如果您未使用正确的权限配置 Pub/Sub 服务账号,则创建或更新订阅工作流会返回错误。在 Google Cloud 控制台中,消息类似于以下内容:
Cloud Pub/Sub did not have the necessary permissions configured to access
the provided bucket my-bucket (or the bucket may not exist).
Please verify that the service account
service-112233445566@gcp-sa-pubsub.iam.gserviceaccount.com
was granted the Storage Legacy Bucket Reader and Storage Object Creator
roles for the provided bucket.
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[],[],null,["# Troubleshooting Cloud Storage subscriptions\n\nThis page provides some common troubleshooting tips\nfor Cloud Storage subscriptions.\n\nCheck the state of a Cloud Storage subscription\n-----------------------------------------------\n\nTo check the state of a subscription, perform the following steps:\n\n1. In the Google Cloud console, go to the Pub/Sub\n subscription page.\n\n [Go to Subscriptions](https://console.cloud.google.com/cloudpubsub/subscription)\n2. Check the icon for **State** for your Cloud Storage subscription.\n\n - If the icon is a green check mark, the subscription is healthy.\n\n - If the icon is a red exclamation mark, the subscription is in an error state.\n\n3. Click the Cloud Storage subscription.\n\n The subscription details page opens.\n4. Check **Subscription state** for the error message.\n\n5. Depending on the error message, go to the [relevant section](#red_exclamation) in this\n page for troubleshooting the issue.\n\nAfter the issue is resolved, the subscription eventually returns to a\nhealthy state.\n\nUnable to create or update subscription\n---------------------------------------\n\nThese are some of the common issues you could face if you're having trouble\ncreating or updating a Cloud Storage subscription.\n\n### Bucket not found error\n\nIf the bucket that you specify in the create or update subscription workflow\ndoes not exist, then the workflow returns a `bucket not found` error.\nIn the Google Cloud console, the message is similar to the following: \n\n The Cloud Storage bucket specified cannot be found.\n\nTo resolve the issue, [create](/storage/docs/creating-buckets) the bucket\nor update your Cloud Storage subscription to use an existing bucket.\n\n### Service account error\n\nIf you have not configured the Pub/Sub service account with the\nright permissions, then\nthe create or update subscription workflow returns an error.\nIn the Google Cloud console, the message is similar to the following: \n\n Cloud Pub/Sub did not have the necessary permissions configured to access\n the provided bucket my-bucket (or the bucket may not exist).\n Please verify that the service account\n service-112233445566@gcp-sa-pubsub.iam.gserviceaccount.com\n was granted the Storage Legacy Bucket Reader and Storage Object Creator\n roles for the provided bucket.\n\nTo resolve the issue, check if the service account has\nthe [correct permissions](/pubsub/docs/create-cloudstorage-subscription#assign_roles_cloudstorage).\n\nSubscription state shows a red exclamation\n------------------------------------------\n\nIf you edit the bucket after creating a subscription, it can affect\nhow Pub/Sub writes messages to the bucket. If a change results in\nan issue, then the state field of the subscription is\n[set to an error state](#state_gcs).\n\nIn the subscription details page, check the state of the field `Subscription state`.\nThe `Subscription state` field provides a more specific error,\nwhich may be one of the following:\n\n- **Bucket not found** : The bucket was deleted.\n [Create](/storage/docs/creating-buckets) the bucket again or update the\n subscription to use an existing bucket.\n\n- **Bucket permission denied** : The Pub/Sub service account no\n longer has permission to write to the bucket. Check if the service account has\n the [correct permissions](/pubsub/docs/create-subscription#assign_roles_cloudstorage).\n\nWhile a Pub/Sub subscription is in the error state,\nmessages are not written to the bucket and remain in\nthe subscription backlog. Note that messages are not delivered to an\nattached [dead-letter topic](/pubsub/docs/handling-failures#dead-letter_topic),\nif configured. Unacknowledged messages are retained\nfor the period set in [`message_retention_duration`](/pubsub/docs/reference/rpc/google.pubsub.v1#google.pubsub.v1.Subscription.FIELDS.bool.google.pubsub.v1.Subscription.message_retention_duration) (7 days by default).\n\nSubscription processes messages very slowly\n-------------------------------------------\n\nSome subscription settings can slow down message processing.\n\nFor example, enabling message ordering on your Cloud Storage\nsubscription might cause messages to write to Cloud Storage but not be\nfinalized to delay subsequent messages with the same ordering key.\nFor better performance, consider using a wider spectrum of ordering keys\nwhen publishing messages, or disabling message ordering if your\nuse case does not require it.\n\nSetting too low of a maximum file size for your Cloud Storage subscription\ncan also negatively impact performance. Too low of a maximum file size\nmight cause Pub/Sub to create many Cloud Storage objects with only a\nsmall number of messages in each object. The additional overhead of\ncreating and finalizing objects slows down message processing.\nFor better performance, consider increasing the maximum file size setting\nfor your Cloud Storage subscription or removing the file size restriction.\n\n### Quota limitations\n\nAnother possibility is that your project has reached its Pub/Sub push\nthroughput quota ([`pubsub.googleapis.com/regionalpushsubscriber`](/pubsub/quotas#:%7E:text=regionalpushsubscriber)).\nTo check if you're encountering quota limitations, examine the push requests\nmetric ([`subscription/push_request_count`](/pubsub/docs/monitoring#monitoring_push_subscriptions))\nfor any `resource_exhausted` errors.\n\nReview your project's quotas and verify that you have sufficient quota\nremaining. Navigate to **IAM \\& Admin** \\\u003e **Quotas** within the project containing\nyour Pub/Sub subscription. Search for the\n`pubsub.googleapis.com/regionalpushsubscriber` quota. If you are reaching the\nquota limit, you can\n[request a quota adjustment](/docs/quotas/help/request_increase).\n\nSubscription creates more files than expected\n---------------------------------------------\n\nTo allow for improved scalability, your Cloud Storage subscription\nmight be handled by multiple Pub/Sub backends. Each backend\nwrites to a separate Cloud Storage file, so you might observe\nyour Cloud Storage creating more files than expected,\nespecially for low throughput workloads.\n\nThis is normal behavior. If you want to reduce the number of files created by\nthe subscription, you can consider increasing the file batching settings on your\nsubscription to allow for larger files. You can also post-process the files by\n[composing](/storage/docs/composing-objects) them into a\nsmaller number of larger files.\n\nWhat's next\n-----------\n\n- If you still have issues with your Cloud Storage subscription, see [Getting support](/pubsub/docs/getting-support)."]]
