Cloud Identity and Access Management (Cloud IAM) enables you to create and manage permissions for Google Cloud Platform resources. Cloud IAM unifies access control for Cloud Platform services into a single system and presents a consistent set of operations.
Questions tagged [google-cloud-iam]
376 questions
4
votes
0 answers
GCP How to delete automatically generated OAuth clients?
In GCP console => APIs & Services => Credentials => OAuth 2.0 client IDs
I have some OAuth clients that I can't delete, they have a yellow triangle notice, which said:
This automatically generated OAuth client ID is required for your
project. It…
Hoang Trinh
- 2,253
- 1
- 24
- 47
4
votes
1 answer
Using Controller Service in ExecuteScript
I am working a Google Cloud Project and I want to use Jython to connect to custom API. I need to provide Google Service Account credentials in order to authenticate myself, but for security reasons I do not want the information to be easily…
Mandemon
- 274
- 2
- 18
4
votes
0 answers
How to create a Kubernetes cluster from within GitLab CI for e2e testing?
I want to create a Google Cloud Kubernetes cluster programmatically in a GitLab CI script .gitlab-ci.yml in order to do e2e testing against it. Therefore I
created a separate project project-e2e (in order to separate the billing)
enabled Kubernetes…
Karl Richter
- 6,271
- 17
- 57
- 120
4
votes
1 answer
Getting 403 "Anonymous caller does not have storage.objects.get access" when trying to upload to GCS with signed URLs
I'm trying to upload files directly from the browser to GCS using signed URLs. I'm generating a v4 signed URL from an App Engine Standard PHP application and that seems to be working fine. The problem is when I try to PUT to that URL I get a 403…
tomphp
- 155
- 1
- 3
- 10
4
votes
2 answers
How to properly authorize request to Google Cloud Storage API?
I am trying to use the Google Cloud Storage JSON API to retrieve files from a bucket using http calls.
I am curling from a Container in GCE within the same project as the storage bucket, and the service account has read access to the bucket
Here is…
znat
- 12,164
- 14
- 60
- 93
4
votes
1 answer
Using service accounts and oauth2 to call autoML Google API
I've trained an image classification model using autoML API and now I would like to create a JAVA program that makes predictions of given images using that model. As mentioned in the docs, this API requires the OAuth scope:…
Mouna Ben Chamekh
- 343
- 1
- 12
4
votes
1 answer
Temporarly switch to high privileged Role with Google Cloud Platform IAM
I am switching many of my projects over to Google Cloud Platform (GCP), but I traditionally have more experience with AWS.
In AWS, using IAM, I can grant my users a low privileged Role and configure a higher privileged Role to allow to assume…
François Proulx
- 41
- 1
3
votes
1 answer
How can a Google Cloud API Gateway endpoint deliver data from a Cloud Storage file?
I'm in the process of building a large API that will use Google Cloud API Gateway to route various endpoints to different services – some may be serverless Cloud Functions, others will be served by a Rails app in our Kubernetes clusters, and so…
Scott Matthewman
- 2,059
- 15
- 24
3
votes
1 answer
Google function HTTP trigger - authentication problem server to server with service account
What i want to do: To call a google function from my server/machine & limit it usage with a (simple) authentication.
What i use: Node.js, google-auth-library library for authentication.
What have I done/tried:
1) Created a project in Google Cloud…
MrObe13
- 33
- 3
3
votes
1 answer
Can I use gcloud activate-service-account with impersonation (not static keys)?
gcloud has a --impersonate-service-account flag
gsutil has a -i flag
But I want to configure impersonation once in my current session and then know that all future commands are using that service account. So what I want is to gcloud…
red888
- 18,164
- 26
- 123
- 237
3
votes
2 answers
GCP - Impersonate service account as a user
I would like to allow users to impersonate a service account to do operations on a long running process.
However, all the code examples illustrate a service account impersonating another service account.
Can users directly impersonate a service…
A Clockwork Orange
- 20,481
- 6
- 21
- 23
3
votes
3 answers
gcloud project owner permission denied
So I'm trying to run a training job on google cloud's AI-platform for an image classifier written in tensorflow by the command line:
gcloud ai-platform jobs submit training my_job \
--module-name trainer.final_task \
…
stefftaelman
- 31
- 3
3
votes
4 answers
GCP Command to Read All User's Permissions
Is there a way to list all permissions from a user in GCP?
I know there is this command:
gcloud projects get-iam-policy "project-ID"
but I can only see the IAM roles I have set up in the IAM console. For example I do not see the IAM role…
toto'
- 892
- 1
- 9
- 22
3
votes
3 answers
Cloud container clusters create `compute.networks.get` permission error
I am trying to create a cluster with GKE. I have a project I have been using already.
When I run
gcloud container clusters create cluster1
I get the following:
ERROR: (gcloud.container.clusters.create) ResponseError: code=403, message=Google…
gordon macmillan
- 83
- 11
3
votes
2 answers
What is the difference between the Cloud Build Service Account and Service Agent?
When you enable the Google Cloud Build service for a project, two service accounts are assigned roles within the project:
[PROJECT-ID]@cloudbuild.gserviceaccount.com is assigned the Cloud Build Service Account Role, and is referred to in the Cloud…
numbsafari
- 162
- 2
- 7