kind-island-70054
03/31/2022, 10:52 AM// Define Semaphore SA access rights
["roles/run.developer"].map(
(role) =>
new gcp.projects.IAMMember(`semaphoreci-${role}`, {
project: configs.gcp.project,
role,
member: pulumi.interpolate`serviceAccount:${configs.semaphore.serviceAccountEmail}`,
})
);
It fails to deploy though when I try to get the project number this way: gcp.organizations.getProject().then((project) => project.number)
I tried adding several roles to my service account so that it can execute that command but it keeps failing saying that I need to allow the Cloud Resource Manager API (it is already enabled). Anyone knows how to allow a service account from another project to be able to execute that command?Diagnostics:00:12
pulumi:pulumi:Stack (api-staging):00:12
error: Error: invocation of gcp:organizations/getProject:getProject returned an error: invoking gcp:organizations/getProject:getProject: 1 error occurred:00:12
* Error when reading or editing Project "projectname-344455": googleapi: Error 403: Cloud Resource Manager API has not been used in project 1063070351412 before or it is disabled. Enable it by visiting <https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=1063070351412> then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.00:12
Details:00:12
[00:12
{00:12
"@type": "<http://type.googleapis.com/google.rpc.Help|type.googleapis.com/google.rpc.Help>",00:12
"links": [00:12
{00:12
"description": "Google developers console API activation",00:12
"url": "<https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=1063070351412>"00:12
}00:12
]00:12
},
I have set roles/browser to the service account it still does not work