Google cloud platform 如何授予服务帐户对谷歌云上用户帐户的访问权限

Google cloud platform 如何授予服务帐户对谷歌云上用户帐户的访问权限,google-cloud-platform,gcloud,google-iam,Google Cloud Platform,Gcloud,Google Iam,我的gcloud命令有问题,花了一周时间来解决。 运行gcloud命令gcloud auth revoke时,出现以下错误 WARNING: This command is using service account impersonation. All API calls will be executed as [xxx@gmail.com]. // xxx@gmail.com is my user account which is the owner of the project. ERRO

我的
gcloud
命令有问题,花了一周时间来解决。 运行gcloud命令
gcloud auth revoke
时,出现以下错误

WARNING: This command is using service account impersonation. All API calls will be executed as [xxx@gmail.com]. // xxx@gmail.com is my user account which is the owner of the project.
ERROR: (gcloud.iam.service-accounts.create) Failed to impersonate [xxx@gmail.com]. Make sure the account that's trying to impersonate it has access to the service account itself and the "roles/iam.serviceAccountTokenCreator" role.
为了解决这个问题,我创建了一个具有“roles/iam.serviceAccountTokenCreator”角色的服务帐户,并将策略授予xxx@gmail.com. 但它不起作用

详细错误如下(使用“-log http”运行命令)

另一件让我感到困惑的事情是
gcloud auth revoke
不起作用,但是
gcloud auth login
gcloud auth list
工作时没有任何错误


如果有人曾经面对过这个问题,并且知道如何解决这个问题,我想知道如何解决。谢谢。

我发现我将用户帐户设置为模拟服务帐户,这没有任何意义


在我运行了
gcloud config unset auth/impersonate\u service\u account
之后,它可以正常工作。谢谢。

感谢您为自己的答案添加回复!请认为帮助别人是正确的。
=======================
==== request start ====
uri: https://oauth2.googleapis.com/token
method: POST
== headers start ==
content-type: application/x-www-form-urlencoded
user-agent: google-cloud-sdk gcloud/310.0.0 command/gcloud.auth.revoke invocation-id/xxx environment/None environment-version/None interactive/True from-script/False python/2.7.16 term/xterm-256color (Macintosh; Intel Mac OS X 19.2.0)
== headers end ==
== body start ==
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this request.
== body end ==
==== request end ====
---- response start ----
status: 200
-- headers start --
-content-encoding: gzip
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1389
content-type: application/json; charset=utf-8
date: Sun, 22 Nov 2020 00:59:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: scaffolding on HTTPServer2
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
-- headers end --
-- body start --
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this response.
-- body end --
total round trip time (request+response): 0.207 secs
---- response end ----
----------------------
=======================
==== request start ====
uri: https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/xxx@gmail.com:generateAccessToken
method: POST
== headers start ==
Content-Type: application/json
authorization: Bearer xxx
user-agent: google-cloud-sdk gcloud/310.0.0 command/gcloud.auth.revoke invocation-id/xxx environment/None environment-version/None interactive/True from-script/False python/2.7.16 term/xterm-256color (Macintosh; Intel Mac OS X 19.2.0)
== headers end ==
== body start ==
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this request.
== body end ==
==== request end ====
---- response start ----
status: 404
-- headers start --
-content-encoding: gzip
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 114
content-type: application/json; charset=UTF-8
date: Sun, 22 Nov 2020 00:59:28 GMT
server: ESF
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
-- headers end --
-- body start --
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this response.
-- body end --
total round trip time (request+response): 0.389 secs
---- response end ----
----------------------