Jamie Thomson

Thoughts, about stuff

Archive for June 2019

Use gcloud to list all project roles that a service account is a member of

leave a comment »

In the category of “stuff I’ll need to know later” here is how to use the gcloud command-line tool to get a list of all of the project roles that a service account is a member of.

SERVICE_ACCOUNT=my-service-account@my-gcp-project.iam.gserviceaccount.com
GCP_PROJECT=my-gcp-project
gcloud projects get-iam-policy $GCP_PROJECT \
--flatten="bindings[].members" \
--format='table(bindings.role)' \
--filter="bindings.members:$SERVICE_ACCOUNT"

Running that for one of my service accounts provided this output:

ROLE
roles/cloudsql.client
roles/compute.instanceAdmin
roles/compute.storageAdmin
roles/dataproc.editor
roles/dataproc.worker
roles/logging.logWriter
roles/logging.viewer
roles/monitoring.metricWriter
roles/storage.objectAdmin
roles/storage.objectViewer

Written by Jamiet

June 13, 2019 at 9:50 am

Posted in Uncategorized

Tagged with