Reputation: 169
Google Cloud Authentication: Create service account key
I am using these instructions :Using the Client Libraries Python For Google TTS Wavenet Text to Speech
I am trying to setup up authentication. I am on step 4B. (From the Service account drop-down list, select New service account.)
When I use the drop down to New Service Account, I get “You don't have permission to create a new service account and key”
I am not sure what to do?
Here is my question with pictures
Update:
Output from :
gcloud projects get-iam-policy tts-alphax-nov
ERROR: (gcloud.projects.get-iam-policy) User [[email protected]] does not have permission to access project [tts-alphax-nov:getIamPolicy] (or it may not exist): Cloud Resource Manager API has not been used in project 892455511881 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=892455511881 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry. - '@type': type.googleapis.com/google.rpc.Help links: - description: Google developers console API activation url: https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=893435522881
Upvotes: 1
Views: 1912
Answers (2)
Reputation: 29493
Adding roles/resourcemanager.projectIamAdmin role in addition to roles/iam.serviceAccountAdmin fixed the issue for me.
# Create and manage service accounts.
gcloud projects add-iam-policy-binding $PROJECT \
--member serviceAccount:$ACCOUNTS_EMAIL \
--role roles/iam.serviceAccountAdmin
# Access and administer a project IAM policies.
gcloud projects add-iam-policy-binding $PROJECT \
--member serviceAccount:$ACCOUTS_EMAIL \
--role roles/resourcemanager.projectIamAdmin
Or use Cloud Console Web GUI.
Upvotes: 0
Reputation: 59338
You will need the following permission to create service account:
- Service Account Admin (roles/iam.serviceAccountAdmin): Includes Service Account User permissions and also grants permissions to create, update, delete, and set or get the Cloud IAM policy on a service account.
Go to google cloud console -> IAM & Admin -> IAM -> Members and double check if your account is listed there as a project owner. Also make sure you are logged in with correct google account.
If you are not, your project admin need to go to add Service Account Admin role for your account:
Upvotes: 0
Related Questions
- GCP IAM REST API Service account key issue
- GCP service Account Authentication
- GCP Server to Server Authentication with Service Account
- How to create API Keys in GCP using service accont
- How to set Google Cloud application credentials for a Service Account
- Create Api Key using gcloud?
- How do I authenticate using a service account in the Google Cloud Platform REST API
- How to use service account generated key for authentication using googleapi client
- Service account key creation in GCP using rest API
- When creating Google Cloud service accounts do you have to authorize the key after you create it?