0

我想做跨账户和跨项目访问。在这种情况下,我在我的项目 (accessor@myproject.iam.gserviceaccount.com) 中创建了一个服务帐户,并要求其他用户将我的服务帐户插入到他的名为 GuestProject 的 IAM 项目中,角色为 Security Viewer。

这是我的代码:

Iam iam = initIam();
List<ServiceAccount> lists = listServiceAccounts(iam);


public static Iam initIam() throws IOException, GeneralSecurityException {


        Map<String, String> m = ImmutableMap.<String, String>builder().put("user-agent", "my custom useragent").build();
        HeaderProvider headerProvider = FixedHeaderProvider.create(m);

        InputStream resourceAsStream = GCPIAM.class.getClassLoader().getResourceAsStream("credential.json");
        GoogleCredential credential = GoogleCredential.fromStream(resourceAsStream);

        HttpRequestInitializer init = new HttpRequestInitializer() {
            @Override
            public void initialize(HttpRequest request) throws IOException {
                request.setHeaders(new HttpHeaders().setUserAgent("test"));
            }
        };

        httpTransport = GoogleNetHttpTransport.newTrustedTransport();

        if (credential.createScopedRequired()) {
            List<String> scopes = new ArrayList<>();
            // Enable full Cloud Platform scope.
            scopes.add(IamScopes.CLOUD_PLATFORM);
            credential = credential.createScoped(scopes);
        }


        // Create IAM API object associated with the authenticated transport.
        return new Iam.Builder(httpTransport, JSON_FACTORY, credential).setApplicationName("stuffs").build();
    }

public static List<ServiceAccount> listServiceAccounts(Iam iam)throws IOException{

        Iam.Projects.ServiceAccounts.List request = iam.projects().serviceAccounts().list("projects/" + "GuestProject");
        List<ServiceAccount> serviceAccounts = new ArrayList<>();
        ListServiceAccountsResponse response;
        do {
            response = request.execute();
            if (response.getAccounts() == null) {
                continue;
            }
            for (ServiceAccount serviceAccount : response.getAccounts()) {
                // TODO: Change code below to process each `serviceAccount` resource:
//              System.out.println(serviceAccount);
                serviceAccounts.add(serviceAccount);
            }
            request.setPageToken(response.getNextPageToken());
        } while (response.getNextPageToken() != null);

        return serviceAccounts;
    }

但是,当我运行命令时,出现如下错误:

Exception in thread "main" com.google.api.client.googleapis.json.GoogleJsonResponseException: 400 Bad Request
{
  "code" : 400,
  "errors" : [ {
    "domain" : "global",
    "message" : "GuestProject does not match [a-z\\d][a-z\\d\\-]*.",
    "reason" : "badRequest"
  } ],
  "message" : "GuestProject does not match [a-z\\d][a-z\\d\\-]*.",
  "status" : "INVALID_ARGUMENT"
}

我的代码有什么问题吗?

4

0 回答 0