How do I get the organization ID of my current project in Google Cloud Platform?

About

Asked 15/1, 2020 at 10:51 Answered 6/5, 2024 at 13:23

Solved google-cloud-platform gcloud google-cloud-resource-manager

I would like to know the organization ID of my current project in GCP.

gcloud projects describe PROJECT_ID will show the parent which can be the organization, but if the parent is a folder, the organization ID does not appear.

I could recurse up the parent hierarchy of the folders using gcloud resource-manager folders describe FOLDER_ID, but that is a hassle. It is also impossible if I do not have organization-level permissions.

Yet I do have access to organization IDs: gcloud organizations list shows several organizations, though not their mapping to projects.

How can I achieve this?

Facer answered 15/1, 2020 at 10:51 Comment(2)

Does this thread answer your question? #35599914 – Try 15/1, 2020 at 13:4

No, that is about projects; I am asking about organizations. – Facer 15/1, 2020 at 15:11

Use the below gcloud command in cloud shell.

gcloud projects get-ancestors {projectId}

This should give the output as below.

ID                      TYPE
Your-project-ID         project
123456789012            folder
567890123456            organization

Diphtheria answered 20/6, 2022 at 9:37 Comment(0)

If we read here we find that your organization is the root of the ancestor tree of your current project.

We also find that there is an API that can be called to retrieve the ancestry chain from a given project upwards. This means that we can retrieve the organization id of your project using that API.

The API is documented here.

It has the high level REST format of:

POST https://cloudresourcemanager.googleapis.com/v1/projects/{projectId}:getAncestry

A possible command might be:

curl -X POST -H "Authorization: Bearer \"$(gcloud auth application-default print-access-token)\"" \
          -H "Content-Type: application/json; charset=utf-8" \
             https://cloudresourcemanager.googleapis.com/v1/projects/<MY_PROJECT>:getAncestry

Drobman answered 15/1, 2020 at 14:27 Comment(9)

That works! But please explain how to do direct REST calls. Can I do it with my local gcloud environment and without generating a credentials JSON? (With the credentials JSON I'd do GOOGLE_APPLICATION_CREDENTIALS=<JSON credentials file path> followed by

curl -X POST  -H "Authorization: Bearer "$(gcloud auth application-default print-access-token)  -H "Content-Type: application/json; charset=utf-8" https://cloudresourcemanager.googleapis.com/v1/projects/<MY PROJECT>:getAncestry

) – Facer 15/1, 2020 at 15:9

Didn't you just answer your own question of how to make a REST call with your post using the "curl" command? – Drobman 15/1, 2020 at 21:15

Yes. It would be good to have runnable command in the official answer. Also, how do I do this using gcloud authenticated user (that was set up during gcloud init) rather than with a service-user json credentials file? – Facer 16/1, 2020 at 5:19

Howdy Joshua. Ive updated the answer with our best so far command. If we imagine that we need some credentials in order to make the call ... we should think about the concept of "Application Default Credentials". When you set the environment variable, you were setting some explicit credentials. However, if you are running in CLoud Shell or a GCP Compute Engine, you have implicit credentials. – Drobman 16/1, 2020 at 5:41

Thank you. I edited some typos in that string. I'd like to just run it as I run gcloud , on my dev machine, with no JSON file, but perhaps I'll ask that as a separate question – Facer 16/1, 2020 at 6:19

On how to avoid downloading a JSON from the Cloud Console, see here stackoverflow.com/questions/59764257 – Facer 16/1, 2020 at 9:36

Using gcloud auth print-access-token as the authentication command will avoid the need to download a separate JSON file – Facer 16/1, 2020 at 11:21

There's a gcloud command that uses this API now: ORG_ID="$(gcloud projects get-ancestors $PROJECT_ID | grep organization | cut -f1 -d' ')" – Camden 15/10, 2020 at 20:18

Amazingly, gcloud projects get-ancestors (as of gcloud CLI version 428.0.0) doesn't accept the --filter argument like most other gcloud commands do. So, it seems we have to use command pipes (e.g., grep, jq, etc.) to massage the data as illustrated by @Camden rather than using gcloud ... --filter=... – Fraenum 2/5, 2023 at 18:56

A GCP UI solution. (Same way you can extract a project ID)

Go to: https://console.cloud.google.com/iam-admin/settings
In the top-left corner, select your organization in the drop-down menu

Socialist answered 6/5, 2024 at 13:23 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags