Below you will find pages that utilize the taxonomy term “Gcp”

Posts

`gcloud auth application-default unset-quota-project`

gcloud auth application-default includes a sub-command gcloud auth application-default set-quota-project

Unlike the similar gcloud config set and gcloud config unset pair, there’s no unset-quota-project.

However, it’s straightforward to undo set-quota-project because it’s primary side-effect is to update ${HOME}/.config/gcloud/application_default_credentials.json]

gcloud auth application-default set-quota-project ${PROJECT} \
--log-http

Request:

uri: https://cloudresourcemanager.googleapis.com/v1/projects/{PROJECT}:testIamPermissions?alt=json
method: POST
== headers start ==
b'accept': b'application/json'
b'authorization': --- Token Redacted ---
b'content-type': b'application/json'
b'x-goog-user-project': b'{PROJECT}'
== headers end ==
== body start ==
{"permissions": ["serviceusage.services.use"]}
== body end ==

Response:

read more
Posts

`kubectl` auth changes in GKE v1.25

I was prompted by a question on Stack overflow “How to remove warning in kubectl with gcp auth plugin?” to try this new mechanism for myself. It’s described by Google in the a post Here’s what to know about changes to kubectl authentciation coming in GKE v1.25.

One question I’d not considered is: how is the change manifest? Thinking about it, I realized it’s probably evident in the users section of kubectl config. A long time, I wrote a blog post Kubernetes Engine: kubectl config that explains how kubectl leverages (!) gcloud to get an access token for GKE.

read more
Posts

Protect against accidental GCP Project Deletion

I’d forgotten about this feature but it’s a good way of protecting Google Cloud Platform (GCP) Projects against accidential (== user error) deletions.

Google documents it Protecting projects from accidental deletion

I’d forgotten that I’d applied it to a key project and then had to Google the above to recall how it works.

PROJECTs=$(gcloud projects list --format="value(projectId)")

for PROJECT in ${PROJECTS}
do
  gcloud alpha resource-manager liens list \
  --project=${PROJECT}
done

Simply:

read more
Posts

Comma-separated list of GCP Projects 

PROJECTS=$(\
  gcloud projects list \
  --format='csv[no-heading,terminator=","](projectId)') && \
PROJECTS="${PROJECTS%,}" && \  
echo ${PROJECTS}

From:

gcloud projects list
PROJECT_ID    NAME          PROJECT_NUMBER
foo           foo           1234567890123
bar           bar           1234567890123
baz           baz           1234567890123

To:

foo,bar,baz

Which you may find useful when you need to pass a list of Project IDs to some command-line flag.

read more