GCP GCS storage using old service account key

I have an existing repository for GCS storage that using a JSON key.

export PATH=/usr/share/elasticsearch/bin/:$PATH
elasticsearch-keystore add-file gcs.client.default.credentials_file /opt/esadmin/gcs-key.json
elasticsearch-plugin install repository-gcs

Then I created the repo it was working fine. Then I need change the JSON key. So what I did, I removed the repository and deleted the Keystore.

curl -X DELETE https://10.10.10.11:9200/_snapshot/gcs
elasticsearch-keystore remove gcs.client.default.credentials_file

Then replaced the JSON file with new service account json file(its from a different GCP project) and add it to key store. Then I tried to create the repo with a different bucket, it is saying, its not able find the bucket.

Error:

"storage_exception: old-project-es-gcs-repository@old-project.iam.gserviceaccount.com does not have storage.buckets.get access to the Google Cloud Storage bucket."

old-project-es-gcs-repository@old-project.iam.gserviceaccount.com --> this is the old service account, the new account is not taken.

I tried to uninstall and the GCS plugin, but still the same issue.

I solved by removing the plugin on all the nodes and install it again

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.