Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

gcloud auth activate-service-account [ERROR] Please ensure provided key file is valid

I've spent already several hours with this problem but it seems that I can't activate a service account to develop locally an App Engine project (If I deploy teh project it authenticates well since the credentials are injected as an env variable).

The problem

  1. I created a new service account under IAM on the GC Platform.
    The service account is created correctly I can see it through the console and the

  2. Under service account I generated a new JSON key -> key.json

  3. in the console I used gcloud auth activate-service-account --key file=key.json

Code

 {    
      "type": "service_account",
    <br>      "project_id": "[project id]",
    <br>      "private_key_id": "[private_key_id]",
    <br>      "private_key": "[private_key]",
    <br>      "client_email": "[name]",
    <br>      "client_id": "[clien id]",
    <br>      "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    <br>      "token_uri": "https://accounts.google.com/o/oauth2/token",
    <br>      "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        <br>  "client_x509_cert_url": 
      "https://www.googleapis.com/robot/v1/metadata/x509/[client_email]"
       <br> }   

I receive the error message ERROR: (gcloud.auth.activate-service-account) Failed to activate the given service account. Please ensure provided key file is valid.


After trying everything what I could I found that in the docs the service account key indeed has a different structure. https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys I have no idea however why the downloaded key structure is not good.

Did anybody encounter this issue? Any solutions?

like image 997
Szabolcs Becze Avatar asked Apr 07 '17 12:04

Szabolcs Becze


People also ask

How do I find my Google Cloud Key?

Go to the Key Management page in the Google Cloud console. Click the name of the key ring that contains the asymmetric key for which you want to retrieve the public key. Click on the name of the key for which you want to retrieve the public key.


1 Answers

I haven't found any great documentation on this, but you definitely want the first type of file and creating it through the Cloud Console should work. I believe it's referenced to as a Google Credentials file. The downloaded JSON file should look something like:

{
  "type": "service_account",
  "project_id": "project-id",
  "private_key_id": "some_number",
  "private_key": "-----BEGIN PRIVATE KEY-----\n....
  =\n-----END PRIVATE KEY-----\n",
  "client_email": "<api-name>[email protected]",
  "client_id": "...",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/...<api-name>api%40project-id.iam.gserviceaccount.com"
}

The second link you posted will also create a service account key and a Google Credentials file, but it's probably more work than you want (the Google Credentials file is encoded under the privateKeyData field.

Hopefully that explains the files; good luck authenticating! My only suggestion for that is that maybe you've spelled the command wrong? It should be:

gcloud auth activate-service-account --key-file=key.json

whereas you've typed

gcloud auth activate-service-account --key file=key.json

ie, with a space after --key. Let us know if you figure it out!

like image 177
hubatish Avatar answered Oct 21 '22 18:10

hubatish