Stack Overflow
Stack Overflow

Questions tagged [google-iam]

Cloud Identity and Access Management (Cloud IAM) enables you to create and manage permissions for Google Cloud Platform resources. Cloud IAM unifies access control for Cloud Platform services into a single system and presents a consistent set of operations.

727 questions
46
votes
8 answers

How to get a GCP Bearer token programmatically with python

gcloud auth print-access-token gives me a Bearer token that I can use later on; however, this is a shell command. How would I obtain one programmatically via the Google Cloud Python API? I see a prior example using oauth2client, but oauth2client…
indraniel
  • 577
  • 1
  • 4
  • 8
39
votes
1 answer

How to Update Roles of Existing Service Accounts - Google Cloud Console

I am using the Google Cloud Console for this purpose. When I create a service account, I can assign specific roles. But after I create it, I don't see an option to Update Roles of Service Accounts. I tried to edit the service account, and still no…
Keet Sugathadasa
  • 11,595
  • 6
  • 65
  • 80
33
votes
5 answers

Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error

I have created a custom service account travisci-deployer@PROJECT_ID.iam.gserviceaccount.com on my project and gave it the Cloud Run Admin role: gcloud projects add-iam-policy-binding "${PROJECT_ID}" \ …
ahmet alp balkan
  • 42,679
  • 38
  • 138
  • 214
31
votes
2 answers

How do you enable "iam.serviceAccounts.actAs" permissions on a sevice account?

I am trying to deploy a service with a non-default service account by following this guide and it says I need "the iam.serviceAccounts.actAs permission on the service account being deployed". The service account I am using is…
sdfsdf
  • 5,052
  • 9
  • 42
  • 75
30
votes
3 answers

Access Google Cloud service account credentials on Container OS inside Docker Container

Using the Container Optimized OS (COS) on Google Cloud Compute, what's the best way to access the credentials of the default service account for the VM-project from within a Docker container? $ gcloud compute instances create test-instance \ …
Brian M. Hunt
  • 81,008
  • 74
  • 230
  • 343
28
votes
4 answers

Unable to assign iam.serviceAccounts.signBlob permission

TLDR; I'm having trouble assigning an IAM permission to a service account. I'm building a test that involves minting custom tokens with firebase Auth. When I hit: const token = await admin.auth().createCustomToken('test', { isAdmin: true, …
tristansokol
  • 4,054
  • 2
  • 17
  • 32
21
votes
6 answers

How to generate a Blob signed url in Google Cloud Run?

Under Google Cloud Run, you can select which service account your container is running. Using the default compute service account fails to generate a signed url. The work around listed here works on Google Cloud Compute -- if you allow all the…
sww314
  • 1,252
  • 13
  • 17
19
votes
3 answers

Google Cloud Platform IAM, i don't receive the invitation mail as a member

my partner added me as a member in a GCP project, with computer engine Admin role, but i didn't receive any invitation email. we have already checked in spam folder. i tried also to…
lotfi Raghib
  • 434
  • 1
  • 6
  • 17
17
votes
3 answers

Want to assign multiple Google cloud IAM roles to a service account via terraform

I want to assign multiple IAM roles to a single service account through terraform. I prepared a TF file to do that, but it has an error. With a single role it can be successfully assigned but with multiple IAM roles, it gave an error. data…
Aniket
  • 495
  • 1
  • 5
  • 16
17
votes
1 answer

How does the GKE metadata server work in Workload Identity

I've recently been making use of the GKE Workload Identity feature. I'd be interested to know in more detail how the gke-metadata-server component works. GCP client code (gcloud or other language SDKs) falls through to the GCE metadata…
Charlie Egan
  • 4,878
  • 6
  • 33
  • 48
17
votes
3 answers

Kubernetes pods can't pull images from container registry (gcp)

I want to update my deployment on kubernetes with a new image which exists on 'eu.gcr.io' (same project), I have done this before. But now the pods fail to pull the image because they are not authorized to do so. This is the error that we get in the…
Georges Lorré
  • 443
  • 3
  • 11
17
votes
2 answers

What's the difference between Project Browser role and Project Viewer role in Google Cloud Platform

According to the console popup, the Project Browser role has browse access to the project's resources while the Project Viewer has read access to those resources. Does this mean that with the browser role I can only list the filenames stored in the…
intotecho
  • 4,925
  • 3
  • 39
  • 54
14
votes
1 answer

GCP Cloud Build fails with permissions error even though correct role is granted

I setup a Cloud Build Trigger in my GCP project in order to deploy a Cloud Function from a Cloud Source Repository via a .yaml file. Everything seems to have been setup correctly and permissions granted according to the official documentation, but…
starmandeluxe
  • 2,443
  • 3
  • 27
  • 44
13
votes
1 answer

IAM Service Account Key vs Google Credentials File

I'm writing code to generate and download a private key for a Google Cloud service account. Using the IAM API, I was able to create a service account, and my call to generate a key seems to be working. I get back a Service Account Key as described…
hubatish
  • 5,070
  • 6
  • 35
  • 47
12
votes
1 answer

GCP: How to grant a role to a service account on a Firestore collection?

We can share a BigQuery dataset with a service account, we can add a service account as a member to a specific bucket by assigning to it a specific role....using graphic interface. What about Firestore? Can we share a specific collection with a…
Farah
  • 2,469
  • 5
  • 31
  • 52
1
2 3
48 49