This article is written for Windows, but the same principles apply to Linux and Mac.
I need to work with multiple Google Cloud accounts and be able to easily switch my credentials between accounts. For those of you with AWS backgrounds, think profiles.
A gcloud configuration is a set of properties that govern the behavior of gcloud and other Google Cloud SDK tools. When you first install gcloud on your desktop a configuration named default is created.
A gcloud configuration is managed by gcloud config configurations. To see the list of configurations on your system:
|
1 |
gcloud config configurations list |
This will output a list of configurations present on your system:
|
1 2 3 4 |
NAME IS_ACTIVE ACCOUNT PROJECT DEFAULT_ZONE DEFAULT_REGION default True user1@example.com default-123456 us-west1-a us-west1 dev False user2@example.com development-123456 us-east4-c us-east4 prod False user3@example.com production-123456 us-east4-c us-east4 |
The creation of a configuration can be accomplished with gcloud or manually.
Command line Method #1:
Using the gcloud CLI, create an new configuration. This configuration will be empty. In this case I am creating a configuration named dev.
|
1 |
gcloud config configurations create dev |
Now that we have a new configuration created, we need to activate it.
|
1 |
gcloud config configurations activate dev |
Set the account. The account is the email address that Google Cloud IAM created for you or that you authorized in Google Cloud IAM. This account is either a Google Account email address or a Google Service Account email address.
|
1 |
gcloud config set core/account user2@example.com |
The next step is to authorize the dev configuration.
|
1 |
gcloud auth login |
There are additional optional items that you can set in the new configuration such as default project, region and zone. Review the manual method below to see more options.
Command line Method #2
You can also use gcloud init to create a new configuration.
|
1 |
gcloud init |
This will prompt you with / for the following information:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
Welcome! This command will take you through the configuration of gcloud. Settings from your current configuration [dev] are: compute: region: us-east4 zone: us-east4-c core: account: user2@example.com disable_usage_reporting: 'False' project: development-123456 Pick configuration to use: [1] Re-initialize this configuration [dev] with new settings [2] Create a new configuration [3] Switch to and re-initialize existing configuration: [default] [4] Switch to and re-initialize existing configuration: [test] Please enter your numeric choice: 2 Enter configuration name. Names start with a lower case letter and contain only lower case letters a-z, digits 0-9, and hyphens '-': prod Your current configuration has been set to: [prod] You can skip diagnostics next time by using the following flag: gcloud init --skip-diagnostics Network diagnostic detects and fixes local network connection issues. Checking network connection...done. Reachability Check passed. Network diagnostic (1/1 checks) passed. Choose the account you would like to use to perform operations for this configuration: [1] user1@example.com [2] user2@example.com [3] Log in with a new account Please enter your numeric choice: 3 Your browser has been opened to visit: https://accounts.google.com/o/oauth2/auth?redirect_uri=http%3A%2F%2Flocalhost%3A8085%2F&prompt=select_account&response_type=code&client_id=12345678901.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth&access_type=offline You are logged in as: [user3@example.com]. Pick cloud project to use: [1] development-123456 [2] test-123456 [3] Create a new project Please enter numeric choice or text value (must exactly match list item): 1 Your current project has been set to: [development-123456]. Your project default Compute Engine zone has been set to [us-west1-a]. You can change it by running [gcloud config set compute/zone NAME]. Your project default Compute Engine region has been set to [us-west1]. You can change it by running [gcloud config set compute/region NAME]. Created a default .boto configuration file at [C:\Users\username\.boto]. See this file and [https://cloud.google.com/storage/docs/gsutil/commands/config] for more information about configuring Google Cloud Storage. Your Google Cloud SDK is configured and ready to use! * Commands that require authentication will use user3@example.com by default * Commands will reference project `development-123456` by default * Compute Engine commands will use region `us-west1` by default * Compute Engine commands will use zone `us-west1-a` by default Run `gcloud help config` to learn how to change individual settings This gcloud configuration is called [prod]. You can create additional configurations if you work with multiple accounts and/or projects. Run `gcloud topic configurations` to learn more. Some things to try next: * Run `gcloud --help` to see the Cloud Platform services you can interact with. And run `gcloud help COMMAND` to get help on any gcloud command. * Run `gcloud topic -h` to learn about advanced features of the SDK like arg files and output formatting |
Manual Method:
For the manual method, the first step is to setup gcloud with a default account. Then go to the directory where configurations are stored and create new ones. The configurations are stored in the following directory. Replace username with your Windows user name.
|
1 |
C:\Users\username\AppData\Roaming\gcloud\configurations |
For Linux:
|
1 |
~/.config/gcloud/configurations |
List the contents of this directory. Each configuration starts with config_.
|
1 |
10/14/2018 12:33 PM 139 config_default |
To create a new configuration named dev, copy config_default to config_dev.
|
1 |
copy config_default config_dev |
Now using your favorite editor, modify the file. My config_default looks like this.
|
1 2 3 4 5 6 7 8 |
[core] account = user1@example.com project = development-123456 disable_color = True [compute] zone = us-east4-c region = us-east4 |
The important item to modify is account = user1@example.com. This user ID will be used for authentication.
The minimum configuration looks like this:
|
1 2 |
[core] account = user1@example.com |
Now that we have a new configuration created, we need to activate it.
|
1 |
gcloud config configurations activate dev |
The active configuration is stored in this file.
|
1 |
C:\Users\username\AppData\Roaming\gcloud\active_config |
The next step is to authorize the dev configuration.
|
1 |
gcloud auth login |
We now have two configurations, default and dev. To switch back to the default configuration.
gcloud auth login creates the default configuration if it does not exist.
|
1 |
gcloud config configurations activate default |
Most gcloud commands accept the command line option --configuration=CONFIGURATION_NAME. For example:
|
1 |
gcloud compute instances list --configuration=dev |
gcloud also supports the environment variable CLOUDSDK_ACTIVE_CONFIG_NAME.
|
1 |
set CLOUDSDK_ACTIVE_CONFIG_NAME=dev |
To list the Google accounts that have been authorized:
|
1 |
gcloud auth list |
This will display a list like this:
|
1 2 3 4 5 6 7 |
Credentialed Accounts ACTIVE ACCOUNT user1@example.com * user2@example.com To set the active account, run: $ gcloud config set account `ACCOUNT` |
The active account is the one with the ‘*’ in the left column.
To set the project for the current configuration:
|
1 |
gcloud config set project development-123456 |
To set the region for the current configuration:
|
1 |
gcloud config set compute/region us-east4 |
To set the zone for the current configuration:
|
1 |
gcloud config set compute/zone us-east4-c |
Reference documentation:
gcloud auth activate-service-account
I design software for enterprise-class systems and data centers. My background is 30+ years in storage (SCSI, FC, iSCSI, disk arrays, imaging) virtualization. 20+ years in identity, security, and forensics.
For the past 14+ years, I have been working in the cloud (AWS, Azure, Google, Alibaba, IBM, Oracle) designing hybrid and multi-cloud software solutions. I am an MVP/GDE with several.
Leave a Reply