google-iam

问题 TLDR; I'm having trouble assigning an IAM permission to a service account. I'm building a test that involves minting custom tokens with firebase Auth. When I hit: const token = await admin.auth().createCustomToken('test', { isAdmin: true, }) the following error is thrown Permission iam.serviceAccounts.signBlob is required to perform this operation on service account projects/-/serviceAccounts/dashboard@appspot.gserviceaccount.com.; Please refer to https://firebase.google.com/docs/auth/admin

问题 TLDR; I'm having trouble assigning an IAM permission to a service account. I'm building a test that involves minting custom tokens with firebase Auth. When I hit: const token = await admin.auth().createCustomToken('test', { isAdmin: true, }) the following error is thrown Permission iam.serviceAccounts.signBlob is required to perform this operation on service account projects/-/serviceAccounts/dashboard@appspot.gserviceaccount.com.; Please refer to https://firebase.google.com/docs/auth/admin

问题 I have heard that if the service account is having high privileges, but access scopes are restrictive, and we need to somehow authenticate to services without OAuth, then we can re-authenticate the service account with the keys that we have (assuming we got somehow). So is it true, re-authenticating the service account can give us cloud-platform scopes? gcloud auth activate-service-account --key-file key.json 回答1: Scopes are an OAuth permission mechanism. Google Cloud first started with

问题 I am facing challenge to invoke cloud Function from cloud task using oidcToken . Here are details of my IAM & Code: const { CloudTasksClient } = require('@google-cloud/tasks'); const client = new CloudTasksClient(); //See https://cloud.google.com/tasks/docs/tutorial-gcf module.exports = async (payload, scheduleTimeInSec) => { const project = process.env.GOOGLE_APPLICATION_PROJECTID; const queue = process.env.QUEUE_NAME; const location = process.env.QUEUE_LOCATION; const callBackUrl = https:/

问题 I am facing challenge to invoke cloud Function from cloud task using oidcToken . Here are details of my IAM & Code: const { CloudTasksClient } = require('@google-cloud/tasks'); const client = new CloudTasksClient(); //See https://cloud.google.com/tasks/docs/tutorial-gcf module.exports = async (payload, scheduleTimeInSec) => { const project = process.env.GOOGLE_APPLICATION_PROJECTID; const queue = process.env.QUEUE_NAME; const location = process.env.QUEUE_LOCATION; const callBackUrl = https:/

问题 I am trying to deploy a service with a non-default service account by following this guide and it says I need "the iam.serviceAccounts.actAs permission on the service account being deployed". The service account I am using is @cloudbuild.gserviceaccount.com , but I don't see the option to add it on my project's Permissions page. 回答1: The key point is that the service account is a resource. You need to add an IAM role for your identity to the service account (the resource). This grants you

问题 Under Google Cloud Run, you can select which service account your container is running. Using the default compute service account fails to generate a signed url. The work around listed here works on Google Cloud Compute -- if you allow all the scopes for the service account. There does not seem to be away to do that in Cloud Run (not that I can find). https://github.com/googleapis/google-auth-library-python/issues/50 Things I have tried: Assigned the service account the role: roles/iam

问题 Under Google Cloud Run, you can select which service account your container is running. Using the default compute service account fails to generate a signed url. The work around listed here works on Google Cloud Compute -- if you allow all the scopes for the service account. There does not seem to be away to do that in Cloud Run (not that I can find). https://github.com/googleapis/google-auth-library-python/issues/50 Things I have tried: Assigned the service account the role: roles/iam

来源： https://stackoverflow.com/questions/64186958/node-js-google-cloud-storage-credentials-not-loading-in-production

来源： https://stackoverflow.com/questions/57296656/iam-roles-for-google-cloud-natural-language-api