[英]Get list of assets/resource for a given project in GCP without any organization level permissions
An option I have been exploring is below.我一直在探索的一个选项如下。
On reading document https://cloud.google.com/security-command-center/docs/how-to-api-list-assets#listing_all_assets , it is found that we can get list of all assets using Security Command Center API.在阅读文档https://cloud.google.com/security-command-center/docs/how-to-api-list-assets#listing_all_assets时,发现我们可以使用 Security Command Center API 获取所有资产的列表。
Following is the code provided in the documentation.以下是文档中提供的代码。
static ImmutableList<ListAssetsResult> listAssets(OrganizationName organizationName) {
try (SecurityCenterClient client = SecurityCenterClient.create()) {
// Start setting up a request for to search for all assets in an organization.
// OrganizationName organizationName = OrganizationName.of(/*organizationId=*/"123234324");
ListAssetsRequest.Builder request =
ListAssetsRequest.newBuilder().setParent(organizationName.toString());
// Call the API.
ListAssetsPagedResponse response = client.listAssets(request.build());
// This creates one list for all assets. If your organization has a large number of assets
// this can cause out of memory issues. You can process them incrementally by returning
// the Iterable returned response.iterateAll() directly.
ImmutableList<ListAssetsResult> results = ImmutableList.copyOf(response.iterateAll());
System.out.println("All assets:");
System.out.println(results);
return results;
} catch (IOException e) {
throw new RuntimeException("Couldn't create client.", e);
}
}
Running the commands in security command center returns error "PERMISSION_DENIED: Permission 'securitycenter.assets.list' denied on resource 'organizations/{organization-id}' (or resource may not exist)" in response.在安全命令中心运行命令会返回错误“PERMISSION_DENIED:对资源‘organizations/{organization-id}’(或资源可能不存在)的权限‘securitycenter.assets.list’被拒绝”作为响应。
According to the following document https://cloud.google.com/security-command-center/docs/access-control , the permission 'securitycenter.assets.list' needs to be set at ORGANIZATION LEVEL which is problematic.根据以下文档https://cloud.google.com/security-command-center/docs/access-control ,需要在组织级别设置权限“securitycenter.assets.list”,这是有问题的。
I'm looking for a an option to by pass the above issue where I do not need organizational level permission or any other API which would help me get this done.我正在寻找一个选项来绕过上述问题,我不需要组织级别的许可或任何其他 API 这将帮助我完成这项工作。
To use the Security Command Center your project needs to be part of an organization.要使用 Security Command Center,您的项目需要成为组织的一部分。 You also need permission at the Organization level.
您还需要组织级别的权限。 Your objective cannot be achieved at the Project Level.
您的目标无法在项目级别实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.