Cloud Build Failure: You do not have permission to act as (Service Account)

I have a demo App Engine application on GitHub, mapped through Google Cloud Build to automatically redeploy upon any change in the master repository. I’ve left this app untouched for about a month or so, until now where I made some minor updates and pushed those updates to the GitHub repository.

Unfortunately it seems that Cloud Build has changed some permissions, because suddenly errors came up and my updates failed to deploy. Here’s a screenshot of my Cloud Build page, and the errors:

My Cloud Build page. All my builds in October and earlier of this year succeeded, but my November builds started failing.

Apparently this error was due to a permissions error

ERROR: (gcloud.app.deploy) PERMISSION_DENIED: You do not have permission to act as '[email protected]'
- '@type': type.googleapis.com/google.rpc.ResourceInfo
  description: You do not have permission to act as this service account.
  resourceName: [email protected]
  resourceType: serviceAccount
ERROR
ERROR: build step 0 "gcr.io/cloud-builders/gcloud" failed: step exited with non-zero status: 1
Error detail in context.

When I tried to force the run via the Run trigger, I got this error:

Failed to trigger build: generic::permission_denied: service account [email protected] has insufficient permission to execute the build on project project-name.

In short, you need to add the Cloud Build Service Agent role to Cloud Build, allowing it to use service accounts to authenticate into other Google services. in the IAM section of the cloud console, find the Cloud Build service account:

The Cloud Build service account is in the black box.

And then add the Cloud Build Service Agent to the Cloud Build service account:

After I added that role, my Cloud Build deployments worked again.

Marketing: A Clever Example Of Counterprogramming – How To Own The Internet News Cycle

Yesterday, November 18 2020, was Mickey Mouse’s 92nd birthday. You may have seen it on your local news; I saw it mentioned on my local ABC station (ABC is owned by Disney).

Here’s a screenshot of a news-anchor from my local ABC affiliate commenting on Mickey’s birthday:

Extracted from https://www.facebook.com/HoseaSandersABC7/posts/3471367576246363

Unfortunately for Disney, Mickey’s 92nd birthday was not a major topic of conversation on Twitter and other social media locations. You may have seen another story about Disney bubble up yesterday, and this story is much less flattering to Disney: SFWA – #DisneyMustPay Alan Dean Foster. In short, Disney is accused of not paying royalties to Alan Dean Foster, who wrote a number of Star Wars and Aliens novels that Disney acquired the rights to when it purchased LucasFilm and Fox.

This story (and the hashtag #disneymustpay) was a trending item on Twitter for most of yesterday; this tweet summarizes the situation very well:

Extracted from https://twitter.com/jeffs_comics/status/1329214047569448962

I’m not here to litigate which side is correct, but I did want to point out the beauty of how this story was marketed: it was set up as counterprogramming against the story of Mickey Mouse’s 92nd birthday.

Yesterday’s news started with Mickey Mouse’s 92nd birthday on the news cycle: that “primed the pump” for more Disney related stories. By publishing the article #DisneyMustPay Alan Dean Foster on the same day, the article received much bigger growth and coverage than it would have if published on any other day. It inflicted reputational damage on Disney (which hurts more because Disney is a consumer-focused company) and cost Disney the chance to use Mickey’s 92nd birthday to drive more sales (because on November 18th consumers were thinking of Alan’s story, not Mickey Mouse). All in all, the SFWA managed to get Disney’s attention in a big way, and I’m sure Alan’s story is now being considered in the executive level of Disney’s management.

This case is a great example for any guerilla marketing campaigns: set up your marketing as counterprogramming to a bigger rival’s work; you’ll get far more reach out of your campaigns and your rival’s marketing will be much less successful.

Finance, Google, and Plex

I remarked in a previous blog post about how Google is diversifying their income by moving into financial products. Today sees the launch of Plex, a way to manage bank accounts, offers, and (soon) to open bank accounts.

Google launching waitlist for Plex, its new banking app. https://twitter.com/Google/status/1329120723193921543

This Verge article goes more in depth about Plex; the part I find most interesting is this sentence:

But Google is also ramping up other ways to pay with this app. Underneath People and Businesses are a couple of new buttons: “Get gas” and “Order food.” The food option ties into Google’s existing food ordering system that is compatible with enough systems for the company to claim it works with over 100,000 restaurants. You’ll also be able to pay for gas or parking directly in the app…

Extracted from https://www.theverge.com/2020/11/18/21571806/google-pay-relaunch-money-payments-finances-deals-offers-banking-plex

What I find interesting about Google Plex is that it’s a huge expansion of Google’s business: it moves Google more into the consumer realm such as into financial management and payments (competing with Samsung Pay, Apple Pay, Mint), into food ordering (competing with GrubHub) and gas (competing with many loyalty programs). If Plex succeeds, it could mean a many multi-billion dollar business, even larger than the Google Cloud Platform business unit.

How I Can Tell When Cloud SQL Is Under Maintenance

I have StackDriver notifications set up to email me whenever an error happens with my App Engine applications. This morning, I guessed my Google Cloud SQL instance was under maintenance. Not exactly a Sherlock Holmes -level deduction considering this display:

All of these SQL errors happened within a minute range, 10 hours ago.

Error Detail

Here’s the details page of one of the errors:

Detail Page, Screen 1
Detail Page, Screen 2

Note that these errors occurred at 8:01 – 8:02 AM. What else happened at that time?

Maintenance Logs

And as you can see, right around that time maintenance finished.

When you see a burst of errors at a single time, typically the root cause is maintenance or (rarely) backups being completed. Make sure your application is error-resistant by retrying failed SQL queries.

The Bottom Line

Cloud SQL maintenance can result in a burst of errors. Make sure your application can retry failed SQL queries, or log failed operations so they can be reviewed by your operations staff.

Also when you see an error, make sure to check your maintenance and backup logs. It’s an easy mistake to see an error and assume your code is at fault – knock out the simple error causes first before spending time digging into code and records.

Fun Graphs

As a bonus, and because I love metric graphs, here are some graphs showing the effect of the maintenance period around 8 AM:

A Funny Health Graph

Health graphs always amuse me. I occasionally have to scratch my head and wonder what exactly is being measured.

Take the graph below. At first, the service has zero users and a zero error rate. But once it gets to 1 user (July 19), the error rate ramps right up to 100% and stays at 100% error rate even when there are no users using it (July 20 – 21 part of the graph).

How can there be an error rate if it’s not being used?

Just another day in amusing metrics.

Review: Finding A WordPress Theme For A Tumblr/Tumblelog -Style Blog

Summary: If you’re exporting your blog from Tumblr to WordPress and want a Tumblr style theme, I recommend Nucleare or Twenty Fifteen.

I’ve recently helped export some blogs off tumblr to a WordPress installation. Tumblr is a great blogging platform – it’s terrific for quickly posting those random thoughts, code samples, and images one sees across the course of the day. But WordPress is a better long term solution, especially for blogs that are quickly growing.

The hardest part of exporting a Tumblr site to WordPress is finding a theme that replicates the clean, neat design of Tumblr. I used to recommend a theme called Fast Blog ($44 from ThemeForest). Unfortunately, the theme is no longer available and in any event hasn’t been updated in years.

The former Fast Blog theme for sale at ThemeForest.com, no longer available as I type this blog post. Before it was removed from sales, it had 2,547 purchases.

A friend of mine recommends Annina, which uses a big left navigation bar with a Pinterest-style multiple stacked boxes for each blog post:

Annina is a good, basic theme that is fantastic for mobile devices: it’s easy for the navigation bar and post “boxes” to rearrange themselves to fit different mobile (tablet/phone) sized screens – a lot of blogs and sites are rearranging themselves to fit this aesthetic to earn those mobile views.

The basic version of Annina is free, but there is a paid version of Annina that unlocks additional features. If you’re a new blogger, the free version of Annina is more than enough.

Annina is a good theme, but my major complaint is that I want whole blog posts to show on the blog’s main page, not just the excerpt that Annina shows – just like Tumblr does.

My Picks

If you’re exporting a Tumblr website to WordPress and need a similar theme, I recommend either Twenty Fifteen or Nucleare.

Why Nucleare? It’s a crisp, clean theme that echoes the general lines of Tumblr, yet offers a reasonable amount of customizability.

A sample of the Nucleare theme.

Perhaps my only complaint with Nucleare is the tons of wasted space around the title section and the inability to set the page width (I think it’s too wide on desktop displays). Otherwise, it’s a terrific theme that replicates the Tumblr experience.

In the Appearance > Customize section of WordPress admin, you can change the theme colors and (even more importantly in my view) change how posts are shown on the main page: either excerpt or the full post:

The color picker in the Colors section of the theme customizer.
Selecting to show full post or post excerpt in the blog main page.

Another theme I would recommend is Twenty Fifteen. It’s the WordPress default theme from 2015, but it’s been updated by the WordPress folks to maintain good SEO and mobile performance. For the screenshot below, the only change I made was to alter the navigation bar background color to blue (hex code #1287a8; default for the theme is to leave it white).

An example view of the Twenty Fifteen theme on desktop.
Screenshot of the same site on a mobile device.

Perhaps my only complaint with the Twenty Fifteen theme is that it includes a lot of padding and margin space around posts. I may end up cutting down that space using additional CSS.

So bottom line: Use Nucleare or Twenty Fifteen for those Tumblr blogs moving to WordPress. Both themes are free and have excellent defaults, along with good customization out of the box.