WanchiaTsai commented 7 months ago

Problem you have encountered:

I try to build gce image with packer, but it does not work. I encounter an error about impersonate: scopes must be provided. The detail is following

Step #0: cd9cf4263797: Pull complete
Step #0: e93ab6b80197: Pull complete
Step #0: c96596971c22: Pull complete
Step #0: 4c35a9a01dc8: Verifying Checksum
Step #0: 4c35a9a01dc8: Download complete
Step #0: 4c35a9a01dc8: Pull complete
Step #0: be0e7cfe939e: Pull complete
Step #0: 2607eac0764d: Pull complete
Step #0: 79074cc50ec6: Pull complete
Step #0: Digest: sha256:50d758dcbb3813dc0a5c5c3d5401e5c319563fd7103d392de82e29bb7cd40f95
Step #0: Status: Downloaded newer image for gcr.io/my-project-name/packer:latest
Step #0: gcr.io/my-project-name/packer:latest
Step #0: Installed plugin github.com/hashicorp/googlecompute v1.1.4 in "/builder/home/.config/packer/plugins/github.com/hashicorp/googlecompute/packer-plugin-googlecompute_v1.1.4_x5.0_linux_amd64"
Finished Step #0
Starting Step #1
Step #1: googlecompute.test-image: output will be in this color.
Step #1: 
Step #1: Build 'googlecompute.test-image' errored after 862 microseconds: impersonate: scopes must be provided
Step #1: 
Step #1: ==> Wait completed after 1 millisecond 60 microseconds
Step #1: 
Step #1: ==> Some builds didn't complete successfully and had errors:
Step #1: --> googlecompute.test-image: impersonate: scopes must be provided
Step #1: 
Step #1: ==> Builds finished but no artifacts were created.
Finished Step #1
ERROR
ERROR: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

BUILD FAILURE: Build step failure: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1

What you expected to happen:

Get a new gce image artifact.

Steps to reproduce:

git clone https://github.com/GoogleCloudPlatform/cloud-builders-community.git
go into the dir packer of the repo, build a packer image with cloud build
```
gcloud builds submit .
```
go into the dir packer/examples/gce of the repo
following the README.md to configuring service account for packer
modify the packer variables variables.pkrvars.hcl

run build with script

gcloud builds submit --config=cloudbuild.yaml .

Other information (workarounds you have tried, documentation consulted, etc):

It works well until November 23rd with the same steps above.

swelljoe commented 6 months ago

I see the same problem. I can run packer locally on my machine to build the image if I removed the impersonate_service_account option from build.pkr.hcl, which presumably is necessary for building in Google Cloud.

I also tried upgrading to the latest packer image version (1.1.0) which made no differences. I can't find any mention of this problem on the Hashicorp forum or ticket tracker, so I assume it's some kind of change on the Google backend. I can't figure out from the source, thus far, where the "scopes" are supposed to come from. I tried using the scopes option in build.pkr.hcl, but the docs are pretty sparse and while I didn't get an error, it didn't make a difference in the error; I don't know if that's the scopes this error is about.

haroonc commented 6 months ago

Can you please confirm that Cloud Build Service Account being used have proper permissions setup to create a VM image (docs). You will also need to add roles/iam.serviceAccountUser as well (example)

AndyLau223 commented 5 months ago

Problem you have encountered:

I try to build gce image with packer, but it does not work. I encounter an error about impersonate: scopes must be provided. The detail is following

Step #0: cd9cf4263797: Pull complete
Step #0: e93ab6b80197: Pull complete
Step #0: c96596971c22: Pull complete
Step #0: 4c35a9a01dc8: Verifying Checksum
Step #0: 4c35a9a01dc8: Download complete
Step #0: 4c35a9a01dc8: Pull complete
Step #0: be0e7cfe939e: Pull complete
Step #0: 2607eac0764d: Pull complete
Step #0: 79074cc50ec6: Pull complete
Step #0: Digest: sha256:50d758dcbb3813dc0a5c5c3d5401e5c319563fd7103d392de82e29bb7cd40f95
Step #0: Status: Downloaded newer image for gcr.io/my-project-name/packer:latest
Step #0: gcr.io/my-project-name/packer:latest
Step #0: Installed plugin github.com/hashicorp/googlecompute v1.1.4 in "/builder/home/.config/packer/plugins/github.com/hashicorp/googlecompute/packer-plugin-googlecompute_v1.1.4_x5.0_linux_amd64"
Finished Step #0
Starting Step #1
Step #1: googlecompute.test-image: output will be in this color.
Step #1: 
Step #1: Build 'googlecompute.test-image' errored after 862 microseconds: impersonate: scopes must be provided
Step #1: 
Step #1: ==> Wait completed after 1 millisecond 60 microseconds
Step #1: 
Step #1: ==> Some builds didn't complete successfully and had errors:
Step #1: --> googlecompute.test-image: impersonate: scopes must be provided
Step #1: 
Step #1: ==> Builds finished but no artifacts were created.
Finished Step #1
ERROR
ERROR: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

BUILD FAILURE: Build step failure: build step 1 "gcr.io/my-project-name/packer" failed: step exited with non-zero status: 1

What you expected to happen:

Get a new gce image artifact.

Steps to reproduce:

git clone https://github.com/GoogleCloudPlatform/cloud-builders-community.git
go into the dir packer of the repo, build a packer image with cloud build

gcloud builds submit .

go into the dir packer/examples/gce of the repo
following the README.md to configuring service account for packer
modify the packer variables variables.pkrvars.hcl
run build with script

gcloud builds submit --config=cloudbuild.yaml .

Other information (workarounds you have tried, documentation consulted, etc):

It works well until November 23rd with the same steps above.

I got the same issue - after done Service Account setup following the README.md, I've two SA

serviceAccount:packer@${PROJECT_ID}.iam.gserviceaccount.com -> has the necessary GCE permissions
${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com -> has the right to impersonate Packer Service Account

But Google is still showing me "impersonate: scopes must be provided", and I don't know the reason yet after a long search from Google search...

123joshuawu commented 4 months ago

Still have the same issue

jfpanisset commented 2 months ago

Found a similar issue against the googlecompute Packer plugin:

https://github.com/hashicorp/packer-plugin-googlecompute/issues/204

Downgrading to version 1.1.3 of the plugin worked around the issue for me as well.

GoogleCloudPlatform / cloud-builders-community

Can not build image with packer #641

Problem you have encountered:

What you expected to happen:

Steps to reproduce:

Other information (workarounds you have tried, documentation consulted, etc):

Problem you have encountered:

What you expected to happen:

Steps to reproduce:

Other information (workarounds you have tried, documentation consulted, etc):