I am new to GCP, and I am seeing this weird thing. I have set up a local service account and set it up on my machine with

gcloud auth activate-service-account…

I looked at my config, and auth stuffs, but pulumi is still trying to run under an old and different GCP service account it seems:

* googleapi: Error 403: [account name]@appspot.gserviceaccount.com does not have storage.buckets.create access to the Google Cloud project., forbidden

did you configure ADC (application default credentials)?

I am pretty sure I did, I ran the following…

$ gcloud auth application-default login
$ gcloud auth login --update-adc

and then 
$ gcloud auth list                     
                     Credentialed Accounts
ACTIVE  ACCOUNT
*       <mailto:chris@thesignuplist.com|chris@thesignuplist.com>
        <mailto:christopher-local@thesignuplist.iam.gserviceaccount.com|christopher-local@thesignuplist.iam.gserviceaccount.com>

and even... 
gcloud auth application-default set-quota-project thesignuplist

but I am still getting the following when running 
$ pulumi up

* googleapi: Error 403: [some_old_account]@appspot.gserviceaccount.com does not have storage.buckets.create access to the Google Cloud project., forbidden

@square-lunch-33033 that error indicaes the credentials you got don't have access to the bucket you're writing the state to. do you have an env var set?

d3rp, when in doubt

printev

🙂

thank you sir.