googleapi: Error 403: Required 'compute.zones.get

sez76 commented 1 year ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.

Overview of the Issue

Hi, I want to build instance in google cloud, but I have the error message "googleapi: Error 403: Required 'compute.zones.get". I don't find solution for this moment.

Packer version

packer --version
1.8.4

Simplified Packer Template

{
    "builders": [
      {
        "type": "googlecompute",
        "account_file": "ACCOUNT_FILE",
        "project_id": "PROJECT-ID",
        "source_image_family": "ubuntu-2004-lts",
        "network": "network-2",
        "ssh_username": "packer",
        "zone": "us-central1-a"
      }
    ],
"provisioners": [                                                           
        {                                                                       
        "type": "shell",                                                        
        "inline": [                                                             
            "sudo apt-get update -qq",
            "sudo apt-get upgrade -qq"
            ]   
        }
    ]
}

Operating system and Environment details

WSL: Ubuntu-22.04

Log Fragments and crash.log files


Build 'googlecompute' errored after 6 seconds 163 milliseconds: Error creating instance: googleapi: Error 403: Required 'compute.zones.get' permission for 'projects/prj-tsn-dio-ccoe-d/zones/us-central1-a', forbidden

==> Wait completed after 6 seconds 163 milliseconds

==> Some builds didn't complete successfully and had errors:
--> googlecompute: Error creating instance: googleapi: Error 403: Required 'compute.zones.get' permission for 'projects/prj-tsn-dio-ccoe-d/zones/us-central1-a', forbidden

==> Builds finished but no artifacts were created. `````

nywilken commented 1 year ago

Hi @sez76 thanks for reaching out. This looks like a possible IAM permission error.

Have you validated that the account or service principal you are using for the Packer build has the "compute.zones.get" permission?

Depending on the configured IAM permissions and the features you are using in the builder you may require additional permissions. I recommend taking a look at the Google Compute editor role to see a list of permissions needed for creating resources.

If you are still running into issues with the initial build we recommend reaching out to the community forum for greater visibility. As the GitHub issue tracker is only watched by a small subset of maintainers and is really reserved for bugs and enhancements, you'll have a better chance of finding someone who can help you in the forum.

sez76 commented 1 year ago

Hi @nywilken,

Exactly, I added the right accesses, as below:: Compute Instance Admin (v1) IAP-secured Tunnel User Service Account User

And now it’s working well, thanks for your time.

hashicorp / packer-plugin-googlecompute