From e77f08d4e6df10a6ab27089a60732cb64b84d2cd Mon Sep 17 00:00:00 2001
From: Chris Pick <github@chrispick.com>
Date: Mon, 1 Oct 2018 13:09:32 -0400
Subject: [PATCH] Note that GCP auth method needs iam API enabled (#5339)

In addition to the specific permissions that are already mentioned, the project also needs the `iam.googleapis.com` API enabled, otherwise authenticating will fail with an error similar to:

```
Error authenticating: Error making API request.

URL: PUT https://localhost:8200/v1/auth/gcp/login
Code: 400. Errors:

* could not find service account key or Google Oauth cert with given 'kid' id
```
---
 website/source/api/auth/gcp/index.html.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/website/source/api/auth/gcp/index.html.md b/website/source/api/auth/gcp/index.html.md
index 2b89c4f47d..a76210b523 100644
--- a/website/source/api/auth/gcp/index.html.md
+++ b/website/source/api/auth/gcp/index.html.md
@@ -41,6 +41,8 @@ to confirm signed JWTs passed in during login.
 
     If this value is empty, Vault will try to use [Application Default
     Credentials][gcp-adc] from the machine on which the Vault server is running.
+    
+    The project must have the `iam.googleapis.com` API [enabled](https://console.cloud.google.com/flows/enableapi?apiid=iam.googleapis.com).
 
 - `google_certs_endpoint` `(string:
   "https://www.googleapis.com/oauth2/v3/certs")`: The Google OAuth2 endpoint