Unable to subscribe to a google pub sub topic using a service account

Question

I was trying to understand example given in google cloud samples present in this link

This example creates a service account, a VM, and a Pub/Sub topic. The VM runs as the service account, and the service account has subscriber access to the Pub/Sub topic, thereby giving services and applications running on the VM access to the Pub/Sub topic.

However when I am trying to deploy this example I am getting below error

The fingerprint of the deployment is a-v3HjAHciZeSLuE-vSeZw==
Waiting for create [operation-1525502430976-56b6fb6809800-dbd09909-c5d681b2]...failed.
ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1525502430976-56b6fb6809800-dbd09909-c5d681b2]: errors:
- code: RESOURCE_ERROR
  location: /deployments/test-dp/resources/my-pubsub-topic
  message: '{"ResourceType":"pubsub.v1.topic","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"message":"User
    not authorized to perform this action.","status":"PERMISSION_DENIED","details":[],"statusMessage":"Forbidden","requestPath":"https://pubsub.googleapis.com/v1/projects/fresh-deck-194307/topics/my-pubsub-topic:setIamPolicy","httpMethod":"POST"}}'

It mentions that User doesn't have permission to perform this action. I am unable to understand which user it is mentioning about. Since I am the project owner and my account is the owner of project, I should be able to deploy a script which can set IAM policy for subscribing to a pubsub topic.

Might be my understanding is wrong above. Could somebody help to understand why this example is failing?

Also I hope if any additional configuration is needed for this example to run, it should be mentioned in README file. But there are no instructions.

Unable to subscribe to a google pub sub topic using a service account

Answers (1)

Related Questions