2

I am trying to list all projects I have in GCP by using the projects.list method from the Resource Manager API but I cannot figure out what access token to be used.

Let's say I have three projects:

  • My Project 44572
  • Testing
  • My First Project

And when I use the projects.list method it should give me the output as this:

{
  "projects": [
    {
      "name": "My Project 44572", 
      "parent": {
        "type": "organization", 
        "id": "ORG_ID"
      }, 
      "projectId": "PROJECT_ID", 
      "projectNumber": "PROJECT_NUMBER", 
      "lifecycleState": "ACTIVE", 
      "createTime": "2020-06-15T08:38:04.712Z"
    }, 
    {
      "name": "Testing ", 
      "parent": {
        "type": "organization", 
        "id": "ORG_ID"
      }, 
      "projectId": "PROJECT_ID", 
      "projectNumber": "PROJECT_NUMBER", 
      "lifecycleState": "ACTIVE", 
      "createTime": "2020-06-15T08:35:59.480Z"
    }, 
    {
      "name": "My First Project", 
      "parent": {
        "type": "organization", 
        "id": "ORG_ID"
      }, 
      "projectId": "PROJECT_ID", 
      "projectNumber": "PROJECT_NUMBER", 
      "lifecycleState": "ACTIVE", 
      "createTime": "2020-06-15T08:33:23.859Z"
    }
  ]
}

But if I am using the Access Token which I got by using service account of My Project 44572 I am getting the following output:

{
  "projects": [
    {
      "name": "My Project 44572", 
      "parent": {
        "type": "organization", 
        "id": "ORG_ID"
      }, 
      "projectId": "PROJECT_ID", 
      "projectNumber": "PROJECT_NUMBER", 
      "lifecycleState": "ACTIVE", 
      "createTime": "2020-06-15T08:38:04.712Z"
    }
]
}

So, what access token I should use so that I would get all projects under my organization?

Postman console

desu sai venkat
  • 275
  • 3
  • 10
  • I don't understand your question: What's the relation between your organisation's project and Google Cloud Storage. A bucket belong to only one project and accound (service account that belong ot another project) can have access to the bucket. So, can you clarify what you want? Maybe with a dummy example of what you expect? – guillaume blaquiere Jun 15 '20 at 15:23
  • I agree with Guillaume. I do not understand the Cloud Storage usage in your issue. Please elaborate a bit more so we can help you with this. – Oqueli A. Martinez Jun 15 '20 at 23:09
  • @guillaumeblaquiere i had updated the question now with an example. Please check now and let me know if it helps – desu sai venkat Jun 16 '20 at 17:01
  • @OqueliA.Martinez Please check now – desu sai venkat Jun 16 '20 at 17:01
  • Which request are you performing? Do you have piece of code or gcloud command? Do you have an organisationID or folderID? – guillaume blaquiere Jun 16 '20 at 18:34
  • I am performing GET Request on https://cloudresourcemanager.googleapis.com/v1/projects end point and i had updated the question with detailed information about the request – desu sai venkat Jun 17 '20 at 06:12

2 Answers2

2

The projects.list method requires the permission resourcemanager.projects.get. You can grant the account any role containing the permission at org level to achieve your goal, e.g., -

  • roles/viewer
  • roles/editor
  • roles/owner

Alternatively, you can use the resources.searchAll method which requires the cloudasset.assets.searchAllResources permission. You can grant the account any role with this permission at org level:

  • roles/cloudasset.viewer
  • roles/cloudasset.owner
  • roles/viewer
  • roles/editor
  • roles/owner

To list all the projects within an organization 456:

gcloud asset search-all-resources \
--asset-types="cloudresourcemanager.googleapis.com/Project"
--scope=organizations/456

Documentation:

Related post:

Circy
  • 1,058
  • 11
  • 15
1

I solved the problem by assigning the service account of "My Project 44572" Owner role at Organization level and now when i use the access token generated by this service account it would list all the projects in my organization

desu sai venkat
  • 275
  • 3
  • 10