Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I list all IAM users for my Google Cloud Project

Tags:

I'd like to be able to list all users and service account associated with my projects (preferably using the gcloud CLI tool, but happy to make an API call if needs be).

I can easily list all the service accounts associated with a project using this, but how can list all the users too? I'd expect something like the following, but I cannot see anything in the doco:

gcloud beta iam users list 
like image 263
Graham Polley Avatar asked Jun 25 '17 12:06

Graham Polley


People also ask

How do I check IAM roles in GCP?

In the Google Cloud console, go to the IAM page. Click the "Select a project" drop-down menu at the top of the page. Select the project or organization for which you want to view roles. Click Add.

How do I find out who owns a GCP project?

To confirm who owns the project, go to the Google Cloud Platform Console, open the console left side menu, and click IAM & Admin. Ensure that a project is selected to see the project owner.

How do I export IAM roles in GCP?

In the Data processing group table, click IAM. In the Data sources section of the page, click add Create transfer. In the Project field, click Browse, then select the project that you want to export data to.


2 Answers

List all service accounts in a project

The following command lists all service accounts associated with a project:

$ gcloud iam service-accounts list  NAME                                    EMAIL Compute Engine default service account  [email protected] dummy-sa-1                              dummy-sa-1@MY_PROJECT.iam.gserviceaccount.com 

List all Users and Service accounts in a project with their IAM roles

If you would like to list all users/service-accounts who have been granted any IAM roles on a specified project, you can use this command:

$ gcloud projects get-iam-policy MY_PROJECT  bindings: - members:   - serviceAccount:[email protected]   - user:[email protected]   role: roles/editor - members:   - user:[email protected]   - user:[email protected]   role: roles/owner etag: ARBITRARY_ETAG_HERE version: 1 

Formatting the output

gcloud supports formatting the output as json and lot of other customizations as needed, which might be easier to parse in certain cases or print only the information you need.

Examples:

# Prints the output as json instead of the default yaml format $ gcloud projects get-iam-policy MY_PROJECT --format=json  # Display just the bindings in json format $ gcloud projects get-iam-policy MY_PROJECT --format='json(bindings)'  # Display the bindings in a flattened format $ $ gcloud projects get-iam-policy MY_PROJECT --format='flattened(bindings)' 
like image 121
Tuxdude Avatar answered Sep 26 '22 08:09

Tuxdude


list service accounts

$ gcloud iam service-accounts list 

list members of roles for the project

$ gcloud projects get-iam-policy [project] 

add/affect user to a role

$ gcloud projects add-iam-policy-binding [project] \ --member="user:[email protected]" \ --role="roles/iam.serviceAccountUser"  

Remove user:

$ gcloud projects remove-iam-policy-binding [project] \ --member="user:[email protected]" \ --role="roles/iam.serviceAccountUser" 

add/affect google-group to a role

$ gcloud projects add-iam-policy-binding [project] \ --member="group:[email protected]" \ --role="roles/storage.admin" 
like image 42
niainaLens Avatar answered Sep 24 '22 08:09

niainaLens