AccessDeniedException: 403 account-dv@fabric-275411.iam.gserviceaccount.com does not have storage.objects.list access to config-management-release.

[anthosfabric]

I am using trial version of google cloud console with anthos enabled. When configuring anthos config management, i am getting AccessDeniedException.

Command Ran : gsutil cp gs://config-management-release/released/latest/config-management-operator.yaml config-management-operator.yaml

Exception : AccessDeniedException: 403 account-dv@fabric-275411.iam.gserviceaccount.com does not have storage.objects.list access to config-management-release.

Tried by creating new service account. But throws same exception. I configured service account using gcloud command line utility

Below are the roles associated with serviceaccount:

• roles/composer.environmentAndStorageObjectAdmin
• roles/compute.admin
• roles/compute.loadBalancerAdmin
• roles/compute.networkAdmin
• roles/compute.securityAdmin
• roles/container.admin
• roles/container.clusterAdmin
• roles/container.clusterViewer
• roles/editor
• roles/gkehub.admin
• roles/gkehub.connect
• roles/gkehub.viewer
• roles/iam.securityAdmin
• roles/iam.serviceAccountAdmin
• roles/iam.serviceAccountKeyAdmin
• roles/iam.serviceAccountTokenCreator
• roles/iam.serviceAccountUser
• roles/logging.admin
• roles/logging.configWriter
• roles/logging.viewer
• roles/monitoring.admin
• roles/owner
• roles/redis.admin
• roles/resourcemanager.projectIamAdmin
• roles/servicenetworking.networksAdmin
• roles/stackdriver.accounts.editor
• roles/storage.admin
• roles/storage.objectAdmin
• roles/storage.objectViewer
• roles/viewer

[cgrant]

Can you clarify what " trial version" you're working with? The error you seeing typically means you aren't signed up for Anthos. It sounds like your account doesn't have anthos enabled