Login/Register
How to get the active authenticated gcloud account?
Asked Answered
Solved authenticationgoogle-cloud-platformgcloudverbosity
V

5

60

Using gcloud auth ... you can add or remove accounts used during the gcloud commands.

Is there a way to get the active account without grep-ing and awk-ing?

gcloud auth list is good for humans but not good enough to a machine. I want a cleaner solution.

gcloud config list account also shows me to verbose output:

Your active configuration is: [default]

[core]
account = service@<my_project>.iam.gserviceaccount.com
Vocalic answered 10/2, 2016 at 9:48 Comment(1)
Similar question: #35173614Floyfloyd
V
77

I found the solution:

gcloud config list account --format "value(core.account)"

This would tell you:

Your active configuration is: [default]

service@<my_project>.iam.gserviceaccount.com

To also avoid the active configuration message, you can redirect the stderr to /dev/null:

$ gcloud config list account --format "value(core.account)" 2> /dev/null
service@<my_project>.iam.gserviceaccount.com

It would be nice if --verbosity would also work in this case to remove the info message. That would mean:

$ gcloud config list account --format "value(core.account)" --verbosity error

Any Googlers out there that can post a comment if this is a reasonable feature/bug request/report?

Vocalic answered 10/2, 2016 at 10:22 Comment(2)
Alternatively use gcloud auth list --filter=status:ACTIVE --format="value(account)". cloud.google.com/sdk/gcloud/reference/auth/listAperture
I've been running into issues with core/account not always being set. Luís Bianchin's alternative approach of checking the auth list directly has proven to be more reliable. It also has the added bonus of not printing a new line character if nothing is found.Unpredictable
N
31

This also seems to work

gcloud config get-value account
Nidifugous answered 10/1, 2019 at 9:9 Comment(0)
M
9

Both of these commands below will give the same result:

$ gcloud config get-value account
$ gcloud config list --format 'value(core.account)'

But when you want to set the account to be activated externally then it can be done with the json key:

#!/bin/bash
if [[ ! $(gcloud config get-value account &> /dev/null) ]]
then
    GCP_SA_KEY=<json credential key>
    GCP_ACCOUNT=service@<my_project>.iam.gserviceaccount.com 
    if [ -z $GOOGLE_APPLICATION_CREDENTIALS ]
    then
        echo $GCP_SA_KEY > google-app-creds.json
        export GOOGLE_APPLICATION_CREDENTIALS=$(realpath google-app-creds.json)
        gcloud auth activate-service-account $GCP_ACCOUNT --project=<my_project> \
        --key-file=$GOOGLE_APPLICATION_CREDENTIALS
    fi
fi

Ouput will be like this

$ bash /path/to/the/above/file
Activated service account credentials for: [service@<my_project>.iam.gserviceaccount.com] 

To take a quick anonymous survey, run: 
  $ gcloud alpha survey

$ gcloud config get-value account
service@<my_project>.iam.gserviceaccount.com
Milson answered 8/8, 2019 at 17:1 Comment(1)
For those wanting to check if there are no active account, be aware that there is a minor difference between the output of these two commands: gcloud config get-value account will return (unset) whereas gcloud config list --format 'value(core.account)' will return an empty output.Orlantha
I
2

Open gcloud console then run this below command, it work for me gcloud auth list

Icelander answered 25/5, 2021 at 16:32 Comment(1)
The original question states, "gcloud auth list is good for humans but not good enough to a machine. I want a cleaner solution."Adenaadenauer
Z
0

The gcloud command is generally meant for humans to consume, rather than machines.

What are you trying to do? Generally speaking, if you need to auth programatically, you would use Application Default Credentials and (for example) the GOOGLE_APPLICATION_CREDENTIALS environment variable, which the client libraries grab auth information from.

Zavras answered 12/2, 2016 at 2:6 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.