Error 403: Required 'compute.networks.create' permission for projects

[Charles Moulliard]

Hi,

When a new VM is created using the googleapi, I get such errors

ERRO[0001] * google_compute_network.network: 1 error(s) occurred:  source=Terraform

ERRO[0001]                                               source=Terraform

ERRO[0001] * google_compute_network.network: Error creating network: googleapi: Error 403: Required 'compute.networks.create' permission for 'projects/workshop-cmoulliard-redhat-com', forbidden  source=Terraform

ERRO[0001] * google_compute_disk.disk_master_docker: 1 error(s) occurred:  source=Terraform

ERRO[0001]                                               source=Terraform

ERRO[0001] * google_compute_disk.disk_master_docker: Error loading zone 'europe-west1-b': googleapi: Error 403: Required 'compute.zones.get' permission for 'projects/workshop-cmoulliard-redhat-com/zones/europe-west1-b', forbidden  source=Terraform

ERRO[0001] * google_compute_disk.disk_master_root: 1 error(s) occurred:  source=Terraform

ERRO[0001]                                               source=Terraform

ERRO[0001] * google_compute_disk.disk_master_root: Error loading zone 'europe-west1-b': googleapi: Error 403: Required 'compute.zones.get' permission for 'projects/workshop-cmoulliard-redhat-com/zones/europe-west1-b', forbidden  source=Terraform

ERRO[0001] * google_compute_address.address_master: 1 error(s) occurred:  source=Terraform

ERRO[0001]                                               source=Terraform

ERRO[0001] * google_compute_address.address_master: Error creating address: googleapi: Error 403: Required 'compute.addresses.create' permission for 'projects/workshop-cmoulliard-redhat-com', forbidden  source=Terraform

ERRO[0001]                                               source=Terraform

Which gcloud commands do I have to execute in order to have enough permission for my project to issue such creation request ?

Regards

Charles

[Marilu (Cloud Platform Support)]

Hi Charles,

How are you trying to create the instance? Are you using a service account to authenticate?

If this is the case, I'll recommend reviewing the following links to find out more information on how to authenticate when using APIs:

Authentication guide

Authenticating to a Cloud API Service

Also, make sure to give the IAM role to your service account, you need to give a minimum role that will allow the account to create the instance.

If you're using the gcloud command, then you can use the gcloud auth login command to authenticate.

I hope this helps!

Marilu

[Aasif Shaikh]

I am using terraform and have the same issue. For authentication, I am using service account.

BR,

Aasif

[Marilu (Cloud Platform Support)]

Hi Aasif,

I'm not familiar with Terraform, so I can't provide much assistance with that product. On the Google Cloud Platform, you need to make sure that your service account has the proper IAM roles to create a VM as the errors indicate an issue with the roles granted to the service account.

You can also test the API using the API Explorer in here, which normally works with your account, as it's expected to have the required IAM roles.

I hope this helps,

Marilu

[Moghul Abdul Khadeer Baig]

Thanks, Marliu. It helps when I assign a minimum role to my service account.

The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify ATMECS and delete it from your computer.