You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
52 lines
1.5 KiB
Bash
52 lines
1.5 KiB
Bash
#!/usr/bin/env bash
|
|
# vim:ts=4:sts=4:sw=4:et
|
|
#
|
|
# Author: Hari Sekhon
|
|
# Date: 2021-02-19 12:06:42 +0000 (Fri, 19 Feb 2021)
|
|
#
|
|
# https://github.com/HariSekhon/DevOps-Bash-tools
|
|
#
|
|
# License: see accompanying Hari Sekhon LICENSE file
|
|
#
|
|
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
|
|
#
|
|
# https://www.linkedin.com/in/HariSekhon
|
|
#
|
|
|
|
set -euo pipefail
|
|
[ -n "${DEBUG:-}" ] && set -x
|
|
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
# shellcheck disable=SC1090
|
|
. "$srcdir/lib/utils.sh"
|
|
|
|
# shellcheck disable=SC2034,SC2154
|
|
usage_description="
|
|
Finds GCP IAM users which have been granted roles on an individual basis in the current or given GCP project
|
|
|
|
Useful to find best practice violations where users have been granted roles instead of group-based management
|
|
|
|
This is slightly more useful than the adjacent gcp_iam_roles_with_direct_user_grants.sh since this is listed in the GCP Console UI per user on the IAM permissions page
|
|
|
|
|
|
Requires GCloud SDK to be installed and configured
|
|
"
|
|
|
|
# used by usage() in lib/utils.sh
|
|
# shellcheck disable=SC2034
|
|
usage_args="[<project_id>]"
|
|
|
|
help_usage "$@"
|
|
|
|
project="${1:-}"
|
|
|
|
if is_blank "$project"; then
|
|
project="$(gcloud config list --format='get(core.project)')"
|
|
fi
|
|
|
|
not_blank "$project" || die "ERROR: no project specified and GCloud SDK core.project property not set in config"
|
|
|
|
gcloud projects get-iam-policy "$project" --format=json |
|
|
jq -r ".bindings[].members[] | select(test(\"^user:\"))" |
|
|
sort -u
|