Issues with integration deployment using pub/sub trigger #393
Description
Application Integration in one project has Pub/Sub Trigger to connect to Topics in another project using a service account but the deployment pipeline throws below error. Can you please check and suggest:
DEBUG: 2025/04/21 07:54:26 httpclient.go:60: Connecting to: https://iam.googleapis.com/v1/projects/commerceproject/serviceAccounts
DEBUG: 2025/04/21 07:54:26 httpclient.go:69: Method: POST
DEBUG: 2025/04/21 07:54:26 httpclient.go:72: Payload: {
"accountId": "g-sourceintegration-sa",
"serviceAccount": {
"displayName": "g-sourceintegration-sa"
}
}
DEBUG: 2025/04/21 07:54:26 httpclient.go:169: Setting token : ***
DEBUG: 2025/04/21 07:54:26 httpclient.go:98: Content-Type : application/json
{
"error": {
DEBUG: 2025/04/21 07:54:27 httpclient.go:244: status code 403, error in response: {
"code": 403,
"message": "Permission 'iam.serviceAccounts.create' denied on resource (or it may not exist).",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "IAM_PERMISSION_DENIED",
"domain": "iam.googleapis.com",
"metadata": {
"permission": "iam.serviceAccounts.create"
}
}
]
}
}
"error": {
"code": 403,
ERROR: 2025/04/21 07:54:27 iam.go:268: Forbidden - the client does not have access rights: {
"error": {
"code": 403,
"message": "Permission 'iam.serviceAccounts.create' denied on resource (or it may not exist).",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "IAM_PERMISSION_DENIED",
"domain": "iam.googleapis.com",
"metadata": {
"message": "Permission 'iam.serviceAccounts.create' denied on resource (or it may not exist).",
"permission": "iam.serviceAccounts.create"
}
}
]
}
}