datafusion/ERR/2022_010
Cloud Dataproc Service Account has a Dataproc Worker role.
Product: Cloud Data Fusion
Rule class: ERR - Something that is very likely to be wrong
Description
The Dataproc Worker role provides the VM service account with the minimum permissions necessary to operate with Dataproc. To create a cluster with a user-specified service account, the specified service account must have all permissions granted by the Dataproc Worker role
Remediation
Add an IAM policy binding to a Cloud Dataproc service account by specifying a role. The Service Account cannot be created without a role. For example, this can be done using the GCP Console or by running the following gcloud tool command:
gcloud projects add-iam-policy-binding PROJECT_ID --member='serviceAccount:<project-id>-compute@developer.gserviceaccount.com' --role='roles/dataproc.worker'