我想将sql数据导入我的Cloud sql数据库(名为"db2"(。因此,我将一个sql文件上传到了我的bucket中。然后我转到我的云SQL数据库,点击"连接云外壳"。当尝试通过CloudShell导入时,我得到:
info@cloudshell:~ (servers)$ gcloud sql import sql db2 gs://mybucket/db.sql
Data from [gs://mybucket/db.sql] will be imported to [db2].
Do you want to continue (Y/n)? Y
ERROR: (gcloud.sql.import.sql) HTTPError 403: The service account does not have the required permissions for the bucket.
我遵循了这里给出的一个有点相同的问题的解决方案:https://stackoverflow.com/a/53608811/2795648但这对我不起作用。
我的云SQL数据库的服务帐户拥有我对bucket和文件的所有权限(这不是必要的(。
添加了一些额外信息。以下是服务帐户的权限:
- members:
- serviceAccount:p3998516xxxxx-p9q5dn@gcp-sa-cloud-sql.iam.gserviceaccount.com
role: roles/storage.admin
- members:
- serviceAccount:p3998516xxxxx-p9q5dn@gcp-sa-cloud-sql.iam.gserviceaccount.com
role: roles/storage.objectAdmin
- members:
- serviceAccount:p3998516xxxxx-p9q5dn@gcp-sa-cloud-sql.iam.gserviceaccount.com
role: roles/storage.objectCreator
- members:
- serviceAccount:p3998516xxxxx-p9q5dn@gcp-sa-cloud-sql.iam.gserviceaccount.com
role: roles/storage.objectViewer
- members:
- serviceAccount:p3998516xxxxx-p9q5dn@gcp-sa-cloud-sql.iam.gserviceaccount.com
role: roles/storagetransfer.admin
- members:
- serviceAccount:p3998516xxxxx-p9q5dn@gcp-sa-cloud-sql.iam.gserviceaccount.com
role: roles/storagetransfer.user
- members:
- serviceAccount:p3998516xxxxx-p9q5dn@gcp-sa-cloud-sql.iam.gserviceaccount.com
role: roles/storagetransfer.viewer
这里有关于导入SQL转储文件的官方文档
请注意:
3.描述您要导入的实例:
gcloud sql instances list
gcloud sql instances describe [INSTANCE_NAME]
4.复制serviceAccountEmailAddress字段。
gcloud sql instances describe [INSTANCE_NAME] | grep serviceAccountEmailAddress
5.使用gsutiliam将legacyBucketWriter和objectViewer Cloud iam角色授予bucket的服务帐户。
gsutil iam ch serviceAccount:your_previous_service_account_step4:legacyBucketWriter,objectViewer gs://ex-bucket
然后尝试导入命令:
gcloud sql import sql [INSTANCE_NAME] gs://[BUCKET_NAME]/[IMPORT_FILE_NAME]
--database=[DATABASE_NAME]