gcloud transfer authorize - authorize an account for all Transfer Service features
gcloud transfer authorize [--add-missing] [--creds-file=CREDS_FILE] [GCLOUD_WIDE_FLAG ...]
Authorize a Google account for all Transfer Service features.
This command provides admin and owner rights for simplicity. If that's too much authority for your use case, see custom setups here: https://cloud.google.com/storage-transfer/docs/on-prem-set-up
To see what Transfer Service IAM roles the account logged into gcloud may be missing, run:
$ gcloud transfer authorize
To add the missing IAM roles, run:
$ gcloud transfer authorize --add-missing
To check a custom service account for missing roles, run:
$ gcloud transfer authorize \ --creds-file=path/to/service-account-key.json
- --add-missing
Add IAM roles necessary to use all Transfer Service features to the specified account. By default, this command just prints missing roles.
- --creds-file=CREDS_FILE
The path to the creds file for an account to authorize. The file should be in JSON format and contain a "type" and "client_email", which are automatically generated for most creds files downloaded from Google (e.g. service account tokens). If this flag is not present, the command authorizes the user currently logged into gcloud.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This variant is also available:
$ gcloud alpha transfer authorize