如何查询 PubSub 项目主题/特定主题的 pubsub.topics.list 权限
How to query pubsub.topics.list permission on PubSub project topics / specific topic
我想检查运行代码是否有权限在特定项目中做"pubsub.topics.list"。
此代码:
try (TopicAdminClient admin = getTopicAdmin()) {
List<String> existing = admin.testIamPermissions("projects/my-proj/topics/my-topic",
Collections.singletonList("pubsub.topics.list")).getPermissionsList();
}
抛出 io.grpc.StatusRuntimeException: INVALID_ARGUMENT: Permission pubsub.topics.list is not valid for this resource.
当我将 "projects/my-proj/topics/my-topic" 替换为 "projects/my-proj/topics" 或 "projects/my-proj"
它抛出:io.grpc.StatusRuntimeException: INVALID_ARGUMENT: Invalid resource name given,从 docs 看来唯一有效的资源名称是 "projects/my-proj/topics/my-topic" and "projects/my-proj/subscriptions/my-sub"
测试 pubsub.topics.list 权限的正确方法是什么?
每 https://cloud.google.com/pubsub/docs/access-control#tbl_perm, pubsub.topics.list is a permission on a Cloud project. The Cloud Pub/Sub service does not manage permissions on Cloud projects. Rather, the Resource Manager service manages permissions on Cloud projects. See https://cloud.google.com/resource-manager/docs/access-control-proj and https://cloud.google.com/iam/docs/testing-permissions.
我想检查运行代码是否有权限在特定项目中做"pubsub.topics.list"。 此代码:
try (TopicAdminClient admin = getTopicAdmin()) {
List<String> existing = admin.testIamPermissions("projects/my-proj/topics/my-topic",
Collections.singletonList("pubsub.topics.list")).getPermissionsList();
}
抛出 io.grpc.StatusRuntimeException: INVALID_ARGUMENT: Permission pubsub.topics.list is not valid for this resource.
当我将 "projects/my-proj/topics/my-topic" 替换为 "projects/my-proj/topics" 或 "projects/my-proj"
它抛出:io.grpc.StatusRuntimeException: INVALID_ARGUMENT: Invalid resource name given,从 docs 看来唯一有效的资源名称是 "projects/my-proj/topics/my-topic" and "projects/my-proj/subscriptions/my-sub"
测试 pubsub.topics.list 权限的正确方法是什么?
每 https://cloud.google.com/pubsub/docs/access-control#tbl_perm, pubsub.topics.list is a permission on a Cloud project. The Cloud Pub/Sub service does not manage permissions on Cloud projects. Rather, the Resource Manager service manages permissions on Cloud projects. See https://cloud.google.com/resource-manager/docs/access-control-proj and https://cloud.google.com/iam/docs/testing-permissions.