Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

google cloud platform - How do I list the roles associated with a gcp service account?

In the google cloud gui console I went to "IAM & admin" > "Service accounts" and created a service account named "my-service-account" with the viewer role.

I then ran this command:

gcloud iam service-accounts get-iam-policy my-service-account@mydomain.iam.gserviceaccount.com

and saw this output:

etag: ACAB

According to the docs this means this service account has no policy associated with it. So I assigned it a "role" which is not included in its "policy".

How do I list the roles associated with a service account?

EDIT: Thanks to the excellent answer to this question I can now loop over all projects and get what I want. so, depending on your version of these cmd tools, this should list all role bindings of a single service account across all projects:

gcloud projects list | 
  awk '{print $1}' | 
  xargs -I % sh -c "echo ""; echo project:% && 
  gcloud projects get-iam-policy % 
  --flatten='bindings[].members' 
  --format='table(bindings.role)' 
  --filter='bindings.members:YOU-SERVICE-ACCOUNT@blah.com' 
  ;" 
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...