权限
Cloud Run 处于 Alpha 状态,且尚未积极开发。
本文件描述了 Remotion Cloud Run 所需的权限,并向感兴趣的人解释了这些权限为何是必要的。
🌐 This document describes the necessary permissions for Remotion Cloud Run and explains to those interested why the permissions are necessary.
有关如何设置权限的分步指南,请参阅设置指南。
🌐 For a step by step guide on how to set up permissions, follow the setup guide.
服务账户权限
🌐 Service Account permissions
此策略应分配给 Remotion 服务账户。在自动化设置之后,这是通过创建一个标题为 Remotion API 服务账户 的自定义角色,并将该角色分配给 Remotion 服务账户来实现的。
🌐 This policy should be assigned to the Remotion Service Account. Following the automated setup, this is achieved by creating a custom role with the title Remotion API Service Account, and assigning that role to the Remotion Service Account.
要查看并手动编辑你 GCP 项目中的角色,请前往 IAM 管理中的角色页面。
🌐 To view and manually edit roles in your GCP project, go to the Roles page within IAM admin.
要查看并手动编辑分配给你 GCP 项目中的用户或服务账号的权限/角色,请访问 IAM 管理中的 IAM 页面。
🌐 To view and manually edit permissions/roles assigned to Users or Service Accounts in your GCP project, go to the IAM page within IAM Admin.
显示最新 Remotion Cloud Run 版本的完整 Remotion API 服务账户权限列表。
iam.serviceAccounts.actAs run.operations.get run.routes.invoke run.services.create run.services.get run.services.delete run.services.list run.services.update storage.buckets.create storage.buckets.get storage.buckets.list storage.objects.create storage.objects.delete storage.objects.list logging.logEntries.list
你可以通过输入 npx remotion cloudrun permissions 来随时获取适用于你的 Remotion Cloud Run 版本的合适权限文件。
下表是 Remotion Cloud Run 需要这些权限的原因的详细说明。
🌐 The following table is a breakdown of why Remotion Cloud Run requires the permissions it does.
| Permission | Reason |
|---|---|
iam.serviceAccounts.actAs | When deploying, act as the default service account, which will grant further permissions required during deployment. |
run.operations.get | Required during deployment to confirm that deployment was successful. |
run.routes.invoke | Invoke the deployed Cloud Run services to perform a render. |
run.services.create | Deploy new, and edit existing, Cloud Run services. |
run.services.get | |
run.services.delete | |
run.services.list | Get a list of existing Cloud Run services, to ensure no unintended overwriting. |
run.services.update | Update a Cloud Run service, for example providing it with more memory or CPU. |
storage.buckets.create | Create the storage bucket to store the bundled site and render output. |
storage.buckets.get | |
storage.buckets.list | Get a list of existing Cloud Storage resources, to ensure no unintended overwriting of storage buckets. |
storage.objects.create | Create new objects in storage. This could be bundled sites, or renders, or logs. |
storage.objects.delete | |
storage.objects.list | |
logging.logEntries.list | Used by the CLI to fetch recent logs if the Cloud Run service crashes, to assist in debugging the root cause. |
验证
🌐 Validation
有两种方法可以测试服务帐号的权限是否已正确设置。你可以执行以下命令之一:
🌐 There are two ways in which you can test if the permissions for the service account have been correctly set up. Either you execute the following command:
npx remotion cloudrun permissions或者如果你想以编程方式验证它,可以使用 testPermissions() 函数。
🌐 or if you want to validate it programmatically, using the testPermissions() function.
另请参阅
🌐 See also