TiredDeer8 months ago
Good morning. We would like to use Google Cloud Provider's storage bucket solution (GCS on Terra Dashboard) to store all incoming Terra payloads. When we go to add the destination on dashboard, a file upload icon appears asking for a permissions certificate. Where do we get this certificate?
Elliottadmin8 months ago
Hello there,
The JSON permission certificate is how Google Cloud Provider allows third parties like Terra authenticate and upload files to GCP GCS - it is best practice to create a service account with only the necessary principals and create a certificate . To generate the certificate, open your GCP project and in the sidebar, navigate to [IAM and Admin > Service accounts > Select an Account > Keys] and hit the button that says + Add Key then choose JSON. Then upload this certificate on the Terra dashboard; if the certificate is valid, the modal will close without outputting an error message.
TiredDeer8 months ago
What are the minimal permissions needed to write the bucket? Only a certificate with admin access seems to work for us.
Elliottadmin8 months ago
The service account for which the certificate/key is made for, must have the role "Storage Object User" over the project or that resource (bucket)