我正在尝试从在自定义容器中运行的AI平台培训作业访问Google Secret Manager中存储的机密。我正在使用以下Python代码来检索机密:
# Standard library imports
import os
# Import the Secret Manager client library.
from google.cloud import secretmanager
def access_secret_version(secret_id, version_id, project_id=os.environ.get("GCP_PROJECT")):
# Create the Secret Manager client.
client = secretmanager.SecretManagerServiceClient()
# Build the resource name of the secret version.
name = client.secret_version_path(project_id, secret_id, version_id)
# Access the secret version.
response = client.access_secret_version(name)
# Return the secret payload.
return response.payload.data.decode("UTF-8")
我已将Secret Manager Secret Accessor角色添加到默认的Cloud ML服务帐户([email protected]),但仍然拒绝访问:
google.api_core.exceptions.PermissionDenied: 403 Request had insufficient authentication scopes.
我是否已将正确的角色授予正确的服务帐户,或者我还缺少其他功能?
我们有一个alpha功能可以启用您的用例。您可以给我们发送电子邮件至[email protected]吗?