Python 如何修复403“;“拒绝访问”;尝试从Google云存储访问文件时的响应
问题 当尝试从Google云存储桶加载web应用程序的静态内容时,少数文件返回403响应代码,而所有其他文件都已成功下载 设置 该应用程序是一个由Django支持的(2.1.3)Python(3.7)应用程序,托管在Google App Engine上,使用IAM中已授予编辑器权限的服务帐户凭据。我们的前端使用Bootstrap 3.3.7,将其源文件托管在GCS bucket中,并使用django storages(1.7.1)插件与GCS API接口 麻烦的文件是引导提供的Glyphicon图像,以及CSS映射。加载所有其他引导资源时不会出现问题。我试过:Python 如何修复403“;“拒绝访问”;尝试从Google云存储访问文件时的响应,python,django,google-app-engine,google-cloud-storage,django-storage,Python,Django,Google App Engine,Google Cloud Storage,Django Storage,问题 当尝试从Google云存储桶加载web应用程序的静态内容时,少数文件返回403响应代码,而所有其他文件都已成功下载 设置 该应用程序是一个由Django支持的(2.1.3)Python(3.7)应用程序,托管在Google App Engine上,使用IAM中已授予编辑器权限的服务帐户凭据。我们的前端使用Bootstrap 3.3.7,将其源文件托管在GCS bucket中,并使用django storages(1.7.1)插件与GCS API接口 麻烦的文件是引导提供的Glyphicon
settings.py# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.9/howto/static-files/
# If on GAE, use STATIC_ROOT; local, use STATICFILES_DIRS
STATIC_URL = '/static/'
if os.getenv('GAE_ENV', '').startswith('standard'):
STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
else:
STATICFILES_DIRS = [os.path.join(BASE_DIR, 'static/')]
# Media url
MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'static/media/')
# Google Cloud Platform Settings (Storage & Authentication)
# Authentication
os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = os.path.join(BASE_DIR, 'conf/vwa.json')
GS_CREDENTIALS = service_account.Credentials.from_service_account_file(
os.path.join(BASE_DIR, 'conf/vwa.json')
)
# File Storage
DEFAULT_FILE_STORAGE = 'storages.backends.gcloud.GoogleCloudStorage'
GS_BUCKET_NAME = os.getenv('GS_BUCKET_NAME', '')
# Static Storage
STATICFILES_STORAGE = 'storages.backends.gcloud.GoogleCloudStorage'
{
"bindings": [
{
"members": [
"serviceAccount:SERVICEACCOUNTADDRESS"
],
"role": "roles/storage.admin"
},
{
"members": [
"projectEditor:PROJECTNAME",
"projectOwner:PROJECTNAME"
],
"role": "roles/storage.legacyBucketOwner"
},
{
"members": [
"projectViewer:PROJECTNAME"
],
"role": "roles/storage.legacyBucketReader"
}
],
"etag": "CAI="
}
[
{
"entity": "project-editors-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "editors"
},
"role": "OWNER"
},
{
"entity": "project-owners-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "owners"
},
"role": "OWNER"
},
{
"entity": "project-viewers-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "viewers"
},
"role": "READER"
}
]
{
"bindings": [
{
"members": [
"serviceAccount:SERVICEACCOUNTADDRESS"
],
"role": "roles/storage.admin"
},
{
"members": [
"projectEditor:PROJECTNAME",
"projectOwner:PROJECTNAME"
],
"role": "roles/storage.legacyBucketOwner"
},
{
"members": [
"projectViewer:PROJECTNAME"
],
"role": "roles/storage.legacyBucketReader"
}
],
"etag": "CAI="
}
[
{
"entity": "project-editors-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "editors"
},
"role": "OWNER"
},
{
"entity": "project-owners-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "owners"
},
"role": "OWNER"
},
{
"entity": "project-viewers-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "viewers"
},
"role": "READER"
}
]
{
"bindings": [
{
"members": [
"projectOwner:PROJECTNAME",
"projectEditor:PROJECTNAME",
"serviceAccount:SERVICEACCOUNTADDRESS",
"allUsers"
],
"role": "roles/storage.legacyObjectOwner"
},
{
"members": [
"projectViewer:PROJECTNAME",
"allAuthenticatedUsers"
],
"role": "roles/storage.legacyObjectReader"
}
],
"etag": "CAQ="
}
[
{
"entity": "project-owners-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "owners"
},
"role": "OWNER"
},
{
"entity": "project-editors-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "editors"
},
"role": "OWNER"
},
{
"entity": "project-viewers-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "viewers"
},
"role": "READER"
},
{
"email": "SERVICEACCOUNTADDRESS",
"entity": "user-SERVICEACCOUNTADDRESS",
"role": "OWNER"
},
{
"entity": "allAuthenticatedUsers",
"role": "READER"
},
{
"entity": "allUsers",
"role": "OWNER"
}
]
{
"bindings": [
{
"members": [
"projectOwner:PROJECTNAME",
"projectEditor:PROJECTNAME",
"serviceAccount:SERVICEACCOUNTADDRESS",
"allUsers"
],
"role": "roles/storage.legacyObjectOwner"
},
{
"members": [
"projectViewer:PROJECTNAME",
"allAuthenticatedUsers"
],
"role": "roles/storage.legacyObjectReader"
}
],
"etag": "CAQ="
}
[
{
"entity": "project-owners-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "owners"
},
"role": "OWNER"
},
{
"entity": "project-editors-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "editors"
},
"role": "OWNER"
},
{
"entity": "project-viewers-649435531377",
"projectTeam": {
"projectNumber": "649435531377",
"team": "viewers"
},
"role": "READER"
},
{
"email": "SERVICEACCOUNTADDRESS",
"entity": "user-SERVICEACCOUNTADDRESS",
"role": "OWNER"
},
{
"entity": "allAuthenticatedUsers",
"role": "READER"
},
{
"entity": "allUsers",
"role": "OWNER"
}
]
我希望有问题的文件应该正确下载,但实际行为是403响应代码。我感谢所有的帮助,以及改进我的问题的建议。谢谢 您的IAM策略和Bucket ACL都非常混乱。切勿在IAM策略中分配
allUsersallAuthenticatedUsersalluserallUsers