Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error

Solution 1:

TLDR: Add Cloud Run Admin and Service Account User roles to your service account.

If we read the docs in detail for the IAM Reference page for Cloud Run which is found here, we find the following text:

A user needs the following permissions to deploy new Cloud Run services or revisions:

run.services.create and run.services.update on the project level. Typically assigned through the roles/run.admin role. It can be changed in the project permissions admin page.

iam.serviceAccounts.actAs for the Cloud Run runtime service account. By default, this is [email protected]. The permission is typically assigned through the roles/iam.serviceAccountUser role.

I think these extra steps explain the story as you see it.

Solution 2:

Adding Cloud Run Admin and Service Account User roles to my own service account fixed this for me. See step 2 in the docs here: https://cloud.google.com/run/docs/continuous-deployment#continuous

In Sitecore powershell, can you make an item unpublishable

Part of code is skipped and I need an alternative to if (holderB != null) [duplicate]

How to solve Error creating Service: googleapi: Error 403: Permission 'iam.serviceaccounts.actAs' denied on service account

getQuote "what" possible fields in Quantmod (R)

appsettings.json file not found issue on docker run

Log4J2 2.11.0 -> Log4J2 2.17.1 upgrade - appender broken for mariaDB JDBC driver to Percona 5.7 - malformed packets - maven - solved

How to embed a string in the compiled binary at build time? [duplicate]

Wildfly 10 failing to load MySQL XA driver on startup

Vuex persistedState does not work after refreshing page

Dividing in assembly ax and bx [duplicate]

integration of a function

Is there a closed form for $\int x^n e^{cx}\,\mathrm dx$?