skyplane
skyplane copied to clipboard
skyplane-project
[bug] fail to init on GCP
Describe the bug I try to init skyplane on GCP, but failed due to setIamPolicy failure
To Reproduce
$ skyplane init
(1) Configuring AWS:
Do you want to configure AWS support in Skyplane? [Y/n]: n
Disabling AWS support
(2) Configuring Azure:
Do you want to configure Azure support in Skyplane? [Y/n]: n
Disabling Azure support
(3) Configuring GCP:
Do you want to configure GCP support in Skyplane? [Y/n]: Y
GCP region config missing! GCP will be reconfigured.
GCP credentials found in GCP CLI
GCP credentials found, do you want to enable GCP support in Skyplane? [Y/n]: Y
Enter the GCP project ID [ecker-bican]:
Using GCP service account skyplane-manual
Error saving GCP region config
<HttpError 403 when requesting https://cloudresourcemanager.googleapis.com/v1/projects/ecker-bican:setIamPolicy?alt=json returned "Policy update access denied.". Details: "Policy update access denied.">
Traceback (most recent call last):
File "/Users/hanqingliu/mambaforge/lib/python3.10/site-packages/skyplane/cli/cli_impl/init.py", line 260, in load_gcp_config
auth.save_region_config()
File "/Users/hanqingliu/mambaforge/lib/python3.10/site-packages/skyplane/utils/imports.py", line 33, in wrapped
return fn(*modules_imported, *args, **kwargs)
File "/Users/hanqingliu/mambaforge/lib/python3.10/site-packages/skyplane/compute/gcp/gcp_auth.py", line 32, in save_region_config
service_account_credentials_file = self.service_account_credentials # force creation of file
File "/Users/hanqingliu/mambaforge/lib/python3.10/site-packages/skyplane/compute/gcp/gcp_auth.py", line 68, in service_account_credentials
self._service_account_email = self.create_service_account(self.service_account_name)
File "/Users/hanqingliu/mambaforge/lib/python3.10/site-packages/skyplane/compute/gcp/gcp_auth.py", line 179, in create_service_account
return retry_backoff(read_modify_write) # retry loop needed for concurrent policy modifications
File "/Users/hanqingliu/mambaforge/lib/python3.10/site-packages/skyplane/utils/retry.py", line 30, in retry_backoff
raise e
File "/Users/hanqingliu/mambaforge/lib/python3.10/site-packages/skyplane/utils/retry.py", line 27, in retry_backoff
return fn()
File "/Users/hanqingliu/mambaforge/lib/python3.10/site-packages/skyplane/compute/gcp/gcp_auth.py", line 176, in read_modify_write
service.projects().setIamPolicy(resource=self.project_id, body={"policy": policy}).execute()
File "/Users/hanqingliu/mambaforge/lib/python3.10/site-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper
return wrapped(*args, **kwargs)
File "/Users/hanqingliu/mambaforge/lib/python3.10/site-packages/googleapiclient/http.py", line 938, in execute
raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://cloudresourcemanager.googleapis.com/v1/projects/ecker-bican:setIamPolicy?alt=json returned "Policy update access denied.". Details: "Policy update access denied.">
Disabling Google Cloud support
Config file saved to /Users/hanqingliu/.skyplane/config
To disable performance logging info:
https://skyplane.org/en/latest/performance_stats_collection.html
Environment info (please complete the following information):
- OS: Mac OS
- Python 3.10.10
- Skyplane 0.2.1
Additional context We have an institution cloud admin who helps creating projects. My account probably doesn't have permission to set IAMs for skyplane service account.
Thanks!
Hi @lhqing - thanks for posting this! Do you have any other service accounts with permissions to access cloud object stores that you can get a key file for? Unfortunately we need service account credentials to access the Google Cloud Storage APIs.
