Google cloud platform 当我尝试部署端点配置时,gcloud抛出权限\u被拒绝
我正在尝试通过命令进行端点配置:Google cloud platform 当我尝试部署端点配置时,gcloud抛出权限\u被拒绝,google-cloud-platform,google-cloud-functions,Google Cloud Platform,Google Cloud Functions,我正在尝试通过命令进行端点配置: gcloud endpoints services deploy openapi-functions.yaml \ --project ESP_PROJECT_ID 我有一个错误: ERROR: (gcloud.endpoints.services.deploy) PERMISSION_DENIED: Ownership for domain name 'REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net' o
gcloud endpoints services deploy openapi-functions.yaml \
--project ESP_PROJECT_ID
我有一个错误:
ERROR: (gcloud.endpoints.services.deploy) PERMISSION_DENIED: Ownership for domain name 'REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net' on project 'PROJECT_ID' cannot be verified.
我使用以下命令登录:
gcloud auth login
这是登录后在终端中输出的:
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?code_challenge=...
You are now logged in as [user@gmail.com].
Your current project is [PROJECT_ID]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
如果再次运行deploy命令,则会收到相同的错误消息。有什么问题吗?为什么被拒绝
openapi函数.yaml
swagger: "2.0"
info:
description: "send email function."
title: "send-email"
version: "1.0.0"
host: "REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net"
security:
- api_key: []
schemes:
- https
produces:
- application/json
paths:
/send-email:
get:
summary: Greet a user
operationId: hello
x-google-backend:
address: https://REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net/send-email
protocol: h2
responses:
"200":
description: A successful response
schema:
type: string
securityDefinitions:
# This section configures basic authentication with an API key.
api_key:
type: "apiKey"
name: "key"
in: "query"
如果我跑步:
gcloud endpoints services deploy openapi-functions.yaml --project ESP_PROJECT_ID --verbosity='debug'
输出为:
DEBUG: Running [gcloud.endpoints.services.deploy] with arguments: [--project: "PROJECT_ID", --verbosity: "debug", SERVICE_CONFIG_FILE:1: "[u'openapi-functions.yaml']"]
INFO: No JSON detected in service config. Trying YAML...
DEBUG: (gcloud.endpoints.services.deploy) PERMISSION_DENIED: Ownership for domain name 'us-central1-PROJECT_ID.cloudfunctions.net' on project 'PROJECT_ID' cannot be verified.
Traceback (most recent call last):
File "/dev/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 983, in Execute
resources = calliope_command.Run(cli=self, args=args)
File "/dev/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 807, in Run
resources = command_instance.Run(args)
File "/dev/google-cloud-sdk/lib/surface/endpoints/services/deploy.py", line 350, in Run
services_util.CreateService(self.service_name, project_id)
File "/dev/google-cloud-sdk/lib/googlecloudsdk/api_lib/endpoints/services_util.py", line 432, in CreateService
result = client.services.Create(create_request)
File "/dev/google-cloud-sdk/lib/googlecloudsdk/third_party/apis/servicemanagement/v1/servicemanagement_v1_client.py", line 657, in Create
config, request, global_params=global_params)
File "/dev/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 731, in _RunMethod
return self.ProcessHttpResponse(method_config, http_response, request)
File "/dev/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 737, in ProcessHttpResponse
self.__ProcessHttpResponse(method_config, http_response, request))
File "/dev/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 604, in __ProcessHttpResponse
http_response, method_config=method_config, request=request)
HttpForbiddenError: HttpError accessing <https://servicemanagement.googleapis.com/v1/services?alt=json>: response: <{'status': '403', 'content-length': '218', 'x-xss-protection': '0', 'x-content-type-options': 'nosniff', 'transfer-encoding': 'chunked', 'vary': 'Origin, X-Origin, Referer', 'server': 'ESF', '-content-encoding': 'gzip', 'cache-control': 'private', 'date': 'Sun, 31 May 2020 20:41:07 GMT', 'x-frame-options': 'SAMEORIGIN', 'alt-svc': 'h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"', 'content-type': 'application/json; charset=UTF-8'}>, content <{
"error": {
"code": 403,
"message": "Ownership for domain name 'us-central1-PROJECT_ID.cloudfunctions.net' on project 'PROJECT_ID' cannot be verified.",
"status": "PERMISSION_DENIED"
}
}
DEBUG:使用参数运行[gcloud.endpoints.services.deploy]:[--project:“project\u ID”,--verbosity:“DEBUG”,服务配置文件:1:“[u'openapi-functions.yaml']”
信息:在服务配置中未检测到JSON。正在尝试YAML。。。
调试:(gcloud.endpoints.services.deploy)权限\u被拒绝:无法验证项目“PROJECT\u ID”上域名“us-central1-PROJECT\u ID.cloudfunctions.net”的所有权。
回溯(最近一次呼叫最后一次):
文件“/dev/google cloud sdk/lib/googlecloudsdk/calliope/cli.py”,第983行,在Execute中
resources=calliope_command.Run(cli=self,args=args)
文件“/dev/googlecloudsdk/lib/googlecloudsdk/calliope/backend.py”,第807行,正在运行
resources=command\u instance.Run(args)
文件“/dev/googlecloudsdk/lib/surface/endpoints/services/deploy.py”,第350行,正在运行
服务\u util.CreateService(自助服务\u名称、项目\u id)
CreateService中的文件“/dev/google cloud sdk/lib/googlecloudsdk/api_lib/endpoints/services_util.py”,第432行
结果=client.services.Create(创建请求)
文件“/dev/google cloud sdk/lib/googlecloudsdk/third_party/api/servicemanagement/v1/servicemanagement_v1_client.py”,第657行,在Create中
配置、请求、全局参数=全局参数)
文件“/dev/googlecloudsdk/lib/third_party/apitools/base/py/base_api.py”,第731行,in_RunMethod
返回self.ProcessHttpResponse(方法配置、http响应、请求)
文件“/dev/google cloud sdk/lib/third_party/apitools/base/py/base_api.py”,第737行,在ProcessHttpResponse中
self.\uuuProcessHttpResponse(方法配置、http响应、请求))
文件“/dev/google cloud sdk/lib/third_party/apitools/base/py/base_api.py”,第604行,在__进程httpresponse中
http_响应,方法_配置=方法_配置,请求=请求)
HttpForbiddenError:HttpError访问:响应:,内容您提供了错误的主机,该主机说该主机应该是云\u运行\u主机名
:
在主机字段中,指定CLOUD\u RUN\u HOSTNAME
,即在部署ESPv2 Beta时,云运行创建的URL的主机名部分。不包括协议标识符,https://
您使用的是host:“REGION-FUNCTIONS\u PROJECT\u ID.cloudfunctions.net”
。主机值是正确的。我在上一篇文章中被告知这是文档中的一个错误。您对该项目有什么权限?运行gcloud endpoints services部署openapi-functions.yaml--project ESP_project_ID--verbosity='debug'
是否会显示有关部署可能出现问题的任何其他相关信息?@DanielOcando感谢您的回复。我编辑了添加调试输出的问题。我的个人gmail帐户被设置为项目所有者,只有一个帐户xxx@cloudservices.gserviceaccount.com
作为编辑器,项目_ID@appspot.gserviceaccount.com
作为编辑和最后一位成员xxx@gcf-admin robot.iam.gserviceaccount.com
作为云功能服务代理,我正在通过,并且用户的bhito响应是正确的,因为我能够成功地遵循教程。请注意,云端点将使用部署到Cloud Run的预构建ESPv2 Beta容器作为API网关,这就是命令失败的原因,该命令使用REGION-FUNCTIONS\u PROJECT\u ID.cloudfunctions.net
设置了host:
字段,您将收到403。我建议您遵循bhito答案上共享的链接,因为上面的配置总是会失败。@DanielOcando您是对的。谢谢你的帮助!