get_default_role - Linux

Overview

get_default_role is a command used to manage default roles for service accounts in Google Cloud Platform (GCP). It retrieves the default role assigned to a service account. This role determines the permissions that the service account inherits when it is used to authenticate to GCP APIs.

Syntax

get_default_role [OPTIONS] SERVICE_ACCOUNT_EMAIL

Options/Flags

| Option | Description | Default |
|—|—|—|
| --project=PROJECT_ID | GCP project ID or project number of the service account. | Current project |
| --format=FORMAT | Output format: json or text. | text |
| --help | Print help information. | |

Examples

Retrieve the default role for a service account:

get_default_role account@my-project.iam.gserviceaccount.com

Output (in text format):

roles/owner

Retrieve the default role in JSON format:

get_default_role --format=json account@my-project.iam.gserviceaccount.com

Output:

{
  "defaultRole": "roles/owner"
}

Common Issues

• Ensure that the specified service account exists and has been granted the roles/iam.serviceAccountUser role.
• Verify that you have the iam.serviceAccounts.actAs permission to impersonate the service account.

Integration

get_default_role can be used in conjunction with other commands to manage service accounts and their permissions. For example:

• Use get_iam_policy to retrieve the IAM policy for a service account and modify its roles.
• Use set_default_role to set the default role for a service account.
• Use create_service_account to create a new service account and assign it a default role.

Related Commands

• create_service_account
• get_iam_policy
• set_default_role