Cloud build keeps using legacy service account despite change in settings
In june 2024, GCP changed the default service account for Cloud Build as explained here https://cloud.google.com/build/docs/cloud-build-service-account-updates#what_do_you_need_to_do
Due to this, new builds of old Cloud functions are not possible using the console UI.
No matter what I do , the builds fail and the logs keep mentioning that
The legacy Cloud Build service account xxxxxxxxxxxx@cloudbuild.gserviceaccount.com running this build does not have permission(s) to execute the build.
This happens for new and old cloud builds.
I am trying to create a simple cloud function that never builds because of this.
I have already tried their suggestions for this and I have implemented them all (except organization level policy changes which I am not allowed to do)
- Create new service account and give cloud build permissions
- Or use the project's compute account
- In Cloud Build settings, set such a service account as the preferred service account
I have given Cloud Build permissions to both compute and custom service accounts. I have tried to set both as preferred cloud build service accounts.
I have the IAM role to act as those service accounts.
I would appreciate a solution that doesn't involve gcloud, only the console UI (if such a solution exists).
Try deploying your cloud function using gcloud CLI with gcloud functions deploy then indicate there the build service account you are going to use with the --build-service-account flag.
If the issue still persists, consider filing a bug issue so that the engineering team can look into it. Note that there’s no specific timeline when the fix will be available.
- Need help to bulk download logs from Google Cloud Platform - Cloud Logging
- Google cloud - pub/sub - write to Bigquery with metadata - missing fields
- Lots of "Uncaught signal: 6" errors in Cloud Run
- BigQuery select last modified time using __TABLES__ from all tables in all datasets?
- Loading BigQuery tables from large pandas DataFrames
- Cloud build keeps using legacy service account despite change in settings
- (Terraform, Cloud Run) Error: Forbidden Your client does not have permission to get URL / from this server
- How to fix the storage exceeded issue for Google Drive when uploading using Service Accounts
- How do I know if an Google App Engine instance is Standard or Flexible?
- How to install Apache server in GCE VM instance?
- I Can't Delete My GCP VM Instances, They are Stuck
- Error when trying to migrate a GKE Autopilot cluster to cgroupv2
- How can you set the default triggering event for a Google Cloud Run function?
- Cloud Run failing to connect to Cloud SQL
- appengine returns 403 for a file
- GCP Cloud CDN cache invalidation taking too long
- How to create ftp (vsftpd) in google cloud compute engine?
- GCP Workflow deployment failed: token recognition error at: '“' when using variables
- gcloud CLI: Permission denied moving project between organizations
- GCP: Why can't my Backend Bucket find my public files?
- GCP load balancer url re-writing and backend-mapping not happening the way I'd expect
- How to fix CloudRun error 'The request was aborted because there was no available instance'
- Firebase Firestore rules with count
- Google Cloud Datastore Authentication on Windows 10
- How to generate the Endpoint URL to cloud functions for push subscriptions on Google Pub/Sub?
- Firestore SDK hangs in production
- Firebase Cloud Functions Deployment Fails: " <number>-compute@developer.gserviceaccount.com not found" after Default Service Account Deletion
- Google Artifact Registry: Unable to publish package with the same version even after package deletion
- How to fix an apparently expired refresh token?
- Why is priority treated differently in VPC firewall rules vs Artifact Registry on GCP?