DevOps Blog - Nicolas Paris

Deploy Google App From Compute Engine


I was trying to deploy a Google App Engine from a Compute Engine.

I was stuck with the following message.

ERROR: ( Permissions error fetching application [apps/nsirap]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.

I gave App Engine Admin, Cloud Build Editor and Storage Admin as seen on many post. I was sure about project name vs project ID as seen on many stack overflow comments. But still lack of privileges. Activated various API like cloud app engine admin.

I tried the output of gcloud app deploy --log-http --verbosity=debug as advice everywhere.

www-authenticate: Bearer realm="", error="insufficient_scope", scope=""
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
-- headers end --
-- body start --
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",

Still insufficient_scope.

My mistack was easy, but spend some time on it...

On the VM instance, there is a scope to API, to activate. Stop the instance and edit the following. Obviously, open all the API is not a best practice, but help to spot the problem.

Cloud API access scopes
Allow full access to all Cloud APIs


Update 01/06/2019

Here some more explanations, now that I learned more about GCP.

Their is two access type for VMs, this is very specifics for compute engine.

Even if you authenticate the gcloud with your account, not recommended, you cannot access it if the VM has not the
appropriate scope.