Permission to rename organization in Google Cloud Platform - google-cloud-platform

I have bought a domain from Google Domains, call it example.com.
I have subscribed to G Suite basic and created an admin#example.com account to use on GCP instead of my personal account.
Inside GCP I found an organization already created named "example.com".
As admin#example.com, I tried to go to the settings of the IAM & Admin section of Google Cloud Platform. There I can see the name of the organization and its ID.
However, when I try to change the name of the organization I get the following error message:
You do not have the permission to rename this resource. Required
permission(s): All of resourcemanager.organizations.get and
resourcemanager.organizations.update
I tried to read the documentation on permissions but I couldn't find how to do this. How can I give myself permission to change the name of the organization?

You can't do it from GCP's console but you can from G-Suite admin panel.
You can find here some more info how to change the name of the organization and go from there.

Related

Google Cloud - Can't find the owner of a project

We have some Google Cloud Projects which use Google Calendar APIs and Sheets.
Developers who created this projects have left and their accounts have been deleted. The credentials created by them still work but we can't access those projects in Google Cloud dashboard from any of our existing accounts.
I tried accessing like this: https://console.cloud.google.com/apis/credentials?project=project-name-goes-here
All of us get
You do not have sufficient permissions to view this page. You are missing the following required permissions:
Project
project-name-here
resourcemanager.projects.get
How can an admin can reclaim these projects?
If an account created these projects deleted, will these projects still work?
We don't pay for support so we can't contact anyone from Google Cloud team.
Is there a way to find which Google account do these projects belong to?
Can anyone from Google cloud team clarify?
Thanls
If your Project is under an Organization, the organization is still the owner. You would need to contact the Organization Owners and modify the Owners of the resource.
You can also create a support ticket to the GCP Account and Resource Recovery Request team

Google Cloud: Why am I not an organization administrator?

I am attempting to expand my usage of Google Cloud and running into issues. When I go to IAM & Admin -> IAM and select my organization, I get an error: "You do not have sufficient permissions to view this page". A bit lower: "You are missing the following required permissions: resourcemanager.organizations.getIamPolicy".
I'm confused by this because if I select a project IN the organization I see I have the "Organization Administrator" role which has that exact permission assigned. I also have "Owner" role.
I also cannot upgrade from Basic support to any paid support due to this issue, so I literally cannot get any help from anyone at Google.
I created this org! Do I need to delete everything and start over? (ugh)
Based on what #JohnHanley's shared on the comments:
Organization Admin must be applied (bound) at the organization level. If you created the organization, then you have a Workspace or Identity account. Use that account to login. The problem should be easy to solve once you are using the correct account to authenticate.
In addittion to that;
To administer a particular project or product on GCP, you must ask your organization or the team managing your Google Workspace Admin to increase your role and authorization to a higher hierarchy.

Google Cloud Platform - Resource of type "Organisation"

I wanted to setup my cloud identity but its asking me to verify the domain that is already hosted on GCP. Can you help me with Cloud Identity setup with a proper organisation created (today its named "No Organisation"). I'm the admin for this account DOMAIN: we host our Corporate website on GCP with domain already registered with DNS services in google.
on the GCP Identity page its also giving me the following message.
Your current account, k*****.***a#DOMAIN.NL, is not associated with an organization on Google Cloud. This checklist is designed for administrators who are trusted with complete control over a company’s Google Cloud resources. If you already have an administrator account for your organization, sign in with the account now. Or, ask your company administrator to start the checklist.
I guess I'm stuck in a Chicken-n-Egg problem.
You need to create a Google Workspace account. Create it on your domain DOMAIN.NL, with you as 1st admin user and with subscription plan or not (in my case, I wasn't able to remove the 15 days of trial. Get it, you will be able to remove the trial subscription later (in the user list) on the admin.google.com Workspace console). You are able to create your org for free, but it's absolutely not clear!!
From the new user account that you have created on your Workspace domain (you#DOMAIN.NL), you will be able to reach the console (console.cloud.google.com) and you have your org.
Now you need to migrate the projects and to review the authorization. You also need to (re)create a Billing Account.
I didn't find another way to achieve this.

How do I upload my own custom zip of a deployment?

I'm trying to use an existing setup/deployment, however it has a failure and hence I thought I'd try fix it by creating my own "deployment".
I can't figure out how to do this though.
I just get a page of "There are no solutions yet. Contact your admin for status on the catalogue."
I followed the instructions here: https://cloud.google.com/private-catalog/docs/create-catalog
However at step 3 - there is no "manage solutions" button...
I HAVE added the "catalogue admin" + "catalogue manager" roles to my user.
Why am I not getting this button?
There are three prerequisites to use Private Catalogues:
You must have a Google Cloud organization and access to the organization.
You must have the administrator role for your Google Cloud organization.
You must have the Catalog admin role for Private Catalog.
Perhaps you are only missing the first one:
Organizations are only available for GSuite and Cloud Identity customers: https://cloud.google.com/resource-manager/docs/creating-managing-organization
Edit: here is a better quickstart guide for using Private Catalogues:

missing permission on "billingAccounts/XXXXXXXXXXXXXXXXXXXXXXXX": billing.resourceAssociations.create Terraform (GCP)

I tried to automate the Shared VPC creation on GCP by using Terraform. I have enabled all the access to my service account (Org Admin, XpnAdmin, Storage Admin, Compute admin, Billing Admin)
But when i executed terraform apply it's throwing me following error:
missing permission on "billingAccounts/CXXXXXXXXXXXXXXXXXX": billing.resourceAssociations.create
I'm referring the Google provider Github code for this demo.
I was getting same error even my "Service Account" had the necessary "Organization" level permissions. Then I figured out, I need to give permission from "Billing Account". It worked.
I was following this tutorial to create projects via "Service Account" and "Terraform", but still was getting error. After some research, I followed this how-to and gave permission from "Billing Account".
Project, Organization and Billing are 3 separate components for permissions. Giving "Organization" level is not enough. The permission should be given from "Billing Account" as well.
It's quite likely you have the billing admin, but you also need the ability to create billing assignments, or "Billing Project Manager".
https://cloud.google.com/billing/v1/how-tos/access-control
billing.resourceAssociations.create AND resourcemanager.projects.createBillingAssignment on the Cloud Billing account.
There's some handy code to bootstrap a service account - Google Project Factory - You might want to have a look at that. Once that SA is created you shouldn't have permissions issues
I was getting this error when I had an old (deleted) billing account Id in my Terraform config.
<facePalm>Doh!</facePalm>
This error generally comes when you are logged into to machine/laptop and set default credentials to run terraform. Thereafter you got a new account or have been asked to use new account and you are authenticating using gcloud auth login / or gcloud auth application-default login. This will still use the previous account billing account. It is recommended to use Google CloudShell to run terraform script first time.