Menu
After creating google service account with permission as shown below - deployment fails with message . I am failing to understand where this is going wrong.
====
$ gcloud iam service-accounts get-iam-policy [email protected]
bindings:
- members:
- serviceAccount:[email protected]
role: roles/owner
etag: Bxxxxxxxxg=
====
$ gcloud auth activate-service-account --key-file ../a.json
Activated service account credentials for: [[email protected]]
$ gcloud app deploy
ERROR: (gcloud.app.deploy) You do not have permission to access app [appid].
234
Cloud Build does not have permission to access my App Engine instance. To fix this, go into Settings under Cloud Build and enable access to App Engine, and any other cloud service you use in conjunction with Cloud Build. Then wait a moment for the settings to take effect and rerun the build.
The caller does not have permission to access project This error occurs if the account that you used to deploy your app does not have permission to deploy apps for the current project. To resolve this issue, grant the App Engine Deployer ( roles/appengine. deployer ) role to the account.
To see if a service account has access to a resource, call the getIamPolicy method on the target resource. For example, to view grants for a project, call the projects. getIamPolicy method." But to get organization level permissions, the service account do not have permission to do the API call.
For those who are trying to deploy using a service account and the gcloud commands, you will need to set all of the following roles:
App Engine Deployer (deploy new code)Storage Object Viewer (list images)Storage Object Creator (upload the image)Cloud Build Editor (create build)App Engine Service Admin (promoting the new version)From the access control docs:
The App Engine Deployer role alone grants adequate permission to deploy using the Admin API. To use other App Engine tooling, like gcloud commands, you must also have the Storage Admin role and Cloud Build Editor role.
192
Have got it working now.
$ gcloud app deploy --log-http --verbosity=debug
The reason why it was failing, seemed to be related to enabling the App Engine API (link was shown in command output). Enable the api - then try deploying again (this time without --log-http as this is resulting in a gcloud crash).
You can enable the "Google App Engine Admin API" through the Google Cloud Platform API console page. https://console.cloud.google.com/apis/api/appengine.googleapis.com/
42
Run the following command to check weather the project is associated with the correct account.
gcloud config list
If it is not associated with the account then use
gcloud auth login
to configure it with correct project account.
10
If you are trying to deploy a node app this may still be insufficient. My API was enabled and I followed everything on GCP's instructions, however I still got the You do not have permission to access app error. Finally fixed it by adding two more roles to the service account:
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
