GCP:通过Google Cloud Compute API发送删除请求时身份验证错误403
我的问题很简单,但我无法将问题放在哪里。我正在GCP计算实例中运行Docker映像,该实例应该在容器完成后自行破坏自己的实例。 main.py脚本看起来像这样:
from google.cloud import compute
def main():
'''main container function'''
def delete_instance():
project_id = os.getenv('PROJECT_ID')
zone = os.getenv('ZONE')
zone = os.getenv('INSTANCE_NAME')
instance = compute.InstancesClient()
instance.delete(project=project_id, zone=zone, instance=instance)
if __name__ == '__main__':
main()
delete_instance()
instance.delete()返回403错误requests.exceptions.httperror:403客户端错误:url禁止: ...
我的理解是它无法验证请求。此实例正在使用默认服务帐户,并已获得(并启用)权限删除一个实例:Compute Instance Admin(V1)。我不认为我会根据 api参考。 Finally, according to the 文档如果未指定凭据,客户将尝试从环境中确定凭据,情况就是如此。据我了解,这意味着使用默认服务帐户凭据/令牌。
我是否正确使用google-cloud-compute库正确?有人经历过吗?谢谢
My problem is simple but I can't get my head around where is the problem. I am running a Docker image in a GCP compute instance that should self-destroy its own instance when the container has finished. The main.py script looks something like this:
from google.cloud import compute
def main():
'''main container function'''
def delete_instance():
project_id = os.getenv('PROJECT_ID')
zone = os.getenv('ZONE')
zone = os.getenv('INSTANCE_NAME')
instance = compute.InstancesClient()
instance.delete(project=project_id, zone=zone, instance=instance)
if __name__ == '__main__':
main()
delete_instance()
instance.delete() returns a 403 error requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: ...
My understanding is that it is failing to authenticate the request. This instance is using the default service account and has been granted (and enabled) permissions to delete an instance: Compute Instance Admin (v1). I don't think I am missing any required arguments according to the API reference. Finally, according to the docs if one does not specify credentials the client will attempt to ascertain the credentials from the environment, which is the case here. Which as I understand means using the default service account credentials/token.
Am I using the google-cloud-compute library correctly? Has anyone ever experienced this? Thanks ahead
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
将解决方案留在此处参考。问题在于,即使有了正确的权限,在实例创建中,这些都会自动向下范围(不确定为什么)。将此选项添加到
gcloud Compute Instances create-container修复了它:Leaving the solution here for reference. The problem was that even with the right permissions, during instance creation these were scoped down automatically (not sure why). Adding this option to
gcloud compute instances create-from-containerfixed it: