context_role_get - Linux

Overview

context_role_get retrieves the role associated with specified context in the Cloud IAP JWT.

Syntax

context_role_get [OPTIONS] [CONTEXT_ACCOUNT_AND_ROLE]

Options/Flags

• -h, –help: Show this help message and exit.
• -i, –issuer: Issuer of the IAP JWT.
• -p, –project: Name of the project for which IAP is enabled.

Examples

Retrieve the role associated with the context containing the email "user:example@domain.com":

context_role_get user:example@domain.com

Retrieve the role associated with the context containing the UID "user:test":

context_role_get user:test

Retrieve the role associated with the context containing the service account "serviceAccount:service@example.iam.gserviceaccount.com":

context_role_get serviceAccount:service@example.iam.gserviceaccount.com

Common Issues

Error: Invalid context string
Ensure that the context string is in the format "user:email_or_uid" or "serviceAccount:email".

Error: Unable to parse IAP JWT
Check that the provided IAP JWT is valid and properly signed.

Integration

context_role_get can be integrated with other commands to automate access control tasks. For instance, it can be used with the gcloud iam service-accounts get-iam-policy command to check the permissions of a service account based on the role associated with its context.

Related Commands

• gcloud
• gcloud iam service-accounts get-iam-policy