4

When I look at the Console IAM dashboard for my project I can see the line item for my Cloud Build Service Account:

https://console.cloud.google.com/iam-admin/iam

Member                                           Role
PROJECT_ID@cloudbuild.gserviceaccount.com        Cloud Build Service Account

But when I list service accounts with the gcloud command the service account doesn't show up:

$ gcloud iam service-accounts list --project=$PROJECT
Listed 0 items.

Why is the PROJECT_ID@cloudbuild.gserviceaccount.com service account showing up?

mbigras
  • 289
  • 1
  • 3
  • 11

2 Answers2

1

The command below only shows the User-managed service accounts. (There are three types of Service Account in GCP) And you can see that list by going to your cloud console > IAM & Admin > Service Accounts.

gcloud iam service-accounts list --project=$PROJECT

If you want to show all types of Service Accounts that you see under IAM & Admin > IAM you will need to use the command below:

gcloud projects get-iam-policy $PROJECT-ID

To know more about this topic, you can check the official GCP documentation about Service Accounts.

Alex G
  • 325
  • 1
  • 7
  • 1
    Is this really the answer to this question!? You have to sort through every binding on the project to find them? That can't be right. How can you just get a list of the native google service GSAs? They are referenced EVERYWHERE in the docs. It would be crazy if they were so invisible/annoying to find. – red888 Jan 21 '22 at 17:36
0

After o create a service account, you have to go to the IAM page, and in the top you will have "Grant Access", you have to just select the service account and the desire role.

Then should appear in the comands list

Pedro Dias
  • 1
  • 1