All geek questions in one place

How to list all IAM users for my Google Cloud Project

I would like a list of all users and a service account related to my projects (preferably using the gcloud CLI gcloud , but we are happy to make an API call if necessary).

I can easily list all the service accounts associated with the project using this , but how can I list all the users too? I would expect something like the following, but I don't see anything in doco:

 gcloud beta iam users list
+13
source share
4 answers

List of all service accounts in the project

The following command lists all the service accounts associated with the project:

 $ gcloud iam service-accounts list NAME EMAIL Compute Engine default service account 12345678-compute@developer.gserviceaccount.com dummy-sa-1 dummy-sa-1@MY _PROJECT.iam.gserviceaccount.com

List all user and service accounts in the project with their IAM roles

If you want to specify all users / service accounts that have been granted any IAM roles in the specified project, you can use the following command:

 $ gcloud projects get-iam-policy MY_PROJECT bindings: - members: - serviceAccount: 12345678-compute@dev eloper.gserviceaccount.com - user: alice@foobar.com role: roles/editor - members: - user: you@yourdomain.com - user: someoneelse@yourdomain.com role: roles/owner etag: ARBITRARY_ETAG_HERE version: 1

Output formatting

gcloud supports output formatting like json and many other settings as needed , which may be easier to analyze in certain cases or print only the necessary information.

Examples:

 # Prints the output as json instead of the default yaml format $ gcloud projects get-iam-policy MY_PROJECT --format=json # Display just the bindings in json format $ gcloud projects get-iam-policy MY_PROJECT --format='json(bindings)' # Display the bindings in a flattened format $ $ gcloud projects get-iam-policy MY_PROJECT --format='flattened(bindings)'
+23
source

service account list

 $ gcloud iam service-accounts list

list of participants in the roles for the project

 $ gcloud projects get-iam-policy [project]

add / influence user in role

 $ gcloud projects add-iam-policy-binding [project] \ --member="user: name@gmail.com " \ --role="roles/iam.serviceAccountUser"

Delete user:

 $ gcloud projects remove-iam-policy-binding [project] \ --member="user: name@gmail.com " \ --role="roles/iam.serviceAccountUser"

add / influence google group in role

 $ gcloud projects add-iam-policy-binding [project] \ --member="group: my_group@googlegroups.com " \ --role="roles/storage.admin"
+2
source

The following command displays a list of all non-maintained accounts for the entire GCP organization:

 gcloud organizations get-iam-policy ORGANIZATION_ID | grep user\: | sort | uniq

To get an organization ID

 gcloud organizations list
+1
source

The following command can give a clear idea of ​​the MEMBERS of your project in your GCP account: gcloud projects get-iam-policy $PROJECT_ID --flatten="bindings[].members" --format="table(bindings.members)"

0
source

Source: https://habr.com/ru/post/1269203/

More articles:


All Articles