Reputation: 243
How to get GCP "iampolicy" information in .CSV format with project ID?
I am not good at programming. I am trying to generate csv report from GCP cloud account. I need information about number of projects created in account and it's owner, IAM role and member etc.
I did try with bash script and I received output in json.
CODE
#!/bin/bash
for project in $(gcloud projects list --format="value(projectId)")
do
echo "ProjectId: $project"
iampolicy=$(gcloud projects get-iam-policy "$project" --format json")
echo "$iampolicy"
printf '%s\n' $iampolicy | paste -sd ',' >> file.csv
done
Output
ProjectId: test-project1-xyz
{
"bindings": [
{
"members": [
"user:[email protected]"
],
"role": "roles/owner"
}
],
"etag": "xyz=",
"version": 1
}
Currently I m getting same json output data in the file.csv file.
Expected Output
File.csv
Project ID Members-Email Role
xyz xyz xyz
Can anyone help me with this? Thank you in advance for your support.
Upvotes: 0
Views: 2835
Answers (4)
Reputation: 1
#!/bin/bash
> project_data.csv
gcloud projects list --format="value(projectId, name, createTime.date(tz=LOCAL))" >whole_project_details.txt
echo project_id, project_name, project_time >project_data.csv
while read project_details
do
project_id=`echo $project_details | awk '{print $1}'`
project_name=`echo $project_details | awk '{print $2}'`
project_time=`echo $project_details | awk '{print $3}'`
echo $project_id, $project_name, $project_time >> project_data.csv
done < whole_project_details.txt
This will provide details of GCP project in CSV format, ProjectID, ProjectName and Date/Time
Upvotes: 0
Reputation: 1184
If you have cloudasset.assets.searchAllIamPolicies permission upon the org that contains all the projects, you can achieve your goal using one command:
$ gcloud asset search-all-iam-policies \
--query='resource:cloudresourcemanager.googleapis.com/projects' \
--flatten=policy.bindings[].members[] \
--format='csv(resource, policy.bindings.role, policy.bindings.members)' \
--scope=organizations/123
Use your organization number instead of 123.
You can find more details in another thread: How to list, find, or search iam policies across services (APIs), resource types, and projects in google cloud platform (GCP)?
Upvotes: 0
Reputation: 40061
Perhaps:
#!/bin/bash
echo "ID,Name,Member,Role"
gcloud projects list --format="csv[no-heading](projectId,name)" |\
while IFS="," read -r ID NAME
do
POLICY=$(\
gcloud projects get-iam-policy ${ID} \
--flatten="bindings[].members[]" \
--format="csv[no-heading](bindings.members,bindings.role)")
# Prefix ${PROJECT} to each line in the policy
for LINE in ${POLICY}
do
echo ${ID},${NAME},${LINE}
done
done
Upvotes: 2
Reputation: 40061
Perhaps:
#!/bin/bash
echo "Project-ID,Member,Role"
for PROJECT in $(gcloud projects list --format="value(projectId)")
do
POLICY=$(\
gcloud projects get-iam-policy ${PROJECT} \
--flatten="bindings[].members[]" \
--format="csv[no-heading](bindings.members,bindings.role)")
# Prefix ${PROJECT} to each line in the policy
for LINE in ${POLICY}
do
echo ${PROJECT},${LINE}
done
done
I forget the way to split the Member (type:email)
Upvotes: 1
Related Questions
- Retrieve information from Google GCP Project Credentials API key
- Get the Default GCP Project ID with a Cloud SDK CLI One-Liner
- How to get project name/id from Google Cloud Storage bucket?
- Return active GCP project name programatically for both local dev and deployed Cloud Run projects
- How to programmatically obtain a google cloud project number using its project id in Python
- How to list GCP projects with a particular API enabled
- Using the gcloud CLI tool, and given the id of the instance, how do you get the project?
- How to get only the "project name" from GCP using gcloud command?
- Find the Project, Bucket, Compute Instance Details for GCP Platform
- Get the Client ID from the command line in GCP