현재 Google 클라우드 저장소 버킷에 파일을 쓰려고합니다. 이를 위해 django-storages 패키지를 사용했습니다.GCS가있는 GCS, 403 GCS 버킷에 쓰기위한 권한이 충분하지 않습니다.
코드를 배포했으며 kubernetes kubectl
유틸리티를 통해 실행중인 컨테이너에 들어가 GCS 버킷의 작동을 확인했습니다.
$ kubectl exec -it foo-pod -c foo-container --namespace=testing python manage.py shell
버킷을 읽을 수는 있지만 버켓에 쓰려고하면 아래의 추적 코드가 표시됩니다.
>>> from django.core.files.storage import default_storage
>>> f = default_storage.open('storage_test', 'w')
>>> f.write('hi')
2
>>> f.close()
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/google/cloud/storage/blob.py", line 946, in upload_from_file
client, file_obj, content_type, size, num_retries)
File "/usr/local/lib/python3.6/site-packages/google/cloud/storage/blob.py", line 867, in _do_upload
client, stream, content_type, size, num_retries)
File "/usr/local/lib/python3.6/site-packages/google/cloud/storage/blob.py", line 700, in _do_multipart_upload
transport, data, object_metadata, content_type)
File "/usr/local/lib/python3.6/site-packages/google/resumable_media/requests/upload.py", line 98, in transmit
self._process_response(result)
File "/usr/local/lib/python3.6/site-packages/google/resumable_media/_upload.py", line 110, in _process_response
response, (http_client.OK,), self._get_status_code)
File "/usr/local/lib/python3.6/site-packages/google/resumable_media/_helpers.py", line 93, in require_status_code
status_code, u'Expected one of', *status_codes)
google.resumable_media.common.InvalidResponse: ('Request failed with status code', 403, 'Expected one of', <HTTPStatus.OK: 200>)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/usr/local/lib/python3.6/site-packages/storages/backends/gcloud.py", line 75, in close
self.blob.upload_from_file(self.file, content_type=self.mime_type)
File "/usr/local/lib/python3.6/site-packages/google/cloud/storage/blob.py", line 949, in upload_from_file
_raise_from_invalid_response(exc)
File "/usr/local/lib/python3.6/site-packages/google/cloud/storage/blob.py", line 1735, in _raise_from_invalid_response
raise exceptions.from_http_response(error.response)
google.api_core.exceptions.Forbidden: 403 POST https://www.googleapis.com/upload/storage/v1/b/foo.com/o?uploadType=multipart: Insufficient Permission
>>> default_storage.url('new docker')
'https://storage.googleapis.com/foo.appspot.com/new%20docker'
>>>
마치 버킷 권한과 완전히 관련이있는 것 같습니다. 그래서 저장소 관리자, 저장 개체 생성자 역할을 Google 클라우드 빌드 서비스 계정 (버킷 -> 권한 관리)을 통해 할당했지만 여전히 동일한 오류를 보여줍니다.
클러스터 구성에는 저장소 RO 범위가 있습니다. 그게 이유 야? –