I am trying to create a service account that has permission to particular pubsub topic only.
I create a topic:
gcloud pubsub topics create mytopic
Then create a service account:
gcloud iam service-accounts create my-user \
--display-name "my-user"
Then trying to grant this service account permission:
gcloud alpha pubsub topics add-iam-policy-binding mytopic \
--member="serviceAccount:[email protected]" \
--role='roles/pubsub.editor'
Get the service account json file:
gcloud iam service-accounts keys create \
--iam-account "[email protected]" \
service-account.json
Using this service account json credentials I get denied creating a subscription to this topic.
If I give this user permissions to the entire project's pubsub, I am able to create a subscription to this topic but I dont want to give that much permission to this service account.
gcloud projects add-iam-policy-binding myproject \
--member="serviceAccount:[email protected]" \
--role='roles/pubsub.editor'
I am trying to use this and it doesnt seem to work: https://cloud.google.com/sdk/gcloud/reference/alpha/pubsub/topics/add-iam-policy-binding
Am I missing something here? I would have thought that the role binding for this user to the topic would be enough permission?
