Google Classroom Add IAM Policy Binding

4
votes

I am working on Google Classroom Pub/Sub Notification. I have task which is create the pub/sub topic and subscription by using the Rest API. I have created the pub/sub topic successfully but when i am setting the IAM Policy/Permissions for created topic then i am getting the error message.

API URL:- https://pubsub.googleapis.com/v1/projects/project-abc/topics/xyz-topic-101:setIamPolicy API Method:- POST API Request Body:-

{
    "policy": {
        "bindings": [
            {
                "role": "roles/owner",
                "members": [
                    "[email protected]",
                    "[email protected]"
                ]
            },
            {
                "role": "roles/pubsub.admin",
                "members": [
                    "[email protected]",
                    "[email protected]"
                ]
            },
            {
                "role": "roles/pubsub.editor",
                "members": [
                    "[email protected]",
                    "[email protected]"
                ]
            },
            {
                "role": "roles/pubsub.publisher",
                "members": [
                    "[email protected]",
                    "[email protected]"
                ]
            },
            {
                "role": "roles/pubsub.subscriber",
                "members": [
                    "[email protected]",
                    "[email protected]"
                ]
            }
        ],
        "version": 1
    }
}

API Response:- { "error": { "code": 400, "message": "The member [email protected] is of an unknown type. Please set a valid type prefix for the member.", "status": "INVALID_ARGUMENT" } }

I have follow the below Google Doc Link:- https://cloud.google.com/pubsub/docs/reference/rest/v1/Policy#Binding I am not getting that why this message is coming. Please share your suggestions & feedback's.

3
google-cloud-pubsubgoogle-classroom
Referring to the official doc: cloud.google.com/pubsub/docs/reference/error-codes we can say that this error happens when "The request is invalid; a required argument may be missing, exceeds limits, or has an invalid value." I would recommend to check the Pub/Sub quotas and limits: cloud.google.com/pubsub/quotas LEt me know if you exceed any of them.aga

3 Answers

3
votes

Not sure if this will help, but I found that you need to set the member type for this to work.

From doc:

Should be of the form user|group|serviceAccount:email or domain:domain.

So try adding the prefix, along the lines of: serviceAccount:[email protected], or whatever your member type is.

0
votes

Unfortunately I cannot comment at this moment but Voy's answer fix this issue. you must add the type of the member. Below section taken from google cloud documentation :

Examples: user:[email protected], group:[email protected], serviceAccount:[email protected], or domain:example.domain.com. Can also be one of the following special values: allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account. allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.

0
votes

In my case, I've attempted to use the service account name, but it expected to see a type of an account in a prefix.

What I used :

[email protected]

What is expected :

serviceaccount:[email protected]