7

gcloud projects get-iam-policy [PROJECT-ID] lists all users with their roles for specific project. There are different filters and formatters available but I can't seem to find the right way to just filter only by specific role.

$ gcloud projects get-iam-policy MY_PROJECT

bindings:
- members:
  - serviceAccount:12345678-compute@developer.gserviceaccount.com
  - user:alice@foobar.com
  role: roles/editor
- members:
  - user:you@yourdomain.com
  - user:someoneelse@yourdomain.com
  role: roles/owner
etag: ARBITRARY_ETAG_HERE
version: 1

What's the --filter= expression that I need to use to list only users with the role roles/owner?

manasouza
  • 237
  • 1
  • 4
SiliconMind
  • 173
  • 1
  • 4

2 Answers2

3

That can be achieved using another gcloud command:

gcloud beta asset search-all-iam-policies --query policy:"roles/owner" --project $your_project_id --flatten="results[].policy[]" --format="csv(bindings.members[0])"
manasouza
  • 237
  • 1
  • 4
2

Ran into this requirement recently as well. You can achieve this without the use of the assets API.

$ gcloud projects get-iam-policy $PROJECT --flatten="bindings[].members" --filter="bindings.role:roles/owner" --format='table(bindings.members)'
Matthew
  • 21
  • 1