Automate GCP Service Account Creation

Sri

1/13/23, 12:10 PM

Is it possible for my webapp to create service accounts on behalf of my users in their GCP?

Ideal flow would be:

Use performs Google OAuth via my webapp
Correct scopes are passed and permission is granted
My app receives the authority to create service accounts on behalf of user

Is this at all possible? I'm struggling to find an example or find the relevant scopes via Google Oauth that grant such permissions.

Thanks!

145

0 + 0

google-cloud-platform

John Hanley

1/13/23, 9:10 PM

Yes, it is very easy to create service accounts. There are many examples in Python, C#, Java, etc. on the Internet. The OAuth scope required is **cloud-platform**. The IAM identity requires an IAM role https://cloud.google.com/iam/docs/service-accounts#service_account_permissions. However, there is a difference between creating a service account (first step) and create a service account **key** JSON file (second step). Note: Google Cloud has limits on the number of service accounts and keys. The default is 100 service accounts per project and 10 keys per service account.

Sri

1/15/23, 3:54 PM

Thanks @JohnHanley I made some progress from the time of posting the original request, and I'll share my work open source once it's good enough. :v:

Score:0

Server

Fariya Rahmat

1/23/23, 4:48 AM

As suggested by @John Hanley Yes, you can create service accounts.The OAuth scope required is cloud-platform.To create a service account, at minimum the user must be granted the Service Account Admin role (roles/iam.serviceAccountAdmin) or the Editor basic role (roles/editor).

After you create a service account, you might need to wait for 60 seconds or more before you use the service account. If you try to use a service account immediately after you create it, and you receive an error, you can retry the request with exponential backoff.

By default, each project can have up to 100 service accounts that control access to your resources.

Checkout the link on Creating and Managing Service Accounts.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Automate GCP Service Account Creation

TH: สร้างบัญชีบริการ GCP โดยอัตโนมัติ

RO: Automatizați crearea contului de serviciu GCP

RU: Автоматизируйте создание сервисной учетной записи GCP

VI: Tự động tạo tài khoản dịch vụ GCP

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.