Service Account throws an insufficient permission

2019-05-29 00:08发布

问题:

In Google Cloud Platform I created a SERVICE ACCOUNT and assigned the OWNER and SERVICE ACCOUNT ACTOR role.

When I run command below

gcloud container clusters get-credentials travis-test --zone us-central1-c --project phantom-zone-00001

it returns error below

Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required “container.clusters.get” permission for “projects/phantom-zone-00001/zones/us-central1-c/clusters/travis-test”.

If I call the command with my own account (instead of SERVICE ACCOUNT) it runs perfectly fine

Would you please put me into the right direction? Thanks in advance.

回答1:

It looks like issue was related to the part that I didn't revoke it from my local environment when I re-create the account with same name/email.

to revoke

gcloud auth revoke service@project.iam.gserviceaccount.com

to activate

gcloud auth activate-service-account service@project.iam.gserviceaccount.com --key-file "C:\Users\user\Downloads\key.json"

then it won't give that permission error.