28

I am trying to deploy node js app on google cloud but getting following error -

Step #1: ERROR: (gcloud.app.deploy) Permissions error fetching application [apps
/mytest-240512]. Please make sure you are using the correct project ID and that
you have permission to view applications on the project.

I am running following command - 

gcloud builds submit . --config cloudbuild.yaml

My cloudbuild.yaml file looks like - 

steps:
  #install
  - name: 'gcr.io/cloud-builders/npm'
    args: ['install']

   #deploy
  - name: 'gcr.io/cloud-builders/gcloud'
    args: ['app', 'deploy']
Improve this question
0

7 Answers 7

Reset to default
56

The default Cloud Build service account does not allow access to deploy App Engine. You need to enable the Cloud Build service account to perform actions such as deploy.

The Cloud Build service account is formatted like this:

[PROJECT_NUMBER]@cloudbuild.gserviceaccount.com
  • Go to the Google Cloud Console -> IAM & admin -> IAM.
  • Locate the service account and click the pencil icon.
  • Add the role "App Engine Deployer" to the service account.

Wait a couple of minutes for the service account to update globally and then try again.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Thank you for your response John, I have to also enable - App engine API but now getting following message - Step #1: ERROR: (gcloud.app.deploy) Your deployment has succeeded, but promoting the new version to default failed. You may not have permissions to change traffic splits. Changing traffic splits requires the Owner, Editor, App Engine Admin, or App Engine Service Admin role. Please contact your project owner and use the gcloud app services set-traffic --splits <version>=1 command to redirect traffic to your newly deployed version.
working now, after adding "App Engine Admin" role to [PROJECT_NUMBER]@cloudbuild.gserviceaccount.com
I had assumed that you already had set up App Engine, which requires region selection, enabling services, etc. Now that you have an app deployed you should not need anything other than gcloud app deploy and App Engine Deployer permissions. It is OK to leave Cloud Build with App Engine Admin as that is a secure service controlled by Google.
is there any option in package.json to run command after build like heroku-postbuild
@SachinVairagi I found that the "Project Editor" plus "App Engine Deployer" permissions were sufficient to use Cloud Builder to deploy to GAE Standard Environment.
|
8

You can also get this error if you forgot to enable billing on the project. I just had to go to the Google Cloud Console, search for App Engine and the billing setup popped up.

Improve this answer

3 Comments

Same for me. Once I enabled billing the deploy worked inmediatelly.
Thanks, this was the fix for me. Really unclear error message from the "gcloud" CLI though. 😂
Nice catch. It was strange to me because deployments were successful a while back. Turns out after the free trial window google cloud initially gives is expired, you need to explicitly activate Billings.
6

I had this same error today and the way I resolve it was by running: $ gcloud auth login on the console.

This will open a new browser tab for you to login with the credentials that has access to the project you're trying to deploy.

I was able to deploy to gcloud after that.

ps.: I'm not sure this is the best approach, but I'm leaving this as a possible solution as this is how I usually go around this problem. Worst case, I'll stand corrected and learn something new.

Improve this answer

Comments

5

The most common way to deploy an app to App Engine is to use gcloud app deploy ....

When you use gcloud app deploy against App Engine Flex, the service uses Cloud Build.

It's entirely possible|reasonable to use Cloud Build to do your deployments too, it's just more involved.

I've not tried this but I think that, if you wish to use Cloud Build to perform the deployment, you will need to ensure that the Cloud Build service account has permissions to deploy to App Engine.

Here's an example of what you would need to do, specifically granting Cloud Build's service account the correct role.

Improve this answer

Comments

2

Two commands can handle the perms needed (run in your terminal if you have gcloud sdk installed and authenticated or run in cloud shell for your project):

export PROJECT_ID=[[put your project id here]]
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")

gcloud iam service-accounts add-iam-policy-binding ${PROJECT_ID}@appspot.gserviceaccount.com \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/iam.serviceAccountUser \
--project=${PROJECT_ID}
```
gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/appengine.appAdmin
Improve this answer

1 Comment

Thanks - worked well - just needed to remove the ``` to allow the full command to execute!
1

In my case, the issue was that I have mistaken project ID for project NAME

Improve this answer

Comments

1

Even though it shows error like below saying "permissions error"

ERROR: (gcloud.app.deploy) Permissions error fetching application [apps/my-react-blog-dummy]. Please make sure that you have permission to view applications on the project and that [email protected] has the App Engine Deployer (roles/appengine.deployer) role.

Just after adding billing details, it worked using this link https://console.cloud.google.com/billing

Improve this answer

1 Comment

Thanks, indeed such a misleading error. In my case I was asked to create the billing account for the project but it didn't automatically assign it after created.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.