gcloud alpha asset search-iam-policies

NAME
gcloud alpha asset search-iam-policies - searches accessible IAM policies that match a query
SYNOPSIS
gcloud alpha asset search-iam-policies --query=QUERY [--page-size=PAGE_SIZE] [--page-token=PAGE_TOKEN] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Searches accessible IAM policies that match a query.
REQUIRED FLAGS
--query=QUERY
The query statement. To learn how to construct a query, see https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query.

Examples:

  • To find Cloud IAM policy bindings in your organization that contain amy@mycompany.com: policy : "amy@mydomain.com"
  • To find Cloud IAM policy bindings in your organization that contain the Owner role: policy : "roles/owner"
  • To find Cloud IAM policy bindings in your organization that have myuser@mycompany.com in the Owner role: policy : ("roles/owner" "myuser@mycompany.com")
  • To find Cloud IAM policy bindings in your organization that have myuser@mycompany.com in the Owner role or youruser@mycompany.com in the Viewer role: policy : (("roles/owner" "myuser@mycompany.com") OR ("roles/viewer" "youruser@mycompany.com"))
  • To find Cloud IAM policy bindings that are set on a resource: resource : "projects/123"
  • To find Cloud IAM policy bindings that are set on resources whose names contain substring "proj": resource : "*proj*"
OPTIONAL FLAGS
--page-size=PAGE_SIZE
The page size for search result pagination. The number of matching results may be fewer than requested based on the query. The maximum page size is 2000. If page-size is not given the back end will pick an appropriate default page size.
--page-token=PAGE_TOKEN
If present, retrieve the next batch of results from the preceding call to this method. page_token must be the value of next_page_token from the previous response. The values of all other method parameters must be identical to those in the previous call.
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE
This command uses the cloudasset/v1p1alpha1 API. The full documentation for this API can be found at: https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/quickstart-cloud-asset-inventory
EXAMPLES
To search your accessible IAM policies that contains amy@mycompany.com, run:
gcloud alpha asset search-iam-policies --query='policy : "amy@mydomain.com"'
NOTES
This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you may be trying to access an API with an invitation-only early access whitelist.