google-cloud-iam

问题 I've started a web-based project using nodejs, express, firebase functions, firestore and eventually want to use firebase hosting. So far, I have been able to keep everything server side until I've reached Authorisation and Authentication. I'm using a model view controller structure so calls to firestore are being made server side and therefore the firestore security rules don't work. Firestore security rules only work if you access firestore client side. Can I use google cloud IAM (Identity

问题 To connect to Google Cloud BigQuery that exists in a different GCP project from a Google Cloud Function, I am creating the BigQuery Client as follows: const {BigQuery} = require('@google-cloud/bigquery'); const options = { keyFilename: 'path/to/service_account.json', projectId: 'my_project', }; const bigquery = new BigQuery(options); But instead of storing the service_account.json in my Cloud Function, I want to store the Service Account in Google Cloud Storage and provide the Google Cloud

问题 I am working on an application that has several custom roles that do not map to the existing IAM roles or permissions. e.g. Sales Department, Administrator, or Approver. I would like to create these custom roles in IAM and assign users to them. However, in order to create a custom role, I need to select at least one permission from the list of predefined permissions. Is there a way to create a custom role with no permissions or with a minimal permission that has no side effects? 回答1: You may

问题 I am working on an application that has several custom roles that do not map to the existing IAM roles or permissions. e.g. Sales Department, Administrator, or Approver. I would like to create these custom roles in IAM and assign users to them. However, in order to create a custom role, I need to select at least one permission from the list of predefined permissions. Is there a way to create a custom role with no permissions or with a minimal permission that has no side effects? 回答1: You may

问题 Is there some way to limit access to the internal metadata IP? Background is: https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/ When I fetch all the data with curl I can see the email address of my google account among other stuff. I'd like to limit the data itself and access to the data as much as possible. Metadata is required during setup and boot as far as I know. Is there some way around this or at least some way to lock down access

问题 Is there some way to limit access to the internal metadata IP? Background is: https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/ When I fetch all the data with curl I can see the email address of my google account among other stuff. I'd like to limit the data itself and access to the data as much as possible. Metadata is required during setup and boot as far as I know. Is there some way around this or at least some way to lock down access

问题 I can't figure out why I keep getting the error: Error: Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information. firebase login from my command line returns that I am already logged in and I have configured my-app@appspot.gserviceaccount.com to be a Secret Manager Secret Accessor in the GCP IAM admin dashboard within the same project. Here's the code I'm using: const { SecretManagerServiceClient } = require("@google

问题 I can't seem to find a proper filter for the Project List API method to list only the projects which I have access to but are under No Organization. Is there a filter for this? What would be the way to achieve this?. 回答1: I’m afraid there’s no straightforward way to achieve this. The filter would have to match a “parent.id” or a “parent.type” property, which in the case of projects without organization it doesn’t exists (they don’t have a “parent” attribute). It would have to be done in two

问题 Running into problems building deploying functions. When trying to programmatically deploy the function I get the following output in builder logs (ERRORS). 2020-10-20T02:22:12.155866856Z starting build "1fc13f51-28b6-4052-9a79-d5d0bef9ed5c" I 2020-10-20T02:22:12.156015831Z FETCHSOURCE I 2020-10-20T02:22:12.156031384Z Fetching storage object: gs://gcf-sources-629360234120-us-central1/${FUNCTIONNAME}-63f501f1-a8d2-4837-b992-1173ced83036/version-1/function-source.zip#1603160527600655 I 2020-10

问题 SOLVED: In Google cloud platform I need to create a new project to create a new oauth credential for an app. But it will not let me create any more projects under my organisation. It says I do not have permission to create projects in this location. I only have 2 projects currently and there is only 1 org. No I cannot use an exisitng project since I need to setup a different oauth consent screen. I am the admin, with owner permissions, so there is nobody else I can contact. I have a g suite