#gcp (2021-02)

Google Cloud Platform

2021-02-16

Reinholds Zviedris avatar
Reinholds Zviedris

Hey all! Having an issue with running terraform init / terraform plan as service account on Google Cloud. It has necessary rights for backend bucket where state is stored. Have authenticated against GCP with SA key and account is set as default. gcloud auth list output:

                       Credentialed Accounts
ACTIVE  ACCOUNT
*       [email protected]
        [[email protected]](mailto:[email protected])

gcloud config list output:

[compute]
region = us-east1
zone = us-east1-d
[core]
account = [email protected]
disable_usage_reporting = True
project = project

Your active configuration is: [default]

When I run terraform init / terraform plan then it’s run using [[email protected]](mailto:[email protected]) instead of SA (That I see from activity log in GCP console about infra bucket access). Anyone had something similar and could advice what to do and where to proceed? Any help would be appreciated. Tried already couple of suggestions from what I found on net, but no luck.

Andrew Nazarov avatar
Andrew Nazarov

What are you setting in credentials of a google provider?

Reinholds Zviedris avatar
Reinholds Zviedris

Found a way to get around it by setting GOOGLE_APPLICATION_CREDENTIALS env variable to point to SA key.

1
Reinholds Zviedris avatar
Reinholds Zviedris

For credentials I didn’t have anything specified - so it will take the ones that are available on system.

    keyboard_arrow_up