问题
Using gcloud auth ... you can add or remove accounts used during the gcloud commands.
Is there a way to get the active account without grep-ing and awk-ing?
gcloud auth list is good for humans but not good enough to a machine. I want a cleaner solution.
gcloud config list account also shows me to verbose output:
Your active configuration is: [default]
[core]
account = service@<my_project>.iam.gserviceaccount.com
回答1:
I found the solution:
gcloud config list account --format "value(core.account)"
This would tell you:
Your active configuration is: [default]
service@<my_project>.iam.gserviceaccount.com
To also avoid the active configuration message, you can redirect the stderr to /dev/null:
$ gcloud config list account --format "value(core.account)" 2> /dev/null
service@<my_project>.iam.gserviceaccount.com
It would be nice if --verbosity would also work in this case to remove the info message. That would mean:
$ gcloud config list account --format "value(core.account)" --verbosity error
Any Googlers out there that can post a comment if this is a reasonable feature/bug request/report?
回答2:
This also seems to work
gcloud config get-value account
回答3:
Both of these commands below will give the same result:
$ gcloud config get-value account
$ gcloud config list --format 'value(core.account)'
But when you want to set the account to be activated externally then it can be done with the json key:
#!/bin/bash
if [[ ! $(gcloud config get-value account &> /dev/null) ]]
then
GCP_SA_KEY=<json credential key>
GCP_ACCOUNT=service@<my_project>.iam.gserviceaccount.com
if [ -z $GOOGLE_APPLICATION_CREDENTIALS ]
then
echo $GCP_SA_KEY > google-app-creds.json
export GOOGLE_APPLICATION_CREDENTIALS=$(realpath google-app-creds.json)
gcloud auth activate-service-account $GCP_ACCOUNT --project=<my_project> \
--key-file=$GOOGLE_APPLICATION_CREDENTIALS
fi
fi
Ouput will be like this
$ bash /path/to/the/above/file
Activated service account credentials for: [service@<my_project>.iam.gserviceaccount.com]
To take a quick anonymous survey, run:
$ gcloud alpha survey
$ gcloud config get-value account
service@<my_project>.iam.gserviceaccount.com
回答4:
The gcloud command is generally meant for humans to consume, rather than machines.
What are you trying to do? Generally speaking, if you need to auth programatically, you would use Application Default Credentials and (for example) the GOOGLE_APPLICATION_CREDENTIALS environment variable, which the client libraries grab auth information from.
来源:https://stackoverflow.com/questions/35311686/how-to-get-the-active-authenticated-gcloud-account