7

I am working on Google Classroom Pub/Sub Notification. I have task which is create the pub/sub topic and subscription by using the Rest API. I have created the pub/sub topic successfully but when i am setting the IAM Policy/Permissions for created topic then i am getting the error message.

API URL:- https://pubsub.googleapis.com/v1/projects/project-abc/topics/xyz-topic-101:setIamPolicy API Method:- POST API Request Body:-

{
    "policy": {
        "bindings": [
            {
                "role": "roles/owner",
                "members": [
                    "abc@domain.com",
                    "classroom-notifications@system.gserviceaccount.com"
                ]
            },
            {
                "role": "roles/pubsub.admin",
                "members": [
                    "abc@domain.com",
                    "classroom-notifications@system.gserviceaccount.com"
                ]
            },
            {
                "role": "roles/pubsub.editor",
                "members": [
                    "abc@domain.com",
                    "classroom-notifications@system.gserviceaccount.com"
                ]
            },
            {
                "role": "roles/pubsub.publisher",
                "members": [
                    "abc@domain.com",
                    "classroom-notifications@system.gserviceaccount.com"
                ]
            },
            {
                "role": "roles/pubsub.subscriber",
                "members": [
                    "abc@domain.com",
                    "classroom-notifications@system.gserviceaccount.com"
                ]
            }
        ],
        "version": 1
    }
}

API Response:- { "error": { "code": 400, "message": "The member abc@domain.com is of an unknown type. Please set a valid type prefix for the member.", "status": "INVALID_ARGUMENT" } }

I have follow the below Google Doc Link:- https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy#Binding I am not getting that why this message is coming. Please share your suggestions & feedback's.

user1337934
  • 81
  • 1
  • 4
  • Referring to the official doc: https://cloud.google.com/pubsub/docs/reference/error-codes we can say that this error happens when "The request is invalid; a required argument may be missing, exceeds limits, or has an invalid value." I would recommend to check the Pub/Sub quotas and limits: https://cloud.google.com/pubsub/quotas LEt me know if you exceed any of them. – aga Jul 31 '20 at 09:41

3 Answers3

7

Not sure if this will help, but I found that you need to set the member type for this to work.

From doc:

Should be of the form user|group|serviceAccount:email or domain:domain.

So try adding the prefix, along the lines of: serviceAccount:abc@domain.com, or whatever your member type is.

Voy
  • 5,286
  • 1
  • 49
  • 59
1

In my case, I've attempted to use the service account name, but it expected to see a type of an account in a prefix.

What I used :

xyz@gcp-airflow-k8s.iam.gserviceaccount.com

What is expected :

serviceaccount:xyz@gcp-airflow-k8s.iam.gserviceaccount.com
Vladyslav Didenko
  • 1,352
  • 1
  • 14
  • 19
0

Unfortunately I cannot comment at this moment but Voy's answer fix this issue. you must add the type of the member. Below section taken from google cloud documentation :

Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com. Can also be one of the following special values: allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account. allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.

Bruno Gomes
  • 21
  • 1
  • [Voy](https://stackoverflow.com/users/3508719) already pasted the link of google doc. You should just vote up the [answer](https://stackoverflow.com/a/65230977/13664939) instead of comment if you want to declare the answer is useful. – gurkan Apr 13 '21 at 10:17
  • what I meant is that because of my reputation I cant upvote... Thats why I added a comment – Bruno Gomes Apr 14 '21 at 11:06
  • That's why here is the reputation :) It's ok. You know, the vote is recording in any case. It will become visible after increase the reputation. – gurkan Apr 14 '21 at 12:28