I'm unable to create a Cloud Function in my GCP project using GUI, but have admin roles for GCF, SA and IAM. Here is the error message: Missing necessary permission iam.serviceAccounts.actAs for c...

I'm running Python code on my computer that makes calls to Google Cloud Platform. I'm trying to know if my application is using my own credentials or service account keys to get authorizations on G...

So, we have a "Compute Engine default service account", and everything is clear with it: it's a legacy account with excessive permission it used to be limited by "scope" assign...

I've deployed a small HTTP endpoint via Google Cloud Run. It is working fine when I turn off the authentication. I now want to turn it on so that it is only callable by my Firebase Cloud Function. ...

Is it possible to get a list of all permissions that have been granted (specifically or transitively) to a user or GCP service account, ideally filtered by resource, through gcloud or the web UI?

The PubSub service account is service-<PROJECT_NUMBER>@gcp-sa-pubsub.iam.gserviceaccount.com The command described here to create an IAM policy binding succeeds, which shows that the service ...

I'm looking into roles in GCP. I have a use case to read everything in GCP. So when I looked at the viewer role, docs say it is a read-only role but it seems it has a lot of restrictions. what are ...

The documentation for the Service Account User role is a bit confusing. https://cloud.google.com/iam/docs/service-accounts#user-role Users granted the Service Account User role on a service accoun...

Here my use case. I already have a Cloud Run service deployed in private mode. (same issue with Cloud Function) I'm developing a new service that use this Cloud Run. I use the default credential ...

One of the Google Kubernetes Engine (GKE) clusters ($GKE_CLUSTER) within a Google Cloud Platform (GCP) project ($GCP_PROJECT) seems to be unable to pull Docker Images from Google Container Registry...

I want to update my deployment on kubernetes with a new image which exists on 'eu.gcr.io' (same project), I have done this before. But now the pods fail to pull the image because they are not autho...

I am facing challenge to invoke cloud Function from cloud task using oidcToken. Here are details of my IAM & Code: const { CloudTasksClient } = require('@google-cloud/tasks'); const client = ne...

I am trying to create a project in the Google console cloud using the PHP client library. I copied this sample code from https://cloud.google.com/resource-manager/reference/rest/v1/projects/create#...

I gave a user's Google account access to one of my datasets. They are using this Python script: def query_stackoverflow(): client = bigquery.Client() query_job = client.query( """...

my partner added me as a member in a GCP project, with computer engine Admin role, but i didn't receive any invitation email. we have already checked in spam folder. i tried also to acc https://co...

I have setup a compute instance called to run cronjobs on Google Compute engine using a service account with the following roles: Custom Compute Image User + Deletion rights Compute Admin Compute...

When calling admin.auth().createCustomToken(), I get the following error: Permission iam.serviceAccounts.signBlob is required to perform this operation on service account projects/-/serviceAccou...

I'm trying to write a simple backend that will access my Google Cloud Firestore, it lives in the Google Kubernetes Engine. On my local I'm using the following code to authenticate to Firestore as d...

I am trying to enabled Workload Identity on my cluster but I'm getting the following error when testing it from a pod: root@workload-identity-test:/# gcloud auth list ERROR: gcloud crashed (Metada...

I would like to allow users to impersonate a service account to do operations on a long running process. However, all the code examples illustrate a service account impersonating another service a...

I checked the IAM & admin in the GCP console UI. I have two roles: (Company name) Project Owner and Editor. The member is my company email address. But when I try to edit(the edit button) ot...

I can't figure out why I keep getting the error: Error: Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information. firebas...

I am using the Google Cloud Console for this purpose. When I create a service account, I can assign specific roles. But after I create it, I don't see an option to Update Roles of Service Accounts....

gcloud has a --impersonate-service-account flag gsutil has a -i flag But I want to configure impersonation once in my current session and then know that all future commands are using that service a...

Assume two users, A and B have full access to a GCP project. User A creates a VM. Once this is done , it appears user B can login into the VM and also has sudo access to the VM. we used enable-osl...