This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Error in permission service account

Posted on 08-22-2024 10:04 AM
zondixji
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi

I have a problem when i want build in GCP and when i want create a permission to build again the error is ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition.
ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) INVALID_ARGUMENT: The role name must be in the form "roles/{role}", "organizations/{organization_id}/roles/{role}", or "projects/{project_id}/roles/{role}".

The first error is when compile to source to connect  twilio:

INFO: The service account running this build does not have permission to write logs to Cloud Logging. To fix this, grant the Logs Writer (roles/logging.logWriter) role to the service account.

1 message(s) issued.

BUILD FAILURE: Build step failure: build step 0 "gcr.io/cloud-builders/docker" failed: step exited with non-zero status: 1
ERROR: (gcloud.builds.submit) build 413fd1c8-2722-4e67-a62d-87500c979788 completed with status "FAILURE"

I run the command:

gcloud iam service-accounts add-iam-policy-binding my-account@my-account-432322.iam.gserviceaccount.com --member='serviceAccount:my-account@my-account-432322.iam.gserviceaccount.com' --role='roles/logging.logWriter'

and show this error

ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition.
ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) INVALID_ARGUMENT: The role name must be in the form "roles/{role}", "organizations/{organization_id}/roles/{role}", or "projects/{project_id}/roles/{role}".

sorry, i'm new and read the documentation about permission to account service:
https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/add-iam-policy-binding

But don't working, what can i be doing bad?

I hope your help. thanks!

 

 

 

 

 

Solved Solved
0 2 2,653
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
princesslyca
Staff
Reply posted on --/--/---- --:-- AM

Hi @zondixji,

Welcome to Google Cloud Community!

To grant a permission to your service account you can follow these workarounds:

  1. Run this command to grant necessary access.

 

“gcloud projects add-iam-policy-binding SERVICE_ACCOUNT_PROJECT_ID \
    --member="serviceAccount:BUILD_SERVICE_AGENT" \

    --role="logging.logWriter"

 

     2. Use the Google Cloud Console to grant IAM roles to principals at the project level.

     3. Run this command gcloud alpha IAM policies lint-condition to help you identify and fix potential issues in your condition expressions.

Let me know if this helps.

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
princesslyca
Staff
Reply posted on --/--/---- --:-- AM

Hi @zondixji,

Welcome to Google Cloud Community!

To grant a permission to your service account you can follow these workarounds:

  1. Run this command to grant necessary access.

 

“gcloud projects add-iam-policy-binding SERVICE_ACCOUNT_PROJECT_ID \
    --member="serviceAccount:BUILD_SERVICE_AGENT" \

    --role="logging.logWriter"

 

     2. Use the Google Cloud Console to grant IAM roles to principals at the project level.

     3. Run this command gcloud alpha IAM policies lint-condition to help you identify and fix potential issues in your condition expressions.

Let me know if this helps.

Jump to Solution

Posted on --/--/---- --:-- AM
zondixji
Bronze 2
Bronze 2
In response to princesslyca
Reply posted on --/--/---- --:-- AM

Thanks, i was resolved

Jump to Solution
0 Likes
Top Solution Authors
View all