fierce-dinner-20116
04/30/2019, 8:19 PMyarn --frozen-lockfile
pulumi stack select ...
pulumi refresh --yes
pulumi preview --diff
However, I get the following error when I run it in CI:
[2019-04-30T20:10:12Z] + pulumi refresh --yes
[2019-04-30T20:10:13Z] Previewing refresh (...):
[2019-04-30T20:10:14Z]
...
[2019-04-30T20:10:14Z] ~ gcp:container:NodePool dogfood-full-k8s-node-pool refreshing error: Preview failed: refreshing urn:pulumi:ds-dog-k8s-dev::sg-deploy-k8s-helper::gcp:container/nodePool:NodePool::dogfood-full-k8s-node-pool: Error reading Container NodePool dogfood-full-k8s-node-pool: googleapi: Error 403: Request had insufficient authentication scopes., forbidden
[2019-04-30T20:10:14Z] ~ gcp:container:Cluster dogfood-full-k8s refreshing error: Preview failed: refreshing urn:pulumi:ds-dog-k8s-dev::sg-deploy-k8s-helper::gcp:container/cluster:Cluster::dogfood-full-k8s: Error reading Container Cluster "dogfood-full-k8s": googleapi: Error 403: Request had insufficient authentication scopes., forbidden
I gave the service account that pulumi uses the Editor
and Kubernetes Engine Developer
roles: https://cloud.google.com/kubernetes-engine/docs/how-to/iam
Do you know if I need to give it any more permissions?white-balloon-205
Kubernetes Engine Developer
is likely insufficient.