Getting Error -> DefaultLogsBucketIsOutsideSecurit... - Page 2

omar115 · 08-10-2023 11:54 AM

I am using this command to trigger a build from project A and execute the build in project B.
My command is :

gcloud builds submit --verbosity=debug --project=dev_project --config=build.yaml

and getting the errors from the build logs:

DEBUG: (gcloud.builds.submit) 
Step #0 - "Kicking off Build/Release": The build is running, and logs are being written to the default logs bucket.
Step #0 - "Kicking off Build/Release": This tool can only stream logs if you are Viewer/Owner of the project and, if applicable, allowed by your VPC-SC security policy.
Step #0 - "Kicking off Build/Release": 
Step #0 - "Kicking off Build/Release": The default logs bucket is always outside any VPC-SC security perimeter.
Step #0 - "Kicking off Build/Release": If you want your logs saved inside your VPC-SC perimeter, use your own bucket.
Step #0 - "Kicking off Build/Release": See https://cloud.google.com/build/docs/securing-builds/store-manage-build-logs.
Step #0 - "Kicking off Build/Release": Traceback (most recent call last):
Step #0 - "Kicking off Build/Release":   File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 987, in Execute
Step #0 - "Kicking off Build/Release":     resources = calliope_command.Run(cli=self, args=args)
Step #0 - "Kicking off Build/Release":   File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 807, in Run
Step #0 - "Kicking off Build/Release":     resources = command_instance.Run(args)
Step #0 - "Kicking off Build/Release":   File "/usr/lib/google-cloud-sdk/lib/surface/builds/submit.py", line 220, in Run
Step #0 - "Kicking off Build/Release":     build, _ = submit_util.Build(
Step #0 - "Kicking off Build/Release":   File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/command_lib/builds/submit_util.py", line 922, in Build
Step #0 - "Kicking off Build/Release":     build = cb_logs.CloudBuildClient(client, messages, support_gcl).Stream(
Step #0 - "Kicking off Build/Release":   File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/api_lib/cloudbuild/logs.py", line 541, in Stream
Step #0 - "Kicking off Build/Release":     raise t.exception
Step #0 - "Kicking off Build/Release": googlecloudsdk.api_lib.cloudbuild.logs.DefaultLogsBucketIsOutsideSecurityPerimeterException: 
Step #0 - "Kicking off Build/Release": The build is running, and logs are being written to the default logs bucket.
Step #0 - "Kicking off Build/Release": This tool can only stream logs if you are Viewer/Owner of the project and, if applicable, allowed by your VPC-SC security policy.

I have already provided the access LogsWriter, Viewer to my service account for both Project A and Project B.
How to solve this issue ?

Getting Error -> DefaultLogsBucketIsOutsideSecurityPerimeterException