1

I'm building an application in Java for getting all the GCP projects and all the resources under the projects of an organization. I saw one option to get all the projects under an organization using resource manager, when I hit through REST API like as shown below

https://cloud.google.com/resource-manager/reference/rest/v1/projects/list

I am able to see all the projects under the organization but when I try the same via java gcp library I am getting only the provided service account project details and not the full organizational projects.

Can someone please help me on this

Alex Man
  • 4,746
  • 17
  • 93
  • 178
  • The credentials your application is using can only see the projects that it is authorized to access. If that is a service account, then you will need to grant IAM permissions either at the ORG, Folder or Project level. – John Hanley Oct 29 '21 at 15:44
  • @JohnHanley Thanks for the quick reply, I have given `Browser` `Organization Administrator`, `Owner`, `Viewer` roles still no luck – Alex Man Oct 29 '21 at 15:47
  • @JohnHanley Even I created a custom role and added these permission as well `cloudasset.assets.searchAllResources`, `compute.instances.list`, `resourcemanager.projects.get`, `resourcemanager.projects.list` but still no luck. Not getting where exactly I went wrong – Alex Man Oct 29 '21 at 15:51
  • 1
    Go at the org level, then, Menu>IAM&Admin>IM add the service account there with the same roles and try again. Careful though, please use the least least privilege approach when doing so. – dany L Oct 29 '21 at 15:52
  • 1
    1/2) There are two items to consider when granting IAM roles. The IAM roles themselves and where you are granting them. Edit your question with a current problem and its configuration. I am not interested in what you have tried. I am only interested in how everything is configured and the error messages. Note: The Owner role grants more than enough permissions to see a project. FYI do not grant that role. That means you are not granting the IAM roles at the correct level in your organization. – John Hanley Oct 29 '21 at 16:01
  • 1
    2/2) Go back and read the documentation on the APIs. There are two. Cloud Asset Inventory and Resource Manager. I recommend the first API. Understand what permissions are required and where. – John Hanley Oct 29 '21 at 16:02
  • @JohnHanley Thanks for the suggestion. Can I get all the projects details under an organization including the project names via `Cloud Asset Inventory` – Alex Man Oct 29 '21 at 16:29
  • You can use either API. Cloud Asset Inventory is newer and has more features. Learn both of them. My website has articles that will help you. – John Hanley Oct 29 '21 at 18:00

1 Answers1

1

The following example demonstrates how to list every resource node in your Organizations:

organizations = CloudResourceManager.Organizations.Search()
projects = emptyList()

parentsToList = queueOf(organizations)
while (parent = parentsToList.pop()) {
  // NOTE: Don't forget to iterate over paginated results.
  // TODO: handle PERMISSION_DENIED appropriately.
  projects.addAll(CloudResourceManager.Projects.List(
      "parent.type:" + parent.type + " parent.id:" + parent.id))
  parentsToList.addAll(CloudResourceManager.Folders.List(parent))
}

If your gcloud projects list query fails or takes too long, the number of Google Cloud projects to return might be too large. To fix this, apply the filter and page-size flags to your gcloud projects list command.

Ankit Srivastava
  • 107
  • 1
  • thanks for the answer, like to know if I can get the resource details (like compute engine, cloud storage etc) also from these iterated projects using Respurce Manager – Alex Man Oct 30 '21 at 20:09