使用Golang API列出GCP项目。

huangapple
go评论118阅读模式
英文:

GCP list projects wtih Golang API

问题

我正在尝试学习更多关于Go语言的知识,我的第一个程序是列出我们GCP组织中的所有项目(相当于gcloud projects list的API等效方式)。之后,我想利用这个程序来创建机器镜像,当计算引擎的标签更新时。

我正在使用Google API文档中的这个样板代码:

"ListProjects列出指定文件夹或组织资源的直接子项目。"

  1. package main
  3. import (
  4.         resourcemanager "cloud.google.com/go/resourcemanager/apiv3"
  5.         "context"
  6.         "google.golang.org/api/iterator"
  7.         resourcemanagerpb "google.golang.org/genproto/googleapis/cloud/resourcemanager/v3"
  8. )
  10. func main() {
  11.         ctx := context.Background()
  12.         c, err := resourcemanager.NewProjectsClient(ctx)
  13.         if err != nil {
  14.                 // TODO: 处理错误。
  15.         }
  16.         defer c.Close()
  18.         req := &resourcemanagerpb.ListProjectsRequest{
  19.                 // TODO: 填充请求结构体字段。
  20.                 // 参见 https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/resourcemanager/v3#ListProjectsRequest。
  21.         }
  22.         it := c.ListProjects(ctx, req)
  23.         for {
  24.                 resp, err := it.Next()
  25.                 if err == iterator.Done {
  26.                         break
  27.                 }
  28.                 if err != nil {
  29.                         // TODO: 处理错误。
  30.                 }
  31.                 // TODO: 使用 resp。
  32.                 _ = resp
  33.         }
  34. }

我意识到这里有一些未完成的"TODO"部分。有人可以帮忙建议如何使用这个样板代码来获取项目的简单列表吗?感觉我缺少一种方式来标识我的组织或项目,但由于我想要获取整个项目列表,似乎在API调用中没有传递我的组织ID?

目前我得到的错误是"PermissionDenied desc = The caller does not have permission"。然而,我知道我已经设置了Google应用程序默认凭据,因为我可以使用另一个Go API调用来列出计算实例。

英文:

I am trying to learn more Go, and my first program is to list all the projects in our GCP org (API equivalent of gcloud projects list). Later I want to take this as a springboard to create machine images when a Compute Engine label is updated.

I am using this boilplate from the Google API docs:

"ListProjects lists projects that are direct children of the specified folder or organization resource."

  1. package main
  3. import (
  4.         resourcemanager "cloud.google.com/go/resourcemanager/apiv3"
  5.         "context"
  6.         "google.golang.org/api/iterator"
  7.         resourcemanagerpb "google.golang.org/genproto/googleapis/cloud/resourcemanager/v3"
  8. )
  10. func main() {
  11.         ctx := context.Background()
  12.         c, err := resourcemanager.NewProjectsClient(ctx)
  13.         if err != nil {
  14.                 // TODO: Handle error.
  15.         }
  16.         defer c.Close()
  18.         req := &resourcemanagerpb.ListProjectsRequest{
  19.                 // TODO: Fill request struct fields.
  20.                 // See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/resourcemanager/v3#ListProjectsRequest.
  21.         }
  22.         it := c.ListProjects(ctx, req)
  23.         for {
  24.                 resp, err := it.Next()
  25.                 if err == iterator.Done {
  26.                         break
  27.                 }
  28.                 if err != nil {
  29.                         // TODO: Handle error.
  30.                 }
  31.                 // TODO: Use resp.
  32.                 _ = resp
  33.         }
  34. }

I realize there are "TODO" pieces here that I don't have completed. Can someone help to suggest how I can take this boilplate and get a simple list of projects? It feels like I am lacking some form of identifying my org or my project, but since I want the entire list of projects, it seems like I am not conveying my org id in the API call?

For now I am getting "PermissionDenied desc = The caller does not have permission". However, I know that I have Google Application Default credentials setup because I can do another API call in go to list compute instances.

答案1

得分: 2

使用APIs Explorer来调用Cloud Resource Manager API v3的projects.search方法。

  1. ORGANIZATION=[[YOUR-ORG]]
  2. PROJECT=[[YOUR-PROJECT]] # Service Accounts are owned by Projects
  3. ACCOUNT="tester"
  5. # 在项目中启用Cloud Resource Manager API
  6. # 这个项目也将拥有Service Account
  7. gcloud services enable cloudresourcemanager.googleapis.com \
  8. --project=${PROJECT}
  10. # 创建Service Account
  11. gcloud iam service-accounts create ${ACCOUNT} \
  12. --project=${PROJECT}
  14. EMAIL=${ACCOUNT}@${PROJECT}.iam.gserviceaccount.com
  16. # 在本地创建Service Account Key
  17. # 仅用于测试目的
  18. gcloud iam service-accounts keys create ${PWD}/${ACCOUNT}.json \
  19. --iam-account=${EMAIL} \
  20. --project=${PROJECT} 
  22. # 确保Service Account可以浏览组织的资源
  23. gcloud organizations add-iam-policy-binding ${ORGANIZATION} \
  24. --role=roles/browser \
  25. --member=serviceAccount:${EMAIL}
  27. export GOOGLE_APPLICATION_CREDENTIALS=${PWD}/${ACCOUNT}.json
  28. export ORGANIZATION
  30. go run .

还有:
main.go:

  1. package main
  3. import (
  4. 	"context"
  5. 	"fmt"
  6. 	"log"
  7. 	"os"
  9. 	resourcemanager "cloud.google.com/go/resourcemanager/apiv3"
  10. 	resourcemanagerpb "google.golang.org/genproto/googleapis/cloud/resourcemanager/v3"
  12. 	"google.golang.org/api/iterator"
  13. )
  15. func main() {
  16. 	organization := os.Getenv("ORGANIZATION")
  17. 	if organization == "" {
  18. 		log.Fatalf("无法从环境中获取ORGANIZATION")
  19. 	}
  21. 	ctx := context.Background()
  22. 	c, err := resourcemanager.NewProjectsClient(ctx)
  23. 	if err != nil {
  24. 		log.Fatal(err)
  25. 	}
  26. 	defer c.Close()
  28. 	rqst := &resourcemanagerpb.SearchProjectsRequest{
  29. 		Query: fmt.Sprintf("parent:organizations/%s", organization),
  30. 	}
  31. 	it := c.SearchProjects(ctx, rqst)
  32. 	for {
  33. 		resp, err := it.Next()
  34. 		if err == iterator.Done {
  35. 			break
  36. 		}
  37. 		if err != nil {
  38. 			log.Fatal(err)
  39. 		}
  41. 		log.Println(resp.DisplayName)
  42. 	}
  44. }

以上是要翻译的内容。

英文:

Using APIs Explorer for Cloud Resource Manager API v3 projects.search

  1. ORGANIZATION=[[YOUR-ORG]]
  2. PROJECT=[[YOUR-PROJECT]] # Service Accounts are owned by Projects
  3. ACCOUNT="tester"
  5. # Enable Cloud Resource Manager API in a Project
  6. # This Project will own the Service Account too
  7. gcloud services enable cloudresourcemanager.googleapis.com \
  8. --project=${PROJECT}
  10. # Create the Service Account
  11. gcloud iam service-accounts create ${ACCOUNT} \
  12. --project=${PROJECT}
  14. EMAIL=${ACCOUNT}@${PROJECT}.iam.gserviceaccount.com
  15.  
  16. # Create a Service Account Key locally
  17. # For testing purposes only
  18. gcloud iam service-accounts keys create ${PWD}/${ACCOUNT}.json \
  19. --iam-account=${EMAIL} \
  20. --project=${PROJECT} 
  22. # Ensure the Service Account can browse the Organization's resources 
  23. gcloud organizations add-iam-policy-binding ${ORGANIZATION} \
  24. --role=roles/browser \
  25. --member=serviceAccount:${EMAIL}
  26.  
  27. export GOOGLE_APPLICATION_CREDENTIALS=${PWD}/${ACCOUNT}.json
  28. export ORGANIZATION
  30. go run .

And:
main.go:

  1. package main
  3. import (
  4. 	"context"
  5. 	"fmt"
  6. 	"log"
  7. 	"os"
  9. 	resourcemanager "cloud.google.com/go/resourcemanager/apiv3"
  10. 	resourcemanagerpb "google.golang.org/genproto/googleapis/cloud/resourcemanager/v3"
  12. 	"google.golang.org/api/iterator"
  13. )
  15. func main() {
  16. 	organization := os.Getenv("ORGANIZATION")
  17. 	if organization == "" {
  18. 		log.Fatalf("unable to obtain ORGANIZATION from the environment")
  19. 	}
  21. 	ctx := context.Background()
  22. 	c, err := resourcemanager.NewProjectsClient(ctx)
  23. 	if err != nil {
  24. 		log.Fatal(err)
  25. 	}
  26. 	defer c.Close()
  28. 	rqst := &resourcemanagerpb.SearchProjectsRequest{
  29. 		Query: fmt.Sprintf("parent:organizations/%s", organization),
  30. 	}
  31. 	it := c.SearchProjects(ctx, rqst)
  32. 	for {
  33. 		resp, err := it.Next()
  34. 		if err == iterator.Done {
  35. 			break
  36. 		}
  37. 		if err != nil {
  38. 			log.Fatal(err)
  39. 		}
  41. 		log.Println(resp.DisplayName)
  42. 	}
  44. }

huangapple
  • 本文由 发表于 2022年9月13日 08:10:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/73696396.html
  • api
  • go
  • google-cloud-platform
  • protocol-buffers
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定