我正在尝试传输 GCS 存储桶上的内容或公开可用的 URL。
为此,我使用 Google Cloud Storage Transfer api,它需要我执行两个步骤:
为了启动脚本,我使用一个服务帐户,该帐户对包含 transfer.tsv 文件的存储桶以及接收器存储桶都具有存储对象管理员权限。
我似乎只能在将 transfer.tsv 文件上传到在互联网上打开的存储桶时才能使其工作。
您知道是否可以将其放在安全存储桶上,并向创建传输的服务帐户授予权限?
到目前为止,我所有的尝试都产生了以下错误。
错误
PERMISSION_DENIED 1
https://storage.googleapis.com/my-private-bucket/transfer.tsv
Received HTTP error code 403.
转移.tsv
TsvHttpData-1.0
https://image.shutterstock.com/image-photo/portrait-surprised-cat-scottish-straight-260nw-499196506.jpg
python脚本
from google.cloud import storage_transfer
from datetime import datetime
def create_one_time_http_transfer(
project_id: str,
description: str,
list_url: str,
sink_bucket: str,
):
"""Creates a one-time transfer job from Amazon S3 to Google Cloud
Storage."""
client = storage_transfer.StorageTransferServiceClient()
# the same time creates a one-time transfer
one_time_schedule = {"day": now.day, "month": now.month, "year": now.year}
transfer_job_request = storage_transfer.CreateTransferJobRequest(
{
"transfer_job": {
"project_id": project_id,
"description": description,
"status": storage_transfer.TransferJob.Status.ENABLED,
"schedule": {
"schedule_start_date": one_time_schedule,
"schedule_end_date": one_time_schedule,
},
"transfer_spec": {
"http_data_source": storage_transfer.HttpData(list_url=list_url),
"gcs_data_sink": {
"bucket_name": sink_bucket,
},
},
}
}
)
result = client.create_transfer_job(transfer_job_request)
print(f"Created transferJob: {result.name}")
我调用该函数
create_one_time_http_transfer(
project_id="my-project-id",
description="first transfer",
list_url=tsv_url,
sink_bucket="my-destination-bucket",
)
问题可能是
storage_transfer.StorageTransferServiceClient()
中的权限。创建一个角色来访问存储并将其附加到运行 Python 脚本的服务帐户。或者将您的凭据放在这里storage_transfer.StorageTransferServiceClient(credentials=XXXX.json)
找到了让它发挥作用的方法。
当我将 transfer.tsv 文件上传到存储时,我返回 signed url 而不是 public url
from datetime import datetime
from google.cloud import storage
def upload_to_storage(
file_input_path: str, file_output_path: str, bucket_name: str
) -> str:
gcs = storage.Client()
# # Get the bucket that the file will be uploaded to.
bucket = gcs.get_bucket(bucket_name)
# # Create a new blob and upload the file's content.
blob = bucket.blob(file_output_path)
blob.upload_from_filename(file_input_path)
return blob.generate_signed_url(datetime.now())
此签名的 URL 随后会传递到上面提到的 create_one_time_http_transfer。
我找到了一个解决方法。我通过将此文件放入公共存储桶中来公开访问该文件。