如何通过本地计算机上的python代码获得对GCP项目的授权访问?

时间:2019-09-14 05:05:19

标签: google-app-engine google-cloud-platform gcloud google-cloud-ml

我希望有权访问我的GCP项目,以便将ML模型部署到Cloud ML Engine。

我已经在GCP中创建了一个项目。创建的服务帐户。已下载JSON密钥文件,并将指向环境变量GOOGLE_APPLICATION_CREDENTIALS指向JSON文件。还使用Cloud Shell初始化了项目。 

 import os
 PROJECT = 'cloud-mle' # REPLACE WITH YOUR PROJECT ID
 REGION = 'us-central1' # Choose an available region 
 BUCKET = 'cloud-mle' # REPLACE WITH YOUR BUCKET NAME

# for bash
os.environ['PROJECT'] = PROJECT
os.environ['BUCKET'] = BUCKET
os.environ['REGION'] = REGION
os.environ['TFVERSION'] = '1.14.0'  # Tensorflow version
os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = 'service-acc.json' # service account key file

!gcloud config set project $PROJECT
!gcloud config set compute/region $REGION
!gcloud config set account cloud-mle-test@cloud-mle.iam.gserviceaccount.com
!gcloud auth activate-service-account cloud-mle-test@cloud-mle.iam.gserviceaccount.com --key-file=cloudmle-serv-acc.json
!gcloud config list

这时我收到警告;您似乎无权访问项目[cloud-mle]。请帮助我了解我缺少什么,这限制了我对GCP项目的访问权限

Updated property [core/project].
WARNING: You do not appear to have access to project [cloud-mle] or it does not exist.
Updated property [compute/region].
Updated property [core/account].
Activated service account credentials for: [cloudmle-test@cloud-mle.iam.gserviceaccount.com]
[compute]
region = us-central1
zone = us-central1-a
[core]
account = cloud-mle-test@cloud-mle.iam.gserviceaccount.com
disable_usage_reporting = False
project = cloud-mle

Your active configuration is: [default]

%%bash
PROJECT_ID=$PROJECT
AUTH_TOKEN=$(gcloud auth application-default login)
SVC_ACCOUNT=$(curl -X GET -H "Content-Type: application/json" \
    -H "Authorization: Bearer $AUTH_TOKEN" \
    https://ml.googleapis.com/v1/projects/${PROJECT_ID}:getConfig \
    | python -c "import json; import sys; response = json.load(sys.stdin); \
    print(response['serviceAccount'])")

echo "Authorizing the Cloud ML Service account $SVC_ACCOUNT to access files in $BUCKET"
gsutil -m defacl ch -u $SVC_ACCOUNT:R gs://$BUCKET
gsutil -m acl ch -u $SVC_ACCOUNT:R -r gs://$BUCKET  # error message (if bucket is empty) can be ignored
gsutil -m acl ch -u $SVC_ACCOUNT:W gs://$BUCKET

在执行上述代码段时收到以下错误


ERROR: There was a problem with web authentication.
ERROR: (gcloud.auth.application-default.login) invalid_grantMalformed auth code.

1 个答案:

答案 0 :(得分:0)

您必须自定义教程数据 这个:

 import os
 PROJECT = 'cloud-mle' # REPLACE WITH YOUR PROJECT ID
 REGION = 'us-central1' # Choose an available region 
 BUCKET = 'cloud-mle' # REPLACE WITH YOUR BUCKET NAME

# for bash
os.environ['PROJECT'] = PROJECT
os.environ['BUCKET'] = BUCKET
os.environ['REGION'] = REGION
os.environ['TFVERSION'] = '1.14.0'  # Tensorflow version
os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = 'service-acc.json' # service account key file

是Google Cloud Jupiter笔记本示例在机器学习的不同培训中的典型代表。

此错误行:

  

警告:您似乎无权访问项目[cloud-mle]或该项目不存在。

验证我的假设,即您不是项目的所有者,并且该名称是源代码中提供的示例。

只需替换值:

  • 使用项目ID(而不是名称!)
  • 设置所需区域
  • 创建存储分区,或将此行添加到所有!gcloud命令:!gsutil mb gs://${BUCKET}

存储桶必须是唯一的,项目ID也必须是唯一的。这就是为什么在许多示例/ qwiklab中,您将在projectID和Bucket名称中看到相同的值,但这不是强制性的。

相关问题
最新问题