K
Q

Service Account throws an insufficient permission error even it has 'owner' privileges

3/2/2017

In Google Cloud Platform I created a SERVICE ACCOUNT and assigned the OWNER and SERVICE ACCOUNT ACTOR role.

When I run command below

gcloud container clusters get-credentials travis-test --zone us-central1-c --project phantom-zone-00001

it returns error below

Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required “container.clusters.get” permission for “projects/phantom-zone-00001/zones/us-central1-c/clusters/travis-test”.

If I call the command with my own account (instead of SERVICE ACCOUNT) it runs perfectly fine

Would you please put me into the right direction? Thanks in advance.

-- cilerler
google-cloud-platform
google-kubernetes-engine

Similar Questions

after create yaml in image:fernandoacorreia/ubuntu-14.04-oracle-java-1.7,pod is not running
how to do network isolation among different applications in kubernetes or in docker cluster?
Kubernetes Volume mountpath
How to launch an app via Docker on every Pull Request?

1 Answer

3/2/2017

It looks like issue was related to the part that I didn't revoke it from my local environment when I re-create the account with same name/email.

to revoke

gcloud auth revoke service@project.iam.gserviceaccount.com

to activate

gcloud auth activate-service-account service@project.iam.gserviceaccount.com --key-file "C:\Users\user\Downloads\key.json"

then it won't give that permission error.

-- cilerler
Source: StackOverflow