您想从 VM 内部手动使用 gsutil,您可以 运行 gsutil config 在 VM 内部并按照提示进行身份验证
如果您打算使用使用 Google API 的自动化工具,请使用 service account
有待改进:
Google Cloud Platform Ability to change API access scopes
但尚未说明截止日期。敬请期待。
GCE 上有一个实例 运行,同一项目中有一个 GCS 存储桶。但是我无法向其中写入数据。如何将数据从 VM 实例写入存储桶?
更新:截至 2016 年 12 月 15 日,功能 setServiceAccount 现已进入 beta:
You can change the service account and/or access scopes of an existing instance if you want to run as a different identity, or you determine that the instance needs a different set of scopes to call the required APIs. For example, you can change access scopes to grant access to a new API or change an instance so that it runs as a service account you created instead of the Compute Engine Default Service Account.
To change an instance's service account and access scopes, the instance must be temporarily stopped. To stop your instance, read the documentation for Stopping an instance. After changing the service account or access scopes, remember to restart the instance.
documentation provides instructions for how to use this feature using the Google Cloud Console, gcloud CLI tool, as well as API. Here's an example using gcloud; see the docs了解更多信息。
gcloud beta compute instances set-scopes [INSTANCE_NAME] \ --service-account [SERVICE_ACCOUNT_EMAIL] \ [--no-scopes | --scopes [SCOPES,...]]
上一个答案(2016 年 12 月 15 日之前有效):
您无法更改 运行ning 虚拟机实例的范围。您可以:
create a new instance(可能重复使用当前实例的磁盘)在创建时指定正确的范围,例如:
gcloud compute instances create [...] --scopes storage-rw如果您想从 VM 内部手动使用
gsutil,您可以 运行gsutil config在 VM 内部并按照提示进行身份验证如果您打算使用使用 Google API 的自动化工具,请使用 service account
有待改进:
Google Cloud Platform Ability to change API access scopes
但尚未说明截止日期。敬请期待。