Google Cloud Authentication: Create service account key

1
votes

I am using these instructions :Using the Client Libraries Python For Google TTS Wavenet Text to Speech

I am trying to setup up authentication. I am on step 4B. (From the Service account drop-down list, select New service account.)

When I use the drop down to New Service Account, I get “You don't have permission to create a new service account and key”

I am not sure what to do?

Here is my question with pictures

Update:
Output from : gcloud projects get-iam-policy tts-alphax-nov

ERROR: (gcloud.projects.get-iam-policy) User [reddit@tts-alphax-nov.iam.gserviceaccount.com] does not have permission to access project [tts-alphax-nov:getIamPolicy] (or it may not exist): Cloud Resource Manager API has not been used in project 892455511881 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=892455511881 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry. - '@type': type.googleapis.com/google.rpc.Help links: - description: Google developers console API activation url: https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=893435522881

2
google-app-enginegoogle-cloud-platform
Are you the project owner? If not, have the project owner give you permissions or create the service account for you.John Hanley
@JohnHanley I am the project ownernormandantzig
Edit your question and include the output from gcloud projects get-iam-policy PROJECT_ID. Replace PROJECT_ID with your Project ID: gcloud config get-value project.John Hanley
@JohnHanley updated the output.normandantzig
@JohnHanley BTW I got the python script to work in Linux from the WSL on my PC. I think something is wrong with my console setup in windows.normandantzig

2 Answers

0
votes

You will need the following permission to create service account:

  • Service Account Admin (roles/iam.serviceAccountAdmin): Includes Service Account User permissions and also grants permissions to create, update, delete, and set or get the Cloud IAM policy on a service account.

Go to google cloud console -> IAM & Admin -> IAM -> Members and double check if your account is listed there as a project owner. Also make sure you are logged in with correct google account.

If you are not, your project admin need to go to add Service Account Admin role for your account:

enter image description here

0
votes

Adding roles/resourcemanager.projectIamAdmin role in addition to roles/iam.serviceAccountAdmin fixed the issue for me.

# Create and manage service accounts.
gcloud projects add-iam-policy-binding $PROJECT \
  --member serviceAccount:$ACCOUNTS_EMAIL \
  --role roles/iam.serviceAccountAdmin

# Access and administer a project IAM policies.
gcloud projects add-iam-policy-binding $PROJECT \
  --member serviceAccount:$ACCOUTS_EMAIL \
  --role roles/resourcemanager.projectIamAdmin

Or use Cloud Console Web GUI.