Menu
I've spent already several hours with this problem but it seems that I can't activate a service account to develop locally an App Engine project (If I deploy teh project it authenticates well since the credentials are injected as an env variable).
The problem
I created a new service account under IAM on the GC Platform.
The service account is created correctly I can see it through the console and the
Under service account I generated a new JSON key -> key.json
in the console I used gcloud auth activate-service-account --key file=key.json
{
"type": "service_account",
<br> "project_id": "[project id]",
<br> "private_key_id": "[private_key_id]",
<br> "private_key": "[private_key]",
<br> "client_email": "[name]",
<br> "client_id": "[clien id]",
<br> "auth_uri": "https://accounts.google.com/o/oauth2/auth",
<br> "token_uri": "https://accounts.google.com/o/oauth2/token",
<br> "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
<br> "client_x509_cert_url":
"https://www.googleapis.com/robot/v1/metadata/x509/[client_email]"
<br> }
I receive the error message ERROR: (gcloud.auth.activate-service-account) Failed to activate the given service account. Please ensure provided key file is valid.
After trying everything what I could I found that in the docs the service account key indeed has a different structure. https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys I have no idea however why the downloaded key structure is not good.
Did anybody encounter this issue? Any solutions?
997
Go to the Key Management page in the Google Cloud console. Click the name of the key ring that contains the asymmetric key for which you want to retrieve the public key. Click on the name of the key for which you want to retrieve the public key.
I haven't found any great documentation on this, but you definitely want the first type of file and creating it through the Cloud Console should work. I believe it's referenced to as a Google Credentials file. The downloaded JSON file should look something like:
{
"type": "service_account",
"project_id": "project-id",
"private_key_id": "some_number",
"private_key": "-----BEGIN PRIVATE KEY-----\n....
=\n-----END PRIVATE KEY-----\n",
"client_email": "<api-name>[email protected]",
"client_id": "...",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/...<api-name>api%40project-id.iam.gserviceaccount.com"
}
The second link you posted will also create a service account key and a Google Credentials file, but it's probably more work than you want (the Google Credentials file is encoded under the privateKeyData field.
Hopefully that explains the files; good luck authenticating! My only suggestion for that is that maybe you've spelled the command wrong? It should be:
gcloud auth activate-service-account --key-file=key.json
whereas you've typed
gcloud auth activate-service-account --key file=key.json
ie, with a space after --key. Let us know if you figure it out!
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
