Google-Cloud-Platform

將 JSON 密鑰與穀歌云 gsutil 一起使用

  • September 7, 2019

我在一個文件中有一個 ssh 私鑰key.json,我想使用這個憑證來使用 gsutil 訪問儲存桶。

我似乎找不到任何關於如何將 json 密鑰作為身份驗證方法的資訊,只有“私有”和“秘密”欄位。

文件結構為:

{
 "private_key_id":
 "private_key": "-----BEGIN PRIVATE KEY-- ...
  "client_email":
  "client_id":
 "type": "service_account"
}

我如何使用gsutil該文件?

簡短版本是執行以下命令並按照說明進行操作:

gsutil config -e

gsutil 工具具有內置幫助,可以查閱各種選項和操作模式。執行gsutil help creds時,單獨執行時推薦的幫助選項之一gsutil,我們可以閱讀“ OAuth2 Service Account”部分以查看使用服務帳戶的 json 密鑰文件的說明:

OAuth2 Service Account:

This is the preferred type of credential to use when authenticating on
behalf of a service or application (as opposed to a user). For example, if
you will run gsutil out of a nightly cron job to upload/download data,
using a service account allows the cron job not to depend on credentials of
an individual employee at your company. This is the type of credential that
will be configured when you run "gsutil config -e".

It is important to note that a service account is considered an Editor by
default for the purposes of API access, rather than an Owner. In particular,
the fact that Editors have OWNER access in the default object and
bucket ACLs, but the canned ACL options remove OWNER access from
Editors, can lead to unexpected results. The solution to this problem is to
ensure the service account is an Owner in the Permissions tab for your
project. To find the email address of your service account, visit the
`Google Developers Console <https://cloud.google.com/console#/project>`_,
click on the project you're using, click "APIs & auth", and click
"Credentials".

To create a service account, visit the Google Developers Console and then:

  - Click "APIs & auth" in the left sidebar.

  - Click "Credentials".

  - Click "Create New Client ID".

  - Select "Service Account" as your application type.

  - Save the JSON private key or the .p12 private key and password
    provided.

For further information about account roles, see:
 https://developers.google.com/console/help/#DifferentRoles

For more details about OAuth2 service accounts, see:
 https://developers.google.com/accounts/docs/OAuth2ServiceAccount

引用自:https://serverfault.com/questions/767728

相關問答

Google-Cloud-Platform

gsutil rsync“解壓的值太多”錯誤

  • August 7, 2019
檢視問答
Rsync

gsutil rsync上的同步階段慢?

  • November 3, 2015
檢視問答
Google-Cloud-Platform

我無法再對區域 europe-west2 的 BigQuery 執行任何查詢(瞬態錯誤 n°4233314)

  • July 19, 2022
檢視問答
Google-Cloud-Platform

從 URL 下載到 GCP 儲存桶

  • April 8, 2022
檢視問答
Google-Cloud-Platform

GCS - 網際網路出口費用

  • April 5, 2022
檢視問答
Google-Cloud-Platform

googleapi:錯誤 403:567x@cloudbuild.gserviceaccount.com 沒有 storage.objects.get 訪問 Google Cloud Storage 對象的權限

  • March 29, 2022
檢視問答