deploy fails with 403 error when using service account

590 views
Skip to first unread message

ta...@freightos.com

unread,
Mar 15, 2016, 5:47:54 AM3/15/16
to google-cloud-sdk
Hello , 

I am building and deploying my app from Jenkins , but it fails if I use service account to authenticate ( and it deploys successfully when using my account).

Here are the steps that I follow :
  • Created new service account on project tradeos-test1 (with edit permission )
  • Google Cloud Container builder API is under enabled APIs 
  •  The jenkins job execute the following command successfully 
gcloud auth activate-service-account  --key-file mykey.json

  • Then I execute the following command to deploy 
mvn gcloud:deploy -Dgcloud.gcloud_project=tradeos-test1 -Dgcloud.version=v10

The last command fails with the following error :

[INFO] ERROR: Error: Status 403 trying to push repository gcloud/tradeos-test1.default.freightos-daily-build: "Access denied."
[INFO] ERROR: Error: Status 403 trying to push repository gcloud/tradeos-test1.default.freightos-daily-build: "Access denied."
[INFO] ERROR: Error: Status 403 trying to push repository gcloud/tradeos-test1.default.freightos-daily-build: "Access denied."
[INFO] ERROR: Error: Status 403 trying to push repository gcloud/tradeos-test1.default.freightos-daily-build: "Access denied."
[INFO] ERROR: Error: Status 403 trying to push repository gcloud/tradeos-test1.default.freightos-daily-build: "Access denied."
.
.
.
[INFO] Beginning teardown of remote build environment (this may take a few seconds).
[INFO] ERROR: gcloud crashed (Error): Unable to push the image to the registry: "Error: Status 403 trying to push repository gcloud/tradeos-test1.default.freightos-daily-build: "Access denied.""

please check the attached file for full logs ( error at the end of the file)

Please note that everything is working fine when using my account 

Thanks
Tareq
logs.txt

Zachary Newman

unread,
Mar 17, 2016, 9:11:59 AM3/17/16
to ta...@freightos.com, google-cloud-sdk
Hi Tareq,

You may need to add the service account you're using as an EDITOR/WRITER on the GCS buckets. It should look like vm-containers.<app>.appspot.com.

Let us know if that doesn't help.

Cheers,
Zack

--
You received this message because you are subscribed to the Google Groups "google-cloud-sdk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-s...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-cloud-sdk.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sdk/51e500bb-1538-4edd-abe5-b3915e68fb31%40googlegroups.com.

Reply all
Reply to author
Forward
0 new messages