Giters

forseti-security / forseti-security

Forseti Security

Home Page:https://forsetisecurity.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

forseti server config/error in creating inventory with folder ID

agurla opened this issue · comments

commented

I'm getting an error when I add the root_resource_id in forseti config as below(added an example folder ID),
root_resource_id: folders/12345378162

The following is the error that I was getting

Exception in thread Thread-77:
Traceback (most recent call last):
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/services/inventory/base/resources.py", line 326, in try_accept
self.accept(visitor, stack)
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/services/inventory/base/resources.py", line 359, in accept
visitor.visit(self)
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/services/inventory/crawler.py", line 118, in visit
resource.get_org_policy(self.get_client())
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/services/inventory/base/resources.py", line 112, in wrapper
result = f(*args, **kwargs)
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/services/inventory/base/resources.py", line 891, in get_org_policy
for org_policy in org_policies_iter:
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/services/inventory/base/gcp.py", line 2156, in iter_crm_organization_org_policies
for org_policy in self.crm.get_org_org_policies(org_id):
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/common/gcp_api/cloud_resource_manager.py", line 482, in get_org_org_policies
paged_results, 'policies')
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/common/gcp_api/api_helpers.py", line 87, in flatten_list_results
for page in paged_results:
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/common/gcp_api/repository_mixins.py", line 258, in list_org_policies
verb_arguments=arguments):
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/common/gcp_api/_base_repository.py", line 493, in execute_search_query
request = self._build_request(verb, verb_arguments)
File "/home/forseti/.local/lib/python3.6/site-packages/forseti_security-2.25.0-py3.6.egg/google/cloud/forseti/common/gcp_api/_base_repository.py", line 378, in _build_request
return method(**method_args)
File "/home/forseti/.local/lib/python3.6/site-packages/googleapiclient/discovery.py", line 782, in method
% (name, pvalue, regex)
TypeError: Parameter "resource" value "organizations/folders/12345378162 " does not match the pattern "^organizations/[^/]+$"

During handling of the above exception, another exception occurred:

commented

This issue is resolved after adding GCS object creator permissions to Forseti project's gcp-sa-cloudasset default service account which is require for asset export to DB. There is no mention about this in Forseti documentation. Please add it.