https://pulumi.com logo
w

wide-nightfall-60999

02/23/2019, 10:14 AM
I am trying to get started with pulumi and GCP. (I am new to both). I did what is described https://pulumi.io/quickstart/gcp/setup.html. But I am getting an error "error: Plan apply failed: googleapi: Error 400: The user does not have access to service account "default". Ask a project owner to grant you the iam.serviceAccountUser role on the service account., badRequest". I can create gke clusters using gcloud cli and the service account. I am not sure why pulumi is trying to use "default" service account. Any help is appreciated
w

white-balloon-205

02/23/2019, 5:21 PM
If you created a service account for this, it looks like you need to make sure to assign that service account the Service Account User role (per https://stackoverflow.com/questions/40367866/gcloud-the-user-does-not-have-access-to-service-account-default). You can also use the application-default cloud login to avoid needing a service account for development. Looks like that’s missing from the setup page, but you can see details on this in the tutorial at https://pulumi.io/quickstart/gcp/tutorial-gke.html
w

wide-nightfall-60999

02/23/2019, 8:18 PM
Thanks @white-balloon-205 Both worked 🙂 It might be good to add application-default login to setup page
w

white-balloon-205

02/24/2019, 1:10 AM
Agreed - we’ll do that.