堆栈内存溢出
  简体   繁体   English

关于如何使用 python 列出 gcp 服务帐户密钥的任何想法

[英]Any idea of how to list gcp service account keys using python

 原文  2022-02-23 20:52:53       python/ google-cloud-platform/ service-accounts/ google-cloud-iam

问题描述

I need a list of all service account keys in all gcp projects within an organization.我需要组织内所有 gcp 项目中所有服务帐户密钥的列表。 What i am looking for is a list of user managed service account keys that are active...Below is the code i am using我正在寻找的是活动的用户管理服务帐户密钥列表......下面是我正在使用的代码

Not sure what is missing, i don't see user managed service account keys, i only see system managed.不确定缺少什么,我没有看到用户管理的服务帐户密钥,我只看到系统管理的。 How can i get a list of user managed service account keys??我如何获得用户管理的服务帐户密钥列表?

1 个解决方案

解决方案1
 0  2022-02-24 00:49:29

You're calling the projects.serviceAccounts.keys.list method with an (optional?) KeyType of SYSTEM_MANAGED but you want USER_MANAGED您正在使用SYSTEM_MANAGED的(可选?) KeyType调用projects.serviceAccounts.keys.list方法,但您想要USER_MANAGED

I encourage you to jettison all the subprocess stuff.我鼓励你放弃所有subprocess的东西。 It's entirely redundant, makes your code unnecessary complex and problematic.它完全是多余的,使您的代码变得不必要的复杂和有问题。

Example例子
import google.auth

from googleapiclient import discovery


credentials, project = google.auth.default()

crm = discovery.build(
    "cloudresourcemanager",
    "v1",
    credentials=credentials
)
iam = discovery.build(
    "iam",
    "v1",
    credentials=credentials
)

projects_list_rqst = crm.projects().list()

while projects_list_rqst is not None:
    projects_list_resp = projects_list_rqst.execute()
    projects = projects_list_resp.get("projects",[])

    for project in projects:
        project_id = project["projectId"]
        print(f"Project: {project_id}")
        name="projects/{project_id}".format(project_id=project_id) 
        sa_list_rqst = iam.projects().serviceAccounts().list(
            name=name
        )

        while sa_list_rqst is not None:
            sa_list_resp = sa_list_rqst.execute()
            accounts = sa_list_resp.get("accounts",[])

            for account in accounts:
                name=account["name"]
                print(f"\tAccount: {name}")
                keys_list_rqst = iam.projects().serviceAccounts().keys().list(
                    name=name,
                    keyTypes="USER_MANAGED"
                )
                keys_list_resp = keys_list_rqst.execute()
                keys = keys_list_resp.get("keys",[])

                for key in keys:
                    name=key["name"]
                    print(f"\t\tKey: {name}")
            
            sa_list_rqst = iam.projects().serviceAccounts().list_next(
                previous_request=sa_list_rqst,
                previous_response=sa_list_resp
            )

    projects_list_rqst = crm.projects().list_next(
        previous_request=projects_list_rqst,
        previous_response=projects_list_resp)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何获取在一个服务帐户下分配的多个 GCP 项目的列表? ( GCP )( python 客户端库文件) - How can get list of multiple - GCP projects assigned under one service account ? ( GCP )( python-client library files) 如何使用服务帐户从 python 代码访问 GCP 云 function? - How I can get access to GCP cloud function from python code using service account? 如何使用 Python 创建/管理 GCP API 密钥 - How do I create/manage GCP API keys using Python GCP 服务帐号命名 - GCP service account naming GCP 服务帐号问题 - GCP service account issue GCP Kube.netes 不使用服务帐户来拉取 docker 个图像 - GCP Kubernetes not using service account for pulling docker images GCP:如何向 Firestore 集合上的服务帐户授予角色? - GCP: How to grant a role to a service account on a Firestore collection? GCP-IAM - 如何授予对组织中所有服务帐户的访问权限? - GCP-IAM - How to grant access to all service account in organization? 使用 python 的 GCP 用户列表 - GCP user list using python 使用 SQL alchemy 和 GCP 服务帐户连接到 GCP Cloud SQL Auth Proxy - Connect to a GCP Cloud SQL Auth Proxy using SQL alchemy and a GCP service account
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM