1
votes

I'm trying to create a job in Dataflow to export to a text file the data published to a pub/sub topic. When saving the configuration I get a 'Job creation failed' message specifying 'Current user cannot act as service account [email protected]', as shown in the attached picture.

Following Google's documentation I added the following roles to my user for this project (in addition to the owner role I already have):

  • Compute Viewer
  • Dataflow Admin
  • Dataflow Developer
  • Storage Object Admin
  • Service Account User

However the Controller Service Account mentioned in the message doesn't seem to exist in the list of Account Services of this project (IAM & Admin > Account Services). Is there anything I'm missing here?

Other requirements already checked:

  • I have the Compute Engine API already enabled
  • As owner I have the iam.serviceAccounts.actAs permission
1
By default, workers use your project's Compute Engine default service account as the controller service account. [link] (cloud.google.com/dataflow/docs/concepts/…) - Sakshi Gatyan
@SakshiGatyan How can I find which is Compute Engine's default service account? I just added dataflow.worker and storage.objectAdmin roles to the existing sevice accounts I have in the project but none of them seem to be the default service account I'm looking for. - Jos
<project-number>[email protected] is the compute engine default service account, it is automatically created when you enable compute engine API - Sakshi Gatyan
It might be easier to start by following one of the quickstart guides here: cloud.google.com/dataflow/docs/quickstarts - chamikara
Thanks @chamikara, I followed the steps from the guide and the message I receive when setting up the job is the same. We had some Dataflow Jobs correctly running on this project in the past so my next assumption is that the service account [email protected] might have been accidentally removed at some point. I've tried disabling Compute Engine API and enabling it again but the issue persists. - Jos

1 Answers

0
votes

Your best option is to create a custom service account in IAM and use it to build/run your job. if you're using cloud build to deploy and run your template you'll need to set your logging location.

More details at the below links: