关于如何使用 python 列出 gcp 服务帐户密钥的任何想法

发布于 2025-01-10 00:49:06 字数 162 浏览 2 评论 0原文

我需要组织内所有 GCP 项目中的所有服务帐户密钥的列表。我正在寻找的是处于活动状态的用户管理服务帐户密钥的列表...下面是我正在使用的代码

不确定缺少什么，我没有看到用户管理服务帐户密钥，我只看到系统管理。如何获取用户管理服务帐户密钥的列表？

I need a list of all service account keys in all gcp projects within an organization. What i am looking for is a list of user managed service account keys that are active...Below is the code i am using

Not sure what is missing, i don't see user managed service account keys, i only see system managed. How can i get a list of user managed service account keys??

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

盛夏已如深秋| 2025-01-17 00:49:06

您正在调用 projects.serviceAccounts.keys .list 方法，带有（可选？）KeyType
SYSTEM_MANAGED 但您想要 USER_MANAGED

我鼓励您放弃所有 subprocess 内容。它完全是多余的，使您的代码变得不必要的复杂和有问题。

例子

import google.auth

from googleapiclient import discovery


credentials, project = google.auth.default()

crm = discovery.build(
    "cloudresourcemanager",
    "v1",
    credentials=credentials
)
iam = discovery.build(
    "iam",
    "v1",
    credentials=credentials
)

projects_list_rqst = crm.projects().list()

while projects_list_rqst is not None:
    projects_list_resp = projects_list_rqst.execute()
    projects = projects_list_resp.get("projects",[])

    for project in projects:
        project_id = project["projectId"]
        print(f"Project: {project_id}")
        name="projects/{project_id}".format(project_id=project_id) 
        sa_list_rqst = iam.projects().serviceAccounts().list(
            name=name
        )

        while sa_list_rqst is not None:
            sa_list_resp = sa_list_rqst.execute()
            accounts = sa_list_resp.get("accounts",[])

            for account in accounts:
                name=account["name"]
                print(f"\tAccount: {name}")
                keys_list_rqst = iam.projects().serviceAccounts().keys().list(
                    name=name,
                    keyTypes="USER_MANAGED"
                )
                keys_list_resp = keys_list_rqst.execute()
                keys = keys_list_resp.get("keys",[])

                for key in keys:
                    name=key["name"]
                    print(f"\t\tKey: {name}")
            
            sa_list_rqst = iam.projects().serviceAccounts().list_next(
                previous_request=sa_list_rqst,
                previous_response=sa_list_resp
            )

    projects_list_rqst = crm.projects().list_next(
        previous_request=projects_list_rqst,
        previous_response=projects_list_resp)

You're calling the projects.serviceAccounts.keys.list method with an (optional?) KeyType
of SYSTEM_MANAGED but you want USER_MANAGED

I encourage you to jettison all the subprocess stuff. It's entirely redundant, makes your code unnecessary complex and problematic.

Example

import google.auth

from googleapiclient import discovery


credentials, project = google.auth.default()

crm = discovery.build(
    "cloudresourcemanager",
    "v1",
    credentials=credentials
)
iam = discovery.build(
    "iam",
    "v1",
    credentials=credentials
)

projects_list_rqst = crm.projects().list()

while projects_list_rqst is not None:
    projects_list_resp = projects_list_rqst.execute()
    projects = projects_list_resp.get("projects",[])

    for project in projects:
        project_id = project["projectId"]
        print(f"Project: {project_id}")
        name="projects/{project_id}".format(project_id=project_id) 
        sa_list_rqst = iam.projects().serviceAccounts().list(
            name=name
        )

        while sa_list_rqst is not None:
            sa_list_resp = sa_list_rqst.execute()
            accounts = sa_list_resp.get("accounts",[])

            for account in accounts:
                name=account["name"]
                print(f"\tAccount: {name}")
                keys_list_rqst = iam.projects().serviceAccounts().keys().list(
                    name=name,
                    keyTypes="USER_MANAGED"
                )
                keys_list_resp = keys_list_rqst.execute()
                keys = keys_list_resp.get("keys",[])

                for key in keys:
                    name=key["name"]
                    print(f"\t\tKey: {name}")
            
            sa_list_rqst = iam.projects().serviceAccounts().list_next(
                previous_request=sa_list_rqst,
                previous_response=sa_list_resp
            )

    projects_list_rqst = crm.projects().list_next(
        previous_request=projects_list_rqst,
        previous_response=projects_list_resp)

回复收藏 0 原文

~没有更多了~