This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cloud Build Error - Permission 'cloudbuild.builds.create' denied

Posted on 03-26-2024 10:37 PM
ravin-naik
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

I have set up a trigger in Cloud Build which uses a custom service account (say gcb-service-account). gcb-service-account is given "Cloud Build Service Account" role in IAM. I logged in to console using browser using my own user id having role of "Owner". When I trigger the build, it gives below error.

Failed to trigger build: Permission 'cloudbuild.builds.create' denied on resource 'projects/000000fab282f8ed' (or it may not exist)

When I looked at the logs using Duet AI, following is what it shows

  • It indicates that a user with the email address my user id attempted to create a build using the RunBuildTrigger method of the Cloud Build API.
  • The request was denied because the user did not have the required cloudbuild.builds.create permission on the project 000000fab555f6ed .
 
Given my user id has Owner role and service account id has "Cloud Build Service Account", I didn't expect this error. Can you please help?
0 6 2,983
Topic Labels
0 Likes
6 REPLIES 6

Posted on --/--/---- --:-- AM
ravin-naik
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Any help on this? This looks to be a very weird issue.

0 Likes

Posted on --/--/---- --:-- AM
ayush1337
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hey i got the same error. There's no documentation on how to fix this issue. Also the error gives me a wired project name which i have never created projects/000000xx7cxx38xx

Any help is appreciated.

Posted on --/--/---- --:-- AM
chiem-gcp
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Any help from google? I am currently experiencing the same issue.

Were any of you able to resolve this issue?

0 Likes

Posted on --/--/---- --:-- AM
ayush1337
Bronze 1
Bronze 1
In response to chiem-gcp
Reply posted on --/--/---- --:-- AM

Hey,

I was able to fix the issue by disabling cloud build api and then re-enabling it. I know it's strange but it worked for me. 

0 Likes

Posted on --/--/---- --:-- AM
accordionman
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I had exactly this issue too, when trying to set up a custom service account for cloud build.

It appears that you also need to grant the Cloud Build Service Account permission to the default cloudbuild service account, even if you have a custom one.

 

 

0 Likes

Posted on --/--/---- --:-- AM
Bmtl
Bronze 1
Bronze 1
In response to accordionman
Reply posted on --/--/---- --:-- AM

On my project adding this did nothing. Instead I had to add Cloud Build Service Agent to google's service agent 

service-YOUR_PROJECT_NUMBER@gcp-sa-cloudbuild.iam.gserviceaccount.com

 

0 Likes
Top Solution Authors
View all