Home > Net >  GCP project owner can't list builds or triggers
GCP project owner can't list builds or triggers

Time:07-26

I have the owner role on a GCP project. I created 2 build triggers, which are visible to me in the console.

GCP console showing 2 build triggers

I want to list these triggers using a service account and the node.js client.

I made a custom role and assigned cloudbuild.builds.viewer and I think the following should work, but it does not:

$ gcloud projects get-iam-policy myprojectid --flatten="bindings[].members" --format='table(bindings.role)' --filter="bindings.members:[email protected]"
ROLE
roles/cloudbuild.builds.viewer
$ gcloud iam service-accounts keys create trigger-viewer-credentials.json --iam-account=build-trigger-viewer@myprojectid.iam.gserviceaccount.com
$ GOOGLE_APPLICATION_CREDENTIALS=trigger-viewer-credentials.json node
> var {CloudBuildClient} = require("@google-cloud/cloudbuild")
> var cb = new CloudBuildClient()
> await cb.listBuildTriggers({projectId: "myprojectid"})
[ [], null, null ]

Backing up from that, I've realised that for some reason listing these triggers or even builds from gcloud also fails.

$ gcloud beta builds triggers list
Listed 0 items.
$ gcloud builds list
Listed 0 items.

Just to verify I'm not insane:

$ gcloud projects get-iam-policy myprojectid | rg -A 1 user:[email protected]
  - user:[email protected]
  role: roles/container.admin
--
  - user:[email protected]
  role: roles/gkehub.admin
--
  - user:[email protected]
  role: roles/owner

Does anyone have any thoughts on what might be happening?

CodePudding user response:

As mentioned by the documentation, the command gcloud beta builds triggers list will list all the triggers in the global scope.

In your image you show that the triggers are in northamerica-northeast1 so you may need to use the —-region flag.

In the case of the code you may need to set the parent as especified in this doc which is the region where the trigger lives (API reference), otherwise you're getting global triggers.

await cb.listBuildTriggers({
projectId: "myprojectid", 
parent: "projects/myprojectid/locations/northamerica-northeast1"
})

If the account didn't have permissions, you would get a 403 error and not empty results.

This also applies for gcloud builds list.

Page link:https//www.codepudding.com/net/489023.html

Prev:API Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
Next:Getting Firebase Client Config key/values from within Firebase Admin backend?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding