Error creating data proc cluster.. Permission to cloud.projects.get denied

0
votes

I am trying to create dataproc cluster with a service account via cloud sdk. It's throwing an error that compute.projects.get is denied. The service account has compute viewer access, compute instance admin, dataproc editor access. Unable to understand why this error. In the IAM policy troubleshooter, I checked dataproc.cluster.create is assigned to the service account

The command is

gcloud dataproc clusters create cluster-dqm01 --region europe-west-2 --subnet dataproc-standalone-paasonly-europe-west2 --zone europe-west2-b --master-machine-typne n1-standard-4 --master-boot-disk-size 500 --num-workers 2 --worker-machine-type n1-standard-4 --worker-boot-disk-size 500 --image-version 1.3-deb9 --project xxxxxx --service-account xxxx.iam.gserviceaccount.com

The error is

ERROR: (gcloud.dataproc.clusters.create) PERMISSION_DENIED: Required 'compute.projects.get' permission for 'projects/xxxxxx'

The project is correct as I have tried to create from the console getting the same error, generated the gcloud command from the console to run with a service account

1
google-cloud-platformgoogle-cloud-dataprocgoogle-cloud-iam
Could you share the command and error message? And have you been able to create clusters before?tix
I have updated the question with the command I'm usingManoj A
The error relates to Control Plane identity account not having permissions. This usually happens when someone modifies the IAM binding for it, such as to reduce permissions or even removes all bindings. See cloud.google.com/dataproc/docs/concepts/iam/dataproc-principalstix

1 Answers

0
votes

assign 'dataproc.editor' role to your service account. this will allow your service account to have permission for 'compute.projects.get'