Skip to main content

Questions tagged [gcp-iam]

Ask Question

The tag has no usage guidance.

gcp-iam
35 questions
Newest Active Bountied Unanswered
-1 votes
0 answers
19 views

GCP IAM access management

Let's suppose we have a number of GCP projects and several dev teams. What is the recommended way of managing access to the resources in the projects for the different teams? We are considering ...
Naran's user avatar
Naran
  • 63
0 votes
1 answer
121 views

Can "Domain Restricted Sharing" Org Policy in GCP work with cloud functions accepting allUsers?

If a project has or inherits a Domain Restricted Sharing org policy, It appears this prevents adding the cloudfunction invoker role to allUsers or allAuthenticatedUsers? If it's possible to add ...
intotecho's user avatar
intotecho
  • 5,497
0 votes
0 answers
37 views

How do I grant a service account permissions to the Google Analytics Admin API?

What is this doing? It creates a new project and a service account json key for me? How is it granting the service account access to the API?: https://developers.google.com/analytics/devguides/config/...
red888's user avatar
red888
  • 30.5k
0 votes
1 answer
26 views

Permission error for roles/resourcemanager.projectCreator in Google Cloud Build Trigger

I want to use Google Cloud Build Trigger to execute Terraform processing. And, I want to create a Firebase project using Terraform. However, a Build Trigger error is occurring as bellow. Step #2 - &...
Kei's user avatar
Kei
  • 144
0 votes
1 answer
61 views

google.api_core.exceptions.PermissionDenied: 403 Permission iam.googleapis.com/denypolicies.create denied on resource cloudresourcemanager.googleapis

def create_deny_policy(project_id: str, policy_id: str) -> None: from google.cloud import iam_v2 from google.cloud.iam_v2 import types policies_client = iam_v2.PoliciesClient() ...
Voora Tarun's user avatar
Voora Tarun
  • 1,216
0 votes
1 answer
184 views

How do I assign a role to a user in gcp for only 24 hours using gcloud cli?

I am trying to assign a role to a user only for 24 hours.I was using gcloud command for this and condition statement within the command. gcloud projects add-iam-policy-binding project_name --member='...
Pratik Mishra's user avatar
Pratik Mishra
  • 21
0 votes
1 answer
129 views

How to use a cross-project service user to auth in Google Play Developer API

In my current setup, I am only able to have a service account in a shared project called ProjectA. This project is solely used for creating Service Accounts (SA). Afterwards, I invite the SA to my own ...
Lucas Stern's user avatar
Lucas Stern
  • 21
0 votes
0 answers
37 views

GCP Not able to create bucket with compute engine default service account

I have created a VM instance with compute engine default service account. 'I am not able to create a bucket from this VM using gsutil mb gs://bucketname The command gives AccessDeniedException: 403 ...
Gauri Kshirsagar's user avatar
Gauri Kshirsagar
  • 1
1 vote
0 answers
95 views

How to add IAM conditions in gcp request for the TestIamPermissions API in golang?

I'm trying to test permissions with the TestIamPermissions API provided by GCP, my permissions are scoped by IAM conditions, but as I see in gcp documentation, this API gets resource and ...
Amal Khalaily's user avatar
Amal Khalaily
  • 11
0 votes
0 answers
311 views

Disable service account key with google API client

Google Cloud's IAM allows you to activate/deactivate service account keys, so you can safely deactivate and remove a key once you're sure it hasn't broken anything in your systems. In my case, I'm ...
beni0888's user avatar
beni0888
  • 1,172
2 votes
1 answer
1k views

How do I generate signed URLs for GCS with workload identity in the C# SDK?

I use workload id for all my GKE deployments. I have an app that needs to generate signed URLs for GCS and it uses the C# SDK. I see no docs on how to do this with workload id only static keys. It ...
red888's user avatar
red888
  • 30.5k
1 vote
1 answer
380 views

Trying to remove a a role assigned to a GCP user

Use Case: I am trying to delete all the roles assigned to a principal inside a GCP project. As I understand you can't perform that operation directly. I am referring here: https://cloud.google.com/iam/...
PiaklA's user avatar
PiaklA
  • 495
1 vote
0 answers
119 views

About the problem of using GCP to establish an L2TP tunnel: cannot succeed, 619 or 800 error

Current date 2023-1-15 test, The script used is: https://github.com/hwdsl2/setup-ipsec-vpn Test system Debian GNU/Linux 11 (bullseye) GCP virtual computer hardware configuration: E2-small Ports are ...
weekend's user avatar
weekend
  • 11
1 vote
0 answers
204 views

How to construct GCP org policy with tag rules to apply to cloud run service

I am trying to default my Cloud Run services ingress access to be internal only unless a specific tag is being set on the service by the service owner (for instance). I am trying to achieve this with ...
mikil's user avatar
mikil
  • 11
6 votes
0 answers
2k views

How do I get the email name of the current user retrieved via default credential fetching

I am not using a JSON key. I use the default credential loading mechanism that is used when you create any new client. But what means is there to reflect on the current creds? import google.auth creds,...
red888's user avatar
red888
  • 30.5k

15 30 50 per page
1
2 3