如何列出与 gcp 服务帐户关联的角色? [英] How do I list the roles associated with a gcp service account?
问题描述
在 google cloud gui 控制台中,我转到IAM & admin">服务帐户"并创建了一个名为my-service-account"的具有查看者角色的服务帐户.
In the google cloud gui console I went to "IAM & admin" > "Service accounts" and created a service account named "my-service-account" with the viewer role.
然后我运行了这个命令:
I then ran this command:
gcloud iam service-accounts get-iam-policy my-service-account@mydomain.iam.gserviceaccount.com
看到这个输出:
etag: ACAB
根据文档,这意味着此服务帐户没有与之关联的政策.所以我给它分配了一个不包含在它的政策"中的角色".
According to the docs this means this service account has no policy associated with it. So I assigned it a "role" which is not included in its "policy".
如何列出与服务帐户关联的角色?
How do I list the roles associated with a service account?
由于对这个问题的出色回答,我现在可以遍历所有项目并得到我想要的.因此,根据您这些 cmd 工具的版本,这应该列出所有项目中单个服务帐户的所有角色绑定:
Thanks to the excellent answer to this question I can now loop over all projects and get what I want. so, depending on your version of these cmd tools, this should list all role bindings of a single service account across all projects:
gcloud projects list |
awk '{print $1}' |
xargs -I % sh -c "echo ""; echo project:% &&
gcloud projects get-iam-policy %
--flatten='bindings[].members'
--format='table(bindings.role)'
--filter='bindings.members:YOU-SERVICE-ACCOUNT@blah.com'
;"
推荐答案
要过滤特定的服务帐户,以下 gcloud 命令可以解决问题:
To filter on a specific service account, the following gcloud commmand does the trick:
gcloud projects get-iam-policy <YOUR GCLOUD PROJECT>
--flatten="bindings[].members"
--format="table(bindings.role)"
--filter="bindings.members:<YOUR SERVICE ACCOUNT>"
给出不错的输出:
ROLE
roles/cloudtrace.agent
roles/servicemanagement.serviceController
roles/viewer
当然可以调整格式参数以满足您的特定需求.
The format parameter can of course be tweaked to suit your specific needs.
这篇关于如何列出与 gcp 服务帐户关联的角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!