从云函数访问谷歌云存储桶会引发 500 错误

【问题标题】:Accessing google cloud storage bucket from cloud functions throws 500 error从云函数访问谷歌云存储桶会引发 500 错误
【发布时间】:2019-10-12 04:54:32
【问题描述】:

我正在尝试从云函数 (python) 实例访问谷歌云存储桶,它抛出了神秘的 500 错误。

  • 我也赋予了服务帐户编辑角色。它没有做任何改变。
  • 我还检查了是否有任何配额超出限制。限制甚至没有接近。

拜托,谁能帮我找出这个错误的原因?

这里是代码


    from google.cloud import storage
    import os
    import base64

    storage_client = storage.Client()


    def init_analysis(event, context):
        print("event", event)
        pubsub_message = base64.b64decode(event['data']).decode('utf-8')

        print(pubsub_message)
        bucket_name = 'my-bucket'
        bucket = storage_client.get_bucket(bucket_name)
        blobs = bucket.list_blobs()
        for blob in blobs:
            print(blob.name)

错误:

    Traceback (most recent call last): File "/env/local/lib/python3.7/site-packages/google/auth/compute_engine/credentials.py", line 99, in refresh service_account=self._service_account_email) File "/env/local/lib/python3.7/site-packages/google/auth/compute_engine/_metadata.py", line 208, in get_service_account_token 'instance/service-accounts/{0}/token'.format(service_account)) File "/env/local/lib/python3.7/site-packages/google/auth/compute_engine/_metadata.py", line 140, in get url, response.status, response.data), response) google.auth.exceptions.TransportError: ("Failed to retrieve http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/my-project@appspot.gserviceaccount.com/token from the Google Compute Enginemetadata service. Status: 500 Response:\nb'Could not fetch URI /computeMetadata/v1/instance/service-accounts/my-project@appspot.gserviceaccount.com/token\\n'", <google.auth.transport.requests._Response object at 0x2b0ef9edf438>) The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/env/local/lib/python3.7/site-packages/google/cloud/functions/worker.py", line 383, in run_background_function _function_handler.invoke_user_function(event_object) File "/env/local/lib/python3.7/site-packages/google/cloud/functions/worker.py", line 217, in invoke_user_function return call_user_function(request_or_event) File "/env/local/lib/python3.7/site-packages/google/cloud/functions/worker.py", line 214, in call_user_function event_context.Context(**request_or_event.context)) File "/user_code/main.py", line 21, in init_analysis bucket = storage_client.get_bucket(bucket_name) File "/env/local/lib/python3.7/site-packages/google/cloud/storage/client.py", line 227, in get_bucket bucket.reload(client=self) File "/env/local/lib/python3.7/site-packages/google/cloud/storage/_helpers.py", line 130, in reload _target_object=self, File "/env/local/lib/python3.7/site-packages/google/cloud/_http.py", line 315, in api_request target_object=_target_object, File "/env/local/lib/python3.7/site-packages/google/cloud/_http.py", line 192, in _make_request return self._do_request(method, url, headers, data, target_object) File "/env/local/lib/python3.7/site-packages/google/cloud/_http.py", line 221, in _do_request return self.http.request(url=url, method=method, headers=headers, data=data) File "/env/local/lib/python3.7/site-packages/google/auth/transport/requests.py", line 205, in request self._auth_request, method, url, request_headers) File "/env/local/lib/python3.7/site-packages/google/auth/credentials.py", line 122, in before_request self.refresh(request) File "/env/local/lib/python3.7/site-packages/google/auth/compute_engine/credentials.py", line 102, in refresh six.raise_from(new_exc, caught_exc) File "<string>", line 3, in raise_from google.auth.exceptions.RefreshError: ("Failed to retrieve http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/my-project@appspot.gserviceaccount.com/token from the Google Compute Enginemetadata service. Status: 500 Response:\nb'Could not fetch URI /computeMetadata/v1/instance/service-accounts/my-project@appspot.gserviceaccount.com/token\\n'", <google.auth.transport.requests._Response object at 0x2b0ef9edf438>)
google.auth.exceptions.TransportError: ("Failed to retrieve http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/my-project@appspot.gserviceaccount.com/token from the Google Compute Enginemetadata service. Status: 500 Response:\nb'Could not fetch URI /computeMetadata/v1/instance/service-accounts/my-project@appspot.gserviceaccount.com/token\\n'"

【问题讨论】:

  • 您的 Cloud Functions 服务帐户 (service-PROJECT_NUMBER@gcf-admin-robot.iam.gserviceaccount.com) 是否具有 cloudfunctions.serviceAgent 角色?正如您在documentation 上看到的,此服务帐户需要此角色。
  • @TasosV 我认为编辑角色涵盖了所有这些。不是这样吗?我刚刚尝试分配了所有与云功能相关的角色。它抛出了同样的错误:(

标签: python google-cloud-platform google-cloud-functions google-cloud-storage


【解决方案1】:

您收到的错误是因为您的 Cloud Functions 服务帐户没有 cloudfunctions.serviceAgent 角色。正如您在the documentation 上看到的:

如果您更改 Cloud Functions 服务帐户的权限,则从您的函数内部验证为运行时服务帐户可能会失败。

但是,我发现有时您无法添加此角色,因为它没有显示为选项。我已将此问题报告给 Google Cloud Functions 工程团队,他们正在努力解决。

不过,您可以使用this gcloud 命令再次添加角色:

gcloud projects add-iam-policy-binding <project_name> --role=roles/cloudfunctions.serviceAgent --member=serviceAccount:service-<project_number>@gcf-admin-robot.iam.gserviceaccount.com

【讨论】:

    猜你喜欢
    • 2019-08-24
    • 2018-07-22
    • 2017-05-13
    • 1970-01-01
    • 2022-01-15
    • 2018-12-09
    • 2016-01-31
    • 2020-03-29
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode