-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't use service account IAM roles? #132
Comments
(I removed a screenshot because it exposed your project details) |
should project names and ID numbers really be kept secure? seems like they should be safe for public consumption by design. |
@kevhill a few questions:
We'd prefer not to expose them on our issue tracker, but yeah, the project id is indeed visible in your app engine url. |
thanks for the quick reply
Also in the name of sanity checking I created a brand new service account and tried the whole flow again, and it worked fine. So, it seems like somehow that account got screwed up in a way not reflected by the roles. So, immediate problem fixed, if larger questions still left unanswered. But, it is probably something outside the scope of this library. |
ah, and then I ran a modified version of your script but used the creds that are now working, but looked up the |
ok, even weirder, deleting that service account entirely and making a new one with the SAME NAME doesn't work... wtf. Closing this issue, thanks for the help. |
@kevhill: no worries, it was probably just a delay in permission propagation. :) |
I'm going to guess this is some form of stupid user error, but I can't find any more info in the docs, so I am asking here. I can't seem to access any project resources with a service account, even though I have the correct IAMs
Below is a ipython interactive session, but same results with the app i'm building
So I've got valid credentials on my service account... and the account is an owner of the project. (I had the app scoped appropriately, but escalated when I hit this error)
any idea why these credentials wouldn't be accepted?
The text was updated successfully, but these errors were encountered: