I'd like to be able to list all users and service account associated with my projects (preferably using the gcloud
CLI tool, but happy to make an API call if needs be).
I can easily list all the service accounts associated with a project using this, but how can list all the users too? I'd expect something like the following, but I cannot see anything in the doco:
gcloud beta iam users list
In the Google Cloud console, go to the IAM page. Click the "Select a project" drop-down menu at the top of the page. Select the project or organization for which you want to view roles. Click Add.
To confirm who owns the project, go to the Google Cloud Platform Console, open the console left side menu, and click IAM & Admin. Ensure that a project is selected to see the project owner.
In the Data processing group table, click IAM. In the Data sources section of the page, click add Create transfer. In the Project field, click Browse, then select the project that you want to export data to.
The following command lists all service accounts associated with a project:
$ gcloud iam service-accounts list NAME EMAIL Compute Engine default service account [email protected] dummy-sa-1 dummy-sa-1@MY_PROJECT.iam.gserviceaccount.com
If you would like to list all users/service-accounts who have been granted any IAM roles on a specified project, you can use this command:
$ gcloud projects get-iam-policy MY_PROJECT bindings: - members: - serviceAccount:[email protected] - user:[email protected] role: roles/editor - members: - user:[email protected] - user:[email protected] role: roles/owner etag: ARBITRARY_ETAG_HERE version: 1
gcloud
supports formatting the output as json
and lot of other customizations as needed, which might be easier to parse in certain cases or print only the information you need.
Examples:
# Prints the output as json instead of the default yaml format $ gcloud projects get-iam-policy MY_PROJECT --format=json # Display just the bindings in json format $ gcloud projects get-iam-policy MY_PROJECT --format='json(bindings)' # Display the bindings in a flattened format $ $ gcloud projects get-iam-policy MY_PROJECT --format='flattened(bindings)'
$ gcloud iam service-accounts list
$ gcloud projects get-iam-policy [project]
$ gcloud projects add-iam-policy-binding [project] \ --member="user:[email protected]" \ --role="roles/iam.serviceAccountUser"
Remove user:
$ gcloud projects remove-iam-policy-binding [project] \ --member="user:[email protected]" \ --role="roles/iam.serviceAccountUser"
$ gcloud projects add-iam-policy-binding [project] \ --member="group:[email protected]" \ --role="roles/storage.admin"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With