-
Notifications
You must be signed in to change notification settings - Fork 1
/
fetch-gcp-org-policies.sh
32 lines (29 loc) · 1.88 KB
/
fetch-gcp-org-policies.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Use this command to browse the org policies:
# DOCUMENTS=`find ~/[ORG_NAME]/ -name *json`;while IFS= read -r document;do echo "Policy: $document";cat $document | jq;done <<< "$DOCUMENTS"
#!/bin/bash
find_children() {
while IFS= read -r sub_folder;do
folder_name=`gcloud resource-manager folders describe $sub_folder --format json | jq -r '.displayName' | sed 's/\ /_/g'`
mkdir $folder_name
cd $folder_name
folder_policy_filename=$sub_folder"_"$folder_name"_policy.json"
gcloud beta resource-manager org-policies list --folder $sub_folder --format json > $folder_policy_filename
PROJECT_IDS=`gcloud projects list --filter=" parent.id: '$sub_folder' " --format json | jq -r '.[] | .projectId'`
if [ "$PROJECT_IDS" ]; then
while IFS= read -r project_id;do
gcloud beta resource-manager org-policies list --project $project_id --format json > $project_id.json
done <<< "$PROJECT_IDS"
fi
SUB_FOLDERS=`gcloud resource-manager folders list --folder $sub_folder --format json | jq -r '.[] | .name' | sed -e 's/.*\///'`
if [ "$SUB_FOLDERS" ];then
find_children $SUB_FOLDERS
fi
cd ..
done <<< "$SUB_FOLDERS"
}
ORG_ID=`gcloud organizations list --format json | jq -r '.[] | .name' | sed -e 's/.*\///'`
ORG_NAME=`gcloud organizations describe $ORG_ID --format json | jq -r '.displayName'`
mkdir $ORG_NAME
cd $ORG_NAME
SUB_FOLDERS=`gcloud resource-manager folders list --organization $ORG_ID --format json | jq -r '.[] | .name' | sed -e 's/.*\///'`
find_children $SUB_FOLDERS