google-cloud-resource-manage list projects 403调用者没有权限
google-cloud-resource-manage list projects 403 The caller does not have permission
我创建了一个 GCP 服务帐户并分配了列出组织内部项目所需的权限。当我使用 gcloud cli 时,一切正常:
gcloud auth activate-service-account --key-file=./key.json
gcloud projects list
# -> List of all projects
但是当我尝试使用 Python Client for Google Cloud Resource Manager 进行“相同”操作时,我收到一条 403 The caller does not have permission 错误消息。
# pip install google-cloud-resource-manager==1.4.1
from google.oauth2 import service_account
from google.cloud import resourcemanager_v3
# Load gcp credentials
credentials = service_account.Credentials.from_service_account_file('./key.json')
# Create resourcemanager_v3 ProjectsClient
resourcemanager_v3_projects_client = resourcemanager_v3.ProjectsClient(credentials=credentials)
# Initialize request argument(s)
list_projects_request = resourcemanager_v3.ListProjectsRequest(show_deleted=False, parent='')
# Make the request
page_result = resourcemanager_v3_projects_client.list_projects(request=list_projects_request)
# -> Error...
# -> grpc_helpers.py", line 68, in error_remapped_callable
# -> raise exceptions.from_grpc_error(exc) from exc
# -> google.api_core.exceptions.PermissionDenied: 403 The caller does not have permission
Python Client for Google Cloud Resource Manager 是否需要 gcloud cli 以外的其他许可,或者我是否遗漏了 Python 代码中的某些内容?
我好像错过了 parent parameter...
以下片段应列出特定文件夹或组织的项目。
# pip install google-cloud-resource-manager==1.4.1
from google.oauth2 import service_account
from google.cloud import resourcemanager_v3
# Load gcp credentials
credentials = service_account.Credentials.from_service_account_file('./key.json')
# Create resourcemanager_v3 ProjectsClient
resourcemanager_v3_projects_client = resourcemanager_v3.ProjectsClient(credentials=credentials)
# Initialize request argument(s)
list_projects_request = resourcemanager_v3.ListProjectsRequest(show_deleted=False, parent='folders/%project-id%') # for organization: 'organizations/%organization-id%'
# Make the request
page_result = resourcemanager_v3_projects_client.list_projects(request=list_projects_request)
# Handle the response
for response in page_result:
print(response)
我创建了一个 GCP 服务帐户并分配了列出组织内部项目所需的权限。当我使用 gcloud cli 时,一切正常:
gcloud auth activate-service-account --key-file=./key.json
gcloud projects list
# -> List of all projects
但是当我尝试使用 Python Client for Google Cloud Resource Manager 进行“相同”操作时,我收到一条 403 The caller does not have permission 错误消息。
# pip install google-cloud-resource-manager==1.4.1
from google.oauth2 import service_account
from google.cloud import resourcemanager_v3
# Load gcp credentials
credentials = service_account.Credentials.from_service_account_file('./key.json')
# Create resourcemanager_v3 ProjectsClient
resourcemanager_v3_projects_client = resourcemanager_v3.ProjectsClient(credentials=credentials)
# Initialize request argument(s)
list_projects_request = resourcemanager_v3.ListProjectsRequest(show_deleted=False, parent='')
# Make the request
page_result = resourcemanager_v3_projects_client.list_projects(request=list_projects_request)
# -> Error...
# -> grpc_helpers.py", line 68, in error_remapped_callable
# -> raise exceptions.from_grpc_error(exc) from exc
# -> google.api_core.exceptions.PermissionDenied: 403 The caller does not have permission
Python Client for Google Cloud Resource Manager 是否需要 gcloud cli 以外的其他许可,或者我是否遗漏了 Python 代码中的某些内容?
我好像错过了 parent parameter...
以下片段应列出特定文件夹或组织的项目。
# pip install google-cloud-resource-manager==1.4.1
from google.oauth2 import service_account
from google.cloud import resourcemanager_v3
# Load gcp credentials
credentials = service_account.Credentials.from_service_account_file('./key.json')
# Create resourcemanager_v3 ProjectsClient
resourcemanager_v3_projects_client = resourcemanager_v3.ProjectsClient(credentials=credentials)
# Initialize request argument(s)
list_projects_request = resourcemanager_v3.ListProjectsRequest(show_deleted=False, parent='folders/%project-id%') # for organization: 'organizations/%organization-id%'
# Make the request
page_result = resourcemanager_v3_projects_client.list_projects(request=list_projects_request)
# Handle the response
for response in page_result:
print(response)