[英]GCP list projects wtih Golang API
我正在尝试了解更多 Go,我的第一个程序是列出我们 GCP 组织中的所有项目(API 等效于gcloud projects list
)。 稍后我想以此作为跳板,在更新 Compute Engine label 时创建机器映像。
我正在使用来自 Google API 文档的这个样板:
“ListProjects 列出了作为指定文件夹或组织资源的直接子项的项目。”
package main
import (
resourcemanager "cloud.google.com/go/resourcemanager/apiv3"
"context"
"google.golang.org/api/iterator"
resourcemanagerpb "google.golang.org/genproto/googleapis/cloud/resourcemanager/v3"
)
func main() {
ctx := context.Background()
c, err := resourcemanager.NewProjectsClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &resourcemanagerpb.ListProjectsRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/resourcemanager/v3#ListProjectsRequest.
}
it := c.ListProjects(ctx, req)
for {
resp, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
}
我意识到这里有我没有完成的“TODO”部分。 有人可以帮助建议我如何使用这个样板并获得一个简单的项目列表吗? 感觉好像我缺乏某种形式来识别我的组织或项目,但由于我想要整个项目列表,所以我似乎没有在 API 调用中传达我的组织 ID?
现在我得到“PermissionDenied desc = 调用者没有权限”。 但是,我知道我设置了 Google 应用程序默认凭据,因为我可以在 go 中执行另一个 API 调用来列出计算实例。
为 Cloud Resource Manager 使用APIs Explorer API v3 projects.search
ORGANIZATION=[[YOUR-ORG]]
PROJECT=[[YOUR-PROJECT]] # Service Accounts are owned by Projects
ACCOUNT="tester"
# Enable Cloud Resource Manager API in a Project
# This Project will own the Service Account too
gcloud services enable cloudresourcemanager.googleapis.com \
--project=${PROJECT}
# Create the Service Account
gcloud iam service-accounts create ${ACCOUNT} \
--project=${PROJECT}
EMAIL=${ACCOUNT}@${PROJECT}.iam.gserviceaccount.com
# Create a Service Account Key locally
# For testing purposes only
gcloud iam service-accounts keys create ${PWD}/${ACCOUNT}.json \
--iam-account=${EMAIL} \
--project=${PROJECT}
# Ensure the Service Account can browse the Organization's resources
gcloud organizations add-iam-policy-binding ${ORGANIZATION} \
--role=roles/browser \
--member=serviceAccount:${EMAIL}
export GOOGLE_APPLICATION_CREDENTIALS=${PWD}/${ACCOUNT}.json
export ORGANIZATION
go run .
并且: main.go
:
package main
import (
"context"
"fmt"
"log"
"os"
resourcemanager "cloud.google.com/go/resourcemanager/apiv3"
resourcemanagerpb "google.golang.org/genproto/googleapis/cloud/resourcemanager/v3"
"google.golang.org/api/iterator"
)
func main() {
organization := os.Getenv("ORGANIZATION")
if organization == "" {
log.Fatalf("unable to obtain ORGANIZATION from the environment")
}
ctx := context.Background()
c, err := resourcemanager.NewProjectsClient(ctx)
if err != nil {
log.Fatal(err)
}
defer c.Close()
rqst := &resourcemanagerpb.SearchProjectsRequest{
Query: fmt.Sprintf("parent:organizations/%s", organization),
}
it := c.SearchProjects(ctx, rqst)
for {
resp, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
log.Fatal(err)
}
log.Println(resp.DisplayName)
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.