Google cloud How to list all service-accounts from all Projects in GCP

0 votes

I have requirement to get all the properties of a service account in google cloud. is it possible to list all the properties something like Select *.

otherwise i need the following information:

  • SA account name
  • Email address
  • Iam Role assigned
  • User managed Keys (if any)
  • account creation date
  • last used /authentication time.
  • Project name
  • account status (enable / disable)

I can get all the projects then all the service accounts in it but i dont know how to get all other values.

foreach ($project in gcloud projects list --format="value(projectId)")
{
  Write-Host "ProjectId: $project"
  foreach ($robot in  gcloud iam service-accounts list --project $project --format="value(email)")
  {
     Write-Host "    -> Robot $robot"
   
  }
}
Mar 14, 2022 in GCP by Rahul
• 3,380 points
1,958 views

1 answer to this question.

0 votes

Your code sample suggests you want the answer in PowerShell. Here are some pointers:

Does:

 Project ID 

Account Name

Enabled| Disabled

Email

Keys 

Timestamps 

Doesn't:

Role Assignments

Last Used

PROJECTS=$(gcloud projects list --format="value(projectId)")

for PROJECT in ${PROJECTS}
do
  echo "Project: ${PROJECT}"
  # Extracts ACCOUNT_ID, EMAIL (==ACCOUNT_ID@...), DISABLED
  ROBOTS=$(\
    gcloud iam service-accounts list \
    --project=${PROJECT} \
    --format="csv[no-heading](displayName.encode(\"base64\"),email,email.split(\"@\").slice(0),disabled)")
  for ROBOT in ${ROBOTS}
  do
    # Parse results
    IFS=, read ENCODED_NAME EMAIL ACCOUNT_ID DISABLED <<< ${ROBOT}
    NAME=$(echo -e ${ENCODED_NAME} | base64 --decode)
    echo "  Service Account: ${NAME}"
    echo "    Disabled: ${DISABLED}"
    echo "    Email: ${EMAIL}"
    # Keys
    KEYS=$(\
        gcloud iam service-accounts keys list \
        --iam-account=${EMAIL} \
        --project=${PROJECT} \
        --format="value(name.scope(keys))")
    for KEY in ${KEYS}
    do
      echo "    Key: ${KEY}"
    done
    # Creation (Only searches back 30-days!)
    FILTER=""\
"logName=\"projects/${PROJECT}/logs/cloudaudit.googleapis.com%2Factivity\" "\
"resource.type=\"service_account\" "\
"protoPayload.methodName=\"google.iam.admin.v1.CreateServiceAccount\" "\
"protoPayload.request.account_id=\"${ACCOUNT_ID}\" "

    LOG=$(\
        gcloud logging read "${FILTER}" \
        --project=${PROJECT} \
        --format=json \
        --freshness=30d \
        --format="value(timestamp)")
    echo "    Created: ${LOG}"
  done
done

answered Mar 14, 2022 by Korak
• 5,820 points

Related Questions In GCP

0 votes
0 answers

Google cloud: How to list all service-accounts from all Projects in GCP

I need to obtain every property of ...READ MORE

Nov 9, 2022 in GCP by Ashwini
• 2,960 points
164 views
+2 votes
1 answer

How to list down all the projects in GCP Cloud?

Hi@akhtar, GCP Shell has a command named gcloud. ...READ MORE

answered Aug 23, 2020 in GCP by MD
• 95,420 points
2,107 views
0 votes
1 answer

What are the service accounts in GCP? How to create one?

The special accounts associated with a project are called the Service Accounts. The ...READ MORE

answered Oct 9, 2019 in GCP by Sirajul
• 59,210 points
380 views
0 votes
0 answers

How to test a Cloud Function in Google Cloud Platform (GCP)?

I've been looking everywhere for the answer ...READ MORE

Nov 9, 2022 in GCP by Ashwini
• 2,960 points
67 views
0 votes
1 answer

In GCP, how to list all the resources running under project?

For a specific organization, folder, or project, ...READ MORE

answered Nov 10, 2022 in GCP by Ashwini
• 2,960 points
1,891 views
0 votes
1 answer

How to delete a project from Google Cloud Console

First of all, select the project you ...READ MORE

answered Apr 18, 2018 in GCP by kurt_cobain
• 9,390 points
2,039 views
+2 votes
2 answers

How to download multiple files in Google Cloud Storage?

You can achieve this through the gsutil ...READ MORE

answered May 9, 2018 in GCP by kurt_cobain
• 9,390 points
20,826 views
0 votes
1 answer

Google Cloud Platform: Logging in to GCP from command line

You have a couple of options here ...READ MORE

answered Apr 6, 2022 in GCP by Korak
• 5,820 points
438 views
0 votes
1 answer

Google Cloud VPN - Egress from GCP to on-premise pricing clarification

IPSec traffic are charged as if the ...READ MORE

answered Mar 20, 2022 in GCP by Korak
• 5,820 points
414 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP