データフロー設定コントローラーサービスアカウント
Dataflowのコントローラーサービスアカウントを設定しようとしています。私のデータフローオプションでは、
options.setGcpCredential(GoogleCredentials.fromStream(new FileInputStream("key.json")).createScoped(someArrays));
options.setServiceAccount("[email protected]");
しかし、私は得ています:
WARNING: Request failed with code 403, performed 0 retries due to IOExceptions, performed 0 retries due to unsuccessful status codes, HTTP framework says request can be retried, (caller responsible for retrying): https://dataflow.googleapis.com/v1b3/projects/MYPROJECT/locations/MYLOCATION/jobs
Exception in thread "main" Java.lang.RuntimeException: Failed to create a workflow job: (CODE): Current user cannot act as service account "[email protected]. Causes: (CODE): Current user cannot act as service account "[email protected].
at org.Apache.beam.runners.dataflow.DataflowRunner.run(DataflowRunner.Java:791)
at org.Apache.beam.runners.dataflow.DataflowRunner.run(DataflowRunner.Java:173)
at org.Apache.beam.sdk.Pipeline.run(Pipeline.Java:311)
at org.Apache.beam.sdk.Pipeline.run(Pipeline.Java:297)
...
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "(CODE): Current user cannot act as service account [email protected]. Causes: (CODE): Current user cannot act as service account [email protected].",
"reason" : "forbidden"
} ],
"message" : "(CODE): Current user cannot act as service account [email protected]. Causes: (CODE): Current user cannot act as service account [email protected].",
"status" : "PERMISSION_DENIED"
}
一部の役割または権限がありませんか?
多分誰かがそれを役に立つと思うでしょう:
コントローラーの場合:Dataflow WorkerとStorage Object Admin(これは Googleのドキュメント にあります)。
Executorの場合:サービスアカウントユーザー。