Manual deployment CSPM GCP with Org ID doesn't generate findings

[Omolola-Akinleye]

When I deploy CSPM GCP manually with Org Id, the agent doesn't generate any findings.

1. Go to the environment - https://lola-qa-gcp-bc4-stn-8-11-0.kb.us-west2.gcp.elastic-cloud.com:9243/

2. Log in to @elasticsearch user account

3. In Discover run agent.id: e2f11e9d-e515-4aea-b424-24d314f0a6a2 and host.name: manual-instance-org

If you checked the agent logs -> manual-instance-org

[elastic_agent.cloudbeat][error] Error fetching GCP Asset: rpc error: code = PermissionDenied desc = Request denied by Cloud IAM.
error details: name = Help desc = To check permissions required for this RPC: To get a valid organization id: To get a valid folder or project id: url = https://cloud.google.com/asset-inventory/docs/access-control#required_permissions https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects

Actual: No finding events appear.

Expected: to see findings for manually deployed organization accounts

Pre-requisites for steps to reproduce

1. Go to IAM and Admin -> Service Accounts or Click here
2. Create a service account or select an existing service account
3. Under keys tab, Click Add key
4. Create a key in JSON format
5. Open the downloaded JSON key file. The contents of this file will be used later when installing CSPM GCP
6. Create a VM instance - N2 Standard type

Steps to reproduce

1. Install CSPM
2. Select GCP
3. Select Organization
4. Select Manual
5. Update Organization id
6. Update Project Id
7. Select credentials json option
8. Copy from the downloaded key file and paste json
9. Click Save and continue
10. Add elastic agent to hosts
11. Connect to vm instance and run command

curl -L -O  https://staging.elastic.co/8.11.0-cb971279/downloads/beats/elastic-agent/elastic-agent-8.11.0-linux-x86_64.tar.gz
tar xzvf elastic-agent-8.11.0-linux-x86_64.tar.gz
cd elastic-agent-8.11.0-linux-x86_64
sudo ./elastic-agent install --url=https://f527b5852719c05415e22713993907bc.fleet.us-west2.gcp.elastic-cloud.com:443 --enrollment-token=YOUR_FLEET_TOKEN```

[kfirpeled]

@Omolola-Akinleye that was opened when verifying #1237 (comment)? correct?

[Omolola-Akinleye]

@kfirpeled No I opened this ticket when I couldn't generate findings for the organization id with manual option

[amirbenun]

The docs had the manual for creating a project-level service account but didn't cover the creation of an organization-level service account.
We added the CLI commands for the creation of both types of service accounts to our docs.

[Omolola-Akinleye]

Verified Org Id with CSPM GCP generates findings