Re: Cloud Build Error - Permission 'cloudbuild.bui...

ravin-naik · 03-26-2024 10:37 PM

I have set up a trigger in Cloud Build which uses a custom service account (say gcb-service-account). gcb-service-account is given "Cloud Build Service Account" role in IAM. I logged in to console using browser using my own user id having role of "Owner". When I trigger the build, it gives below error.

Failed to trigger build: Permission 'cloudbuild.builds.create' denied on resource 'projects/000000fab282f8ed' (or it may not exist)

When I looked at the logs using Duet AI, following is what it shows

It indicates that a user with the email address my user id attempted to create a build using the RunBuildTrigger method of the Cloud Build API.
The request was denied because the user did not have the required cloudbuild.builds.create permission on the project 000000fab555f6ed .

Given my user id has Owner role and service account id has "Cloud Build Service Account", I didn't expect this error. Can you please help?

ravin-naik

Any help on this? This looks to be a very weird issue.

ayush1337

Hey i got the same error. There's no documentation on how to fix this issue. Also the error gives me a wired project name which i have never created projects/000000xx7cxx38xx

Any help is appreciated.

chiem-gcp

Any help from google? I am currently experiencing the same issue.

Were any of you able to resolve this issue?

ayush1337

Hey,

I was able to fix the issue by disabling cloud build api and then re-enabling it. I know it's strange but it worked for me.

accordionman

I had exactly this issue too, when trying to set up a custom service account for cloud build.

It appears that you also need to grant the Cloud Build Service Account permission to the default cloudbuild service account, even if you have a custom one.

https://cloud.google.com/build/docs/troubleshooting#build_trigger_fails_due_to_missing_cloudbuildbui...

Cloud Build Error - Permission 'cloudbuild.builds.create' denied