'gcloud auth activate-service-account [ERROR] Please ensure provided key file is valid
I've spent already several hours with this problem but it seems that I can't activate a service account to develop locally an App Engine project (If I deploy teh project it authenticates well since the credentials are injected as an env variable).
The problem
I created a new service account under IAM on the GC Platform.
The service account is created correctly I can see it through the console and theUnder service account I generated a new JSON key -> key.json
in the console I used gcloud auth activate-service-account --key file=key.json
Code
{
"type": "service_account",
<br> "project_id": "[project id]",
<br> "private_key_id": "[private_key_id]",
<br> "private_key": "[private_key]",
<br> "client_email": "[name]",
<br> "client_id": "[clien id]",
<br> "auth_uri": "https://accounts.google.com/o/oauth2/auth",
<br> "token_uri": "https://accounts.google.com/o/oauth2/token",
<br> "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
<br> "client_x509_cert_url":
"https://www.googleapis.com/robot/v1/metadata/x509/[client_email]"
<br> }
I receive the error message ERROR: (gcloud.auth.activate-service-account) Failed to activate the given service account. Please ensure provided key file is valid.
After trying everything what I could I found that in the docs the service account key indeed has a different structure. https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys I have no idea however why the downloaded key structure is not good.
Did anybody encounter this issue? Any solutions?
Solution 1:[1]
I haven't found any great documentation on this, but you definitely want the first type of file and creating it through the Cloud Console should work. I believe it's referenced to as a Google Credentials file. The downloaded JSON file should look something like:
{
"type": "service_account",
"project_id": "project-id",
"private_key_id": "some_number",
"private_key": "-----BEGIN PRIVATE KEY-----\n....
=\n-----END PRIVATE KEY-----\n",
"client_email": "<api-name>[email protected]",
"client_id": "...",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/...<api-name>api%40project-id.iam.gserviceaccount.com"
}
The second link you posted will also create a service account key and a Google Credentials file, but it's probably more work than you want (the Google Credentials file is encoded under the privateKeyData
field.
Hopefully that explains the files; good luck authenticating! My only suggestion for that is that maybe you've spelled the command wrong? It should be:
gcloud auth activate-service-account --key-file=key.json
whereas you've typed
gcloud auth activate-service-account --key file=key.json
ie, with a space after --key. Let us know if you figure it out!
Solution 2:[2]
Get token! A new browser window is being opened. Login/Select a Google account, accept the permissions and paste the authentication code below.
https://accounts.google.com/signin/oauth/error?authError=TOKEN
The developer hasn't given you access to this app. It's currently being tested and it hasn't been verified by Google. If you think you should have access, contact the developer
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | hubatish |
Solution 2 | lp85d |