google云资源管理列表项目403调用者没有权限。

Question

我创建了一个GCP服务帐户，并为列出组织内的项目分配了所需的权限。当我使用gcloud cli时，一切都正常：

gcloud auth activate-service-account --key-file=./key.json
gcloud projects list

# -> List of all projects

但是，当我对用于Google资源管理器的Python客户端尝试“相同”时，我会收到一条403 The caller does not have permission错误消息。

# pip install google-cloud-resource-manager==1.4.1
from google.oauth2 import service_account
from google.cloud import resourcemanager_v3

# Load gcp credentials
credentials = service_account.Credentials.from_service_account_file('./key.json')

# Create resourcemanager_v3 ProjectsClient
resourcemanager_v3_projects_client = resourcemanager_v3.ProjectsClient(credentials=credentials)

# Initialize request argument(s)
list_projects_request = resourcemanager_v3.ListProjectsRequest(show_deleted=False, parent='')

# Make the request
page_result = resourcemanager_v3_projects_client.list_projects(request=list_projects_request)


# -> Error...
# -> grpc_helpers.py", line 68, in error_remapped_callable
# -> raise exceptions.from_grpc_error(exc) from exc
# -> google.api_core.exceptions.PermissionDenied: 403 The caller does not have permission

Python Client for Google Cloud Resource Manager是否需要gcloud cli以外的其他权限，还是在gcloud cli代码中遗漏了什么？

Answer 1

好像我错过了parent 参数..。

下面的片段应该列出特定文件夹或组织的项目。

# pip install google-cloud-resource-manager==1.4.1
from google.oauth2 import service_account
from google.cloud import resourcemanager_v3

# Load gcp credentials
credentials = service_account.Credentials.from_service_account_file('./key.json')

# Create resourcemanager_v3 ProjectsClient
resourcemanager_v3_projects_client = resourcemanager_v3.ProjectsClient(credentials=credentials)

# Initialize request argument(s)
list_projects_request = resourcemanager_v3.ListProjectsRequest(show_deleted=False, parent='folders/%folder-id%') # for organization: 'organizations/%organization-id%'

# Make the request
page_result = resourcemanager_v3_projects_client.list_projects(request=list_projects_request)

# Handle the response
for response in page_result:
    print(response)