I'm trying to deploy an application, but gcloud informs me that I don't have permissions, even though I am the main user of the account with the Owner rule, see: Deploy console
My gcloud auth list:
Credentialed Accounts
ACTIVE ACCOUNT
* hi#myemail.com
myproject#appspot.gserviceaccount.com
To set the active account, run:
$ gcloud config set account `ACCOUNT`
My gcloud init (default project is ok):
Welcome! This command will take you through the configuration of gcloud.
Settings from your current configuration [myproject] are:
core:
account: hi#myemail.com
disable_usage_reporting: 'False'
project: myproject
Pick configuration to use:
[1] Re-initialize this configuration [myproject] with new settings
[2] Create a new configuration
My IAM & Admin Permissions for project "myproject": IAM List
How to solve this problem? It is the only project in my account.
I think the issue is because you're trying to overwrite a deploy with version 2 that is stopped.
The message is very clear in your first image.
Traffic cannot be allocated to stopped version 2. Please ensure that traffic is only allocated to serving versions.
I'll suggest to check that the deployment in App Engine with version 2 is not stopped or deploy to a new version, for example just to test:
gcloud app deploy site.yaml --version=5165165
Related
I am running Jenkins locally on Windows 10 and am having a tough time getting it to deploy to Google App Engine (Standard) with a service account. Here is what I've done so far:
Created a new service account called jenkins#PROJECT-ID.iam.gserviceaccount.com
Given that service account these permissions:
App Engine Deployer
App Engine Service Admin
Cloud Build Service Account
Cloud Build Service Agent (not sure if necessary)
Storage Admin
Downloaded the service account json key, placed it in my Documents folder
Then I used the following commands after my project builds using Node.js:
gcloud auth activate-service-account --key-file %USERPROFILE%\Documents\PROJECT\jenkins-local-sa.json
gcloud config set project PROJECT-ID
gcloud app deploy app.yaml
Then I'm hit with this error:
(gcloud.app.deploy) Error Response: [13] Failed to create cloud build: cloudbuild service account doesn't have access to projectID "PROJECT-ID".
I've seen plenty of other errors in my Google search but not this one specifically. Has anyone run across this error?
You need to enable service account user permission in cloud build settings !
I want to deploy my app via google service account. I am using the test-version of googlecloud with billing enabled. I granted the following permissions to my service account:
App Engine Administrator
App Engine Deployer
App Engine Service Administrator
Cloud Build Service Account
Cloud Build Editor
Storage Administrator
When I try to login via keyfile with gcloud auth activate-service-account --key-file file.json and then trying to deploy the app with the service account with the following command: gcloud --quiet --project projecid app deploy app.yaml I get the following error:
(gcloud.app.deploy) Permissions error fetching application [apps/projectid]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.
Also I might have to say, that I am using a account ID which was used before.
Do you guys have an idea what I could do? It works, when I deploy it with my normal google account and a normal login. But I need that because of gitlab-ci
I have tried to reproduce your situation by creating a new service account and giving it the roles you listed. I have authorized access to GCP with its key using the gcloud auth activate-service-account --key-file=<KEY-FILE> command but the deployment has been successful for me.
Run the gcloud auth list command to make sure you're authorized with the correct service account. Also you can try adding the --verbosity=debug flag to the deployment command to see if you can find anything useful in the error logs if the error occurs.
From the error description, however, it seems that you might also have passed an incorrect project ID when deploying the application:
gcloud --quiet --project projecid app deploy app.yaml
- make sure it is not the case.
I wanted to create an App Engine app using the following command
gcloud app create --project=recommendations-1 --region=asia-east1-b
but system told me:
ERROR: (gcloud.app.create) PERMISSION_DENIED: Operation not allowed
'#type': type.googleapis.com/google.rpc.ResourceInfo
description: The "appengine.applications.create" permission is
required.
resourceType: gae.api
Other information:
I use google cloud shell
before create app, I connect instance with [gcloud compute ssh recommendations-1 ]
I wanted to make recommendation system with (https://cloud.google.com/solutions/machine-learning/recommendation-system-tensorflow-deploy)
I have enabled [ App Engine Flexible Environment] and [App Engine Admin API] manually
I have gcloud auth login
I have gcloud config list project
I believe you have already created the project “recommendations-1”. If not, use this command first:
gcloud projects create sample-project-name
If yes, you can start by running the following commands:
gcloud config set project sample-project-name
gcloud app create --project=sample-project-name --region=valid-region
Note that your command contains an invalid region. Check the valid regions here and here or use this command to see the list and choose interactively on the console.
gcloud app create
The issue you are having is most probably because you are trying to create an application in a project (recommendations-1) from within another project causing the permission errors.
You can have two machines running at the same time. As shown here the VM that you access when using Cloud Shell is the active VM of the current project in the Cloud Console, so in case you access another VM with “gcloud compute ssh” in a terminal, you may be accessing different VMs. It will depend on which VM is set up on each tool.
So in case you are trying to create an app in the project “recommendations-1” using Cloud Shell, Cloud SDK or another tool, you will need to set "recommendations-1" as the current project in that tool by using the “gcloud config set project recommendations-1” command. If the Cloud Console current project is already set to "recommendations-1", Cloud Shell will automatically be set with this project. Otherwise, you do not have access to create an app in a project from within the instance of another project.
I'm trying to get the golang hello-world bigtable example running locally locally and running into this issue. When I run gcloud preview app run app.yaml from the bigtable-hello directory, I get the following error:
➜ bigtable-hello gcloud preview app run app.yaml
Usage: gcloud
preview app [optional flags] group may be
modules command may be deploy | gen-config
(BETA) This set of commands allows you to deploy your app, manage your existing deployments, and also run your app locally. These
commands replace their equivalents in the appcfg tool.
global flags: Run gcloud -h for a description of flags available
to all commands.
command groups: modules (BETA) View and manage your
App Engine modules.
commands: deploy (BETA) Deploy the local code
and/or configuration of
your app to App Engine. gen-config (BETA) Generate missing configuration files for a
source directory.
ERROR: (gcloud.preview.app) Invalid choice: 'run'.
Valid choices are [deploy, gen-config, gen-repo-info-file, instances,
modules, services, versions].
I've put the demo files into my local go directory like below:
app run is no longer part of the gcloud SDK as can be seen under all the possible command trees:
gcloud alpha has no app command group
gcloud app has no run command
gcloud beta has no run command
gcloud preview app has no app command group
This was removed with version 92.0.0 released on January 13, 2016. That changelog recommends using dev_appserver.py instead. An example can be found in Running the local development server.
> dev_appserver.py src/github.com/jamescharlesworth/bigtable-hello
Other flags and options can be found in dev_appserver.py's documentation in Local Development Server Options.
I have gcloud installed and working and a service account gets also activated. I run the following and get a success(?):
$ gcloud auth activate-service-account "${GAE_CLIENT_ACCOUNT}" --key-file "${GAE_CLIENT_KEY_JSON_FILE}"
Activated service account credentials for: [xxxxx#developer.gserviceaccount.com]
Then I run this:
$ gcloud preview app deploy app.yaml --project "${GAE_PROJECT_ID}" --quiet --version "${GAE_PROJECT_VERSION}"
You are about to deploy the following modules:
- ricochet-robots/default/dev From: [/home/travis/build/ricochetrobots/ricochetrobots-landing/app.yaml]
Updating module [default]...Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&client_id=xxxxxxxx.apps.googleusercontent.com&access_type=offline
Updating module [default].../
As you can see, it prompts me to follow the link and do an oauth. Because I'm on a ci server, it's not possible to follow the link.
How kan I suppress that? Or is there a totally diffrent way of deploying the app automatically.
This is a known issue in version 0.9.61.
For now, you can work around by pinning to a previous version:
gcloud config set component_manager/fixed_sdk_version 0.9.60
gcloud components update
Since you're running in a CI server, you can also set the following environment variable, if you run gcloud components update in your script. This may be an easier fix, depending on your CI server.
CLOUDSDK_COMPONENT_MANAGER_SNAPSHOT_URL=https://dl.google.com/dl/cloudsdk/release/components-v0.9.60.json
Running gcloud preview app deploy --set-default using a service account has the same issue in versions 0.9.57 through 0.9.62. If you'd like to use this command, you can pin to 0.9.56.
We're targeting a fix for version 0.9.63 or shortly thereafter. Follow the issue on the gcloud bug tracker for more updates.
EDIT: This issue was fixed in version 0.9.63.