Google Cloud Resource Manager

1.17.0 verified Tue May 12 auth: no python install: verified quickstart: verified

The Google Cloud Resource Manager API client library provides Python methods to programmatically manage Google Cloud projects, folders, and organizations. This library (version 1.17.0) is actively maintained as part of the broader `google-cloud-python` ecosystem, with frequent releases to add features and address issues.

pip install google-cloud-resource-manager

Common errors

error PERMISSION_DENIED: Cloud Resource Manager API has not been used in the project [PROJECT_ID] before or it is disabled. ↓

cause The Cloud Resource Manager API is not enabled for the specified Google Cloud project, or the authenticated identity lacks the necessary permissions to enable APIs in that project.

fix

Enable the Cloud Resource Manager API via the Google Cloud Console (APIs & Services > Library) or ensure the service account/user has the serviceusage.services.enable permission (e.g., through roles/editor or roles/serviceusage.serviceUsageAdmin).

error Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project. ↓

cause The client application failed to provide valid authentication credentials, such as an OAuth 2 access token, or the provided credentials have expired.

fix

Ensure that gcloud auth application-default login has been executed locally, or verify that a service account is properly configured and its credentials are being used by setting the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of a valid service account key file.

error ModuleNotFoundError: No module named 'google.cloud.resourcemanager' ↓

cause The `google-cloud-resource-manager` library is either not installed in the current Python environment, or the import statement uses an outdated or incorrect path for the installed version.

fix

Install the library using pip install google-cloud-resource-manager and update your import statement to from google.cloud import resourcemanager_v3 for recent versions.

error PERMISSION_DENIED: User [USER] does not have permission resourcemanager.projects.get (or similar resourcemanager.* permission). ↓

cause The authenticated user or service account lacks the specific IAM permission required to perform the requested operation (e.g., `resourcemanager.projects.get` to view project details) on the target Google Cloud resource.

fix

Grant the necessary IAM role to the service account or user. For project-level operations, roles like roles/resourcemanager.projectViewer, roles/resourcemanager.projectEditor, or custom roles containing the specific permission are commonly required.

Warnings

breaking Lack of configured Application Default Credentials (ADC) or insufficient permissions for resource management can cause failures. A common error is 'Your default credentials were not found' if ADC is not set up, or 'Permission Denied' if the authenticated principal lacks necessary roles (e.g., for creating projects/folders). ↓

fix Run `gcloud auth application-default login` to set up user credentials for local development. For production or CI/CD, ensure `GOOGLE_APPLICATION_CREDENTIALS` points to a Service Account key, and that the Service Account has appropriate `resourcemanager.*` roles at the organization or folder level (e.g., 'Project Creator', 'Organization Admin').

gotcha Older codebases or examples might use `from google.cloud import resource_manager`, which can lead to `ImportError: cannot import name 'resource_manager' from 'google.cloud'` or outdated API versions. Google Cloud client libraries typically use versioned imports. ↓

fix Always import from the specific versioned module, e.g., `from google.cloud.resourcemanager_v3 import ProjectsClient`.

gotcha The `list_projects` method (if available in a specific client version/API) may only return direct child projects of a given parent. To recursively find all projects within an organization or folder hierarchy, use the `search_projects` method (which requires the `resourcemanager.projects.get` permission on all projects you wish to retrieve). ↓

fix Prefer `client.search_projects(query='parent.type:organization parent.id:YOUR_ORG_ID')` or `client.search_projects(query='parent.type:folder parent.id:YOUR_FOLDER_ID')` for comprehensive project listing within a hierarchy.

breaking The application failed to find Google Cloud Application Default Credentials (ADC). This typically occurs when running a Google Cloud client library without prior authentication, either through `gcloud auth application-default login` or by explicitly setting the `GOOGLE_APPLICATION_CREDENTIALS` environment variable. ↓

fix Ensure Application Default Credentials are set up. Run `gcloud auth application-default login` in your terminal or set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to the path of a service account key file.

Install compatibility verified last tested: 2026-05-12

python os / libc status wheel install import disk

3.10 alpine (musl) - - 2.27s 71.1M

3.10 slim (glibc) - - 1.09s 69M

3.11 alpine (musl) - - 2.63s 76.1M

3.11 slim (glibc) - - 1.61s 74M

3.12 alpine (musl) - - 2.62s 67.5M

3.12 slim (glibc) - - 2.00s 65M

3.13 alpine (musl) - - 2.56s 67.0M

3.13 slim (glibc) - - 2.06s 65M

3.9 alpine (musl) - - 1.70s 71.2M

3.9 slim (glibc) - - 1.26s 69M

Imports

ProjectsClient
wrong
```
from google.cloud import resource_manager
```
correct
```
from google.cloud.resourcemanager_v3 import ProjectsClient
```
For client libraries, always import the specific versioned module (e.g., `resourcemanager_v3`) instead of the top-level package, which might not expose client classes directly or could be an older, deprecated API version.

FoldersClient

from google.cloud.resourcemanager_v3 import FoldersClient

OrganizationsClient

from google.cloud.resourcemanager_v3 import OrganizationsClient

Quickstart verified last tested: 2026-04-23

This quickstart initializes the `ProjectsClient` and then uses the `search_projects` method to list all Google Cloud projects accessible by the authenticated identity. It includes basic error handling and a reminder about setting up Application Default Credentials (ADC) for authentication.

import os
from google.cloud.resourcemanager_v3 import ProjectsClient
from google.api_core.exceptions import GoogleAPIError

def list_projects():
    # Ensure GOOGLE_APPLICATION_CREDENTIALS or gcloud auth is set up.
    # For local development, 'gcloud auth application-default login' is recommended.
    try:
        client = ProjectsClient()
        # The `search_projects` method can retrieve projects across the organization/folders
        # depending on the authenticated identity's permissions.
        # An empty query string lists all projects the user has permission to view.
        print("Listing projects:")
        for project in client.search_projects(query=''):
            print(f"  Project Name: {project.display_name} (ID: {project.project_id})")
            print(f"    State: {project.state.name}, Parent: {project.parent.type}/{project.parent.id}")
    except GoogleAPIError as e:
        print(f"An API error occurred: {e}")
        print("Ensure the Resource Manager API is enabled and you have necessary permissions.")
    except Exception as e:
        print(f"An unexpected error occurred: {e}")

if __name__ == '__main__':
    # This assumes Application Default Credentials are set up.
    # For example, by running `gcloud auth application-default login`
    # or setting the GOOGLE_APPLICATION_CREDENTIALS environment variable.
    if not os.environ.get('GOOGLE_APPLICATION_CREDENTIALS') and not os.environ.get('CLOUDSDK_CORE_ACCOUNT'):
        print("WARNING: No explicit Google Cloud credentials found. This script relies on Application Default Credentials (ADC).")
        print("         Please run 'gcloud auth application-default login' or set GOOGLE_APPLICATION_CREDENTIALS.")

    list_projects()