У меня проблема с командой gcloud и неделю тратит на ее устранение. Когда я запустил команду gcloud gcloud auth revoke, я получил следующую ошибку.
WARNING: This command is using service account impersonation. All API calls will be executed as [[email protected]]. // [email protected] is my user account which is the owner of the project.
ERROR: (gcloud.iam.service-accounts.create) Failed to impersonate [[email protected]]. Make sure the account that's trying to impersonate it has access to the service account itself and the "roles/iam.serviceAccountTokenCreator" role.
Чтобы исправить это, я создал учетную запись службы с ролью role / iam.serviceAccountTokenCreator и предоставил политику [email protected]. Но это не работает.
Подробная информация об ошибке приведена ниже (команда была запущена с параметром --log-http).
=======================
==== request start ====
uri: https://oauth2.googleapis.com/token
method: POST
== headers start ==
content-type: application/x-www-form-urlencoded
user-agent: google-cloud-sdk gcloud/310.0.0 command/gcloud.auth.revoke invocation-id/xxx environment/None environment-version/None interactive/True from-script/False python/2.7.16 term/xterm-256color (Macintosh; Intel Mac OS X 19.2.0)
== headers end ==
== body start ==
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this request.
== body end ==
==== request end ====
---- response start ----
status: 200
-- headers start --
-content-encoding: gzip
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 1389
content-type: application/json; charset=utf-8
date: Sun, 22 Nov 2020 00:59:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: scaffolding on HTTPServer2
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
-- headers end --
-- body start --
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this response.
-- body end --
total round trip time (request+response): 0.207 secs
---- response end ----
----------------------
=======================
==== request start ====
uri: https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken
method: POST
== headers start ==
Content-Type: application/json
authorization: Bearer xxx
user-agent: google-cloud-sdk gcloud/310.0.0 command/gcloud.auth.revoke invocation-id/xxx environment/None environment-version/None interactive/True from-script/False python/2.7.16 term/xterm-256color (Macintosh; Intel Mac OS X 19.2.0)
== headers end ==
== body start ==
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this request.
== body end ==
==== request end ====
---- response start ----
status: 404
-- headers start --
-content-encoding: gzip
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 114
content-type: application/json; charset=UTF-8
date: Sun, 22 Nov 2020 00:59:28 GMT
server: ESF
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
-- headers end --
-- body start --
Body redacted: Contains oauth token. Set log_http_redact_token property to false to print the body of this response.
-- body end --
total round trip time (request+response): 0.389 secs
---- response end ----
----------------------
Еще меня смущает то, что gcloud auth revoke не работает, но gcloud auth login и gcloud auth list работают без ошибок.
Если кто-то сталкивался с этой проблемой и знает, как ее решить, я хотел бы знать, как это сделать. Спасибо.
