gcloud Resource-Manager Tags Bindings List - Permission Denied for Disk Resource as Parent

[RahulLah19]

Please make sure you have searched for information in the following guides.

• Search the issues already opened: https://github.com/GoogleCloudPlatform/google-cloud-node/issues
• Search StackOverflow: http://stackoverflow.com/questions/tagged/google-cloud-platform+node.js
• Check our Troubleshooting guide: https://googlecloudplatform.github.io/google-cloud-node/#/docs/guides/troubleshooting
• Check our FAQ: https://googlecloudplatform.github.io/google-cloud-node/#/docs/guides/faq
• Check our libraries HOW-TO: https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md
• Check out our authentication guide: https://github.com/googleapis/google-auth-library-nodejs
• Check out handwritten samples for many of our APIs: https://github.com/GoogleCloudPlatform/nodejs-docs-samples

A screenshot that you have tested with "Try this API".

Not available.
Doc Link: https://cloud.google.com/compute/docs/tag-resources#gcloud

Link to the code that reproduces this issue. A link to a public Github Repository or gist with a minimal reproduction.

https://cloud.google.com/compute/docs/tag-resources#gcloud

A step-by-step description of how to reproduce the issue, based on the linked reproduction.

Steps:

1. Authenticate using a valid Google Cloud account.
2. Run the command with a disk resource as the parent.

gcloud resource-manager tags bindings list --location=us-central1-a --parent //compute.googleapis.com/projects/example-project/zones/us-central1-a/disks/test-disk --effective --project example-project

A clear and concise description of what the bug is, and what you expected to happen.

When trying to retrieve tags via the gcloud resource-manager tags bindings list command, the output is restricted to supported resource instances for the parent parameter. Using a disk as the parent returns the following error:

Error

ERROR: (gcloud.resource-manager.tags.bindings.list) PERMISSION_DENIED: The caller does not have permission. This command is authenticated as [email protected], which is the active account specified by the [core/account] property
- '@type': type.googleapis.com/google.rpc.ResourceInfo
  description: permission [compute.disks.listEffectiveTags] required (or the resource may not exist in this location)
  resourceName: //compute.googleapis.com/projects/example-project/zones/us-central1-a/disks/test-disk

When the same command is executed for an instance, it successfully returns the tag details:

gcloud resource-manager tags bindings list --location=us-central1-a --parent //compute.googleapis.com/projects/example-project/zones/us-central1-a/instances/instance-demo --effective --project example-project

Actual Behavior:
The error message indicates a permission issue related to compute.disks.listEffectiveTags, despite having the necessary permissions for disk operations.

Expected Behavior:
Tags should be listed for the disk resources.

A clear and concise description WHY you expect this behavior, i.e., was it a recent change, there is documentation that points to this behavior, etc. **

I expect this behavior because the command works when retrieving tags for other resource types, such as instances, using the same format and parameters. There is no clear documentation indicating that disks should be treated differently. It seems logical to assume that disk resources should be supported similarly, and if not, the error message should be more descriptive to indicate that disk resources are not valid for tag bindings.

[github-actions]

Issue was opened with an invalid reproduction link. Please make sure the repository is a valid, publicly-accessible github repository, and make sure the url is complete (example: https://github.com/googleapis/google-cloud-node)