gcp - granting and testing permission on gcp bucket for a service account


You can create your service account by running the following command

gcloud iam service-accounts create hellworldsa --display-name "hello world sa"

Assigning role to the service account with the following gcloud command: 


gcloud iam service-accounts add-iam-policy-binding
"hellworldsa@project-id.iam.gserviceaccount.com" --member="user:myuser@gmail.com"
--role="roles/iam.serviceAccountTokenCreator"


To test ability to list storage you can use the following command:- 

gcloud storage buckets list --impersonate-service-account=your-service-account-email-name

You will get 403: HTTP permission denied. 

This is because you don't have the storage admin role assigned to the service account 

gcloud projects add-iam-policy-binding projectid --member="serviceAccount:hellworldsa@projectid-450116-r5.iam.gserviceaccount.com" --role="roles/storage.admin"

After running command above, you can re-run this command:-

gcloud storage buckets list --impersonate-service-account=your-service-account-email-name

You may need to run the following command to refresh your token

gcloud iam service-accounts add-iam-policy-binding "hellworldsa@iam.gserviceaccount.com" --member="user:your-user@gmail.com" --role="roles/iam.serviceAccountTokenCreator"







Comments

Post a Comment

Popular posts from this blog

gemini cli getting file not defined error

Image
 While trying to run gemini cli on my windows linux subsystem, i bump into this error here - "/Roaming/npm/node_modules/@google/gemini-cli/node_modules/undici/lib/web/webidl/index.js:512 webidl.is.File = webidl.util.MakeTypeAssertion(File)"  "ReferenceError: File is not defined" In Node.js, there’s no built-in File (until very recent Node 20+ with experimental WHATWG APIs). So, unless polyfilled, File is undefined, leading to the ReferenceError. And to resolve this, I had to upgrade to node 22 (might work for node 20) and then I was able to run it.
Read more

NodeJS: Error: spawn EINVAL in window for node version 20.20 and 18.20

Encounter this issue when running autorest (that uses nodejs).  I am using node version:  v18.20.2 After i revert to use node v18.12.0, then i was able to get my app to run without this error. Since i am working with Azure devops yaml, i was able to use the following to resolve my issue.  - task : NodeTool@0   inputs :     versionSource : 'spec'     versionSpec : '18.18.0'
Read more

vllm : Failed to infer device type

Trying to run vllm without gpu will typicaly lands you into this issue. To resolve this issue: we can use set these both. Setting one does not work for me. So i had to configure both settings below:- 1.  environment variable CUDA_VISIBLE_DEVICES = "" 2. in the command line, change to use device cpu and remove  tensor-parallel-size. For example, python3 -m vllm.entrypoints.openai.api_server --port 8080 --model deepseek-ai/DeepSeek-R1 --device cpu --trust-remote-code --max-model-len 4096" References https://docs.vllm.ai/en/latest/getting_started/troubleshooting.html#failed-to-infer-device-type
Read more