`sc add-gcp-broker` fails with `PERMISSION_DENIED`

[jmwoloso]

Hello,

When running sc add-gcp-broker the process fails with PERMISSION_DENIED (see below). Obviously this is a permission issue, however, i'm not sure how to rectify it. I've also attached a screencap of my IAM credentials as well. Probably something wrong there i would imagine. Thanks in advance!

enabled required APIs:
  servicebroker.googleapis.com
  bigquery-json.googleapis.com
  bigtableadmin.googleapis.com
  ml.googleapis.com
  pubsub.googleapis.com
  spanner.googleapis.com
  sqladmin.googleapis.com
  storage-api.googleapis.com
generated the key at:  /tmp/service-catalog-gcp939046732/key.json
Failed to configure the Service Broker
Error: error retrieving or creating default broker: request was not successful: {
  "error": {
    "code": 403,
    "message": "IAM permission denied to create broker \"default\" in container \"projects/***
\"",
    "status": "PERMISSION_DENIED"
  }
}

[martinmaly]

Jason, thank you so much for reporting the issue. We'd love to help you diagnose but may need some information to be able to look up necessary data in our backends. Would you be willing to reach out to us at cloud-services (at) google (dot) com and we'll help figure out what permission and on which principal is missing ...

Thank you! Martin

[jmwoloso]

Thank you very much @martinmaly, I have sent the email and referenced this issue in it.

[jmwoloso]

For anyone else running across this. You'll need to add the permissions to the default service account for your project, not the credentials for any particular user with a service account. After that, it works like a charm!

Addendum: additionally, after looking back through the directions here I never ran gcloud auth application-default login which probably would have told the CLI to use the project default creds instead of my user creds.

[vagababov]

This should be now resolved.