尝试从谷歌保险库下载导出,使用服务帐户获取403错误。
尝试从谷歌保险库下载导出,使用服务帐户获取403错误。
提问于 2022-08-25 01:21:27
从https://developers.google.com/vault/guides/exports的文档中,我能够创建、列出和检索导出,但是我还没有找到任何方法来下载与特定导出相关的导出数据。是否有任何方法通过API下载导出的文件,或者这是否只能通过保险库UI获得?
导出元数据中有一个cloudStorageSink键,但是尝试使用使用云存储API提供的值会导致泛型权限问题(403个错误)。
我发现了一个错误:
com.google.cloud.storage.StorageException: gcsadmin@gmail-acess-347301.iam.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object.
71e6f8ba-dc92-494f-b584-1a9675074c0b/exportly-f1c1ecd8-254c-4078-b0c2-5228905720d3/My_first_mail_accounts_export-metadata.csv 4d17606f-0ebc-46e7-8369-d8e4ffd12b44
at com.google.cloud.storage.StorageException.translate(StorageException.java:118)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.translate(HttpStorageRpc.java:287)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.get(HttpStorageRpc.java:512)
at com.google.cloud.storage.StorageImpl.lambda$get$6(StorageImpl.java:285)
at com.google.api.gax.retrying.DirectRetryingExecutor.submit(DirectRetryingExecutor.java:103)
at com.google.cloud.RetryHelper.run(RetryHelper.java:76)
at com.google.cloud.RetryHelper.runWithRetries(RetryHelper.java:50)
at com.google.cloud.storage.Retrying.run(Retrying.java:54)
at com.google.cloud.storage.StorageImpl.run(StorageImpl.java:1406)
at com.google.cloud.storage.StorageImpl.get(StorageImpl.java:284)
at com.google.cloud.storage.StorageImpl.get(StorageImpl.java:290)
at com.q1d.googlevaulttest.Quickstart.downloadObject(Quickstart.java:159)
at com.q1d.googlevaulttest.Quickstart.main(Quickstart.java:215)
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
GET https://storage.googleapis.com/storage/v1/b/4d17606f-0ebc-46e7-8369-d8e4ffd12b44/o/71e6f8ba-dc92-494f-b584-1a9675074c0b%2Fexportly-f1c1ecd8-254c-4078-b0c2-5228905720d3%2FMy_first_mail_accounts_export-1.zip?projection=full
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "gcsadmin@gmail-acess-347301.iam.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object.",
"reason" : "forbidden"
} ],
"message" : "gcsadmin@gmail-acess-347301.iam.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object."
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:118)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:37)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:428)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1111)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:514)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:455)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:565)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.get(HttpStorageRpc.java:509)
... 10 more按照其他用户指南,我试图下载对象而不是整个桶,下面是我使用的代码:(gcs.json密钥文件是我在Google云中创建的服务帐户,具有域范围的委托)
public static void downloadObject(String projectId, String bucketName, String objectName,
String destFilePath) throws IOException {
// The ID of your GCP project
// String projectId = "your-project-id";
// The ID of your GCS bucket
// String bucketName = "your-unique-bucket-name";
// The ID of your GCS object
// String objectName = "your-object-name";
// The path to which the file should be downloaded
// String destFilePath = "/local/path/to/file.txt";
// Load client secrets.
InputStream in = Quickstart.class.getResourceAsStream("/gcs.json");
if (in == null) {
throw new FileNotFoundException("Resource not found: " + "gcs.json");
}
Storage storage = StorageOptions.newBuilder().setCredentials(ServiceAccountCredentials.fromStream(in)).build()
.getService();
Blob blob = storage.get(BlobId.of(bucketName, objectName));
//Blob blob = storage.get(BlobId.fromGsUtilUri(objectURI));
blob.downloadTo(Paths.get(destFilePath));
System.out
.println("Downloaded object " + objectName + " from bucket name " + bucketName + " to " + destFilePath);
}Stack Overflow用户
发布于 2022-08-25 03:07:31
错误的这一部分指示如何解决问题:
gcsadmin@gmail-acess-347301.iam.gserviceaccount.com没有storage.objects.get访问Google对象的权限
解决方案是添加具有所需权限的角色。例如:
Storage Object Viewer (roles/storage.objectViewer)必须将该角色添加到服务帐户:
gcsadmin@gmail-acess-347301.iam.gserviceaccount.com
gcloud projects add-iam-policy-binding REPLACE_WITH_YOUR_PROJECT_ID \
--member='serviceAccount:gcsadmin@gmail-acess-347301.iam.gserviceaccount.com' \
--role='roles/storage.objectViewer'命令的文件:
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/73480936
复制相关文章
相似问题
腾讯云开发者
