我正在与GCP集成,其中用户提供服务帐户凭据。
在启用集成之前,它必须检查服务帐户是否具有有意义的权限集。
检查我发现的权限的唯一有用的API是
https://cloudresourcemanager.googleapis.com/v1/projects/<PROJECT ID>:testIamPermissions
但是,似乎必须手动启用此api(Cloud Resource Manager API),否则会出现类似以下错误。
有什么想法可以完全自动化,而不必手动启用此API?还是使用默认情况下启用的其他API?
"error": {
"code": 403,
"message": "Cloud Resource Manager API has not been used in project 1xxxxxxxxxxx before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=PROJECT_ID then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developers console API activation",
"url": "https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=PROJECT_ID"
}
]
}
]
}
}
]
答案 0 :(得分:1)
默认情况下,不是几乎所有API都已禁用,您必须通过console,gcloud或API启用它们吗?有一个单独的API用于启用服务(https://cloud.google.com/service-usage/docs/enable-disable#curl),但是我不知道有什么可以直接用于尝试做的事情。因此,您可以以编程方式启用所需的资源管理器API,但是显然您需要获得权限才能执行此操作。