Issue
- The org constraint doesn't match the policy specification required by Glean
Resolution
- From the error message on the validation page, note the constraint name and the required spec. From the example error message below, we can infer the constraint name to be constraints/iam.disableServiceAccountKeyCreation and the required policy spec to be {"rules":[{"enforce": false}]}
- Create a yaml (say its located at /tmp/policy.yaml) file with the below configuration:
name: projects/PROJECT_ID/policies/iam.disableServiceAccountKeyCreation
spec:
rules:
- enforce: false - Execute the below command with credentials sufficient to modify org constraints in your organizations:
gcloud org-policies set-policy /tmp/policy.yaml
- Reupload the owner key
If you are still having difficulty please reach out to us: https://support.glean.com.