权限
本文描述了 Remotion Cloud Run 所需的必要权限,并向感兴趣的人解释了为什么这些权限是必要的。
要了解如何设置权限的逐步指南,请查看设置指南。
服务帐号权限
此策略应分配给 Remotion 服务帐号。在自动设置之后,通过创建一个名为 Remotion API 服务帐号 的自定义角色,并将该角色分配给 Remotion 服务帐号来实现此目标。
要查看并手动编辑 GCP 项目中的角色,请转到 IAM 管理员中的角色页面。
要查看并手动编辑分配给用户或服务帐号的权限/角色,请转到 IAM 管理员中的 IAM 页面。
显示最新 Remotion Cloud Run 版本的完整 Remotion API 服务帐号权限列表。
iam.serviceAccounts.actAs run.operations.get run.routes.invoke run.services.create run.services.get run.services.delete run.services.list run.services.update storage.buckets.create storage.buckets.get storage.buckets.list storage.objects.create storage.objects.delete storage.objects.list logging.logEntries.list
info
您可以通过输入 npx remotion cloudrun permissions 来获取适合您的 Remotion Cloud Run 版本的权限文件�。
以下表格详细说明了 Remotion Cloud Run 需要的权限。
| Permission | Reason |
|---|---|
iam.serviceAccounts.actAs | When deploying, act as the default service account, which will grant further permissions required during deployment. |
run.operations.get | Required during deployment to confirm that deployment was successful. |
run.routes.invoke | Invoke the deployed Cloud Run services to perform a render. |
run.services.create | Deploy new, and edit existing, Cloud Run services. |
run.services.get | |
run.services.delete | |
run.services.list | Get a list of existing Cloud Run services, to ensure no unintended overwriting. |
run.services.update | Update a Cloud Run service, for example providing it with more memory or CPU. |
storage.buckets.create | Create the storage bucket to store the bundled site and render output. |
storage.buckets.get | |
storage.buckets.list | Get a list of existing Cloud Storage resources, to ensure no unintended overwriting of storage buckets. |
storage.objects.create | Create new objects in storage. This could be bundled sites, or renders, or logs. |
storage.objects.delete | |
storage.objects.list | |
logging.logEntries.list | Used by the CLI to fetch recent logs if the Cloud Run service crashes, to assist in debugging the root cause. |
验证
有两种方法可以测试服务帐号的权限是否已正确设置。您可以执行以下命令之一:
bash
bash
或者,如果您想以编程方式验证它,请使用testPermissions()函数。