Google Classroom Add IAM Policy Binding

Asked 18/7, 2020 at 13:38 Answered 15/6, 2021 at 9:8

I am working on Google Classroom Pub/Sub Notification. I have task which is create the pub/sub topic and subscription by using the Rest API. I have created the pub/sub topic successfully but when i am setting the IAM Policy/Permissions for created topic then i am getting the error message.

API URL:- https://pubsub.googleapis.com/v1/projects/project-abc/topics/xyz-topic-101:setIamPolicy API Method:- POST API Request Body:-

{
    "policy": {
        "bindings": [
            {
                "role": "roles/owner",
                "members": [
                    "[email protected]",
                    "[email protected]"
                ]
            },
            {
                "role": "roles/pubsub.admin",
                "members": [
                    "[email protected]",
                    "[email protected]"
                ]
            },
            {
                "role": "roles/pubsub.editor",
                "members": [
                    "[email protected]",
                    "[email protected]"
                ]
            },
            {
                "role": "roles/pubsub.publisher",
                "members": [
                    "[email protected]",
                    "[email protected]"
                ]
            },
            {
                "role": "roles/pubsub.subscriber",
                "members": [
                    "[email protected]",
                    "[email protected]"
                ]
            }
        ],
        "version": 1
    }
}

API Response:- { "error": { "code": 400, "message": "The member [email protected] is of an unknown type. Please set a valid type prefix for the member.", "status": "INVALID_ARGUMENT" } }

I have follow the below Google Doc Link:- https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy#Binding I am not getting that why this message is coming. Please share your suggestions & feedback's.

Egest answered 18/7, 2020 at 13:38 Comment(1)

Referring to the official doc: cloud.google.com/pubsub/docs/reference/error-codes we can say that this error happens when "The request is invalid; a required argument may be missing, exceeds limits, or has an invalid value." I would recommend to check the Pub/Sub quotas and limits: cloud.google.com/pubsub/quotas LEt me know if you exceed any of them. – Servia 31/7, 2020 at 9:41

Not sure if this will help, but I found that you need to set the member type for this to work.

From doc:

Should be of the form user|group|serviceAccount:email or domain:domain.

So try adding the prefix, along the lines of: serviceAccount:[email protected], or whatever your member type is.

Alejandro answered 10/12, 2020 at 8:30 Comment(0)

Unfortunately I cannot comment at this moment but Voy's answer fix this issue. you must add the type of the member. Below section taken from google cloud documentation :

Examples: user:[email protected], group:[email protected], serviceAccount:[email protected], or domain:example.domain.com. Can also be one of the following special values: allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account. allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.

Another answered 12/4, 2021 at 17:47 Comment(1)

what I meant is that because of my reputation I cant upvote... Thats why I added a comment – Another 14/4, 2021 at 11:6

In my case, I've attempted to use the service account name, but it expected to see a type of an account in a prefix.

What I used :

[email protected]

What is expected :

serviceaccount:[email protected]

Stanleystanly answered 15/6, 2021 at 9:8 Comment(0)

Recommended topics

Hot tags