This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

CloudAsset.V1.AnalyzeIamPolicy doesn't return analysisResult object with permissions query selector

Posted on 12-08-2023 06:37 AM
DimaJuravel
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi, I'm using CloudAsset.V1.AnalyzeIamPolicy for finding list of permissions for a specific service account on a specific project.

When I'm using setAnalysisQueryAccessSelectorPermissions(List.of("bigquery.datasets.get")) for CloudAsset.V1.AnalyzeIamPolicy request I'm receiving response without analysisResult object. Without setAnalysisQueryAccessSelectorPermissions(List.of("bigquery.datasets.get")) it works fine, but I need to set permissions as a filter before I execute request. See attached screenshots

Meanwhile https://cloud.google.com/asset-inventory/docs/reference/rest/v1/TopLevel/analyzeIamPolicy has webform to test the method. And it's working in both cases (with and without permissions selector) with the same parameters.
See attached json

I'm using Java 17
Library and its version:
<dependency>
    <groupId>com.google.apis</groupId>
    <artifactId>google-api-services-cloudasset</artifactId>
    <version>v1-rev20231103-2.0.0</version>
</dependency>WithoutPermissionSelector.PNGWithPermissionSelector.PNG

0 1 152
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dionv
Staff
Reply posted on --/--/---- --:-- AM

Hello @DimaJuravel,

The issue encountered is an empty analysisResult object when using setAnalysisQueryAccessSelectorPermissions to filter for specific permissions in a Cloud Asset API request. This indicates a filtering issue or potential configuration problem. To troubleshoot, one can verify the accuracy of the permission name and ensure it's supported for filtering, check the resource name, inspect error messages, review API scope, consider timing and delays, experiment with different permissions, consult documentation and support. Additional guidance includes exploring alternative filters and utilizing logging. Cloud Asset Inventory is a fully managed metadata inventory service that allows you to view, monitor, analyze, and gain insights for your Google Cloud and Anthos assets. To determine if Google Cloud Asset Inventory is enabled for your GCP projects, perform the following operations: ensure that Cloud Asset Inventory is enabled for all your GCP projects in order to efficiently gain insights for your Google Cloud assets

0 Likes
Top Solution Authors
View all