https://pulumi.com logo
Title
h

helpful-van-82564

09/09/2021, 2:58 PM
Hi, I'm trying to create a custom role with the end result the ability to admin storage and service accounts, however it falls over :
permissions=[
"iam.serviceAccountAdmin",
"storage.objectAdmin",
],
with:
googleapi: Error 400: Permission storage.objectAdmin is not valid., badRequest
What am I doing wrong?
b

billowy-army-68599

09/09/2021, 4:42 PM
can you share the whole code?
l

limited-rainbow-51650

09/10/2021, 6:36 AM
@helpful-van-82564 I checked the GCP docs. You are passing role names in a snippet mentioning
permissions
. In the link below you see the mapping of roles to permissions. https://cloud.google.com/iam/docs/understanding-roles If, in your code, you have to pass permissions, you have to use the values from the right-side column in the linked page.
h

helpful-van-82564

09/10/2021, 8:29 AM
thanks @limited-rainbow-51650 I'm not sure how I missed that!
l

limited-rainbow-51650

09/10/2021, 8:30 AM
No problem. Being able to help feels good. 😉