I'm trying to use an existing setup/deployment, however it has a failure and hence I thought I'd try fix it by creating my own "deployment".
I can't figure out how to do this though.
I just get a page of "There are no solutions yet. Contact your admin for status on the catalogue."
I followed the instructions here: https://cloud.google.com/private-catalog/docs/create-catalog
However at step 3 - there is no "manage solutions" button...
I HAVE added the "catalogue admin" + "catalogue manager" roles to my user.
Why am I not getting this button?
There are three prerequisites to use Private Catalogues:
You must have a Google Cloud organization and access to the organization.
You must have the administrator role for your Google Cloud organization.
You must have the Catalog admin role for Private Catalog.
Perhaps you are only missing the first one:
Organizations are only available for GSuite and Cloud Identity customers: https://cloud.google.com/resource-manager/docs/creating-managing-organization
Edit: here is a better quickstart guide for using Private Catalogues:
Related
We have some Google Cloud Projects which use Google Calendar APIs and Sheets.
Developers who created this projects have left and their accounts have been deleted. The credentials created by them still work but we can't access those projects in Google Cloud dashboard from any of our existing accounts.
I tried accessing like this: https://console.cloud.google.com/apis/credentials?project=project-name-goes-here
All of us get
You do not have sufficient permissions to view this page. You are missing the following required permissions:
Project
project-name-here
resourcemanager.projects.get
How can an admin can reclaim these projects?
If an account created these projects deleted, will these projects still work?
We don't pay for support so we can't contact anyone from Google Cloud team.
Is there a way to find which Google account do these projects belong to?
Can anyone from Google cloud team clarify?
Thanls
If your Project is under an Organization, the organization is still the owner. You would need to contact the Organization Owners and modify the Owners of the resource.
You can also create a support ticket to the GCP Account and Resource Recovery Request team
I am attempting to expand my usage of Google Cloud and running into issues. When I go to IAM & Admin -> IAM and select my organization, I get an error: "You do not have sufficient permissions to view this page". A bit lower: "You are missing the following required permissions: resourcemanager.organizations.getIamPolicy".
I'm confused by this because if I select a project IN the organization I see I have the "Organization Administrator" role which has that exact permission assigned. I also have "Owner" role.
I also cannot upgrade from Basic support to any paid support due to this issue, so I literally cannot get any help from anyone at Google.
I created this org! Do I need to delete everything and start over? (ugh)
Based on what #JohnHanley's shared on the comments:
Organization Admin must be applied (bound) at the organization level. If you created the organization, then you have a Workspace or Identity account. Use that account to login. The problem should be easy to solve once you are using the correct account to authenticate.
In addittion to that;
To administer a particular project or product on GCP, you must ask your organization or the team managing your Google Workspace Admin to increase your role and authorization to a higher hierarchy.
I want to migrate my Google action project from one Google account to another.
However, I am not part of any organization hence the migration option on Google cloud for my project doesn't work.
Can anyone help me understand how we can migrate the Google action with no organization from one google account to another google account without any organization created on Google cloud console?
To migrate your GCP project, follow these steps:
Navigate to google cloud console
Select the source account where you want to migrate project from
In the navigation menu select "IAM"
At the top, click "ADD"
Add the destination account using Permissions/Add Member/Is Owner
Accept the Invitation from destination account
If you want to remove ownership of the source account, on the destination account, go back to the IAM section and delete your account from the list.
Refer granting access for information.
I have bought a domain from Google Domains, call it example.com.
I have subscribed to G Suite basic and created an admin#example.com account to use on GCP instead of my personal account.
Inside GCP I found an organization already created named "example.com".
As admin#example.com, I tried to go to the settings of the IAM & Admin section of Google Cloud Platform. There I can see the name of the organization and its ID.
However, when I try to change the name of the organization I get the following error message:
You do not have the permission to rename this resource. Required
permission(s): All of resourcemanager.organizations.get and
resourcemanager.organizations.update
I tried to read the documentation on permissions but I couldn't find how to do this. How can I give myself permission to change the name of the organization?
You can't do it from GCP's console but you can from G-Suite admin panel.
You can find here some more info how to change the name of the organization and go from there.
I tried to automate the Shared VPC creation on GCP by using Terraform. I have enabled all the access to my service account (Org Admin, XpnAdmin, Storage Admin, Compute admin, Billing Admin)
But when i executed terraform apply it's throwing me following error:
missing permission on "billingAccounts/CXXXXXXXXXXXXXXXXXX": billing.resourceAssociations.create
I'm referring the Google provider Github code for this demo.
I was getting same error even my "Service Account" had the necessary "Organization" level permissions. Then I figured out, I need to give permission from "Billing Account". It worked.
I was following this tutorial to create projects via "Service Account" and "Terraform", but still was getting error. After some research, I followed this how-to and gave permission from "Billing Account".
Project, Organization and Billing are 3 separate components for permissions. Giving "Organization" level is not enough. The permission should be given from "Billing Account" as well.
It's quite likely you have the billing admin, but you also need the ability to create billing assignments, or "Billing Project Manager".
https://cloud.google.com/billing/v1/how-tos/access-control
billing.resourceAssociations.create AND resourcemanager.projects.createBillingAssignment on the Cloud Billing account.
There's some handy code to bootstrap a service account - Google Project Factory - You might want to have a look at that. Once that SA is created you shouldn't have permissions issues
I was getting this error when I had an old (deleted) billing account Id in my Terraform config.
<facePalm>Doh!</facePalm>
This error generally comes when you are logged into to machine/laptop and set default credentials to run terraform. Thereafter you got a new account or have been asked to use new account and you are authenticating using gcloud auth login / or gcloud auth application-default login. This will still use the previous account billing account. It is recommended to use Google CloudShell to run terraform script first time.