Created
January 22, 2020 16:01
-
-
Save dcloud9/b41e1c2d69ced9377b9afd21dbe8e1c5 to your computer and use it in GitHub Desktop.
Revisions
-
dcloud9 created this gist
Jan 22, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,32 @@ #! /usr/bin/env bash # Get all roles attached to all service accounts, users, groups per project per environment in GCP # Dependencies: Create and auth GCP named config using $gcloud config configurations create <env>|<named config> # Requires: gcloud, jq set -e ENVLIS="dev tst stg prd" PROJECTLIST="/tmp/projects" SALIST="/tmp/sa" TIMESTAMP=$(date "+%Y%m%d%H%M") OUTLIST="/tmp/out-${TIMESTAMP}" for ENV in ${ENVLIS} do echo "enabling GCP creds for ${ENV}..." gcloud config configurations activate ${ENV} gcloud projects list --format=json |jq -r .[].projectId | grep ${ENV} | sort -u > ${PROJECTLIST}-${ENV} for PROJECT in $(cat ${PROJECTLIST}-${ENV}) do echo -e "\nProject: ${PROJECT}" | tee -a ${OUTLIST}-${ENV}.txt gcloud projects get-iam-policy ${PROJECT} --flatten="bindings[].members" --format=json | jq -r .[].bindings.members | sort -u > ${SALIST}-${PROJECT}-${ENV} for SA in $(cat ${SALIST}-${PROJECT}-${ENV}) do gcloud projects get-iam-policy ${PROJECT} --flatten="bindings[].members" --filter="bindings.members:${SA}" --format='table[no-heading](bindings.members,bindings.role)' | tee -a ${OUTLIST}-${ENV}.txt done done done