Describe the bug
When initializing skyplane, GCP errors out with the following "Policy update access denied."
To Reproduceskyplane init --reinit-gcp or skyplane init
Work Aroundskyplane-manual principal should be elevated to have Google Cloud Storage Admin privileges manually from the GCP console.
Error Log
Configuring GCP:
Do you want to configure GCP support in Skyplane? [Y/n]: Y
GCP credentials will be re-initialized
GCP credentials found in GCP CLI
GCP credentials found, do you want to enable GCP support in Skyplane? [Y/n]:
Enter the GCP project ID [redacted]:
Using GCP service account skyplane-manual
Error saving GCP region config
<HttpError 403 when requesting https://cloudresourcemanager.googleapis.com/v1/projects/redacted:setIamPolicy?alt=json returned "Policy update access denied.". Details: "Policy update access denied.">
Traceback (most recent call last):
File "/home/shishirpatil_berkeley_edu/skyplane/skyplane/cli/cli_impl/init.py", line 312, in load_gcp_config
auth.save_region_config()
File "/home/shishirpatil_berkeley_edu/skyplane/skyplane/utils/imports.py", line 33, in wrapped
return fn(*modules_imported, *args, **kwargs)
File "/home/shishirpatil_berkeley_edu/skyplane/skyplane/compute/gcp/gcp_auth.py", line 35, in save_region_config
service_account_credentials_file = self.service_account_credentials # force creation of file
File "/home/shishirpatil_berkeley_edu/skyplane/skyplane/compute/gcp/gcp_auth.py", line 71, in service_account_credentials
self._service_account_email = self.create_service_account(self.service_account_name)
File "/home/shishirpatil_berkeley_edu/skyplane/skyplane/compute/gcp/gcp_auth.py", line 202, in create_service_account
return retry_backoff(read_modify_write) # retry loop needed for concurrent policy modifications
File "/home/shishirpatil_berkeley_edu/skyplane/skyplane/utils/retry.py", line 27, in retry_backoff
return fn()
File "/home/shishirpatil_berkeley_edu/skyplane/skyplane/compute/gcp/gcp_auth.py", line 199, in read_modify_write
service.projects().setIamPolicy(resource=self.project_id, body={"policy": policy}).execute()
File "/home/shishirpatil_berkeley_edu/.py3/lib/python3.8/site-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper
return wrapped(*args, **kwargs)
File "/home/shishirpatil_berkeley_edu/.py3/lib/python3.8/site-packages/googleapiclient/http.py", line 938, in execute
raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://cloudresourcemanager.googleapis.com/v1/projects/redacted:setIamPolicy?alt=json returned "Policy update access denied.". Details: "Policy update access denied.">
Disabling Google Cloud support
sarahwooders
commented
1 year ago
Describe the bug When initializing skyplane, GCP errors out with the following "Policy update access denied."
To Reproduce
skyplane init --reinit-gcporskyplane initWork Around
skyplane-manualprincipal should be elevated to haveGoogle Cloud Storage Adminprivileges manually from the GCP console.Error Log