PermissionDenied: 403 Permission 'secretmanager.versions.access' denied for resource 'secrets/service-account-key/versions/1'
chinggg opened this issue · comments
I am trying to run FuzzBench experiment on Google Cloud. The document is quite outdated and I have to search for issues or even Discord history to setup the experiment. But after I managed to execute run_experiment.py, there is a problem quickly shown on "error report" of Google Cloud:
google.api_core.exceptions.PermissionDenied: 403 Permission 'secretmanager.versions.access' denied for resource 'projects/adept-vigil-394020/secrets/service-account-key/versions/1' (or it may not exist). Message: Failed to get or create key.
at .error_remapped_callable ( /usr/local/lib/python3.10/site-packages/google/api_core/grpc_helpers.py:67 )
at .retry_target ( /usr/local/lib/python3.10/site-packages/google/api_core/retry.py:191 )
at .retry_wrapped_func ( /usr/local/lib/python3.10/site-packages/google/api_core/retry.py:349 )
at .__call__ ( /usr/local/lib/python3.10/site-packages/google/api_core/gapic_v1/method.py:113 )
at .access_secret_version ( /usr/local/lib/python3.10/site-packages/google/cloud/secretmanager_v1/services/secret_manager_service/client.py:1503 )
at .get ( /work/src/experiment/cloud/secret_manager.py:65 )
at .get_or_create_key ( /work/src/experiment/cloud/service_account_key.py:54 )
at .main ( /work/src/experiment/cloud/service_account_key.py:67 )
I am using gcloud auth login {account_email} on a server and I did all the steps https://google.github.io/fuzzbench/running-a-cloud-experiment/setting-up-a-google-cloud-project/, including Enable Secret Manager API. ChatGPT suggest adding Secret Manager Secret Accessor role to user account, but I got same error even with admin role. I am not sure what's wrong with "service-account-key" and the docs/config never mention that.
Adding the Secret Manager Admin role to the compute engine service account seemed to work for me. Stackoverflow: https://stackoverflow.com/a/61317871