Go存储客户端无法访问GCP存储桶。

huangapple go评论74阅读模式
英文:

Go storage client not able to access GCP bucket

问题

我有一个使用Golang编写的服务,其中有一个API用于将CSV文件上传到GCP存储桶。在我的本地主机上,我设置了环境变量GOOGLE_APPLICATION_CREDENTIAL,并将该变量指向服务账号JSON文件的文件路径。但是,在部署到实际的GCP实例时,当尝试访问此API时,我遇到了以下错误。理想情况下,服务应该与GCP元数据服务器通信,获取凭据,然后将它们存储在一个JSON文件中。所以这里有两个问题:

  1. 服务没有查询元数据服务以获取凭据。
  2. 如果文件存在(我手动创建的),由于权限问题无法访问。

任何帮助将不胜感激。

初始化存储客户端时出错:拨号:google:使用已知文件(/root/.config/gcloud/application_default_credentials.json)获取凭据时出错:打开/root/.config/gcloud/application_default_credentials.json:权限被拒绝

英文:

I have a golang service which has an API exposed where we try to upload a CSV to a GCP bucket. On my local host, I set the environment variable GOOGLE_APPLICATION_CREDENTIAL
and point this variable to the filepath of service account json. But when deploying to an actual GCP instance, I'm getting the below error while trying to access this API. Ideally,the service should talk to GCP metadata server and fetch the credentials and then store them in a json file. So there are 2 problems here:

  1. Service is not querying the metadata service to get the credentials.
  2. If file is present(I created it manually), it's not able to access due to permission issues.

Any help would be appreciated.

Error while initializing storage Client:dialing: google: error getting credentials using well-known file (/root/.config/gcloud/application_default_credentials.json): open /root/.config/gcloud/application_default_credentials.json: permission denied

答案1

得分: 0

终于,在长时间的调试和在网络上搜索之后,发现 go-storage 客户端已经有一个开放的 PR,链接在这里:https://github.com/golang/oauth2/issues/337。我不得不在代码中进行一些更改,使用了这个方法:https://pkg.go.dev/golang.org/x/oauth2/google#ComputeTokenSource。基本上,我们试图从元数据服务器显式地获取令牌,然后调用后续的云 API。

英文:

Finally, after long debugging and searching over the web, found out that there's already an open PR for the go-storage client which is open: https://github.com/golang/oauth2/issues/337. I had to make a few changes in the code using this method: https://pkg.go.dev/golang.org/x/oauth2/google#ComputeTokenSource where in basically we are trying to fetch the token explicitly from metadata server and then calling subsequent cloud API's.

huangapple
  • 本文由 发表于 2021年7月23日 18:08:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/68497538.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定