gcloud Resource-Manager Tags Bindings List - Permission Denied for Disk Resource as Parent
Closed this issue · 1 comments
When trying to retrieve tags via the gcloud resource-manager tags bindings list command, the output is restricted to supported resource instances for the parent parameter. Using a disk as the parent returns the following error:
Error
ERROR: (gcloud.resource-manager.tags.bindings.list) PERMISSION_DENIED: The caller does not have permission. This command is authenticated as user@example.com, which is the active account specified by the [core/account] property
- '@type': type.googleapis.com/google.rpc.ResourceInfo
description: permission [compute.disks.listEffectiveTags] required (or the resource may not exist in this location)
resourceName: //compute.googleapis.com/projects/example-project/zones/us-central1-a/disks/test-disk
When the same command is executed for an instance, it successfully returns the tag details:
gcloud resource-manager tags bindings list --location=us-central1-a --parent //compute.googleapis.com/projects/example-project/zones/us-central1-a/instances/instance-demo --effective --project example-project
Steps to Reproduce:
- Authenticate using a valid Google Cloud account.
- Run the above command with a disk resource as the parent.
Actual Behavior:
The error message indicates a permission issue related to compute.disks.listEffectiveTags, despite having the necessary permissions for disk operations.
Expected Behavior:
Tags should be listed for the disk resource.
I expect this behavior because the command works when retrieving tags for other resource types, such as instances, using the same format and parameters. There is no clear documentation indicating that disks should be treated differently. It seems logical to assume that disk resources should be supported similarly, and if not, the error message should be more descriptive to indicate that disk resources are not valid for tag bindings.
Supported resource DOC Link: https://cloud.google.com/compute/docs/tag-resources#gcloud