Error when trying to create a serviceaccount key in deployment manager

Question

The error is below:

ERROR: (gcloud.deployment-manager.deployments.update) Error in Operation [operation-1544517871651-57cbb1716c8b8-4fa66ff2-9980028f]: errors:
- code: MISSING_REQUIRED_FIELD
  location: /deployments/infrastructure/resources/projects/resources-practice/serviceAccounts/storage-buckets-backend/keys/json->$.properties->$.parent
  message: |-
    Missing required field 'parent' with schema:
    {
      "type" : "string"
    }

Below is my jinja template content:

resource:
- name: {{ name }}-keys
    type: iam.v1.serviceAccounts.key
    properties:
      name: projects/{{ properties["projectID"] }}/serviceAccounts/{{ serviceAccount["name"] }}/keys/json
      privateKeyType: enum(TYPE_GOOGLE_CREDENTIALS_FILE)
      keyAlgorithm: enum(KEY_ALG_RSA_2048)

P.S. My reference for the properties is based on https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys

Answer 1

I will post the response of @John as the answer for the benefit of the community.

The parent was missing, needing an existing service account:

projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}

where ACCOUNT value can be the email or the uniqueID of the service account.

Regarding the template, please remove the enum wrapping the privateKeyType and keyAlgoritm.

The above deployment creates a service account credentials for an existing service account, and in order to retrieve this downloadable json key file, it can be exposed using outputs using the publicKeyData property then have it base64decoded.