gcloud 构建提交 Django 网站导致错误"没有 storage.objects.get access"

我试图部署我的Django网站与云运行，如在谷歌云平台的文档中所述，但我得到错误Error 403: 934957811880@cloudbuild.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object., forbidden时运行命令gcloud builds submit --config cloudmigrate.yaml --substitutions _INSTANCE_NAME=trouwfeestwebsite-db,_REGION=europe-west6

命令的完整输出是:(错误在底部)

Creating temporary tarball archive of 119 file(s) totalling 23.2 MiB before compression.
Some files were not included in the source upload.
Check the gcloud log [C:UsersSanderAppDataRoaminggcloudlogs2021.10.2320.53.18.638301.log] t
o see which files and the contents of the
default gcloudignore file used (see `$ gcloud topic gcloudignore` to learn
more).
Uploading tarball of [.] to [gs://trouwfeestwebsite_cloudbuild/source/1635015198.74424-eca822c138ec
48878f292b9403f99e83.tgz]
ERROR: (gcloud.builds.submit) INVALID_ARGUMENT: could not resolve source: googleapi: Error 403: 934957811880@cloudbuild.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object., forbidden

在我的存储桶级别上，我授予934957811880@cloudbuild.gserviceaccount.com存储对象查看器的权限，正如我在https://cloud.google.com/storage/docs/access-control/iam-roles上看到的，这涵盖了storage.objects.get访问。我还尝试通过授予存储对象管理和存储管理。

我还添加了"Viewer"在IAM级别(https://console.cloud.google.com/iam-admin/iam)的角色为934957811880@cloudbuild.gserviceaccount.com，如https://stackoverflow.com/a/68303613/5433896和https://github.com/google-github-actions/setup-gcloud/issues/105所建议的，但它似乎是可疑的，我给帐户如此广泛的作用。

我在Cloud Build permissions选项卡中启用了Cloud run: https://console.cloud.google.com/cloud-build/settings/service-account?project=trouwfeestwebsite

有了这些更改，当运行gcloud build submit命令时，我仍然得到相同的错误。

我不明白在凭据/身份验证方面我可能做错了什么(https://stackoverflow.com/a/68293734/5433896)。我没有更改我的谷歌帐户密码，也没有撤销该帐户对谷歌云SDK的权限，因为我初始化了该SDK。

你知道我错过了什么吗?

我的cloudmigrate.yaml的内容是:

steps:
- id: "build image"
name: "gcr.io/cloud-builders/docker"
args: ["build", "-t", "gcr.io/${PROJECT_ID}/${_SERVICE_NAME}", "."]
- id: "push image"
name: "gcr.io/cloud-builders/docker"
args: ["push", "gcr.io/${PROJECT_ID}/${_SERVICE_NAME}"]
- id: "apply migrations"
name: "gcr.io/google-appengine/exec-wrapper"
args:
[
"-i",
"gcr.io/$PROJECT_ID/${_SERVICE_NAME}",
"-s",
"${PROJECT_ID}:${_REGION}:${_INSTANCE_NAME}",
"-e",
"SETTINGS_NAME=${_SECRET_SETTINGS_NAME}",
"--",
"python",
"manage.py",
"migrate",
]
- id: "collect static"
name: "gcr.io/google-appengine/exec-wrapper"
args:
[
"-i",
"gcr.io/$PROJECT_ID/${_SERVICE_NAME}",
"-s",
"${PROJECT_ID}:${_REGION}:${_INSTANCE_NAME}",
"-e",
"SETTINGS_NAME=${_SECRET_SETTINGS_NAME}",
"--",
"python",
"manage.py",
"collectstatic",
"--verbosity",
"2",
"--no-input",
]
substitutions:
_INSTANCE_NAME: trouwfeestwebsite-db
_REGION: europe-west6
_SERVICE_NAME: invites-service
_SECRET_SETTINGS_NAME: django_settings
images:
- "gcr.io/${PROJECT_ID}/${_SERVICE_NAME}"

非常感谢你的帮助。