/
GCloud CLI

GCloud CLI

Owned by Roger Cruz
Last updated: Aug 25, 2020

Intro

gcloud is the powerful and unified command-line tool for Google Cloud. Full documentation is available from https://cloud.google.com/sdk/gcloud. Read how to install it here: https://cloud.google.com/sdk/docs/quickstart-windows

It comes pre-installed on Cloud Shell. Notice gcloud supports tab-completion

 

Update GCLoud

 

gcloud components update

HTTP Logging

 

gcloud has a global parameter --log-http which can be useful for learning how it uses Google APIs.

gcloud pubsub topics publish topic-roger --message "Hello World!" --log-http ======================= ==== request start ==== uri: https://pubsub.googleapis.com/v1/projects/rogercruz/topics/topic-roger:publish?alt=json method: POST == headers start == b'accept': b'application/json' b'accept-encoding': b'gzip, deflate' b'authorization': b'Bearer ya29.a0AfH6SMBpKrEsDc8' b'content-length': b'62' b'content-type': b'application/json' b'user-agent': b'google-cloud-sdk gcloud/306.0.0 command/gcloud.pubsub.topics.publish invocation-id/52894c99f2314c08a46983dc2ad7a48e environment/None environment-version/None interactive/True from-script/False python/3.7.5 term/ (Windows NT 10.0.18362)' == headers end == == body start == {"messages": [{"attributes": {}, "data": "SGVsbG8gV29ybGQh"}]} == body end == ==== request end ==== ---- response start ---- status: 200 -- headers start -- -content-encoding: gzip alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control: private content-length: 48 content-type: application/json; charset=UTF-8 date: Thu, 20 Aug 2020 06:48:36 GMT server: ESF transfer-encoding: chunked vary: Origin, X-Origin, Referer x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 -- headers end -- -- body start -- { "messageIds": [ "454652481965261" ] } -- body end -- total round trip time (request+response): 0.281 secs ---- response end ---- ---------------------- messageIds: - '454652481965261'

 

--format

  • This is a useful argument to change how the data is displayed. Many formats are possible so review them here:

    If the service account is found, its email is displayed.

gcloud iam service-accounts describe rogercruz@acme.iam.gserviceaccount.com --format "(email)"

Initialization And Authorization

 

  • Intiialize gcloud. This is where you select your default project and ergion.

gcloud init Your Google Cloud SDK is configured and ready to use! * Commands that require authentication will use rogercruz@acme.com by default * Commands will reference project `rogercruz` by default * Compute Engine commands will use region `us-east1` by default * Compute Engine commands will use zone `us-east1-d` by default Run `gcloud help config` to learn how to change individual settings

 

  • List the accounts whose credentials are stored on the local system:

> gcloud auth list Credentialed Accounts ACTIVE ACCOUNT * rogercruz@acme.com To set the active account, run: $ gcloud config set account `ACCOUNT`

 

> gcloud config list [compute] region = us-east1 zone = us-east1-b [core] account = roger.cruz@acme.com disable_usage_reporting = True project = rogercruz Your active configuration is: [rogercruz]

 

More information on the default properties: https://cloud.google.com/compute/docs/gcloud-compute#default-properties.

If you do not set a default project, you will need to specify it with the --project [PROJECT_ID] for each gcloud command

 

Pub/Sub Service

 

The GCP help page on creating a pub/sub via gcloud is here: https://cloud.google.com/sdk/gcloud/reference/pubsub/topics/create

gcloud --project rogercruz pubsub topics create mytopic

JSON Resource Keys

Google API’s return responses in JSON. You can find the resource keys in the JSON tree by using the --format=flattened More info here: gcloud topic resource-keys

Knowning the resource’s flatten name can help you when creating a filter expression for an API query.

gcloud compute firewall-rules list --format=flattened allowed[0].IPProtocol: icmp creationTimestamp: 2020-05-18T07:53:04.526-07:00 description: Allow ICMP from anywhere direction: INGRESS disabled: False id: 4276879116402106303 kind: compute#firewall logConfig.enable: False name: default-allow-icmp network: https://www.googleapis.com/compute/v1/projects/rogercruz/global/networks/default priority: 65534 selfLink: https://www.googleapis.com/compute/v1/projects/rogercruz/global/firewalls/default-allow-icmp sourceRanges[0]: 0.0.0.0/0 --- a

 

Filtering

 

Some of the Google APIs allow you to specify a filter to search for specific resources. More info can be found here: gcloud topic filters

Use filter and format to find out if the ALPHA components are installed.

gcloud components list --filter="id:alpha" --format='value(id,state.name)' 2> $null alpha Installed

Create A Role

 

gcloud iam roles create <role name> --project <project ID> --file permissions.yaml

The permissions for the role can be specified in a YAML file

 

title: "CustomRole" description: "My new custom role" stage: "ALPHA" includedPermissions: - cloudbuild.builds.create - cloudbuild.builds.get - cloudbuild.builds.list

 

Assign Custom Role To Service Account

 

gcloud projects add-iam-policy-binding <project ID> --member serviceAccount:<myserviceaccount>@<myproject>.iam.gserviceaccount.com --role projects/<myproject>/roles/<CustomRole>

 

IAM

Service Accounts

gcloud iam service-accounts

Describes a specified service account. Note that the service account does not need to be an identity in your project. It can be in other projects you have access to.

gcloud iam service-accounts describe <acct>