This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Is it possible to show displayNames when using gcloud asset search-all-iam-policies

Posted on 07-22-2021 06:12 AM
aberger1
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi,

I'd like to create a report on IAM policies as a CSV file. I'm listing the organization, plus resources, members and roles with the following command:

gcloud asset search-all-iam-policies --scope=organizations/012345678901 --flatten='policy.bindings[].members[]' --format='csv(organization.basename(), resource, policy.bindings.members, policy.bindings.role)'

In the output, the first column shows the organization ID.

Is it possible to show the organization displayName instead of the ID?

Thanks

Solved Solved
1 2 868
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
alexmoore
Staff
Reply posted on --/--/---- --:-- AM

Not directly in that single gcloud command because it does not return that field, but you can look up the displayName using something like:

gcloud organizations list --filter=012345678901 --format="value(displayName)"

So if you're in  a bash shell you could combine them together with sed to do something like this:

DISPLAYNAME=$(gcloud organizations list --filter=012345678901 --format="value(displayName)"); gcloud asset search-all-iam-policies --flatten='policy.bindings[].members[]' --format='csv(organization.basename(), resource, policy.bindings.members, policy.bindings.role)' | sed "s/^012345678901/$DISPLAYNAME/"

That should be all one line 🙂

Hope that helps.

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
alexmoore
Staff
Reply posted on --/--/---- --:-- AM

Not directly in that single gcloud command because it does not return that field, but you can look up the displayName using something like:

gcloud organizations list --filter=012345678901 --format="value(displayName)"

So if you're in  a bash shell you could combine them together with sed to do something like this:

DISPLAYNAME=$(gcloud organizations list --filter=012345678901 --format="value(displayName)"); gcloud asset search-all-iam-policies --flatten='policy.bindings[].members[]' --format='csv(organization.basename(), resource, policy.bindings.members, policy.bindings.role)' | sed "s/^012345678901/$DISPLAYNAME/"

That should be all one line 🙂

Hope that helps.

Jump to Solution

Posted on --/--/---- --:-- AM
aberger1
Bronze 3
Bronze 3
In response to alexmoore
Reply posted on --/--/---- --:-- AM

Perfect, this is very helpful, thanks!

Jump to Solution
Top Labels in this Space
Top Solution Authors
View all