I want to use the project.getIamPolicy and setIamPolicy, but it gives me 403 with the error message saying "Identity and Access Management (IAM) API has not been used in project before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project= then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."
I don't want to enable (Identity and Access Management (IAM) API or other such APIs per project) manually from the console every time a project is created.
I want to automate the entire process, so, this is a blocker to do it.
Can someone help, is there a workaround?
1
votes
2 Answers
1
votes
1
votes
According to this GCP public documentation:
- The simplest way to enable and disable services is to use Google Cloud Console.
- If you need to create scripts, you can also use the gcloud command line interface.
- If you need to program against the "Service Usage API", the guide recommends you to use one of our provided client libraries.
In the same guide, below of the aforementioned information you'll find the steps for each option.
NOTE: Alternatively you can use the curl command to test the API without setting up a full application development environment.
Once you have enabled the services then you can programmatically create the services accounts and add roles to IAM policies.
Please keep in mind that an IAM policy binds one or more members to a role. When you want to define who (member) has what type of access (role) on a resource, you create a policy and attach it to the resource.
Here's the 'How IAM works' guide.
NOTE: Both IAM guides contains 'REST API', 'C#', 'Go', 'Java' and 'Python' code samples, so I think you'll be ok.
Please let me know if this works for you.
