We can list all iam service accounts as follows:
gcloud iam service-accounts list
We can list all iam roles as follows:
gcloud iam roles list
This works fine for one project only.
I have however multiple projects and they are organized by folders. I would like to list therefore all IAM principles and roles in one go. How can this be achieved?
List all Project IDs:
gcloud projects list --format="value(projectId)"
List all Service Account (Emails) by Project (IDs):
PROJECTS=$(\
gcloud projects list \
--format="value(projectId)")
for PROJECT in ${PROJECTS}
do
echo "Project: ${PROJECT}"
gcloud iam service-accounts list \
--project=${PROJECT} \
--format="value(email)"
done
IIUC gcloud iam roles list is a global list
For the custom role (names) in a Project, you want:
gcloud iam roles list \
--project=${PROJECT} \
--format="value(name)"
So perhaps:
PROJECTS=$(\
gcloud projects list \
--format="value(projectId)")
for PROJECT in ${PROJECTS}
do
echo "Project: ${PROJECT}"
gcloud iam roles list \
--project=${PROJECT} \
--format="value(name)"
done
Or perhaps:
gcloud projects get-iam-policy ${PROJECT}
And:
PROJECTS=$(\
gcloud projects list \
--format="value(projectId)")
for PROJECT in ${PROJECTS}
do
echo "Project: ${PROJECT}"
gcloud projects get-iam-policy ${PROJECT}
done
The above can be further filtered|formatted using --filter and --format flags.