问题
In Google Cloud Platform I created a SERVICE ACCOUNT and assigned the OWNER and SERVICE ACCOUNT ACTOR role.
When I run command below
gcloud container clusters get-credentials travis-test --zone us-central1-c --project phantom-zone-00001
it returns error below
Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required “container.clusters.get” permission for “projects/phantom-zone-00001/zones/us-central1-c/clusters/travis-test”.
If I call the command with my own account (instead of SERVICE ACCOUNT) it runs perfectly fine
Would you please put me into the right direction? Thanks in advance.
回答1:
It looks like issue was related to the part that I didn't revoke it from my local environment when I re-create the account with same name/email.
to revoke
gcloud auth revoke service@project.iam.gserviceaccount.com
to activate
gcloud auth activate-service-account service@project.iam.gserviceaccount.com --key-file "C:\Users\user\Downloads\key.json"
then it won't give that permission error.
来源:https://stackoverflow.com/questions/42556739/service-account-throws-an-insufficient-permission-error-even-it-has-owner-priv