Permission error when setting up a server about terraform-google-nomad HOT 1 CLOSED

The instance's credentials are provisioned using the service_account block for a googe_compute_instance:

Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope. See a complete list of scopes here.

Note: allow_stopping_for_update must be set to true or your instance must have a desired_status of TERMINATED in order to update this field.

🤔 I do not see this error when I deploy to a personal GCP project. It might be possible that your instance does not have the required permissions.

You can start debugging this in a variety of ways, but here's a good place to get started: after getting an SSH session on any of the server instances, run the following command:

$  curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/"
[email protected]/
default/

☝️ [email protected] was created for this instance, and your service account is likely similar, but different. There is also default, which contain the default permissions. Continue to use curl to dig deeper:

$ curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/[email protected]/scopes"
https://www.googleapis.com/auth/compute.readonly
https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/logging.write
https://www.googleapis.com/auth/monitoring.write

Note: my http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/scopes contains the same information as above.

from terraform-google-nomad.