To create a pipeline schedule of Vertex AI, we can use below snippet:
Python
x
15
15
1
from google.cloud import aiplatform2
3
pipeline_job = aiplatform.PipelineJob(4
template_path="COMPILED_PIPELINE_PATH",5
pipeline_root="PIPELINE_ROOT_PATH",6
display_name="DISPLAY_NAME",7
)8
9
pipeline_job_schedule = pipeline_job.create_schedule(10
display_name="SCHEDULE_NAME",11
cron="TZ=CRON",12
max_concurrent_run_count=MAX_CONCURRENT_RUN_COUNT,13
max_run_count=MAX_RUN_COUNT,14
service_account="XYZ",15
)This Python code runs with service account “XYZ” and we also want the schedule to run as service account “XYZ”. Make sense, right? But the execution throws errors:
Python
1
4
1
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:2
status = StatusCode.INVALID_ARGUMENT3
details = "You do not have permission to act as service_account: vertex-runner@pers-decision-engine-dev.iam.gserviceaccount.com. (or it may not exist)."4
debug_error_string = "UNKNOWN:Error received from peer ipv4:74.125.201.95:443 {created_time:"2024-06-06T01:51:02.837225888+00:00", grpc_status:3, grpc_message:"You do not have permission to act as service_account: vertex-runner@pers-decision-engine-dev.iam.gserviceaccount.com. (or it may not exist)."}"Why does the Python Client of Vertex AI need to “act as” service account “XYZ” even if it’s already using default service account “XYZ”? I can’t answer. Fortunately, the solution is adding a role “Service Account User” to the service account “XYZ” (as this shows)
Seems Google Cloud still need to do a few works to let Vertex AI work very well.