Reputation: 6434
"gcloud auth activate-service-account" and "gcloud source repos clone" error
I would like to use the following tools together:
- Docker
- gcloud SDK
- gcloud Service Account
- gcloud Source Repo (as part of project dependencies)
The steps i'm taking:
1) Log into the Google Cloud Console at: https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=project-name
2) Create a service account, for now give 'Owner' permissions, and download the json key as account-name.json
3) Add a Dockerfile:
FROM google/cloud-sdk
COPY account-name.json /tmp/account-name.json
RUN gcloud auth activate-service-account --key-file /tmp/account-name.json
RUN rm /tmp/account-name.json
RUN gcloud config set project project-name
RUN gcloud config set account [email protected]
RUN gcloud source repos clone default --project=project-name
4) Build and run docker:
docker build -t service-account-repo .
docker run -ti service-account-repo
The error I get is:
ERROR: (gcloud.source.repos.clone) You do not currently have an active account selected. Please run:
$ gcloud auth login
to obtain new credentials, or if you have already logged in with a different account:
$ gcloud config set account ACCOUNT
to select an already authenticated account to use.
And no matter which commands I try, including setting the account and auth login, via docker exec it doesn't work.
If I run the same commands locally it works, because I am already logged in with my main gcloud account.
Do gcloud Service Accounts work with gcloud Source Repos? does anyone have a working example without their normal accounts logged in? Do I need to enable other cloud APIs to get it to work?
Upvotes: 3
Views: 6050
Answers (1)
Reputation: 8980
The only gcloud command you need to run is
gcloud auth activate-service-account --key-file /tmp/account-name.json
It sets core/account property. After that
gcloud source repos clone default --project=project-name
should work (no need to set project since you specifying part of the command).
Make sure to have git installed and it must be on the path.
One thing to note that gcloud stores activated credentials in ~/.config/gcloud directory. This might not be what you want. You can change it by setting CLOUDSDK_CONFIG environment variable to point to another location, preferably not part of the docker image itself.
Upvotes: 1
Related Questions
- ERROR: (gcloud.auth.activate-service-account) The .json key file is not in a valid format -- via impersonate-service-account
- Problem building gcloud project : COPY failed: no source files were specified
- Access problem with service account in gcloud from github actions
- how to use gcloud command in docker build image with credentials
- Error: (gcloud.auth.print-identity-token) No identity token can be obtained from the current credentials
- gcloud auth configure-docker fail (config.json could not be read as JSON)
- gcloud docker push results in "denied: Token exchange failed for project 'gcp-project-id-example'."
- Authentication error when using Git Bash to connect to Google Cloud (gcloud)
- Cannot clone from gcloud to git: "Could not find gcloud's git credential helper."
- `gcloud source repos clone` with service account is not working