1

I am new to GCP pub/sub and am trying to get everything setup. I am facing a permission error when creating a subscription topic. Does anyone know what I am missing in my steps, or how to resolve? Here is what I have done so far.

  1. Add roles, Service Account Admin and Service Account Key Admin
  2. Created Service Account (completed the full flow)
  3. Tried to create a subscription topic <-- this is where I am receiving an error.

enter image description here

Here is the error at a closer look.

enter image description here

UPDATE: After receiving some comments, it seems my issues are all related to roles and permissions. The problem is that I do not know which roles/permissions work.

I am able to create a subscription topic so long that I do NOT enable authentication and add a service account. Since my original post, I have added these other additional permissions: Pub/Sub Admin, Service Account Admin, Service Account Key Admin, Service Account Token Creator, Service Account User.

portfoliobuilder
  • 7,556
  • 14
  • 76
  • 136
  • 1
    Are you sure that's the issue? If you set "retry after exponential backoff", does it work? I doubt... – guillaume blaquiere Nov 11 '22 at 09:55
  • @guillaumeblaquiere What else would cause Permission denied error? I didn't think I would need any other permissions than what I have already added. Is it a bug, you think? – portfoliobuilder Nov 11 '22 at 11:48
  • 1
    I don't think it is a bug but that your account doesn't have permissions to create the subscription. This is not related to the service account permissions – Puteri Nov 11 '22 at 12:13
  • You are right. I am missing subscription permission. So many permissions required. Wow! Thank you. – portfoliobuilder Nov 11 '22 at 12:30
  • 1
    @portfoliobuilder Is your issue resolved after adding the permissions? – kiran mathew Nov 15 '22 at 13:34
  • @kiranmathew Thanks for asking. No, it's not resolved. I have learned that when you "Enable Authentication" you need more than "Pub/Sub Admin", "Service Account Admin", "Service Account Key Admin", and "Service Account Token Creator". I added "Service Account User" and just had to resort to assigning "Owner" in the end. – portfoliobuilder Nov 15 '22 at 13:41
  • @portfoliobuilder Can you confirm whether you are still getting the “Permission denied ” message after giving the owner role? – kiran mathew Nov 17 '22 at 14:56

0 Answers0