You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to list users within my gSuite domain from a gke cluster using a service account. I have done the following to test the service account with the google-api-services-admin-directory api:
Within my Google Cloud Account I have enabled the Admin SDK. I then created a domain-wide service account in the project as described here https://developers.google.com/admin-sdk/directory/v1/guides/delegation, then downloaded the JSON key file and gave it authorization to the following scopes in the Admin Console:
Before running the java file I set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to my json service account file.
When running this no matter whether I am trying to access users or groups I keep getting the following error message from the API:
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Not Authorized to access this resource/api",
"reason" : "forbidden"
} ],
"message" : "Not Authorized to access this resource/api"
}
Stack trace:
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:150)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:444)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1108)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:542)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:475)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:592)
Hi,
I am trying to list users within my gSuite domain from a gke cluster using a service account. I have done the following to test the service account with the
google-api-services-admin-directory
api:Within my Google Cloud Account I have enabled the Admin SDK. I then created a domain-wide service account in the project as described here https://developers.google.com/admin-sdk/directory/v1/guides/delegation, then downloaded the JSON key file and gave it authorization to the following scopes in the Admin Console:
I then setup a very basic Java application to test listing groups:
Test.java
pom.xml
Before running the java file I set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to my json service account file.
When running this no matter whether I am trying to access users or groups I keep getting the following error message from the API:
Stack trace:
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:150) at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113) at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40) at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:444) at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1108) at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:542) at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:475) at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:592)
I believe this issue might be related to the issue mentioned in the
google-api-nodejs-client
project:googleapis/google-api-nodejs-client#1884
Adding the scope
https://www.googleapis.com/auth/admin.directory.user.security
does not resolve the problem.Regards
The text was updated successfully, but these errors were encountered: