We Keep Coding

How to list "labels" and "in use by" along with instances in a project?

I am currently using the following piece of code to get instance list from a project (which seems to work ok):
gcloud compute instances list
--format="csv(name,description,machineType,status,zone)"
However, looking at the response body for instances.list, I found labels but couldnt find where "In Use By" values are listed. I've tried the following, but it didn't work.
gcloud compute instances list \
--format="csv(name,description,machineType,status,zone,items.labels.list())"
If it helps, I am looking for the values in red to be listed along with my instances.list output:
https://imgur.com/FFeDHoW

You can use the below commands to get the details using gcloud compute instances list --topic format:
gcloud compute instances list --format='csv(name,description,machineType,status,zone,labels,inUseBy,instanceTemplate.list())'
or
gcloud compute instances list --format='table(name,description,machineType,status,zone,labels,inUseBy,instanceTemplate.list())'
Sample Output:

How can I check for GCP projects not in a VPC Service Control Perimeter using bash?

I am looking for a way to use a bash script with gcloud to:
Generate a list of all current projects in the org
Check each project to see if it is in a VPC Service control perimeter and list which perimeter name.
Identify projects that are not in a VPC Service control perimeter.
I've had no luck finding a way to script this. I'd like to be able to easily generate this list and identify projects that are not in a vpcsc. Thanks!

I don't use service perimeters and so it's challenging to write|test a solution but here are some pointers.
1. Projects
ServicePerimeterConfig resources are of the form project/{project_number}.
So, when you enumerate the projects, you'll want to use the projectNumber:
gcloud projects list \
--format="value(projectId,projectNumber)"
Consider putting these into an associative array keyed on projectNumber so that you can return the more useful projectId.
2. Service Perimeters
gcloud access-context-manager perimeters list \
--format=...
The documentation is unclear. --format is a global gcloud flag and should support value, json and yaml.
servicePerimeters is a little gnarly (deep) but you probably want a second associative array keyed on projectNumber (again) with the name or title as the value.
You should be able to use scope("project") in the format string to extract the project number.
It's possible that you can map the servicePerimeters using gcloud --format (and transforms) only but it may be easier to pipe --format=json into something like jq and munge there.
Can one Project be in multiple Perimeters?
Can a Perimeter include a no-longer-exists Project?
servicePerimeter includes status and spec lists of projects
3. In|Not-In
Array #1 contains all the projects. Those in Array #2 (which may be a duplicative test but) gives you projects in a service perimeter.
So, you could iterate over #1 and if it's in Array #2 put it in the "in" list otherwise put it in the "out" list.

GCP, is there a way to find which Asset-type can be labelled and which are not?

I need to find out which resources (Asset-Types) in entire GCP organization can be labelled.
In short, i do not want resources which doesn't have a column Label in the schema. Is there a way to find columns of every asset-type ? or any other way to extract only resources that have column/attribute Label?
gcloud asset search-all-resources --scope=organizations/Org-ID
--filter=-labels:* --format='csv(name, assetType, labels)' --sort-by=name > notLabels.csv
i use this command to get the resources but it returns also the resources that can't be labelled.

You can find the list of services that support labels in GCP in this documentation.
And you can filter it with the following format below as an example:
gcloud asset search-all-resources --filter labels.env:*
The above command lists the services that has env as key and anything that has value on it.
gcloud asset search-all-resources --filter=-labels.*
The second sample command above lists the resources with no labels value by adding - before the label parameter.
You can find more information on using filter searches using labels here.

What modifications do I need to make to my gcloud command to get the list of enabled services in all GCP projects in the below tabular format?

I have the following code block to enumerate the enabled services in all GCP projects:
for project in $(gcloud projects list --format="value(projectId)"); \
do gcloud services list --project $project --format="table[box]($project,config.name,config.title)"; \
done;
It gives me the output in this format:
But I would like the output to be in this format:
How do I accomplish that? Please advise. Thanks.

You can't using gcloud because you need to assemble values from multiple commands: Projects.List and Services.List. gcloud --format applies only to the output from a single command.
You're grabbing all the data you need (Project, Name and Title). I recommend you use bash and the characters output by gcloud to form the table, and synthesize the table output for yourself.
Update
Here's a script that'll get you CSV output that matches your rows:
PROJECTS=$(\
gcloud projects list \
--format="value(projectId)")
for PROJECT in ${PROJECTS}
do
CONFIGS=$(gcloud services list \
--project=${PROJECT} \
--format="csv[no-heading](config.name,config.title.encode(base64))")
for CONFIG in ${CONFIGS}
do
IFS=, read NAME TITLE <<< ${CONFIG}
TITLE=$(echo ${TITLE} | base64 --decode)
echo "${PROJECT},${NAME},\"${TITLE}\""
done
done
NOTE encode(base64) to avoid the unquote title values from being split. base64 --decode reverses this at output. It should be possible to use format but I don't understand the syntax. --format='csv[no-heading](config.name,format("\"{0}\"",config.title))' didn't work.
Then, in the best *nix tradition, you can pipe that output into awk or columns or some other script that formats the CSV as a pretty-printed table. This is the more difficult challenge because you'll want to determine the longest value in each field in order to layout correctly. I'll leave that to you.

gcloud command output formatting to use results in another gcloud command

I'm trying to automate the deletion of SSL certificates that end with a certain text pattern on GCP projects.
For this I use the command:
gcloud compute ssl-certificates list --filter="name~'819$'" --format="(name)"
Which output displays exactly this format:
NAME
certname1-1602160819
certname2-1602160819
certname3-1602160819
...and so on
The thing is that if I want to use the results from this command to then use it to input another gcloud command that deletes each certificate, I get the first variable as NAME which is the field title and obviously not a certificate.
Here is my script:
#!/bin/bash
for oldcert in $( gcloud compute ssl-certificates list --filter="name~'819$'" --format="(NAME)")
do
gcloud compute ssl-certificates delete $oldcert
done
Do you know how I could get the field name NAME out of my output so I could treat each result in another command directly.
Thanks for your precious advices

#Hitobat thanks very much for your comment
I used the csv[no-heading] option even though the tails -n +2 otion also does the job
the following commands did the job great:
#!/bin/bash
for oldcert in $( gcloud compute ssl-certificates list --filter="name~'819$'" --format="csv[no-heading](name)")
do
gcloud compute ssl-certificates delete $oldcert --quiet
done

The right format to use is --format=value[](name).
According to the docs:
value
CSV with no heading and <TAB> separator instead of <COMMA>. Used
to retrieve individual resource values.
So it's equivalent to the --format="csv[no-heading](name) that you used, but "more correct" (and a little more legible).