0

我正在尝试使用 Google API 以编程方式创建 GCP 项目。这是示例代码:

const {JWT} = require('google-auth-library')

async function main (keyFile = {PATH_TO_CREDENTIAL_FILE}) {
  const keys = require(keyFile)
  const client = new JWT({
    email: keys.client_email,
    key: keys.private_key,
    scopes: ['https://www.googleapis.com/auth/cloud-platform']
  })
  const url = 'https://cloudresourcemanager.googleapis.com/v1beta1/projects/'
  const data = {
    projectId: 'my-first-project',
    name: 'My First Project',
    parent: {
      type: 'organization',
      id: {ORGANIZATION_ID}
    }
  }
  const res = await client.request({
    url,
    method: 'POST',
    data: JSON.stringify(data)
  })
  console.log('project Info:')
  console.log(res.data)

  const tokenInfo = await client.getTokenInfo(client.credentials.access_token)
  console.log('tokenInfo', tokenInfo)
}

const args = process.argv.slice(2)
main(...args).catch(console.error)

运行此代码后,我收到以下错误:

UnhandledPromiseRejectionWarning:错误:用户未被授权。

谁能帮助我为什么会收到此错误?我该如何解决这个问题?

附言

  • Google 资源管理器 API 已启用。
  • 服务帐户具有 role=owner 权限。
4

1 回答 1

1

您正在组织内创建一个项目。用户在组织中是否具有项目创建者角色?

创建组织后,您域中的所有用户都会自动获得组织级别的Project Creator和 Billing Account Creator IAM 角色。这使您域中的用户能够继续创建项目而不会中断。

The Organization Administrator will decide when they want to start actively using the organization. They can then change the default permissions and enforce more restrictive policies as needed

Also if you are authenticating using a service account (SA) then the SA needs to have the role

于 2019-10-22T17:58:01.970 回答