I m trying to setup continuous deployment within my CI So I

Question

I m trying to setup continuous deployment within my CI So I created a GCP service account in a global project and I gave it select access rights to my environments projects so that it can only update what I think it should be able to ``` Define Semaphore SA access rights roles run developer map role = gt new gcp projects IAMMember `semaphoreci $ role ` project configs gcp project role member pulumi interpolate`serviceAccount $ configs semaphore serviceAccountEmail ` ``` It fails to deploy though when I try to get the project number this way `gcp organizations getProject then project = gt project number ` I tried adding several roles to my service account so that it can execute that command but it keeps failing saying that I need to allow the Cloud Resource Manager API it is already enabled Anyone knows how to allow a service account from another project to be able to execute that command

kind-island-70054 · Answer

```Diagnostics 00 12 pulumi pulumi Stack api staging 00 12 error Error invocation of gcp organizations getProject getProject returned an error invoking gcp organizations getProject getProject 1 error occurred 00 12 Error when reading or editing Project projectname 344455 googleapi Error 403 Cloud Resource Manager API has not been used in project 1063070351412 before or it is disabled Enable it by visiting then retry If you enabled this API recently wait a few minutes for the action to propagate to our systems and retry 00 12 Details 00 12 00 12 00 12 type 00 12 links 00 12 00 12 description Google developers console API activation 00 12 url 00 12 00 12 00 12 ``` I have set roles browser to the service account it still does not work

kind-island-70054 · Answer

I just needed to enable the api on the global project man facepalming