如何彻底退出 Google Cloud?`gcloud auth revoke --all` 不起作用

tag-icon tag-icon security google-cloud-platform gcloud
如何彻底退出 Google Cloud?`gcloud auth revoke --all` 不起作用

退出 Google Cloud似乎好像这应该很容易。如果我运行:

$ unset GOOGLE_APPLICATION_CREDENTIALS

$ gcloud auth revoke --all
Revoked credentials:
  - [my account]
$ gcloud auth list

No credentialed accounts.

To login, run:
  $ gcloud auth login `ACCOUNT`

起初看起来就像我完全退出了一样gcloud。但是当我打开 Python shell 时,看看会发生什么:

>>> from google.cloud import secretmanager_v1beta1 as secretmanager
>>> client = secretmanager.SecretManagerServiceClient()
/Users/my/path/.venv/lib/python3.7/site-packages/google/auth/_default.py:66: UserWarning: Your application has authenticated using end user credentials from Google Cloud SDK. We recommend that most server applications use service accounts instead. If your application continues to use end user credentials from Cloud SDK, you might receive a "quota exceeded" or "API not enabled" error. For more information about service accounts, see https://cloud.google.com/docs/authentication/
  warnings.warn(_CLOUD_SDK_CREDENTIALS_WARNING)
>>> path = client.secret_version_path(project="my-project-name", secret="my-secret", secret_version="latest")
>>> secret = client.access_secret_version(path)
>>> secret.payload.data.decode()
"Oh, no! I should be secret!"

如您所见,即使我运行了,gcloud auth revoke --all我仍然能够使用存储在某处的用户凭据通过 Python SDK 访问 Google Cloud。有没有办法完全地从我的笔记本电脑上退出 Google Cloud?

编辑:进一步澄清:此计算机上没有保存任何 Google Cloud Service 帐户 JSON 文件,并且我已取消设置GOOGLE_APPLICATION_CREDENTIALS环境变量。

答案1

我不确定这是否会对您有所帮助,但我遇到了类似的问题。使用该命令撤销所有凭据后,gcloud auth revoke --all我仍然能够针对我的环境执行脚本。最后,我发现应用程序默认凭据文件位于〜/ .config / gcloud / application_default_credentials.json。重命名或删除此文件有助于完全撤销凭据。现在客户端库无法访问环境:

  File "audit_test.py", line 8, in main
    client = resource_manager.Client()
  File "fake_path/python3.7/site-packages/google/cloud/resource_manager/client.py", line 72, in __init__
    super(Client, self).__init__(credentials=credentials, _http=_http)
  File "fake_path/python3.7/site-packages/google/cloud/client.py", line 132, in __init__
    credentials, _ = google.auth.default()
  File "fake_path/python3.7/site-packages/google/auth/_default.py", line 321, in default
    raise exceptions.DefaultCredentialsError(_HELP_MESSAGE)
google.auth.exceptions.DefaultCredentialsError: Could not automatically determine credentials. Please set GOOGLE_APPLICATION_CREDENTIALS or explicitly create credentials and re-run the application. For more information, please see https://cloud.google.com/docs/authentication/getting-started

答案2

正如上面评论的那样阿姜查尔斯gcloud auth application-default revoke有效。只需点击命令,它就会删除application-default信用。看看有什么不同这里。我遇到了同样的问题,只有这个有效。

编辑:

请记住,您仍然需要调用,gcloud auth revoke --all因为gcloud auth application-default revoke只会删除应用程序默认凭证。

相关内容