Google cloud platform 如何授予服务帐户对谷歌云上用户帐户的访问权限
我的Google cloud platform 如何授予服务帐户对谷歌云上用户帐户的访问权限,google-cloud-platform,gcloud,google-iam,Google Cloud Platform,Gcloud,Google Iam,我的gcloud命令有问题,花了一周时间来解决。 运行gcloud命令gcloud auth revoke时,出现以下错误 WARNING: This command is using service account impersonation. All API calls will be executed as [xxx@gmail.com]. // xxx@gmail.com is my user account which is the owner of the project. ERRO
gcloudgcloud auth revokeWARNING: This command is using service account impersonation. All API calls will be executed as [xxx@gmail.com]. // xxx@gmail.com is my user account which is the owner of the project.
ERROR: (gcloud.iam.service-accounts.create) Failed to impersonate [xxx@gmail.com]. Make sure the account that's trying to impersonate it has access to the service account itself and the "roles/iam.serviceAccountTokenCreator" role.
gcloud auth revokegcloud auth logingcloud auth list如果有人曾经面对过这个问题,并且知道如何解决这个问题,我想知道如何解决。谢谢。我发现我将用户帐户设置为模拟服务帐户,这没有任何意义
在我运行了
gcloud config unset auth/impersonate\u service\u account=======================
==== request start ====
uri: https://oauth2.googleapis.com/token
method: POST
== headers start ==
content-type: application/x-www-form-urlencoded
user-agent: google-cloud-sdk gcloud/310.0.0 command/gcloud.auth.revoke invocation-id/xxx environment/None environment-version/None interactive/True from-script/False python/2.7.16 term/xterm-256color (Macintosh; Intel Mac OS X 19.2.0)
== headers end ==
== body start ==
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this request.
== body end ==
==== request end ====
---- response start ----
status: 200
-- headers start --
-content-encoding: gzip
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1389
content-type: application/json; charset=utf-8
date: Sun, 22 Nov 2020 00:59:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: scaffolding on HTTPServer2
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
-- headers end --
-- body start --
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this response.
-- body end --
total round trip time (request+response): 0.207 secs
---- response end ----
----------------------
=======================
==== request start ====
uri: https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/xxx@gmail.com:generateAccessToken
method: POST
== headers start ==
Content-Type: application/json
authorization: Bearer xxx
user-agent: google-cloud-sdk gcloud/310.0.0 command/gcloud.auth.revoke invocation-id/xxx environment/None environment-version/None interactive/True from-script/False python/2.7.16 term/xterm-256color (Macintosh; Intel Mac OS X 19.2.0)
== headers end ==
== body start ==
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this request.
== body end ==
==== request end ====
---- response start ----
status: 404
-- headers start --
-content-encoding: gzip
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 114
content-type: application/json; charset=UTF-8
date: Sun, 22 Nov 2020 00:59:28 GMT
server: ESF
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
-- headers end --
-- body start --
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this response.
-- body end --
total round trip time (request+response): 0.389 secs
---- response end ----
----------------------