How to get application_default_credentials.json file in GCP

credentialsgcloudgoogle-cloud-platformsdk

I'm developing an application locally(python), I want to list the details of all the projects & their instances.

In order to perform this, I have generated application_default_credentials.json file by executing gcloud auth application-default login command, by using this file I can list all of my projects & their instances. But

  1. Is there any alternate way to generate this application_default_credentials.json file? If YES can you please show me one example for the same?
  2. Instead of this file Is there any keys (like secret_id/secret_token..) to get details of all projects & their resources?
  3. The file application_default_credentials.json has client_id, client_secret & refresh_token. Is it possible to generate these keys in API's & Services section in GCP?

(I have 3 projects & each project has 3 instances, I just wanted to collect details of all the projects & their instances locally)

Best Answer

Just want to mention that it's not possible to list all resources from all of your projects. Currently only the Console can do that in the Resources section at the Home page. However, you can list services individually and then join them. You can do that using python and invoking REST requests and then sum up all of your results. For example, you can invoke the method instances.list to list instances or disks.list to list your disks. Just keep in mind that these requests are grouped by zone.

Answering your questions:

1.- For User Accounts you can check the OAuth 2.0 Playground. For service accounts, it can be done by Console, gcloud and REST. Check this link for complete examples. By REST, you can use a POST request:

POST https://iam.googleapis.com/v1/projects/PROJECT-ID/serviceAccounts/SA-NAME@PROJECT-ID.iam.gserviceaccount.com/keys

2.- An API key is another possibility, but it will depend on the endpoint you invoke. Remember that you have to make individual requests, you can try adding the key parameter to your REST requests for example:

GET https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/instances?key=AAfdf43FE3..fdDgg

3.- I'm affraid this is not possible for existing User Accounts like your email address. Instead you can create a new Client Id and generate its json file.

I personally recommend using service accounts if you are going to request only Resources usage.

Hope that the information above helps!

Related Topic