代码之家  ›  专栏  ›  技术社区  ›  Josh Laird

StorageException:匿名调用方没有storage.objects.get访问权限

circleci-2.0 circleci google-cloud-platform
  •  1
  • Josh Laird  · 技术社区  · 7 年前

    在CircleCI上运行下面的代码时 

    fun getJsonFromCloudStorage(): ByteArrayInputStream {
    val blobId = BlobId.of("my-company", "creds/my-company-creds.json")
    val storage = StorageOptions.getDefaultInstance().service
    val get = storage.get(blobId)
    return get.getContent().inputStream()
}

    它将在集成测试期间抛出以下错误。 

    > Task :test FAILED
function.GetMetadataFromYouTubeTest > extractIncorrectId FAILED
    java.lang.ExceptionInInitializerError
        at function.GetMetadataFromYouTube.expand(GetMetadataFromYouTube.kt:17)
        at function.GetMetadataFromYouTube.expand(GetMetadataFromYouTube.kt:14)
        at org.apache.beam.sdk.Pipeline.applyInternal(Pipeline.java:537)
        at org.apache.beam.sdk.Pipeline.applyTransform(Pipeline.java:491)
        at org.apache.beam.sdk.values.PCollection.apply(PCollection.java:299)
        at function.GetMetadataFromYouTubeTest.extractIncorrectId(GetMetadataFromYouTubeTest.kt:71)

        Caused by:
        com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.get access to cni-analytics/creds/cni-awesome.json.
            at com.google.cloud.storage.spi.v1.HttpStorageRpc.translate(HttpStorageRpc.java:220)
            at com.google.cloud.storage.spi.v1.HttpStorageRpc.get(HttpStorageRpc.java:414)
            at com.google.cloud.storage.StorageImpl$5.call(StorageImpl.java:198)
            at com.google.cloud.storage.StorageImpl$5.call(StorageImpl.java:195)
            at com.google.api.gax.retrying.DirectRetryingExecutor.submit(DirectRetryingExecutor.java:89)
            at com.google.cloud.RetryHelper.run(RetryHelper.java:74)
            at com.google.cloud.RetryHelper.runWithRetries(RetryHelper.java:51)
            at com.google.cloud.storage.StorageImpl.get(StorageImpl.java:195)
            at com.google.cloud.storage.StorageImpl.get(StorageImpl.java:209)
            at storage.CredentialHelper$Companion.getJsonFromCloudStorage(CredentialHelper.kt:18)
            at service.YoutubeService.initialiseYouTube(YoutubeService.kt:50)
            at service.YoutubeService.<init>(YoutubeService.kt:19)
            at MainKt.<clinit>(main.kt:15)
            ... 6 more

            Caused by:
            com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
            {
              "code" : 401,
              "errors" : [ {
                "domain" : "global",
                "location" : "Authorization",
                "locationType" : "header",
                "message" : "Anonymous caller does not have storage.objects.get access to my-company/creds/my-company-creds.json.",
                "reason" : "required"
              } ],
              "message" : "Anonymous caller does not have storage.objects.get access to my-company/creds/my-company-creds.json."
            }
                at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
                at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
                at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
                at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:321)
                at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1065)
                at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
                at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
                at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
                at com.google.cloud.storage.spi.v1.HttpStorageRpc.get(HttpStorageRpc.java:411)
                ... 17 more

    我跟着 their documentation .

    1 回复  |  直到 7 年前
        1
  •  1
  •   Josh Laird    7 年前

    他们在里面说的 their documentation :

    Note: To use certain services (like Google Cloud Datastore), you will also need to set the CircleCI $GOOGLE_APPLICATION_CREDENTIALS environment variable to ${HOME}/gcloud-service-key.json.

    相反,我设置 $GOOGLE_APPLICATION_CREDENTIALS 在这个圈子里 /home/circleci/gcloud-service-key.json 而且成功了。

    我假设这是因为我试图从UI中引用一个环境变量,所以 ${HOME} 在设置此env varible时未设置。如果在 config.yml 这样就行了。

    推荐文章
    ruazn2  ·  为CircleCI cimg/node:lts浏览器设置浏览器分辨率
    3 年前
    fahu  ·  CircleCI:ESLint在CI上返回退出代码0,尽管测试失败
    7 年前
    mRcSchwering  ·  circleci中docker executor的docker compose组网
    7 年前
    Kouta Osabe  ·  Q: 如何仅在主分支的情况下更改并行度值?(CircleCI2.0)
    7 年前
    Jitesh Sojitra  ·  在容器中运行作业一小时后,由于内存不足,Java进程被终止
    7 年前
    president  ·  CircleCi没有看到我的测试
    7 年前
    Anthony Kong  ·  如何提取和重用此yaml片段的公共部分?
    7 年前
    M.P.  ·  CIrcle CI 2.0 codecov:未找到命令
    7 年前
    Anthony Kong  ·  如何在circleci 2.0中逐步启用nvm?
    7 年前
    Brian Var  ·  如何在CircleCI 2.0上配置顺序工作流?
    7 年前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号