When listing projects, we can filter on name using: gcloud projects list --filter='name:xxxx*'
How to store this filter in gcloud configuration so everytime we run gcloud projects list we get filtered projects ?
Note: I don't want a command alias, I need a "per gcloud configuration" filter.
Thanks
#guillaume-blaquiere is correct, you cannot.
However, users are only able to list projects to which they have access.
So, if you're trying to limit the list of projects that your users(' credentials) can list, a more robust solution would be to consider limiting the projects to which the users(' credentials) have access.
Depending on whether you're using a organization you can do this either at the organization/folder(s) level or at the project-level directly.
Related
I would like to access a list of all assets inside an organization. However, I am unable to access gcloud asset at the organizational level from SDK. I can do it without any issues from the console, but I need to use the SDK to create a script.
I have set the project ID to the organization ID. But I get the following error
The value of ``core/project'' property is set to project number.To use this command, set ``--project'' flag to PROJECT ID or set ``core/project'' property to PROJECT ID
There is no project ID to be set other than the organization ID.
This is what I see in the console.
Name
ID
sample-org
123456789
project -1
project-1-34d3
project -2
project-2-ds2f
...
...
Project and Organization represent different resources and setting one to the value of the other is meaningless.
Typing gcloud asset list --help or Googling "gcloud asset list" provide an explanation:
Listing assets
gcloud asset list --organization
ORG="..." # Your Organization ID
gcloud asset list --organization=${ORG}
I am looking for a way to use a bash script with gcloud to:
Generate a list of all current projects in the org
Check each project to see if it is in a VPC Service control perimeter and list which perimeter name.
Identify projects that are not in a VPC Service control perimeter.
I've had no luck finding a way to script this. I'd like to be able to easily generate this list and identify projects that are not in a vpcsc. Thanks!
I don't use service perimeters and so it's challenging to write|test a solution but here are some pointers.
1. Projects
ServicePerimeterConfig resources are of the form project/{project_number}.
So, when you enumerate the projects, you'll want to use the projectNumber:
gcloud projects list \
--format="value(projectId,projectNumber)"
Consider putting these into an associative array keyed on projectNumber so that you can return the more useful projectId.
2. Service Perimeters
gcloud access-context-manager perimeters list \
--format=...
The documentation is unclear. --format is a global gcloud flag and should support value, json and yaml.
servicePerimeters is a little gnarly (deep) but you probably want a second associative array keyed on projectNumber (again) with the name or title as the value.
You should be able to use scope("project") in the format string to extract the project number.
It's possible that you can map the servicePerimeters using gcloud --format (and transforms) only but it may be easier to pipe --format=json into something like jq and munge there.
Can one Project be in multiple Perimeters?
Can a Perimeter include a no-longer-exists Project?
servicePerimeter includes status and spec lists of projects
3. In|Not-In
Array #1 contains all the projects. Those in Array #2 (which may be a duplicative test but) gives you projects in a service perimeter.
So, you could iterate over #1 and if it's in Array #2 put it in the "in" list otherwise put it in the "out" list.
I have a large number of projects to handle on Google Cloud Platform. To clean them up, I want to pull a list of all projects incl. information on usage so I can filter and identify e.g. outdated projects.
Especially info on "last access" would help a lot. I couldn't find a way yet to pull a datetime variable giving me the last use of e.g. "data access" or "configuration" activity.
Any idea on how to perform such a query? Even alternative ways of determining recent activity within projects would help. Most used resources are BigQuery, ComputeEngine, Buckets.
Thanks!
You can achieve this through:
Audit Logs Or
Cloud Asset Inventory (better than audit logs for your case).
You will have the ability to view activity at project level or at folder/organization level.
Edit:
Including the Cloud Asset Inventory query that #nordlicht.22 created to solve the issue:
gcloud asset search-all-resources \
--scope='projects/{ProjectID}' \
--query='updateTime > 1643155200' \
--order-by='createTime DESC' \
--limit='1'`
I need to list out all the instance, container, function, notebooks, bucket, dataproc and composer running under project in all the region/locations.
Is it possible to list resources of all the regions location. Gcloud or python script both can work for me
My ultimate goal after listing is to put tag as per its name of the resource.
Thanks
You can use Google Asset inventory feature and query your project like this
gcloud asset search-all-resources --scope=projects/<PROJECT_ID> --page-size=500 --format=json
More detail in the documentation about the query format.
All the ressources aren't supported. You can find the full list here (For example, Cloud Run isn't yet supported, but it's coming soon!)
If you want to access through console, you could go to IAM & Admin Menu, then select Asset Inventory.
Then you could see bunch of asset list.
Click Resource tab if you want download all the details in csv format.
In search asset you will get abundance of irrelevant data. Better to use resource api of the resource you think relevant to you. Like
compute.googleapis.com/Instance
storage.googleapis.com/Bucket
dataproc.googleapis.com/Cluster
container.googleapis.com/Cluster
cloudfunctions.googleapis.com/CloudFunction
dataflow.googleapis.com/Job //Notebook
gcloud asset search-all-resources --asset-types='compute.googleapis.com/Instance,storage.googleapis.com/Bucket' --query='labels.name:*' --format='table(name, assetType, labels)'”
Is there any command to list all the GCP project quota in a single excel file with only top headers. I tried to apply FOR loop on quota management however it gives me output with header included every time with new projects when appended.
gcloud compute project-info describe --flatten=quotas -- format='csv(quotas.metric,quotas.limit,quotas.usage)' will provide for one project. However require for all project on Org level and folder level in a single excel file.
I crafted this bash code that can help you in order to iterate all projects related with the account used with GCloud feel free to modify this code according your use case
#!/bin/bash
#unique header
echo "ProjectId,Metric,Quota,Usage"
gcloud projects list --format="csv[no-heading](projectId,name)" |\
while IFS="," read -r ID NAME
do
RESULT=$(\
gcloud compute project-info describe --project ${ID} \
--flatten=quotas \
--format="csv[no-heading](quotas.metric,quotas.limit,quotas.usage)")
# Prefix ${ID} to each line in the result
for LINE in ${RESULT}
do
echo ${ID},${LINE}
done
done
it is important that the account authenticated has the role project/viewer over all projects associated, also Compute Engine API must be enabled in the projects.
Having said that, you can create a service account associated per organization or by folder in order to get all necessary information.