Gcloud - Login With Service Account [best]

# Optionally set as active account if $SET_ACTIVE; then gcloud config set account "$SA_EMAIL" log_info "✓ Set as active account" fi

if [[ -n "$PROJECT_ID" ]]; then GCLOUD_CMD="$GCLOUD_CMD --project=$PROJECT_ID" fi gcloud login with service account

# Display current configuration if $VERBOSE; then echo "" log_info "Current configuration:" gcloud config list echo "" log_info "Auth info:" gcloud auth list fi else log_error "Authentication failed" exit 1 fi if $VERBOSE; then log_info "Testing access..." if gcloud projects describe "$(gcloud config get-value project 2>/dev/null)" &>/dev/null; then log_info "✓ Access test passed" else log_warn "Access test failed - check IAM permissions" fi fi 4. Usage Examples Basic authentication ./gcloud-sa-login.sh --key-file ./my-key.json With project and verbose output ./gcloud-sa-login.sh -k ./my-key.json -p my-project -v Using jq to extract email # One-liner gcloud auth activate-service-account \ $(jq -r .client_email key.json) \ --key-file=key.json 5. Verification Commands # Check active account gcloud auth list Get current account email gcloud config get-value account Test authentication with API call gcloud projects list Get access token (useful for debugging) gcloud auth print-access-token Get identity token gcloud auth print-identity-token Check service account permissions gcloud iam service-accounts get-iam-policy $SA_EMAIL 6. Docker Integration FROM google/cloud-sdk:latest Copy service account key COPY service-account-key.json /tmp/gcloud-key.json Authenticate RUN gcloud auth activate-service-account $(jq -r .client_email /tmp/gcloud-key.json) --key-file=/tmp/gcloud-key.json --project=my-project Clean up key for security RUN rm /tmp/gcloud-key.json Set default project ENV CLOUDSDK_CORE_PROJECT=my-project # Optionally set as active account if $SET_ACTIVE;

log_info() echo -e "$GREEN[INFO]$NC $1"; log_warn() echo -e "$YELLOW[WARN]$NC $1"; log_error() echo -e "$RED[ERROR]$NC $1"; KEY_FILE="" PROJECT_ID="" VERBOSE=false SET_ACTIVE=true Parse arguments while [[ $# -gt 0 ]]; do case $1 in --key-file|-k) KEY_FILE="$2" shift 2 ;; --project|-p) PROJECT_ID="$2" shift 2 ;; --verbose|-v) VERBOSE=true shift ;; --no-set-active) SET_ACTIVE=false shift ;; --help|-h) cat << EOF Usage: $0 [OPTIONS] log_warn() echo -e "$YELLOW[WARN]$NC $1"