列出GCP帐户/组织的所有用户 [英] List ALL users of GCP account/Organization
问题描述
我在GCP中有一个组织,其中有多个项目.
I have an organization in GCP with multiple projects in it.
是否有任何方法可以列出所有项目用户及其角色,而不必按项目访问项目?
Is there any way to list ALL project users and their roles without having to access project by project?
我使用的是gcloud projects get-iam-policy PROJECTNAME,但是列出了一个项目的用户,而我有几百个.
I was using gcloud projects get-iam-policy PROJECTNAME, but list users for a single project, and I have a few hundreds.
谢谢.
推荐答案
您可以在Cloud Shell中使用以下命令来获取所有项目,然后为每个项目显示iam策略:
You can use the following command in the Cloud Shell to fetch all projects and then show the iam-policy for each of them:
for i in $(gcloud projects list | sed 1d | cut -f1 -d$' '); do
gcloud projects get-iam-policy $i;
done;
有关该命令的一些说明:
A few clarifications about the command:
-
sed 1d删除第一行,其中将包含以下标头:
sed 1dremoves the first row which will contain the following headers:
PROJECT_ID | NAME | PROJECT_NUMBER
cut -f1 -d$' '将获取第一列,即将传递给gcloud projects get-iam-policy命令的PROJECT_ID
cut -f1 -d$' ' will fetch the first column, which is the PROJECT_ID that will be passed to the gcloud projects get-iam-policy command
要以PROJECT | MEMBERS | ROLE样式获取结果时,可以使用以下命令为每个具有以下结构的项目创建.csv文件:ROLES | MEMBERS.每个圆角将被命名为PROJECT_ID.csv
As you wanted to get the results in a PROJECT | MEMBERS | ROLE style, you can use the following which will create a .csv file for each project with the following structure inside: ROLES | MEMBERS. Each fille will be named PROJECT_ID.csv
-
角色:当前角色由以下成员列表拥有
Roles: Current role owned by the followed list of members
成员:拥有该角色的成员列表
Members: List of members who own the role
for i in $(gcloud projects list | sed 1d | cut -f1 -d$' '); do
echo "Getting IAM policies for project:" $i;
echo "..........";
(echo "ROLES,MEMBERS" && paste -d "," <(printf %s "$(gcloud projects get-iam-policy $i | yq '.bindings | .[].role' | cut -d "\"" -f2)") <(printf %s "$(gcloud projects get-iam-policy $i | yq '.bindings | .[].members | join(",")' | cut -d"\"" -f2)")) | cat >> $i.csv
echo "Done. Logs created at file" $i.csv;
echo "--------------------------------"
done;
可能需要在这里安装的唯一要求是yq,您可以将其安装在外壳中.
The only requirement that may be needed to install here is yq, which you can install in your shell.
根据注释中的要求,所有信息输出将按照以下格式输出到相同的.csv文件:PROJECT_ID | ROLE | MEMBERS
As requested in the comments, all the information output will go to the same .csv file following the format: PROJECT_ID | ROLE | MEMBERS
echo "PROJECT_ID,ROLES,MEMBERS" | cat >> output.csv
for i in $(gcloud projects list | sed 1d | cut -f1 -d$' '); do
echo "Getting IAM policies for project:" $i;
echo "..........";
paste -d "," <(printf %s "$(for j in $(seq 1 $(gcloud projects get-iam-policy $i | yq '.bindings | .[].role' | cut -d "\"" -f2 | wc -l)); do echo $i; done;)") <(printf %s "$(gcloud projects get-iam-policy $i | yq '.bindings | .[].role' | cut -d "\"" -f2)") <(printf %s "$(gcloud projects get-iam-policy $i | yq '.bindings | .[].members | join(",")' | cut -d"\"" -f2)") | cat >> output.csv
echo "Done. Logs created at file" $output.csv;
echo "--------------------------------"
done;
这篇关于列出GCP帐户/组织的所有用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
