{"id":3139,"date":"2023-09-05T13:52:03","date_gmt":"2023-09-05T13:52:03","guid":{"rendered":"https:\/\/blog.designed79.co.uk\/?p=3139"},"modified":"2023-09-05T13:55:39","modified_gmt":"2023-09-05T13:55:39","slug":"google-cloud-setting-up-gcloud-with-service-account-credentials","status":"publish","type":"post","link":"https:\/\/blog.designed79.co.uk\/?p=3139","title":{"rendered":"Google Cloud \u2013 Setting up Gcloud with Service Account Credentials"},"content":{"rendered":"

In this article, we will download and install the Google gcloud CLI. Then we will set up gcloud with Google Service Account credentials. This article is for Windows-based systems but the same principles apply to Linux and Mac systems.<\/p>\n

Step 1 \u2013 Download gcloud<\/h5>\n

Google Cloud SDK Installer<\/a><\/p>\n

Step 2 \u2013 Launch the installer<\/h5>\n

At the<\/p>\n

Completing the Google Cloud SDK Setup Wizard<\/div><\/div>\n

, deselect<\/p>\n

Run gcloud init<\/div><\/div>\n

to configure the Cloud SDK. The reason is that we only want to use Service Account credentials.<\/p>\n

Step 3 \u2013 Access a Google public bucket<\/h5>\n
\n
\n
\n
\n
<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n<\/div>\n<\/td>\n
\n
\n
gsutil <\/span>ls <\/span>gs<\/span>:<\/span>\/\/gcp-public-data-landsat<\/span><\/pre>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n
This command should succeed and provide a listing of the files in this bucket. This command verifies that the CLI is installed. We have not set up credentials yet.<\/p>\n
Step 4 \u2013 Access one of your own private buckets<\/h5>\n
This step will verify that you have no credentials. Change the bucket name to a private bucket that you own.<\/p>\n
\n
\n\n\n\n
\n
\n
1<\/div>\n<\/div>\n<\/td>\n
\n
\n
gsutil <\/span>ls <\/span>gs<\/span>:<\/span>\/\/mybucket<\/span><\/pre>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n
This command should fail. If it succeeds you have a public bucket that anyone can access.<\/p>\n
Step 5 \u2013 Create Google Service Account credentials.<\/h5>\n
You can skip this step if you already have credentials to use.<\/p>\n
In this example, we will only grant<\/p>\n
Storage Admin<\/div><\/div>\n
to these credentials.<\/p>\n
    \n
  1. Go to\u00a0\n
    IAM &amp; admin<\/div><\/div>\n
    \u00a0->\u00a0<\/p>\n
    Service accounts<\/div><\/div>\n<\/li>\n
  2. Click\u00a0\n
    CREATE SERVICE ACCOUNT<\/div><\/div>\n<\/li>\n
  3. Enter a\u00a0\n
    Service account name<\/div><\/div>\n
    \u00a0and\u00a0<\/p>\n
    Service account description<\/div><\/div>\n<\/li>\n
  4. Click\u00a0\n
    CREATE<\/div><\/div>\n<\/li>\n
  5. In the next screen\u00a0\n
    Service account permissions<\/div><\/div>\n
    , select a role.<\/li>\n
  6. Select\u00a0\n
    Storage<\/div><\/div>\n
    \u00a0->\u00a0<\/p>\n
    Storage Admin<\/div><\/div>\n<\/li>\n
  7. Click\u00a0\n
    CONTINUE<\/div><\/div>\n<\/li>\n
  8. Click\u00a0\n
    Create key<\/div><\/div>\n<\/li>\n
  9. Check the\u00a0\n
    JSON<\/div><\/div>\n
    \u00a0radio button for the\u00a0<\/p>\n
    Key type<\/div><\/div>\n<\/li>\n
  10. Save the json file to your local computer.<\/li>\n<\/ol>\n
    Make note of the email address that Google Cloud created for these credentials.<\/p>\n
    Step 6- Configure gcloud with the Google Service Account credentials<\/h5>\n
    In this example, the email address is:\u00a0<\/p>\n
    test@development-123456.iam.gserviceaccount.com<\/div><\/div>\n
    The credentials file is:\u00a0<\/p>\n
    test_google_account.json<\/div><\/div>\n
    Modify these items to what you created in step 5.<\/p>\n
    \n
    <\/div>\n
    \n\n\n\n
    \n
    \n
    1<\/div>\n<\/div>\n<\/td>\n
    		\n
    \n
    gcloud <\/span>auth <\/span>activate<\/span>-<\/span>service<\/span>-<\/span>account <\/span>test<\/span>@<\/span>development<\/span>-<\/span>123456.iam.gserviceaccount.com<\/span> --<\/span>key<\/span>-<\/span>file<\/span>=<\/span>test_google_account<\/span>.<\/span>json<\/span><\/pre>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n
    <\/h5>\n
    Step 7 \u2013 Verify that the credentials work<\/h5>\n
    Change the bucket name to a private bucket that you own.<\/p>\n
    \n
    <\/div>\n
    \n\n\n\n
    \n
    \n
    1<\/div>\n<\/div>\n<\/td>\n
    		\n
    \n
    gsutil <\/span>ls <\/span>gs<\/span>:<\/span>\/\/mybucket<\/span><\/pre>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n
    This command should now succeed.<\/p>\n
    You have now successfully configured gcloud to work with Google Service Account credentials.<\/p>\n
    There are two commands that generate access tokens:<\/p>\n