kubernetes-engine-samples
kubernetes-engine-samples copied to clipboard
Published
20 hours ago •
GoogleCloudPlatform
GoogleCloudPlatform
PubSub deployment example doesn't work with SA key
Using the demo from - https://github.com/GoogleCloudPlatform/kubernetes-engine-samples/tree/main/cloud-pubsub
I deployed the YAMLs as is. So Dockerfile or sourcecode of the app not used.
Deployed the app with SA key. Getting following error
Traceback (most recent call last): │
│ File "main.py", line 44, in <module> │
│ main() │
│ File "main.py", line 24, in main │
│ with pubsub.subscription.AutoAck(subscription, max_messages=10) as ack: │
│ File "/usr/local/lib/python3.8/site-packages/google/cloud/pubsub/subscription.py", line 581, in __enter__ │
│ items = self._subscription.pull( │
│ File "/usr/local/lib/python3.8/site-packages/google/cloud/pubsub/subscription.py", line 364, in pull │
│ response = api.subscription_pull( │
│ File "/usr/local/lib/python3.8/site-packages/google/cloud/pubsub/_gax.py", line 435, in subscription_pull │
│ response_pb = self._gax_api.pull( │
│ File "/usr/local/lib/python3.8/site-packages/google/cloud/gapic/pubsub/v1/subscriber_client.py", line 706, in pull │
│ return self._pull(request, options) │
│ File "/usr/local/lib/python3.8/site-packages/google/gax/api_callable.py", line 452, in inner │
│ return api_caller(api_call, this_settings, request) │
│ File "/usr/local/lib/python3.8/site-packages/google/gax/api_callable.py", line 438, in base_caller │
│ return api_call(*args) │
│ File "/usr/local/lib/python3.8/site-packages/google/gax/api_callable.py", line 376, in inner │
│ return a_func(*args, **kwargs) │
│ File "/usr/local/lib/python3.8/site-packages/google/gax/retry.py", line 125, in inner │
│ raise errors.RetryError( │
│ google.gax.errors.RetryError: RetryError(Exception occurred in retry method that was not classified as transient, caused by <_InactiveRpcE │
│ status = StatusCode.PERMISSION_DENIED │
│ details = "User not authorized to perform this action." │
│ debug_error_string = "{"created":"@1659031196.111365854","description":"Error received from peer ipv4:142.250.1.95:443","file":"src/co │
│ >)
Thank you for reporting the problem. From the log that you published I do not see the identity's name. Assuming that it is indeed the service account that you created, can you please check if it has "Pub/Sub Subscriber" for the Pub/Sub subscription that you use in your sample?
