I'm trying to create a deployment manager template for bigquery data transfer to initiate a scheduled query. I've created a type provider for transfer configs and when I call the type provider for a scheduled query, I get the following error: "P4 service account needs iam.serviceAccounts.getAccessToken permission."
However, I've already given it 'Service Account Token Creator' permission on with "gcloud project add-iam-policy-binding.." How else would I be able to solve this?
Type Provider:
- name: custom-type-provider
type: deploymentmanager.v2beta.typeProvider
properties:
descriptorUrl: "https://bigquerydatatransfer.googleapis.com/$discovery/rest?version=v1"
options:
inputMappings:
- fieldName: Authorization
location: HEADER
value: >
$.concat("Bearer ", $.googleOauth2AccessToken())
Calling the type provider:
- name: test
type: project_id:custom-type-provider:projects.transferConfigs
properties:
parent: project/project_id
..
..
I think you've hit a limitation on Scheduled Queries, where you have to use user accounts instead of service accounts in order to do the queries.
There is a feature request to allow service accounts to act on behalf for this particular action.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.