You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
vault | 2021-07-12T09:45:09.752Z [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
vault | 2021-07-12T09:45:09.753Z [WARN] no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
vault | 2021-07-12T09:45:09.753Z [DEBUG] core: set config: sanitized config={"api_addr":"","cache_size":0,"cluster_addr":"","cluster_cipher_suites":"","cluster_name":"","default_lease_ttl"
:14400000000000,"default_max_request_duration":0,"disable_cache":false,"disable_clustering":true,"disable_indexing":false,"disable_mlock":false,"disable_performance_standby":false,"disable_pr
intable_check":false,"disable_sealwrap":false,"disable_sentinel_trace":false,"enable_response_header_hostname":false,"enable_response_header_raft_node_id":false,"enable_ui":false,"listeners":
[{"config":{"address":"0.0.0.0:1234","tls_disable":1},"type":"tcp"}],"log_format":"unspecified","log_level":"Debug","max_lease_ttl":86400000000000,"pid_file":"","plugin_directory":"","raw_sto
rage_endpoint":false,"seals":[{"disabled":false,"type":"shamir"}],"storage":{"cluster_addr":"","disable_clustering":true,"redirect_addr":"","type":"inmem"}}
vault | 2021-07-12T09:45:09.753Z [DEBUG] storage.cache: creating LRU cache: size=0
gcp config :
vault | 2021-07-12T09:45:38.342Z [DEBUG] secrets.gcp.gcp_d7312728: updating roleset with new account
vault | 2021-07-12T09:45:38.342Z [DEBUG] secrets.gcp.gcp_d7312728: adding WALs for old roleset resources
vault | 2021-07-12T09:45:38.342Z [DEBUG] secrets.gcp.gcp_d7312728: skip WALs for nil roleset resources
vault | 2021-07-12T09:45:38.342Z [DEBUG] secrets.gcp.gcp_d7312728: adding WALs for new roleset resources
vault | 2021-07-12T09:45:38.342Z [DEBUG] secrets.gcp.gcp_d7312728: creating service account: project=..... request="&{vaultopenqa-role-..... [] []}"
vault | 2021-07-12T09:45:38.343Z [DEBUG] secrets.gcp.gcp_d7312728: loading credentials
vault | 2021-07-12T09:45:38.343Z [DEBUG] secrets.gcp.gcp_d7312728: creating oauth2 http client
vault | 2021-07-12T09:45:39.089Z [DEBUG] secrets.gcp.gcp_d7312728: creating IAM bindings: account_email=......
vault | 2021-07-12T09:45:39.090Z [DEBUG] secrets.gcp.gcp_d7312728: setting IAM binding: resource=//cloudresourcemanager.googleapis.com/projects/.... roles="map[roles/compute.admin:{
} roles/iam.serviceAccountUser:{} roles/storage.objectAdmin:{} roles/viewer:{}]"
vault | 2021-07-12T09:45:39.090Z [DEBUG] secrets.gcp.gcp_d7312728: getting IAM policy for resource name: name=//cloudresourcemanager.googleapis.com/projects/.....
vault | 2021-07-12T09:45:39.365Z [DEBUG] secrets.gcp.gcp_d7312728: got IAM policy for resource name: name=//cloudresourcemanager.googleapis.com/projects/......
vault | 2021-07-12T09:45:39.366Z [DEBUG] secrets.gcp.gcp_d7312728: setting IAM policy for resource name: name=//cloudresourcemanager.googleapis.com/projects/......
vault | 2021-07-12T09:45:39.953Z [DEBUG] secrets.gcp.gcp_d7312728: skip deletion for nil roleset resources
Some calls to generate SA end up like this -
Some info about setup :
running Vault in container
Vault version
Note : I am aware about https://www.vaultproject.io/docs/secrets/gcp#service-account-keys-quota-limits but decided to create this anyway because I haven't found any prove that this is exactly about Quota limit :
So even if this really about Quotas I see room for error message improvement
The text was updated successfully, but these errors were encountered: