我之前已经通过 Google Cloud Platform 进行身份验证,并且一切运行正常,但是今天突然开始收到google-gaxNode 应用程序中提到的错误:
2023-09-07T18:13:41: Error: 13 INTERNAL: Received RST_STREAM with code 0
2023-09-07T18:13:41: at callErrorFromStatus (/path/to/app/node_modules/.pnpm/@[email protected]/node_modules/@grpc/grpc-js/build/src/call.js:31:19)
2023-09-07T18:13:41: at Object.onReceiveStatus (/path/to/app/node_modules/.pnpm/@[email protected]/node_modules/@grpc/grpc-js/build/src/client.js:192:76)
2023-09-07T18:13:41: at Object.onReceiveStatus (/path/to/app/node_modules/.pnpm/@[email protected]/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:360:141)
2023-09-07T18:13:41: at Object.onReceiveStatus (/path/to/app/node_modules/.pnpm/@[email protected]/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:323:181)
2023-09-07T18:13:41: at /path/to/app/node_modules/.pnpm/@[email protected]/node_modules/@grpc/grpc-js/build/src/resolving-call.js:94:78
2023-09-07T18:13:41: at process.processTicksAndRejections (node:internal/process/task_queues:77:11)
2023-09-07T18:13:41: for call at
2023-09-07T18:13:41: at ServiceClientImpl.makeUnaryRequest (/path/to/app/node_modules/.pnpm/@[email protected]/node_modules/@grpc/grpc-js/build/src/client.js:160:32)
2023-09-07T18:13:41: at ServiceClientImpl.<anonymous> (/path/to/app/node_modules/.pnpm/@[email protected]/node_modules/@grpc/grpc-js/build/src/make-client.js:105:19)
2023-09-07T18:13:41: at /path/to/app/node_modules/.pnpm/@[email protected]/node_modules/@google-cloud/kms/build/src/v1/key_management_service_client.js:241:29
2023-09-07T18:13:41: at /path/to/app/node_modules/.pnpm/[email protected]/node_modules/google-gax/build/src/normalCalls/timeout.js:44:16
2023-09-07T18:13:41: at repeat (/path/to/app/node_modules/.pnpm/[email protected]/node_modules/google-gax/build/src/normalCalls/retries.js:80:25)
2023-09-07T18:13:41: at /path/to/app/node_modules/.pnpm/[email protected]/node_modules/google-gax/build/src/normalCalls/retries.js:118:13
2023-09-07T18:13:41: at OngoingCallPromise.call (/path/to/app/node_modules/.pnpm/[email protected]/node_modules/google-gax/build/src/call.js:67:27)
2023-09-07T18:13:41: at NormalApiCaller.call (/path/to/app/node_modules/.pnpm/[email protected]/node_modules/google-gax/build/src/normalCalls/normalApiCaller.js:34:19)
2023-09-07T18:13:41: at /path/to/app/node_modules/.pnpm/[email protected]/node_modules/google-gax/build/src/createApiCall.js:84:30 {
2023-09-07T18:13:41: code: 13,
2023-09-07T18:13:41: details: 'Received RST_STREAM with code 0',
2023-09-07T18:13:41: metadata: Metadata { internalRepr: Map(0) {}, options: {} },
2023-09-07T18:13:41: note: 'Exception occurred in retry method that was not classified as transient'
2023-09-07T18:13:41: }
并且执行gcloud auth list返回No credentialed accounts.,所以我认为身份验证以某种方式被删除或过期了。
我删除了我的~/.config/gcloud并尝试重新验证:
$ gcloud auth login
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?response_type=code...
Enter authorization code: [...]
You are now logged in as [[email protected]].
Your current project is [None]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
到目前为止一切顺利。看来我已经成功通过了身份验证:
$ gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* [email protected]
To set the active account, run:
$ gcloud config set account `ACCOUNT`
然而,我无法列出这些项目:
$ gcloud projects list
ERROR: (gcloud.projects.list) HTTPError 403: <!DOCTYPE html>
<html lang=en>
<meta charset=utf-8>
<meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
<title>Error 403 (Forbidden)!!1</title>
<style>
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
</style>
<a href=//www.google.com/><span id=logo aria-label=Google></span></a>
<p><b>403.</b> <ins>That’s an error.</ins>
<p>Your client does not have permission to get URL <code>/v1/projects</code> from this server. <ins>That’s all we know.</ins>
如果我手动设置项目 ID,它会显示:
$ gcloud config set project my_project_id
WARNING: You do not appear to have access to project [my_project_id] or it does not exist.
Are you sure you wish to set property [core/project] to my_project_id?
Do you want to continue (Y/n)? y
Updated property [core/project].
如果我选择y,那么我的 Nodejs 应用程序就会出现以下错误:
错误:无法加载默认凭据。浏览至https://cloud.google.com/docs/authentication/getting-started了解更多信息。
在另一台计算机上,以同一用户登录并gcloud projects list正确执行:
$ gcloud projects list
PROJECT_ID NAME PROJECT_NUMBER
aaa aaa 123456789012
bbb bbb 123456789012
ccc ccc 123456789012
ddd ddd 123456789012
eee eee 123456789012
fff fff 123456789012
ggg ggg 123456789012
hhh hhh 123456789012
编辑:
我还尝试了以下方法:
- 将 gcloud 更新至最新版本
- 创建新用户
- 禁用防火墙
- 禁用 apparmor
答案1
如果您尝试访问受限 VIP 不支持的 API 端点,那么您将得到403 禁止错误。
对于被屏蔽的 VIP,响应内容是不同的HTML 格式错误那么该问题就是受限 VIP 集成问题。
IP 地址范围restricted.googleapis.com and private.googleapis.com分别为 199.36.153.4/30 和 199.36.153.8/30。受限 Google API 仅可用于受限VIP支持的服务。
如果restricted.googleapis.com正在使用,您可以使用DNS 配置作为解决方案,根据您的需要,要么更新 DNS CNAME 记录到www.googleapis.com199.36.153.8/30 ,并确保为子网启用了私有 Google API 访问,或者如果虚拟机具有外部private.googleapis.comIPprivate.googleapis.com默认域也可以使用。
答案2
问题似乎是我的服务器 IP 不知何故被 Google Cloud 屏蔽了。我尝试下载https://packages.cloud.google.com/apt/doc/apt-key.gpg并产生 403 状态并输出以下输出:
<!DOCTYPE html>
<html lang=en>
<meta charset=utf-8>
<meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
<title>Error 403 (Forbidden)!!1</title>
<style>
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
</style>
<a href=//www.google.com/><span id=logo aria-label=Google></span></a>
<p><b>403.</b> <ins>That’s an error.</ins>
<p>Your client does not have permission to get URL <code>/apt/doc/apt-key.gpg</code> from this server. <ins>That’s all we know.</ins>