CODEWITHSUNDEEP
google-app-enginedeployment
Gremash
Gremash

Reputation: 8308

403 when deploying to app engine using service account

I am having an issue deploying a Node project to Google App Engine when using a service account. I am getting a 403 error.

{
  "error": {
    "code": 403,
    "message": "Operation not allowed",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ResourceInfo",
        "resourceType": "gae.api",
        "description": "The \"appengine.applications.get\" permission is required."
      }
    ]
  }
}

I have given my service account the App Engine Admin and Storage Object Admin roles. I am using the downloaded JSON key file to deploy.

I am then running these two terminal commands:

gcloud auth activate-service-account --key-file appEngineAuth.json
gcloud --quiet --verbosity=debug app deploy app.yaml --promote --log-http

This is my app.yaml file:

runtime: nodejs
env: flex

If I run gcloud auth list I see my service account user selected. I am able to deploy if I do gcloud init and then go through the process of using my Google account but I can't do that from my CI server.

I have deleted and recreated my service account a couple of times and made absolutely certain I am using the correct key file. I even tried giving my service account the Owner role but that didn't work.

Upvotes: 0

Views: 108

Answers (1)

Gremash
Gremash

Reputation: 8308

This turned out to be an app engine bug. Support took about a week to fix the issue. As a temporary work around I had to create a new application and use it. This bug only affected one of my six applications.

Google case #: Case 15238823

Upvotes: 1

Related Questions