In Argolis - can't access API Products in UI - Unauthenticated errors in apigee-connect-agent logs

[kurtkanaskie]

In Argolis, an organization policy was blocking SA key creation. I fixed that. But I don't think keys are used because I see this in create_sa() in steps.sh

# make sure we don't download the service account keys

Here's the error from the logs

kubectl -n apigee logs apigee-connect-agent-apigee-hybrid-i-8b12655-165-o9wq3-g9tb9

E0322 17:17:40.456252       1 agent.go:418] error on create tether:  failed to receive init message: failed to register stream with Apigee Connect: rpc error: code = Unauthenticated desc = Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.

Is there another org policy I am missing?

[danistrebel]

Hi Kurt, the latest hybrid quickstart is using workload identities. We don't download service accounts anymore (exactly for the org policy reason you mentioned).

Please DM me if the error persists and I can share some more information about my org policy setup.