Appengine gcloud deploy using custom service account
Question
I want to deploy an API to app engine But it ends up using the wrong service account. I use these 3 cmd lines in gitlab:
- gcloud auth activate-service-account --key-file /tmp/$CI_PIPELINE_ID.json
- gcloud config set account NameOfServiceAccount.com
- gcloud app deploy
What I get is
target service account: [App Engine default service account]
Do you want to continue (Y/n)?
Beginning deployment of service [lettering-back]...
╔════════════════════════════════════════════════════════════╗
╠═ Uploading 2 files to Google Cloud Storage ═╣
╚════════════════════════════════════════════════════════════╝
File upload done.
ERROR: (gcloud.app.deploy) PERMISSION_DENIED: You do not have permission to act as
1 answers
solution1
2 ACCPTED 2021-08-24 15:36:44
To deploy new versions, a member must have the Service Account User (roles/iam.serviceAccountUser) role on the App Engine default service account, and the Cloud Build Editor (roles/cloudbuild.builds.editor) and Cloud Storage Object Admin (roles/storage.objectAdmin) roles on the project.
More specifically for your error message you gonna need roles/iam.serviceAccountUser on your service account whose key is the one you placed at /tmp/$CI_PIPELINE_ID.json
Reference: the first table row at https://cloud.google.com/appengine/docs/standard/python/roles#predefined_roles
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.