I am looking at the IAM Service Accounts tab in the GCP control panel. I am editing a Service Account. I click "Grant Access," enter the email of the service account I am creating and attempt to add Storage Admin.
However, there is no such option in the list.
Also, a seemingly equivalent attempt to do this via the CLI fails:
gcloud projects add-iam-policy-binding my-project-id \
--member='serviceAccount:github-actions@my-project-id.iam.gserviceaccount.com' \
--role='projects/my-project-id/roles/storage.admin'
ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition.
ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Role (projects/my-project-id/roles/storage.admin) does not exist in the resource's hierarchy.
Clearly, I am failing to understand something about how a service account is supposed to get granted a role.
Once you already created the service account you can go to IAM Page to add the Storage Admin Role.
In case you still want to add role using Creating Service Account Pane, Don't search with Storage instead scroll down to All Roles > Hover Cloud Storage > Select Storage Admin.
You can also do what John Hanley mentioned using the Cloud Shell.