Google cloud How to list all service-accounts from all Projects in GCP

0 votes

I need to obtain every property of a service account in the Google Cloud. Is it feasible to list every property using a selector like *?

Otherwise, I need to know the following:

Name of the SA account Email address
I have a role.
User controlled Account creation date, last use date, and time of authentication. Keys (if any).
Account status (enabled or disabled): Project name
I am able to obtain all of the projects and service accounts within it, but I am unsure of how to obtain the additional values.

foreach ($project in gcloud projects list --format="value(projectId)")
{
  Write-Host "ProjectId: $project"
  foreach ($robot in  gcloud iam service-accounts list --project $project --format="value(email)")
  {
     Write-Host "    -> Robot $robot"
   
  }
}
Nov 9, 2022 in GCP by Ashwini
 • 5,430 points 977 views

1 answer to this question.

0 votes

It's been noted by the commenters that this isn't a minor issue.

However, I'm always game for some gcloud criticism;-)

Your code sample indicates that you want the response in PowerShell, which I don't have. I hope you don't mind if I provide you with some incomplete pointers in bash instead.

Does:

Project ID Account name Email Keys Creation (timestamp) Enabled|Disabled Doesn't:

role definitions
Audit logs, last used?

PROJECTS=$(gcloud projects list --format="value(projectId)")

for PROJECT in ${PROJECTS}
do
  echo "Project: ${PROJECT}"
  # Extracts ACCOUNT_ID, EMAIL (==ACCOUNT_ID@...), DISABLED
  ROBOTS=$(\
    gcloud iam service-accounts list \
    --project=${PROJECT} \
    --format="csv[no-heading](displayName.encode(\"base64\"),email,email.split(\"@\").slice(0),disabled)")
  for ROBOT in ${ROBOTS}
  do
    # Parse results
    IFS=, read ENCODED_NAME EMAIL ACCOUNT_ID DISABLED <<< ${ROBOT}
    NAME=$(echo -e ${ENCODED_NAME} | base64 --decode)
    echo "  Service Account: ${NAME}"
    echo "    Disabled: ${DISABLED}"
    echo "    Email: ${EMAIL}"
    # Keys
    KEYS=$(\
        gcloud iam service-accounts keys list \
        --iam-account=${EMAIL} \
        --project=${PROJECT} \
        --format="value(name.scope(keys))")
    for KEY in ${KEYS}
    do
      echo "    Key: ${KEY}"
    done
    # Creation (Only searches back 30-days!)
    FILTER=""\
"logName=\"projects/${PROJECT}/logs/cloudaudit.googleapis.com%2Factivity\" "\
"resource.type=\"service_account\" "\
"protoPayload.methodName=\"google.iam.admin.v1.CreateServiceAccount\" "\
"protoPayload.request.account_id=\"${ACCOUNT_ID}\" "

    LOG=$(\
        gcloud logging read "${FILTER}" \
        --project=${PROJECT} \
        --format=json \
        --freshness=30d \
        --format="value(timestamp)")
    echo "    Created: ${LOG}"
  done
done

I hope this helps!

Enroll for our Google Cloud training and learn more about Google Cloud accounts.

Thanks!

answered Nov 10, 2022 by Tejashwini
 • 3,820 points

Related Questions In GCP

0 votes
1 answer

Google cloud: How to list all service-accounts from all Projects in GCP

Your code sample suggests you want the ...READ MORE

answered Mar 14, 2022 in GCP by Korak
 • 5,820 points 3,586 views
+2 votes
1 answer

How to list down all the projects in GCP Cloud?

Hi@akhtar, GCP Shell has a command named gcloud. ...READ MORE

answered Aug 23, 2020 in GCP by MD
 • 95,440 points 3,635 views
0 votes
1 answer

What are the service accounts in GCP? How to create one?

The special accounts associated with a project are called the Service Accounts. The ...READ MORE

answered Oct 9, 2019 in GCP by Sirajul
 • 59,230 points 672 views
0 votes
1 answer

Recreating a VM on a different GCP project: How can I transfer a disk snapshot across projects in Google Cloud Platform projects?

You could probably follow these steps to create ...READ MORE

answered Oct 16, 2019 in GCP by Sirajul
 • 59,230 points 5,184 views
0 votes
1 answer

How to change the project in GCP using CLI commands?

gcloud config set project $MY_PROJECT_ID #=> Updated property [core/project]. You ...READ MORE

answered Nov 4, 2022 in GCP by Tejashwini
 • 3,820 points 1,060 views
0 votes
1 answer

Understanding GCP IAM between multiple projects

Roles set on one project cannot be ...READ MORE

answered Nov 7, 2022 in GCP by Tejashwini
 • 3,820 points 923 views
0 votes
1 answer

GCP VM Instance is not able to access secrets from Secret Manager despite of appropriate Roles

Please refrain from downloading a JSON service ...READ MORE

answered Nov 8, 2022 in GCP by Ashwini
 • 5,430 points
edited Sep 6, 2023 by Khan Sarfaraz 1,423 views
+1 vote
1 answer

In GCP, how to list all the resources running under project?

For a specific organization, folder, or project, ...READ MORE

answered Nov 10, 2022 in GCP by Ashwini
 • 5,430 points
edited Sep 6, 2023 by Khan Sarfaraz 10,747 views
0 votes
1 answer

How to get a list of Google Cloud services with their description?

Use just Google's provided API Discovery Service. Here ...READ MORE

answered Nov 4, 2022 in GCP by Tejashwini
 • 3,820 points 421 views
0 votes
1 answer

Using the Google Cloud Platform SDK CLI to List all Active Resources Under a Given Project

For a specific organization, folder, or project, ...READ MORE

answered Nov 7, 2022 in GCP by Tejashwini
 • 3,820 points 539 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.