You can see more in-depth description of the roles needed to deploy an application along with the permissions granted by the roles here: https://cloud.google.com/appengine/docs/standard/nodejs/access-control
I believe you may have used the wrong combination of roles. Along with the 'App Engine Admin' role, you would need 'Storage Admin' role to use the gcloud sdk and not 'Storage Object Admin'. On Thursday, July 26, 2018 at 11:14:57 AM UTC-4, Valentin Despa wrote: > > > I am trying to deploy the standard example NodeJs App using a service > account. > > > https://github.com/GoogleCloudPlatform/nodejs-docs-samples/tree/master/appengine/hello-world/standard > > I have created a new service account with the roles (as described in the > documentation > https://cloud.google.com/appengine/docs/standard/nodejs/granting-project-access#deploying_using_iam_roles > ): > > - App Engine Admin > - Storage Object Admin > > When deploying with > > gcloud app deploy --verbosity=debug > > I get the error: > > Updating service [default]...â ›DEBUG: Operation > [apps/MYAPP/operations/01c6d8bc-9247-4d1b-924f-c6ec12514fcf] complete. > Result: { > "metadata": { > "target": "apps/MYAPP/services/default/versions/20180726t071855", > "method": "google.appengine.v1.Versions.CreateVersion", > "user": "MYACCOUNT@ MYAPP.iam.gserviceaccount.com", > "insertTime": "2018-07-26T05:18:59.150Z", > "endTime": "2018-07-26T05:19:02.609Z", > "@type": " > type.googleapis.com/google.appengine.v1.OperationMetadataV1" > }, > "done": true, > "name": "apps/MYAPP/operations/01c6d8bc-9247-4d1b-924f-c6ec12514fcf", > "error": { > "message": "An internal error occurred.", > "code": 13 > } > } > Updating service [default]...failed. > DEBUG: (gcloud.app.deploy) Error Response: [13] An internal error occurred. > > > If I add the role Project Owner it is properly working and deploying a new > version. So it does not seem to be a problem with the code itself. > > So it seems to be a permission problem. > > Does anybody have any ideas? I hate to do CI/CD with accounts with more > permission than they need. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/6efe4f67-7705-469b-99d8-c953aecd0958%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
