I have developed the following code for automating the start/stop tasks of some of my instances which do not need to run all the time but to an specific range.
So here is my code: https://github.com/maartinpii/gcp-shst
I created a service account following the google cloud platforms guides (ref: https://cloud.google.com/iam/docs/understanding-service-accounts https://cloud.google.com/iam/docs/service-accounts#service_account_permissions), so I created a service SC-Auto in Project A and then created them in the IAM tab of the others projects and brought it the "Project Owner" role.
Note: From where I am running it I also executed the gcloud auth service-account ... as mentioned Cross project management using service account
However, when I execute my code I have the following scenario:
When executing it calling the project from where I have created the service accounts it works great.
When executing it calling any other project from where I have set the project owner role, it always retrieve this error
Traceback (most recent call last): File "gcp-shst.py", line 45, in response = request.execute() File "/usr/lib/python2.7/site-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper return wrapped(*args, **kwargs) File "/usr/lib/python2.7/site-packages/googleapiclient/http.py", line 842, in execute raise HttpError(resp, content, uri=self.uri) googleapiclient.errors.HttpError: https://www.googleapis.com/compute/v1/projects//zones/southamerica-east1-a/instances//start?alt=json returned "Required 'compute.instances.start' permission for 'projects//zones/southamerica-east1-a/instances/'">
So now I am wondering if it is possible to use the same service account to execute functions in all of the projects where I provisioned it and brang it the correct permissions or if I need to create a different service account per project or if I am doing something wrong...
Thanks in advance for your help!
