How to assign multiple service account credentials to google cloud functions?How to grant datastore access to a service account?Using Google Accounts for Authentication and Google APIs in Compute EngineHow to Auth to Google Cloud using Service Account in Python?Access Google App Engine endpoint from Firebase cloud functionUsing Google Cloud Functions API as Service DiscoveryGoogle Cloud Function and Service AccountPermissions for creating OAuth credentials in Google CloudAccess Google Cloud service account credentials on Container OS inside Docker ContainerHow do I completely delete Cloud Datastore from a project?Deploying different service-account-credentials.json file to different cloud functions
Real orthogonal and sign
Don't individual signal sources affect each other when using a summing amplifier?
Should I have one hand on the throttle during engine ignition?
Do pedestrians imitate auto traffic?
Why do space operations use "nominal" to mean "working correctly"?
Detecting existence of a class member
Connection between SM an CM
Why are there few or no black super GMs?
What is this green alien supposed to be on the American covers of the "Hitchhiker's Guide to the Galaxy"?
Is this Android phone Android 9.0 or Android 6.0?
Left crank keeps coming loose
Why can't I hear fret buzz through the amp?
Probability that the price of stock following a brownian motion goes under a certain value
🍩🔔🔥Scrambled emoji tale⚛️🎶🛒 #2️⃣
"Je suis petite, moi?", purpose of the "moi"?
How to not confuse readers with simultaneous events?
Locked-up DOS computer beeped on keypress. What mechanism caused that?
How would you say "Sorry, that was a mistake on my part"?
What happens if a company buys back all of its shares?
Why is the Intel 8086 CPU called a 16-bit CPU?
Last-minute canceled work-trip mean I'll lose thousands of dollars on planned vacation
Pauli exclusion principle - black holes
What is a Romeo Word™?
How was Luke's prosthetic hand in Episode V filmed?
How to assign multiple service account credentials to google cloud functions?
How to grant datastore access to a service account?Using Google Accounts for Authentication and Google APIs in Compute EngineHow to Auth to Google Cloud using Service Account in Python?Access Google App Engine endpoint from Firebase cloud functionUsing Google Cloud Functions API as Service DiscoveryGoogle Cloud Function and Service AccountPermissions for creating OAuth credentials in Google CloudAccess Google Cloud service account credentials on Container OS inside Docker ContainerHow do I completely delete Cloud Datastore from a project?Deploying different service-account-credentials.json file to different cloud functions
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I have three service accounts
- App engine default service account
- Datastore service account
- Alert Center API service account
My cloud functions uses firestore in datastore mode for book keeping and invokes Alert Center API.
One can assign only one service account while deploying cloud functions.
Is there way similar to AWS where one can create multiple inline policies and assign it to default service account.
P.S. I tried creating custom service account but datastore roles are not supported.Also I do not want to store credentials in environment variables or upload credentials file with source code.
google-cloud-platform google-cloud-datastore google-cloud-functions service-accounts
asked Mar 26 at 9:48
himanshu219himanshu219
16311 bronze badges
add a comment |
I have three service accounts
- App engine default service account
- Datastore service account
- Alert Center API service account
My cloud functions uses firestore in datastore mode for book keeping and invokes Alert Center API.
One can assign only one service account while deploying cloud functions.
Is there way similar to AWS where one can create multiple inline policies and assign it to default service account.
P.S. I tried creating custom service account but datastore roles are not supported.Also I do not want to store credentials in environment variables or upload credentials file with source code.
google-cloud-platform google-cloud-datastore google-cloud-functions service-accounts
asked Mar 26 at 9:48
himanshu219himanshu219
16311 bronze badges
add a comment |
I have three service accounts
- App engine default service account
- Datastore service account
- Alert Center API service account
My cloud functions uses firestore in datastore mode for book keeping and invokes Alert Center API.
One can assign only one service account while deploying cloud functions.
Is there way similar to AWS where one can create multiple inline policies and assign it to default service account.
P.S. I tried creating custom service account but datastore roles are not supported.Also I do not want to store credentials in environment variables or upload credentials file with source code.
google-cloud-platform google-cloud-datastore google-cloud-functions service-accounts
asked Mar 26 at 9:48
himanshu219himanshu219
16311 bronze badges
I have three service accounts
- App engine default service account
- Datastore service account
- Alert Center API service account
My cloud functions uses firestore in datastore mode for book keeping and invokes Alert Center API.
One can assign only one service account while deploying cloud functions.
Is there way similar to AWS where one can create multiple inline policies and assign it to default service account.
P.S. I tried creating custom service account but datastore roles are not supported.Also I do not want to store credentials in environment variables or upload credentials file with source code.
google-cloud-platform google-cloud-datastore google-cloud-functions service-accounts
google-cloud-platform google-cloud-datastore google-cloud-functions service-accounts
asked Mar 26 at 9:48
himanshu219himanshu219
16311 bronze badges
asked Mar 26 at 9:48
himanshu219himanshu219
16311 bronze badges
asked Mar 26 at 9:48
himanshu219himanshu219
16311 bronze badges
asked Mar 26 at 9:48
himanshu219himanshu219
16311 bronze badges
asked Mar 26 at 9:48
himanshu219himanshu219
16311 bronze badges
16311 bronze badges
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
You're looking at service accounts a bit backwards.
Granted, I see how the naming can lead you in this direction. "Service" in this case doesn't refer to the service being offered, but rather to the non-human entities (i.e. apps, machines, etc - called services in this case) trying to access that offered service. From Understanding service accounts:
A service account is a special type of Google account that belongs to
your application or a virtual machine (VM), instead of to an
individual end user. Your application assumes the identity of the
service account to call Google APIs, so that the users aren't
directly involved.
So you shouldn't be looking at service accounts from the offered service perspective - i.e. Datastore or Alert Center API, but rather from their "users" perspective - your CF in this case.
That single service account assigned to a particular CF is simply identifying that CF (as opposed to some other CF, app, machine, user, etc) when accessing a certain service.
If you want that CF to be able to access a certain Google service you need to give that CF's service account the proper role(s) and/or permissions to do that.
For accessing the Datastore you'd be looking at these Permissions and Roles. If the datastore that your CFs need to access is in the same GCP project the default CF service account - which is the same as the GAE app's one from that project - already has access to the Datastore (of course, if you're OK with using the default service account).
I didn't use the Alert Center API, but apparently it uses OAuth 2.0, so you probably should go through Service accounts.
answered Mar 26 at 11:06
Dan CornilescuDan Cornilescu
31.6k11 gold badges39 silver badges69 bronze badges
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55354070%2fhow-to-assign-multiple-service-account-credentials-to-google-cloud-functions%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You're looking at service accounts a bit backwards.
Granted, I see how the naming can lead you in this direction. "Service" in this case doesn't refer to the service being offered, but rather to the non-human entities (i.e. apps, machines, etc - called services in this case) trying to access that offered service. From Understanding service accounts:
A service account is a special type of Google account that belongs to
your application or a virtual machine (VM), instead of to an
individual end user. Your application assumes the identity of the
service account to call Google APIs, so that the users aren't
directly involved.
So you shouldn't be looking at service accounts from the offered service perspective - i.e. Datastore or Alert Center API, but rather from their "users" perspective - your CF in this case.
That single service account assigned to a particular CF is simply identifying that CF (as opposed to some other CF, app, machine, user, etc) when accessing a certain service.
If you want that CF to be able to access a certain Google service you need to give that CF's service account the proper role(s) and/or permissions to do that.
For accessing the Datastore you'd be looking at these Permissions and Roles. If the datastore that your CFs need to access is in the same GCP project the default CF service account - which is the same as the GAE app's one from that project - already has access to the Datastore (of course, if you're OK with using the default service account).
I didn't use the Alert Center API, but apparently it uses OAuth 2.0, so you probably should go through Service accounts.
answered Mar 26 at 11:06
Dan CornilescuDan Cornilescu
31.6k11 gold badges39 silver badges69 bronze badges
add a comment |
You're looking at service accounts a bit backwards.
Granted, I see how the naming can lead you in this direction. "Service" in this case doesn't refer to the service being offered, but rather to the non-human entities (i.e. apps, machines, etc - called services in this case) trying to access that offered service. From Understanding service accounts:
A service account is a special type of Google account that belongs to
your application or a virtual machine (VM), instead of to an
individual end user. Your application assumes the identity of the
service account to call Google APIs, so that the users aren't
directly involved.
So you shouldn't be looking at service accounts from the offered service perspective - i.e. Datastore or Alert Center API, but rather from their "users" perspective - your CF in this case.
That single service account assigned to a particular CF is simply identifying that CF (as opposed to some other CF, app, machine, user, etc) when accessing a certain service.
If you want that CF to be able to access a certain Google service you need to give that CF's service account the proper role(s) and/or permissions to do that.
For accessing the Datastore you'd be looking at these Permissions and Roles. If the datastore that your CFs need to access is in the same GCP project the default CF service account - which is the same as the GAE app's one from that project - already has access to the Datastore (of course, if you're OK with using the default service account).
I didn't use the Alert Center API, but apparently it uses OAuth 2.0, so you probably should go through Service accounts.
answered Mar 26 at 11:06
Dan CornilescuDan Cornilescu
31.6k11 gold badges39 silver badges69 bronze badges
add a comment |
You're looking at service accounts a bit backwards.
Granted, I see how the naming can lead you in this direction. "Service" in this case doesn't refer to the service being offered, but rather to the non-human entities (i.e. apps, machines, etc - called services in this case) trying to access that offered service. From Understanding service accounts:
A service account is a special type of Google account that belongs to
your application or a virtual machine (VM), instead of to an
individual end user. Your application assumes the identity of the
service account to call Google APIs, so that the users aren't
directly involved.
So you shouldn't be looking at service accounts from the offered service perspective - i.e. Datastore or Alert Center API, but rather from their "users" perspective - your CF in this case.
That single service account assigned to a particular CF is simply identifying that CF (as opposed to some other CF, app, machine, user, etc) when accessing a certain service.
If you want that CF to be able to access a certain Google service you need to give that CF's service account the proper role(s) and/or permissions to do that.
For accessing the Datastore you'd be looking at these Permissions and Roles. If the datastore that your CFs need to access is in the same GCP project the default CF service account - which is the same as the GAE app's one from that project - already has access to the Datastore (of course, if you're OK with using the default service account).
I didn't use the Alert Center API, but apparently it uses OAuth 2.0, so you probably should go through Service accounts.
answered Mar 26 at 11:06
Dan CornilescuDan Cornilescu
31.6k11 gold badges39 silver badges69 bronze badges
You're looking at service accounts a bit backwards.
Granted, I see how the naming can lead you in this direction. "Service" in this case doesn't refer to the service being offered, but rather to the non-human entities (i.e. apps, machines, etc - called services in this case) trying to access that offered service. From Understanding service accounts:
A service account is a special type of Google account that belongs to
your application or a virtual machine (VM), instead of to an
individual end user. Your application assumes the identity of the
service account to call Google APIs, so that the users aren't
directly involved.
So you shouldn't be looking at service accounts from the offered service perspective - i.e. Datastore or Alert Center API, but rather from their "users" perspective - your CF in this case.
That single service account assigned to a particular CF is simply identifying that CF (as opposed to some other CF, app, machine, user, etc) when accessing a certain service.
If you want that CF to be able to access a certain Google service you need to give that CF's service account the proper role(s) and/or permissions to do that.
For accessing the Datastore you'd be looking at these Permissions and Roles. If the datastore that your CFs need to access is in the same GCP project the default CF service account - which is the same as the GAE app's one from that project - already has access to the Datastore (of course, if you're OK with using the default service account).
I didn't use the Alert Center API, but apparently it uses OAuth 2.0, so you probably should go through Service accounts.
answered Mar 26 at 11:06
Dan CornilescuDan Cornilescu
31.6k11 gold badges39 silver badges69 bronze badges
answered Mar 26 at 11:06
Dan CornilescuDan Cornilescu
31.6k11 gold badges39 silver badges69 bronze badges
answered Mar 26 at 11:06
Dan CornilescuDan Cornilescu
31.6k11 gold badges39 silver badges69 bronze badges
answered Mar 26 at 11:06
Dan CornilescuDan Cornilescu
31.6k11 gold badges39 silver badges69 bronze badges
31.6k11 gold badges39 silver badges69 bronze badges
add a comment |
add a comment |
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55354070%2fhow-to-assign-multiple-service-account-credentials-to-google-cloud-functions%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
