How to get the active authenticated gcloud account?

﹥>﹥吖頭↗ 提交于 2021-02-06 15:07:14

问题


Using gcloud auth ... you can add or remove accounts used during the gcloud commands.

Is there a way to get the active account without grep-ing and awk-ing?

gcloud auth list is good for humans but not good enough to a machine. I want a cleaner solution.

gcloud config list account also shows me to verbose output:

Your active configuration is: [default]

[core]
account = service@<my_project>.iam.gserviceaccount.com

回答1:


I found the solution:

gcloud config list account --format "value(core.account)"

This would tell you:

Your active configuration is: [default]

service@<my_project>.iam.gserviceaccount.com

To also avoid the active configuration message, you can redirect the stderr to /dev/null:

$ gcloud config list account --format "value(core.account)" 2> /dev/null
service@<my_project>.iam.gserviceaccount.com

It would be nice if --verbosity would also work in this case to remove the info message. That would mean:

$ gcloud config list account --format "value(core.account)" --verbosity error

Any Googlers out there that can post a comment if this is a reasonable feature/bug request/report?




回答2:


This also seems to work gcloud config get-value account




回答3:


Both of these commands below will give the same result:

$ gcloud config get-value account
$ gcloud config list --format 'value(core.account)'

But when you want to set the account to be activated externally then it can be done with the json key:

#!/bin/bash
if [[ ! $(gcloud config get-value account &> /dev/null) ]]
then
    GCP_SA_KEY=<json credential key>
    GCP_ACCOUNT=service@<my_project>.iam.gserviceaccount.com 
    if [ -z $GOOGLE_APPLICATION_CREDENTIALS ]
    then
        echo $GCP_SA_KEY > google-app-creds.json
        export GOOGLE_APPLICATION_CREDENTIALS=$(realpath google-app-creds.json)
        gcloud auth activate-service-account $GCP_ACCOUNT --project=<my_project> \
        --key-file=$GOOGLE_APPLICATION_CREDENTIALS
    fi
fi

Ouput will be like this

$ bash /path/to/the/above/file
Activated service account credentials for: [service@<my_project>.iam.gserviceaccount.com] 

To take a quick anonymous survey, run: 
  $ gcloud alpha survey

$ gcloud config get-value account
service@<my_project>.iam.gserviceaccount.com



回答4:


The gcloud command is generally meant for humans to consume, rather than machines.

What are you trying to do? Generally speaking, if you need to auth programatically, you would use Application Default Credentials and (for example) the GOOGLE_APPLICATION_CREDENTIALS environment variable, which the client libraries grab auth information from.



来源:https://stackoverflow.com/questions/35311686/how-to-get-the-active-authenticated-gcloud-account

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!