Skip to content

Instantly share code, notes, and snippets.

@flannon

flannon/gcloud_cheat_sheet.md

Last active April 26, 2024 17:43
Show Gist options
  • Save flannon/9cd6042a37770b5489335f2b10765e2a to your computer and use it in GitHub Desktop.
Save flannon/9cd6042a37770b5489335f2b10765e2a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gcloud_cheat_sheet.md

Google SDK Cheat Sheet

Find all resources associated with an iam user,

`**gcloud beta asset search-all-iam-policies --scope=organizations/<org id> \
  --query="policy:<user>@<domain>" | egrep "resource:|role:|user:<user>@<domain>"**`

See: https://stackoverflow.com/a/60462095

Filestore

gcloud beta filestore instances create <filestore mount name> --location=<zone> --network=name=<shared-vpc network name> \
  --tier=high-scale-ssd --file-share=name=hpc-dev-filestore,capacity=10TB

Compute

Get load balancer front-end configured IP addresses

gcloud compute forwarding-rules list
Compute Images
gcloud compute images create <image name> --source-disk <source disk name> --family <family name>

Copy image from one project to another

 gcloud compute --project=project2 images create image-2 --family=<image family name>  --source-image=image-1 --source-image-project=project

from: https://serverfault.com/a/881638

Org and Folders

Filtering organization list

$ gcloud organizations list 
  DISPLAY_NAME            ID  DIRECTORY_CUSTOMER_ID
  example.edu       ###########              #########

$ gcloud organizations list --format="value(DISPLAY_NAME)"
  example.edu

$ gcloud organizations list --format="value(ID)"
  ###########
Show org policies exclusions
$ gcloud alpha resource-manager org-policies list --folder folder-id

$ gcloud alpha resource-manager org-policies list --project project-id

Convert format to json

$ gcloud organizations list --format=json
[
  {
    "creationTime": "2001-01-13T21:53:13.536Z",
    "displayName": "example.edu",
    "lifecycleState": "ACTIVE",
    "name": "organizations/#############",
    "owner": {
      "directoryCustomerId": "########"
    }
  }
]

Output single json key

$ gcloud organizations list --format="value(name)"

Putting it alltogether you can list all folders like this,

$ gcloud alpha resource-manager folders list --organization $(gcloud organizations list --format="value(name)")

Or get a single folder record like this,

$ gcloud alpha resource-manager folders list --organization $(gcloud organizations list --format="value(name)") \
    --format=flattened      --filter="displayName:HPC"

List compute images by family name

$ gcloud compute images list --project <Image Build Project> --filter="FAMILY=('family_name')"

Secrets Manager

Create a secret

$ gcloud secrets create secret_name --replication-policy automatic --data-file=file name of secret

Update a secret

$ gcloud secrets versions add <secret_name> --replication-policy automatic --data-file=file name of secret

Retrieve a secrets value

$ gcloud secrets versions access latest --secret=<secret-name> --format='get(payload.data)' | tr '_-' '/+' | base64 --decode

Open iap tunnel to (x)rdp

$ gcloud compute start-iap-tunnel <instance name> 3389 --local-host-port=localhost:8080 --zone=zone name

Storage

Permissions for inter-project object copy. Apply permisisons to both src and dest buckets

gsutil iam ch serviceAccount:project-@storage-transfer-service.iam.gserviceaccount.com:legacyBucketReader gs://bucket gsutil iam ch serviceAccount:project-@storage-transfer-service.iam.gserviceaccount.com:objectViewer gs://bucket gsutil iam ch serviceAccount:project-@storage-transfer-service.iam.gserviceaccount.com:objectCreator gs://bucket

Bucket to bucket copy

gcloud transfer jobs create gs://src-bucket/6d7e56-2020-05-15/ gs://dest-bucket/6d7e56-2020-05-15/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment