使用项目所有者时,调用gcloud endpoints services describe将返回以下内容:
generation: '10'
producerProjectId: wildfire-app-backend
serviceConfig:
documentation: {}
id: 2019-11-04r0
legacy:
apiV1Name: bifold.endpoints.wildfire-app-backend.cloud.goog
devconsole:
consoleApi: NEW
migration: {}
name: bifold.endpoints.wildfire-app-backend.cloud.goog
title: Bifold gRPC API
usage: {}
但是当我使用应该具有最多权限但无法在私有GKE群集中的esp容器中获取服务配置的服务帐户时,会得到:
producerProjectId: wildfire-app-backend
serviceName: bifold.endpoints.wildfire-app-backend.cloud.goog
我想知道是什么导致2个结果之间的差异。
编辑:我的服务帐户权限为:
Cloud SQL Client
Editor
Role Viewer
Logs Writer
Monitoring Metric Writer
Owner
Service Management Administrator
Service Config Editor
Service Controller
Storage Admin
Storage Object Viewer
和我的个人是:
App Engine Admin
App Engine Code Viewer
App Engine Deployer
App Engine Service Admin
Project Billing Manager
Cloud Build Service Account
Cloud Build Editor
Cloud Build Viewer
Compute OS Admin Login
Service Account User
Owner
Organization Administrator
Project Mover
Storage Admin
如果您尝试访问有关容器的详细信息,则可能要考虑添加其中一个roles。