I have:
gcloud init
2. Generated a key for a service account from the IAM console. (web interface)
-> The service account has "Editor" privileges for my project.3. Authorized the service account.
gcloud auth activate-service-account --key-file mykeyfile
However, when I try to access the snapshots management features:
$ gcloud compute snapshots list
ERROR: (gcloud.compute.snapshots.list) Some requests did not succeed:
- Insufficient Permission
I can't find anywhere in the documentation specifically how I grant permission to gcloud to allow it to do this. ( gcloud compute disks snapshot fails with the same error too.)
Any tips?
Hi Rick,
I tried to reproduce your issue but it worked for me. Here are the steps I followed:
In my case I created a VM in my project to run gcloud from it. For testing purposes I selected ¨Set access for each API¨ during the VM creation. There I made sure that ¨Compute¨ was set to none. In that way I limited access to the default service account linked to the VM to compute resources.
I SSH in the VM and made some pre-check tests.
gcloud auth list
Credentialed Accounts:
- 3xxxxxxxx...@developer.gserviceaccount.com ACTIVE
To set the active account, run:
$ gcloud config set account `ACCOUNT`
myuser@instance-5:~$ gcloud compute snapshots list
ERROR: (gcloud.compute.snapshots.list) Some requests did not succeed:
- Insufficient Permission
3) I created another service account, gave it ¨Editor¨ permissions and generated the key.
4) I uploaded the key to my VM and set this account to work with gcloud.
myuser@instance-5:~$ gcloud auth activate-service-account --key-file mykeyfile.json
Activated service account credentials for: [customse...@xxxxxxtest.iam.gserviceaccount.com]
myuser@instance-5:~$ gcloud auth list
Credentialed Accounts:
- 3xxxxxxxx...@developer.gserviceaccount.com
- customse...@xxxxxtest.iam.gserviceaccount.com ACTIVE
gcloud compute snapshots list
NAME DISK_SIZE_GB SRC_DISK STATUS
xxxxxxxxxx 10 us-central1-f/disks/cpaneltest READY
I would suggest trying to run a similar test. Are you running gcloud from a GCE VM or your own computer? Additionally, you can confirm the project and the account used by gcloud using:
I am glad it worked. The default service account is tightly linked to GCE instances and the access scope they can have. Working with the default service account and IAM permissions can be a little tricky as explained here.
--
© 2016 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/a608179a-0991-46c2-8241-d39bba5dd3dd%40googlegroups.com.
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
--
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/35ef6943-e96b-4618-808a-5be1f0b52fc5%40googlegroups.com.