Using gcloud to list all active resources under a given GCP project
You can use search-all-resources to search all the resources across services (or APIs) and projects for a given organization, folder, or project.
To search all the resources in a project with number 123:
$ gcloud asset search-all-resources --scope=projects/123
See the other post for more details: How to find, list, or search resources across services (APIs) and projects in Google Cloud Platform?
I think that this command would do it, but seems to be only in a closed alpha, so I think in a near future will do...
gcloud alpha resources list
https://cloud.google.com/sdk/gcloud/reference/alpha/resources/list
IIUC there's no general-purpose type for "things that live in projects" so you'd need to enumerate all the types (that interest you) specifically.
Also, some resources (e.g. keys) are owned by service accounts that are owned by projects.
for PROJECT in $(\
gcloud projects list \
--format="value(projectId)")
do
echo "Project: ${PROJECT}"
echo "Services"
gcloud services list --project=${PROJECT}
echo "Kubernetes Clusters"
gcloud container clusters list --project=${PROJECT}
echo "Compute Engine instances"
gcloud compute instances list --project=${PROJECT}
echo "Service Accounts"
for ACCOUNT in $(\
gcloud iam service-accounts list \
--project=${PROJECT} \
--format="value(email)")
do
echo "Service Account keys: ${ACCOUNT}"
gcloud iam service-accounts keys list --iam-account=${ACCOUNT} --project=${PROJECT}
done
done
Various challenges with this approach though:
- Some enumerations may require more details (e.g. regions|zones)
- You'd need to be exhaustive (it won't list what you don't request)
- it gets nested|messy quickly
- Some services prompt if they're not enabled (e.g. Compute Engine)
NB
- You can apply
--filter=...to each of the above commands - You could wrap the entire loop into one that enumerates
gcloud auth listaccounts