To create a pipeline schedule of Vertex AI, we can use below snippet:
Python
x
15
15
1
from google.cloud import aiplatform
2
3
pipeline_job = aiplatform.PipelineJob(
4
template_path="COMPILED_PIPELINE_PATH",
5
pipeline_root="PIPELINE_ROOT_PATH",
6
display_name="DISPLAY_NAME",
7
)
8
9
pipeline_job_schedule = pipeline_job.create_schedule(
10
display_name="SCHEDULE_NAME",
11
cron="TZ=CRON",
12
max_concurrent_run_count=MAX_CONCURRENT_RUN_COUNT,
13
max_run_count=MAX_RUN_COUNT,
14
service_account="XYZ",
15
)
This Python code runs with service account “XYZ” and we also want the schedule to run as service account “XYZ”. Make sense, right? But the execution throws errors:
Python
1
4
1
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
2
status = StatusCode.INVALID_ARGUMENT
3
details = "You do not have permission to act as service_account: vertex-runner@pers-decision-engine-dev.iam.gserviceaccount.com. (or it may not exist)."
4
debug_error_string = "UNKNOWN:Error received from peer ipv4:74.125.201.95:443 {created_time:"2024-06-06T01:51:02.837225888+00:00", grpc_status:3, grpc_message:"You do not have permission to act as service_account: vertex-runner@pers-decision-engine-dev.iam.gserviceaccount.com. (or it may not exist)."}"
Why does the Python Client of Vertex AI need to “act as” service account “XYZ” even if it’s already using default service account “XYZ”? I can’t answer. Fortunately, the solution is adding a role “Service Account User” to the service account “XYZ” (as this shows)
Seems Google Cloud still need to do a few works to let Vertex AI work very well.