Insufficient Permission on all gcloud commands

[Dailen Gunter]

I just setup a brand spanking new Google Cloud Compute trial and I've hit a solid brick wall. I specifically wanted to use this with Ubuntu which is not listed in the available images. Some suggested using a gcloud compute command but literally every single gcloud compute command I run comes back "insufficient permission". I've tried with both the built in SSH apart of the Developers Console and a 3rd party SSH application. What am I missing here??

[Anthony Voellm]

Generally this means billing is not enabled.  Have you checked to make sure its ok?

On Fri, Nov 7, 2014 at 9:26 AM, Dailen <dai...@gmail.com> wrote:

I just setup a brand spanking new Google Cloud Compute trial and I've hit a solid brick wall. I specifically wanted to use this with Ubuntu which is not listed in the available images. Some suggested using a gcloud compute command but literally every single gcloud compute command I run comes back "insufficient permission". I've tried with both the built in SSH apart of the Developers Console and a 3rd party SSH application. What am I missing here??

--
© 2014 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/1cc5fe51-441e-4e00-bcb9-0e88b6e2194d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Anthony F. Voellm (aka Tony)

Google Voice:  (650) 516-7382

Blog: http://perfguy.blogspot.com/

[Dailen Gunter]

Appears to be setup and working properly. I followed the steps to activate the trial which required remitting a form of payment which I assumed would be for use after the trial since it doesn't appeared to have pre-authed anything.

[Dailen Gunter]

Ugggghhhh...okay EVERY SINGLE source of documentation I found on Google Compute left this extraordinarily critical part out. When you go to setup an instance there's a section that sets whether or not that vm has "project access". That's the key to running the gcloud commands apparently.

[Anthony Voellm]

Yes from inside the VM.  Without that you need to run "gcloud auth login"

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/04ecd010-a148-4276-b0cf-2565924ba4cb%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Senthil Radhakrishnan]

I am facing the same issue. How do i give project access to the VM

Thanks

Senthil

[Faizan (Google Cloud Support)]

Hello Senthil,

As mentioned above you can set the 'Compute' scope at the time you create the instance in order to run gcloud commands from that instance. By setting the Compute scope your instance will be authorized using the Google Compute Engine service account. You can find more information on authenticating from Compute Engine instance on this link.

If you wish to use your account to authorize gcloud commands you can run gcloud auth login command and follow the steps.

I hope that helps.

Faizan

[Kayla Hardwick]

Hello,

I know this is an old thread but I'm hoping I can get some assistance. I'm trying to run gcloud commands from within a VM that doesn't already have gcloud installed, and I'm getting a permission denied error. I tried to set the compute scope by creating a service account, then creating an instance associated with that account, then sshing onto the instance and installing gcloud from there. However, I'm still getting a permission denied error. Here's the relevant code:

gcloud iam service-accounts create my-sa-123 --display-name "my service account"

gcloud projects add-iam-policy-binding bioproject --member serviceAccount:my-s...@bioproject.iam.gserviceaccount.com --role roles/owner

gcloud beta compute instances create-with-container trinity --container-image us.gcr.io/bioproject/trinityrnaseq --service-account my-s...@bioproject.iam.gserviceaccount.com --scopes https://www.googleapis.com/auth/cloud-platform

Any input you have on why this isn't working would be fantastic. Thank you!