1

The method projects.list provides details on the API call to request Google Computer Engine "projects". Is it possible to do this also with libcloud? I haven't found any reference in the documentation nor the source code, so I think it's not possible straight away.

If that's the case, could anyone provide some help on how this could be implemented? Initializing GCENodeDriver is not an option because it requires a project to be provided. However, when initializing it with a proper project, I could use the connection reference it contains. But so far, my attempts to issue a 

response = conn.request('https://cloudresourcemanager.googleapis.com/v1/projects', method='GET')

didn't result in anything useful

(libcloud.common.google.ResourceNotFoundError: u'Not Found').

I wonder if I can use the same authentication for this call (using service account and authentication json file). Any help is appreciated.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
orange
  • 7,755
  • 14
  • 75
  • 139

2 Answers2

0

Looking at the documentation for projects.list it only talks about the successful response case.

Method: projects.list

Lists Projects that are visible to the user and satisfy the specified filter. This method returns Projects in an unspecified order. New Projects do not necessarily appear at the end of the list.

HTTP request

GET https://cloudresourcemanager.googleapis.com/v1/projects

The URL uses Google API HTTP annotation syntax.

Request body

The request body must be empty.

Response body

If successful, the response body contains data with the following structure:

A page of the response received from the projects.list method.

A paginated response where more pages are available has nextPageToken set. This token can be used in a subsequent request to retrieve the next request page.

I'm not too familiar with libcloud, so do not know what Not Found means. To me it looks like the request got a 404 response.

I can make the following recommendations to confirm that the service account you're using has the required permissions and authentication scopes.

  • I'm not exactly sure which permissions/roles the service account needs to have, but I feel it should have permissions at the organization level to be able to list projects. I could not find any info about this in the documentation.

  • Here is the info about authorization scopes required to call this API.

Authorization

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/cloud-platform.read-only
https://www.googleapis.com/auth/cloudplatformprojects
https://www.googleapis.com/auth/cloudplatformprojects.readonly
Tuxdude
  • 47,485
  • 15
  • 109
  • 110
0

I ran into the same issue. The projects.list endpoint uses a different hostname and different OAUTH scope for permissions, and doesn't fit well into the flow of apache libcloud. I ended up adding some extra googleapiclient code to my libcloud script to fetch the project list:

from googleapiclient import discovery
from google.oauth2 import service_account

projects = {}
kf = 'projectname-12345.json'
creds = service_account.Credentials.from_service_account_file(kf)
projapi = discovery.build('cloudresourcemanager', 'v1',
                          credentials=creds).projects()
req = projapi.list()
while req:
    resp = req.execute()
    for project in resp.get('projects',[]):
        projects[project['projectId']] = project
    req = projapi.list_next(previous_request=req,
                            previous_response=resp)

print(sorted(projects))
kartik_subbarao
  • 228
  • 3
  • 15