服务帐户即使具有“所有者”权限也会引发权限不足错误 [英] Service Account throws an insufficient permission error even it has 'owner' privileges

问题描述

在 Google云端平台中，我创建了服务帐户并分配了 OWNER 和服务帐户ACTOR 角色。

In Google Cloud Platform I created a SERVICE ACCOUNT and assigned the OWNER and SERVICE ACCOUNT ACTOR role.

当我在下面运行命令时

When I run command below

gcloud container clusters get-credentials travis-test --zone us-central1-c --project phantom-zone-00001

它返回
$ b

it returns error below

获取集群端点和授权数据。
错误：（gcloud.container.clusters.get-credentials ）ResponseError：code = 403，message =必需的container.clusters.get
projects / phantom-zone-00001 / zones / us-central1-c / clusters / travis-test的权限。

Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required "container.clusters.get" permission for "projects/phantom-zone-00001/zones/us-central1-c/clusters/travis-test".

如果我用我自己的帐户（而不是SERVICE ACCOUNT）调用命令，它运行得很好

If I call the command with my own account (instead of SERVICE ACCOUNT) it runs perfectly fine

请您把我带入正确的方向吗？感谢提前。

Would you please put me into the right direction? Thanks in advance.

推荐答案

看起来问题与我没有从我的本地环境中撤销它的部分有关我重新创建了具有相同名称/电子邮件的帐户。

It looks like issue was related to the part that I didn't revoke it from my local environment when I re-create the account with same name/email.

撤销

gcloud auth revoke travis@phantom-zone-00001.iam.gserviceaccount.com

启用

gcloud auth activate-service-account travis@phantom-zone-00001.iam.gserviceaccount.com --key-file "C:\Users\clark-kent\Downloads\BackOffice Production Cluster-586a20b55c12.json"

<那么它将不会给出该权限错误。

then it won't give that permission error.

这篇关于服务帐户即使具有“所有者”权限也会引发权限不足错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！