Script to retrieve GCP IAM roles, users and serviceaccounts

gcpiamuserlist-extraction.sh

#!/bin/bash
# Script to retrieve GCP IAM roles, users and serviceaccounts
# Author - Rajathithan Rajasekar - 03/03/2020
# Update - 07/12/2023
gcloud config set accessibility/screen_reader False
echo 'project-name,roles/rolename,user:username-and-serviceaccounts' > iamlist.csv
prjs=( $(gcloud projects list | tail -n +2 | awk {'print $1'}) )
for i in "${prjs[@]}"
	do
		echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
		echo "Collecting IAM roles & users for Project: $i"
		echo $(gcloud projects get-iam-policy $i --format="table(bindings)[0]" | sed -e 's/^\w*\ *//'|tail -c +2 |python reformat.py $i >> iamlist.csv)			
	done

As is I wasn't able to run the script, wouldn't surprise me if Google slightly changed the output. I changed line 6 to "prjs=( $(gcloud projects list | grep PROJECT_ID: | cut -f2 -d" ") )"

Now where I'm running into a problem is we sometimes use the description field which breaks the reformat.py . I'm hoping someone has a quick answer, I'm very rusty with both my shell scripting and python but sure there is an easy answer.

Solution:

I believe you are trying to run this from your cloud shell.

Run the below commands before executing the script

sudo apt-get update
sudo apt-get reinstall google-cloud-sdk

Hello Raja, what if i have to pull data for a single project, where do i need to make changes..

script worked but its getting information for all the projects in our environment
but i am looking for a particular project