Enable Allow policy for the API anthosidentityservice [394882697]

Assigned

Feature Request

Status Update

No update yet.

Description

me...@google.com

created issue #1

Feb 6, 2025 07:03PM

I want a service account be able to enable an Anthos API, I created a custom role to add the permission "serviceusage.services.enable" and attach the custom role into the service account with an IAM condition with the objective that only these specific service account enable the "anthosidentityservice.googleapis.com" API in my project

After the configuration I tried to run the next command: gcloud container fleet identity-service enable --fleet-default-member-config=auth-config.yaml --project [project] and throws an error message

The condition failed to give the permission to the service account

Looking at the documentation the API is not supported as a resource attribute and documentation for IAM condition and resource type that accept allow policies

Comments

ba...@google.com <ba...@google.com> #2Feb 7, 2025 02:23AM

Reassigned to gc...@google.com.

I had the same problem!
I could solve it by putting the .aidl file in an aidl directory.
Look at the attached screenshot to see the project structure.

Issue 394882697

Description

Issue summary

Comments

ba...@google.com <ba...@google.com> #2Feb 7, 2025 02:23AM

Add comment

Issue metadata