【发布时间】:2021-06-11 07:09:25
【问题描述】:
在服务项目中创建 Google composer 私有环境时,我正在尝试使用宿主项目中的子网。我已将编辑角色授予作曲家服务帐户以及作曲家 API 服务代理帐户以修复权限问题。我仍然低于错误。是防火墙问题吗?我们需要什么防火墙设置?
无法创建环境,但没有出现错误。
This can be caused by a lack of proper permissions. Check if this environment's service account XXXXXX@YYYYYYY.iam.gserviceaccount.com has the 'roles/composer.worker' role and there is no firewall inhibiting internal communications set.
Http error status code: 400
Http error message: BAD REQUEST
Error messages:
{"ResourceType":"gcp-types/compute-v1:compute.networks.listPeeringRoutes","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"errors":[{"domain":"global","message":"Required 'compute.networks.listPeeringRoutes' permission for 'projects/HOST_PROJECT/global/networks/dev-networks'","reason":"forbidden"}],"message":"Required 'compute.networks.listPeeringRoutes' permission for 'projects/HOST_PROJECT/global/networks/dev-networks'","statusMessage":"Forbidden","requestPath":"https://compute.googleapis.com/compute/v1/projects/HOST_PROJECT/global/networks/dev-networks/listPeeringRoutes","httpMethod":"GET","suggestion":"Consider granting permissions to ZZZZZZ@cloudservices.gserviceaccount.com"}}
【问题讨论】:
-
您能否提供您想要实现的具体目标以及您已完成的所有步骤/命令(不含敏感数据)。你有没有使用任何教程?这是完整的错误信息?我想在我的环境中测试这个。
-
感谢您的回复。我能够解决它。这是权限问题
标签: google-cloud-platform google-cloud-composer