I am looking for a way to generate the json that I would through the web ui from gcloud utility. From the documentation, I can see I can do this through an api request (https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/create). However I am trying to do it through the utility.
Thank you very much for reading
I managed to do this through this command, as shown in the documentation:
gcloud iam service-accounts keys create NAME_OF_THE_FILE.json --iam-account=EMAIL
Related
We are working on a project to solve VRP with Google optimization AI RESTapi. In there documentation
Note: The following command assumes that you have logged in to the
gcloud CLI with your user account by executing gcloud init or gcloud
auth login, or by using Cloud Shell, which automatically logs you into
the gcloud CLI. You can check the currently active account by
executing gcloud auth list.
We need to pass a print-access-token to the RESTapi which can be generated via gcloud cli.
We want to generate this token programmatically with Node.js RESTapi, So then we can call the https://cloudoptimization.googleapis.com/v1/projects/project-id:optimizeTours endpoint directly from our backend.
Our client provided required Cognito User Pool id and related tokens but not giving the aws credentials so is there any possibility to setup aws amplify official flutter library with out using cli?
You should be able to modify the CFN file see
aws-export.js
and
the cloudformation temlpate basicauthentication5fbc10de-cloudformation-tempalte.yml
in this solution for an idea how to do this.
I have a makefile in which I use the gcloud CLI to create a service account and set roles. I also would like to enable domain wide delegation for this service account using the gcloud CLI. I can only find instructions on how to do this using the developer console. Is it possible to enable domain wide delegation using the gcloud CLI?
According to the gCloud SDK documentions of gcloud iam, there are specific coomands to set roles and service-accounts.
The commands available for domains are list-user-verified and verify.
In this way, there is no way (yet) through the gCloudSDK to Perform G Suite Domain-Wide Delegation of Authority.
I'm confident (!) that this is not exposed through a public API.
I pinged your question to a buddy at the Goo and hopefully, he'll reply here with a definitive answer.
I'm trying to build an automatic sync solution that uses a Google Cloud storage bucket for storing data.
When I install the cloud SDK it asks for my authentication, but obviously I don't want to use my credentials on the client's server, it should be done with a service account with specific permissions, right?
The documentation just says to authenticate with your credentials. What is the security best practice here?
Found it, it's this simple command:
gcloud auth activate-service-account --key-file=credentials.json
And it works! I can upload stuff with PowerShell
The doc is here
I was sure it will be simple but couldn't find any documentation or resolution.
I'm trying to write a script using gcloud to perform some operations in my GCP instances.
Is there anyway to login/authenticate using gcloud via command line only?
Thanks
You have a couple of options here (depending on what exactly you're trying to do).
The first option is to log in using the --no-launch-browser option. This still requires interaction from a human user, but doesn't require a browser on the machine you're using:
> gcloud auth login --no-launch-browser
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&prompt=select_account&response_type=code&client_id=32555940559.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute&access_type=offline
Enter verification code: *********************************************
Saved Application Default Credentials.
You are now logged in as [user#example.com].
Your current project is [None]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
The non-interactive option involves service accounts. The linked documentation explains them better than I can, but the short version of what you need to do is as follows:
Create a service account in the Google Developers Console. Make sure it has the appropriate "scopes" (these are permissions that determine what this service account can do. Download the corresponding JSON key file.
Run gcloud auth activate-service-account --key-file <path to key file>.
Note that Google Compute Engine VMs come with a slightly-different service account; the difference is described here.