Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
576 views
in Technique[技术] by (71.8m points)

google-cloud-platform - Google Cloud Run查询bigquery的权限(Google Cloud Run permissions to query bigquery)

I have a small python app running in google cloud run with docker.

(我有一个小型python应用程序在docker中运行的Google Cloud中运行。)

The application is triggered by http requests, executes a query in big query and return the result.

(该应用程序由http请求触发,在大查询中执行查询并返回结果。)

Unfortunately I get the following permission error:

(不幸的是,我收到以下权限错误:)

Reason: 403 POST https://bigquery.googleapis.com/bigquery/v2/projects/XXXX/jobs: Access Denied: Project XXXX: User does not have bigquery.jobs.create permission in project XXXX.

(job ID: XXXX-XX-XX-XX-XXXX)


I understand I need to give access from cloud run to big query.

(我了解我需要授予从云运行到大型查询的访问权限。)

How do I do it?

(我该怎么做?)

to which user?

(给哪个用户?)

how can i find out?

(我怎么知道?)

  ask by DarioB translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You need to add BiqQuery permissions via IAM Roles to the service account assigned to Cloud Run.

(您需要通过IAM角色将BiqQuery权限添加到分配给Cloud Run的服务帐户。)

To allow Cloud Run to create Big Query jobs (bigquery.jobs.create) you need one of the following roles:

(要允许Cloud Run创建Big Query作业(bigquery.jobs.create),您需要以下角色之一:)

  • roles/bigquery.user

    (角色/bigquery.user)

  • roles/bigquery.jobUser

    (角色/bigquery.jobUser)

The service account for Cloud Run is displayed in the Google Cloud Console in the Cloud Run section for your service.

(Cloud Run的服务帐户显示在Google Cloud Console中“ Cloud Run”部分的服务中。)

Most likely this is Compute Engine default service account .

(这很可能是Compute Engine default service account 。)

To add a BiqQuery role, you can use the Google Cloud Console.

(要添加BiqQuery角色,您可以使用Google Cloud Console。)

Go to IAM, find the service account.

(转到IAM,找到服务帐户。)

Add roles to the service account.

(将角色添加到服务帐户。)

Documentation:

(说明文件:)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...