How do I export(to a file) all people with a certain role per project in an organization in GCP?

Question

I have inherited a project and am basically trying to get all owners per project from the more than 100 projects into a nice little list so that I can use them for further role planning outside of GCP. There are projects that have more than 30 owners and I need to start managing roles.

They are managed in the projects directly and are not populated by CI or any other service.

Thank you

Answer 1

What have you tried so far?

There's a lot of questions I can ask for more detail and understanding but making assumptions, I'd make a script that iterates over all Projects, iterate over all People with Role.

There's GUI, CLI, API, etc ways to access the information. For a simple script, CLI is the simplest.

To show all projects: gcloud projects list

To list all users in the project (with their roles) gcloud projects get-iam-policy <project_name>

Hope this helps!

Answer 2

    for PROJECT in `gcloud projects list --format="value(projectId)"`
do
   printf "Project: %s\n" ${PROJECT} >> Testfile1.txt
   gcloud projects get-iam-policy ${PROJECT} --flatten="bindings[].members[]" --filter="bindings.role=roles/owner" --format="value(bindings.members)" >> Testfile1.txt 
   printf "\n"
   printf "\n"    
done

Gets the job done. Iterates through all projects and exports project-id and name of all "owners" to a file called "Testfile1.txt". It is not pretty but it works.