0

I’m trying to create a deployment manager template for bigquery data transfer to initiate a scheduled query. I’ve created a type provider for transfer configs and when I call the type provider for a scheduled query, I get the following error: "P4 service account needs iam.serviceAccounts.getAccessToken permission."

However, I’ve already given it ‘Service Account Token Creator’ permission on with "gcloud project add-iam-policy-binding .." How else would I be able to solve this?

Type Provider:

- name: custom-type-provider
  type: deploymentmanager.v2beta.typeProvider
  properties:
    descriptorUrl: "https://bigquerydatatransfer.googleapis.com/$discovery/rest?version=v1"
    options:
      inputMappings:
      - fieldName: Authorization
        location: HEADER
        value: >
          $.concat("Bearer ", $.googleOauth2AccessToken())

Calling the type provider:

- name: test
  type: project_id:custom-type-provider:projects.transferConfigs
  properties:
    parent: project/project_id
    ..
    ..
LetsNoSQL
  • 1,478
  • 1
  • 11
  • 23
Tanya Srinidhi
  • 1
  • 1

1 Answers1

0

I think you've hit a limitation on Scheduled Queries, where you have to use user accounts instead of service accounts in order to do the queries.

There is a feature request to allow service accounts to act on behalf for this particular action.

yyyyahir
  • 2,262
  • 1
  • 5
  • 14
  • Thanks for your reply, however I just got back to this problem today and received the same error. I don't think I hit the limit and checked the quotas as well to confirm. – Tanya Srinidhi Oct 18 '19 at 01:25