This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

gcloud command - set variable for project to run gcloud command on multiple project ids

Posted on 02-09-2023 05:40 AM
ennovers
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I am very new to gcloud command line and new to scripting altogether. I'm cleaning up a GCP org with multiple stray projects. I am trying to run a gcloud command to find the creator of all my projects so I can reach out to each project creator and ask them to clean up a few things.

I found a command to search logs for a project and find the original project creator, provided the project isn't older than 400 days.

gcloud logging read --project [PROJECT]
--order=asc --limit=1
--format='table(protoPayload.methodName, protoPayload.authenticationInfo.principalEmail)'

My problem is this: I have over 300 projects in my org currently. I have a .csv of all project names and IDs via (gcloud projects list).

Using the above command. How can I make [project] a variable and call/import the project name field from my .csv as the variable.

What I hope to accomplish is this: The gcloud command line provided the output for each project name in the .csv file and outputs it all to a another .csv file. I hope this all made sense.

Thanks.

I haven't tried anything yet. I don't want to run the same command for each of the 300 projects manually.

0 3 1,345
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
kolban
Staff
Reply posted on --/--/---- --:-- AM

I think we are solidly in the domain of "BASH script writing in Linux".  At the highest level, what you want to do is loop through each of the rows in your CSV, parse out the column you are interested in, put that in a BASH variable and then reference the variable in your data.   Here is a recipe on parsing CSV in BASH.  However, I'm tempted to suggest a different strategy.  In your gcloud command where you used --format="table(...)", consider outputing JSON such as --format="json".   The reason that helps us is that JSON is (in my opinion) easier to parse using the 'jq' command.   

0 Likes

Posted on --/--/---- --:-- AM
ennovers
Bronze 1
Bronze 1
In response to kolban
Reply posted on --/--/---- --:-- AM

Thanks so much kolban. I apologize if I posted my question in the wrong "domain". Unfortunately, I am VERY new to scripting as a whole and have no prior experience with BASH script writing in Linux. I was hoping there is a solution to my use case using native gcp gcloud. 

0 Likes

Posted on --/--/---- --:-- AM
kolban
Staff
In response to ennovers
Reply posted on --/--/---- --:-- AM

I don't have an immediate answer, but one thought might be to create a new project ... say XYZ.  Then we can look in the logs and find the log entry that is written when a new project is created.  Ideally, that record will also contain identity information of the principal that ran the project creation command.  Now that we know what an examplar log entry looks like, maybe we could write a gcloud logging read with a filter that would only return those kinds of records.  That would then seem to say that we would end up with a list of the identities that created the projects.

Another thought would be to run a gcloud command that gives us a list of all the projects in your organization.  From there, for each project, we could now run a gcloud command to retrieve the project IAM policy.  In theory, we could then look for principals which have Owner role and any of these should be able to affect cleanups.

0 Likes
Top Solution Authors
View all