-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot deploy on Google Compute Engine with Required 'compute.zones.list' permission error #658
Comments
I'm having the same issue. Running algo with commit ID = I've tried lots of different permissions. I think this is an issue with my configuration being incorrect because of the changes GCM has been making for resource permissions. If anyone has been able to get around this issue please report back here, I would really appreciate it. Thanks. |
I've seen this as well. I even opened an issue with a Google Cloud Platform support representative about it to see if they might be able to figure out what Algo is doing wrong in this area of its Ansible script since nobody in the Gitter chat room was responding when I asked for help troubleshooting it. Now that I know that this issue exists here on GitHub, I'll let them know about it by the time I hear back from them. Edit: Representative notified of this issue's existence even though I'm not sure exactly how much help to expect from somebody not involved in this project and responsible for maintaining support for other code. |
Same issue for me! Also using a Mac - don't know if that matters. A documentation post clarifying service accounts and permissions needed would be much appreciated. |
Never seen this before. Have anyone tried the solution from here? |
@gunph1ld: Thanks for pointing that reference out; I'll go through the steps outlined there ASAP. |
This commit adds the steps needed to create a credential with the needed access on Google Cloud Platform to be able to successfully create a new algo VPN. Related to: - trailofbits#682 - trailofbits#658
* Add documentation on how to setup GCE accounts This commit adds the steps needed to create a credential with the needed access on Google Cloud Platform to be able to successfully create a new algo VPN. Related to: - #682 - #658 * Adds links on main README to GCP * Adds link to Ansible documentation * Update cloud-gce.md
* Add documentation on how to setup GCE accounts This commit adds the steps needed to create a credential with the needed access on Google Cloud Platform to be able to successfully create a new algo VPN. Related to: - trailofbits#682 - trailofbits#658 * Adds links on main README to GCP * Adds link to Ansible documentation * Update cloud-gce.md
OS / Environment
OSX
Summary of the problem
Cannot deploy on Google Compute Engine with Required 'compute.zones.list' permission error
Steps to reproduce the behavior
Tried to deploy on Google Compute Engine, I already use the admin role to deploy but still get the same error.
The way of deployment (cloud or local)
Google Compute Engine
Expected behavior
Deploy success
Actual behavior
Failed with following log
Full log
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Unexpected response: ({u'domain': u'global', u'message': u"Required 'compute.zones.list' permission for 'projects/vpnxxxx'", u'reason': u'forbidden'}). Detail: Traceback (most recent call last):\n File "/var/folders/d0/dws_zcmn05n4n15d42xk6wpr0000gn/T/ansible_O4d3NI/ansible_modlib.zip/ansible/module_utils/gcp.py", line 105, in gcp_connect\n project=project_id)\n File "/Users/leedavid/workspace/algo-master/env/lib/python2.7/site-packages/libcloud/compute/drivers/gce.py", line 1801, in init\n self.zone_list = self.ex_list_zones()\n File "/Users/leedavid/workspace/algo-master/env/lib/python2.7/site-packages/libcloud/compute/drivers/gce.py", line 2755, in ex_list_zones\n response = self.connection.request(request, method='GET').object\n File "/Users/leedavid/workspace/algo-master/env/lib/python2.7/site-packages/libcloud/compute/drivers/gce.py", line 121, in request\n response = super(GCEConnection, self).request(*args, **kwargs)\n File "/Users/leedavid/workspace/algo-master/env/lib/python2.7/site-packages/libcloud/common/google.py", line 808, in request\n *args, **kwargs)\n File "/Users/leedavid/workspace/algo-master/env/lib/python2.7/site-packages/libcloud/common/base.py", line 637, in request\n response = responseCls(**kwargs)\n File "/Users/leedavid/workspace/algo-master/env/lib/python2.7/site-packages/libcloud/common/base.py", line 159, in init\n self.object = self.parse_body()\n File "/Users/leedavid/workspace/algo-master/env/lib/python2.7/site-packages/libcloud/common/google.py", line 296, in parse_body\n raise GoogleBaseError(message, self.status, code)\nGoogleBaseError: {u'domain': u'global', u'message': u"Required 'compute.zones.list' permission for 'projects/vpnxxxx'", u'reason': u'forbidden'}\n"}
The text was updated successfully, but these errors were encountered: