sudo-gcp is currently in alpha stages! Expect breaking changes.

Sudo GCP

This tool helps with running Google Cloud commands with temporary elevated privileges using short-lived OAuth access tokens.

``suggestion sudo-gcp` securely caches access tokens using the operating system's secret-store/keychain, and will reuse matching non-expired tokens on subsequent calls.

Setup

1. Define a service account to be the holder of your elevated privileges
2. Grant elevated privileges to that service account
3. Define who should be eligible to temporarily gain those privileges
   • We use a google group with a "role-gcp-sudo-" prefixed group name
4. Assign those users the roles/iam.workloadIdentityUser role, bound to that service account

Installation

sh cargo install sudo-gcp

Usage

For more usage details, run sudo-gcp --help.

After creating the necessary configurations, wrap commands that need elevated privileges with the sudo-gcp command, similar in usage to sudo.

```sh cargo install sudo-gcp

echo > sudo-gcp.toml 'service_account = "my-service-account@my-project.iam.gserviceaccount.com"' sudo-gcp terraform plan sudo-gcp gcloud compute instances list ```

Configuration

Configuration can be done with a sudo-gcp.toml file in the current working directory. See the example configuration file for more details.

A configuration file in a different location can be provided when running sudo-gcp with the --config-file option.

Configuration is also supported via environment variables prefixed with SUDOGCP_.

If both configuration sources exist, environment variables take precedence over the configuration file.