setting Forseti for a Project

JAIMIN SHAH 17MCA0096

unread,

Jul 13, 2020, 2:21:53 AM7/13/20

to Forseti Security Discussion

Hi all,

I am new to Forseti. I want help in setting up forseti at Project Level.

More specifically:

1. I am owner of a project in an Organization(I have only project level access.)

2. I want to setup forseti to scan for resources on that project only.

3. I dont want to give any organization level permissions.(rather i cant give any org level permissions to the Forseti)

Can you please help me with this.

Thanks in advance

Keshi Tan

unread,

Jul 13, 2020, 8:23:49 AM7/13/20

to JAIMIN SHAH 17MCA0096, Forseti Security Discussion

hi Jaimin,

Yes that is possible. Please check https://forsetisecurity.org/docs/latest/configure/general/non-org-root.html for more information.

In short,

you can use composite_root_resources to specify the target project
There will be errors if you do not run the installer as an Org Admin, but you can safely disregard and manually assign the correct roles later.

Cheers.

--

Keshi Tan

Cloud Application Engineer

Google Cloud

ke...@google.com

--
You received this message because you are subscribed to the Google Groups "Forseti Security Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss+u...@forsetisecurity.org.
To view this discussion on the web visit https://groups.google.com/a/forsetisecurity.org/d/msgid/discuss/0ddab064-d436-404e-b086-e6e5343cef0dn%40forsetisecurity.org.

JAIMIN SHAH 17MCA0096

unread,

Jul 14, 2020, 12:32:37 AM7/14/20

to Forseti Security Discussion, Keshi Tan, Forseti Security Discussion, JAIMIN SHAH 17MCA0096

Hi,

Thanks for help.

I tried following the same, but i am facing an issue.

The Forseti is getting installed. i also gave all the roles mentioned here:

"https://forsetisecurity.org/docs/latest/concepts/service-accounts.html#the-server-service-account"

But when i am running "forseti inventory create" command, it is getting stuck there only. I have to manually stop the command.

Can you please help with this also.

Thanks & Regards

Jean MERCIER

unread,

Jul 15, 2020, 2:52:31 AM7/15/20

to Forseti Security Discussion, jaimin....@vitalum.ac.in, Keshi Tan, Forseti Security Discussion

Are you sure it's stuck ?

for me i need to wait inventory take hour to complete

JAIMIN SHAH 17MCA0096

unread,

Jul 15, 2020, 7:53:33 AM7/15/20

to Forseti Security Discussion, jmer...@galerieslafayette.com, JAIMIN SHAH 17MCA0096, Keshi Tan, Forseti Security Discussion

Ok, thanks for the info.

I tried running it for like 30 min than i stopped it as i thought it was stuck. I will let it run for more time

Also what is the ideal time in which it should stop.

Also how can we check the progress. is there any way to know that the command is actually running and is not stuck

Keshi Tan

unread,

Jul 15, 2020, 8:28:19 AM7/15/20

to JAIMIN SHAH 17MCA0096, Forseti Security Discussion, jmer...@galerieslafayette.com

Hi Jaimin,

Yes progress can be checked in either Cloud Logging, GCE VM Instance --> forseti-server-vm-xxxx,

Or /var/log/forseti.log* of the Forseti server.

Keshi Tan

Cloud Application Engineer

Google Cloud

ke...@google.com

Reply all

Reply to author

Forward