google cloud platform – What permissions do I need to send messages via FCM?

I'm trying to set up a service account for FCM with the help of Terraform. I've created a custom role based on permissions in the IAM Firebase Permissions reference. I can not make it work.

Here is my custom role (including authentication permissions):

resource "google_project_iam_custom_role" "firebase_access" {
project = "$ {}"

permissions = [
    # Auth

    # Cloud Messaging

    # Firebase required
    # "resourcemanager.projects.list", Not required

  role_id = "[redacted]"# Can not have hyphens
title = "fire base [redacted] Role"
description = "Provides the minimum permissions necessary for the [redacted] API to use Firebase "

I receive the error below:

Error: An error occurred while trying to authenticate with the FCM.
waiters. Make sure that the credentials used to authenticate this SDK have
the appropriate permissions. See for configuration instructions.

It's absolutely miserable. The error message is not useful at all. By checking a service account created via Firebase, I see that there is an additional role, Firebase Admin SDK Administrator Service Agent. The role does not appear anywhere in the documentation. I had to check the HTTP request when adding the role to understand its real name (roles / firebase.sdkAdminServiceAgent). At first I thought adding this role corrected my problem, but it was wrong. I had also added the Editor role, and the GCP IAM takes a long time to update (-_-).

For now, I'm just going to add the Editor role, but I would much rather constrain authorizations as much as possible.

What are the minimum permissions required to send FCM messages? The documentation is not useful, as far as I know.