2

When I look at the Console IAM dashboard for my project I can see the line item for my Cloud Build Service Account:

https://console.cloud.google.com/iam-admin/iam

Member                                           Role
PROJECT_ID@cloudbuild.gserviceaccount.com        Cloud Build Service Account

But when I list service accounts with the gcloud command the service account doesn't show up:

$ gcloud iam service-accounts list --project=$PROJECT
Listed 0 items.

Why is the PROJECT_ID@cloudbuild.gserviceaccount.com service account showing up?

mbigras
  • 259
  • 1
  • 3
  • 11

1 Answers1

1

The command below only shows the User-managed service accounts. (There are three types of Service Account in GCP) And you can see that list by going to your cloud console > IAM & Admin > Service Accounts.

gcloud iam service-accounts list --project=$PROJECT

If you want to show all types of Service Accounts that you see under IAM & Admin > IAM you will need to use the command below:

gcloud projects get-iam-policy $PROJECT-ID

To know more about this topic, you can check the official GCP documentation about Service Accounts.

Alex G
  • 315
  • 1
  • 7
  • Is this really the answer to this question!? You have to sort through every binding on the project to find them? That can't be right. How can you just get a list of the native google service GSAs? They are referenced EVERYWHERE in the docs. It would be crazy if they were so invisible/annoying to find. – red888 Jan 21 '22 at 17:36