search

googleapis / google-cloud-python

Google Cloud Client Library for Python
https://googleapis.github.io/google-cloud-python/
Apache License 2.0
4.84k stars 1.53k forks source link

logging: User does not have permission to access organization #5384

Closed pnatraj closed 6 years ago

pnatraj commented 6 years ago

I am trying to create a sink to monitor VPC_FLOW LOGS for all the projects in an organization and i am getting permission denied, has anybody else have a similar issue ?. Error is clear that it's permissiond denied but what permission do i need to create this ?

Environment: I am logging with somebody@domainname.com (gsuite user)

From Command Line: gcloud beta logging sinks create somesinknamehere --include-children --log-filter='resource.type="gce_subnetwork"' storage.googleapis.com/somebuckethere --organization=organizations/0000000000

Error : ERROR: (gcloud.logging.sinks.create) User [nataraj@somedomaindonamehere] does not have permission to access organization [0000000000] (or it may not exist): The caller does not have permission.

API

API

Request

POST https://logging.googleapis.com/v2/organizations/00000000000/sinks?key={YOUR_API_KEY}

{ "destination": "storage.googleapis.com/somebucket", "filter": "resource.type=\"gce_subnetwork", "name": "somenamehere", "includeChildren": true }

Response

403

{ "error": { "code": 403, "message": "The caller does not have permission", "status": "PERMISSION_DENIED" } }

I tried the beta API and this the response that i am getting and it looks to me mostly like a Google issue to me at this point of time.

Request

POST https://logging.googleapis.com/v2beta1/organizations/0000000000/sinks?key={YOUR_API_KEY}

{ “destination”: “storage.googleapis.com/somelogsbucket”, “filter”: “resource.type=\“gce_subnetwork”, “name”: “somesinkname”, “includeChildren”: true }

Response

404

<!DOCTYPE html>

Error 404 (Not Found)!!1

404. That’s an error.

The requested URL /v2beta1/organizations/000000000/sinks?key=AIzaSyD-a9IF8KKYgoC3cpgS-Al7hLQDbugrDcw&alt=json was not found on this server. That’s all we know. Note: Please find the stackoverflow link for the same issue. https://stackoverflow.com/questions/50480372/error-error-gcloud-logging-sinks-create-user-natarajsomedomaindonamehere

tseaver commented 6 years ago

@pnatraj Unfortunately, the gcloud CLI is not part of the google-cloud-* python libraries. Please report this issue to the Cloud SDK issue tracker.

oduvan commented 5 years ago

when I GOOGLE issue with GOOGLE package one of the first result is a GOOGLE Api repo issue, where the answer is "the question is submitted in a wrong place :)