gcloud alpha transfer authorize - authorize an account for all Transfer Service features
gcloud alpha transfer authorize [--add-missing] [--creds-file=CREDS_FILE] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Authorize a Google account for all Transfer Service features.
This command provides admin and owner rights for simplicity. If that's too much authority for your use case, see custom setups here: https://cloud.google.com/storage-transfer/docs/on-prem-set-up
To see what Transfer Service IAM roles the account logged into gcloud may be missing, run:
$ gcloud alpha transfer authorize
To add the missing IAM roles, run:
$ gcloud alpha transfer authorize --add-missing
To check a custom service account for missing roles, run:
$ gcloud alpha transfer authorize \ --creds-file=path/to/service-account-key.json
- --add-missing
Add IAM roles necessary to use all Transfer Service features to the specified account. By default, this command just prints missing roles.
- --creds-file=CREDS_FILE
The path to the creds file for an account to authorize. The file should be in JSON format and contain a "type" and "client_email", which are automatically generated for most creds files downloaded from Google (e.g. service account tokens). If this flag is not present, the command authorizes the user currently logged into gcloud.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available:
$ gcloud transfer authorize