This message was deleted.
# google-cloud
s
This message was deleted.
s
@limited-rainbow-51650 That’s my current understanding how Pulumi authenticates to GCP: https://github.com/pulumi/docs/pull/2162/
👏🏼 1
l
That’s the last thing I executed and it still doesn’t work. Then it must be a true permission problem. Pfff… Cloud IAM at the organization level is not easy to debug.
s
l
@stocky-island-3676 no, I added the
roles/resourcemanager.projectCreator
role to my account for the time being. It seems that org admin doesn’t have that role.
But I will have to learn using a service account ASAP.
s
I added the
roles/resourcemanager.projectCreator
role to my account for the time being. It seems that org admin doesn’t have that role.
Aha. Was the https://cloud.google.com/resource-manager/reference/rest/v1beta1/organizations/testIamPermissions “200 OK” before adding that role to your account, as well?
l
Strangely yes.
s
Aha. So, does the service-account also have that additional role?
l
@stocky-island-3676 I misunderstood the API explorer. For
testIamPermisions
, you pass a list of permissions, and the call only returns the list of permissions you are granted. In the first call, I got
{}
😉
s
Aha 🙂