Google App EngineのHello Worldのチュートリアルを進めていたらデプロイ中にエラーが発生しました。
(python_docs_samples) C:\Users\XXXX\workspace\python-docs-samples\appengine\standard_python37\hello_world>gcloud app deploy Services to deploy: descriptor: [C:\Users\XXXX\workspace\python-docs-samples\appengine\standard_python37\hello_world\app.yaml] source: [C:\Users\XXXX\workspace\python-docs-samples\appengine\standard_python37\hello_world] target project: [PROJECT_ID] target service: [default] target version: [20190126t190818] target url: [https:/PROJECT_ID.appspot.com] Do you want to continue (Y/n)? Y Beginning deployment of service [default]... #============================================================# #= Uploading 5 files to Google Cloud Storage =# #============================================================# File upload done. Updating service [default]...failed. ERROR: (gcloud.app.deploy) Error Response: [9] Cloud build AA-BB-CC-DD-EEEEE status: FAILURE. Build error details: Access to bucket "staging.PROJECT_ID.appspot.com" denied. You must grant Storage Object Viewer permission to 9XXXXXXXX8@cloudbuild.gserviceaccount.com. . Check the build log for errors: https://console.cloud.google.com/gcr/builds/AA-BB-CC-DD-EEEEE?project=9XXXXXXXX8
注目すべきエラーメッセージは Build error details: Access to bucket "staging.PROJECT_ID.appspot.com" denied. You must grant Storage Object Viewer permission to 9XXXXXXXX8@cloudbuild.gserviceaccount.com.
. の部分で、「バケットへのアクセスが失敗」と言われています。
さらに「9XXXXXXXX8@cloudbuild.gserviceaccount.com」に「Storage Object Viewer権限を与えてくれ」と言われています。
権限のエラーはIAMをいじれば解消できるはず。IAMの設定をろくにしたことがないので以下のリンクを読みます(バケットに対するIAMについても書いてあります)。
Using (Cloud IAM) Permissions | Cloud Storage | Google Cloud
なんとなくわかったところで、GCPから「IAMと管理」の画面を開き、9XXXXXXXX8@cloudbuild.gserviceaccount.comの編集アイコンをクリックします。
「別の役割を追加」で「ストレージオブジェクトの閲覧者」を追加します。
そして再度デプロイするといけるはず……たぶん。
(python_docs_samples) C:\Users\XXXX\workspace\python-docs-samples\appengine\standard_python37\hello_world>gcloud app deploy Services to deploy: descriptor: [C:\Users\XXXX\workspace\python-docs-samples\appengine\standard_python37\hello_world\app.yaml] source: [C:\Users\XXXX\workspace\python-docs-samples\appengine\standard_python37\hello_world] target project: [PROJECT_ID] target service: [default] target version: [20190126t193649] target url: [https://PROJECT_ID.appspot.com] Do you want to continue (Y/n)? Y Beginning deployment of service [default]... #============================================================# #= Uploading 0 files to Google Cloud Storage =# #============================================================# File upload done. Updating service [default]...done. Setting traffic split for service [default]...done. Deployed service [default] to [https://PROJECT_ID.appspot.com] You can stream logs from the command line by running: $ gcloud app logs tail -s default To view your application in the web browser run: $ gcloud app browse
デプロイできました!
gcloud app browseを実行するとWEBアプリケーションにアクセスできます。
