GCP-Using the CLI

  • Published on Feb 9, 2026
  • 2 minute(s) read
Prev Next

Lucidity Disk Assessment is an automated Disk metrics collection tool developed for GCP. It helps in a quick Assessment of the GCP Disks, delivering insights on :

Prerequisites

The following are the minimum requirements for running the GCP Assessment Tool.

  1. OS: Windows 10 and above

           Linux Ubuntu 20.04 and above

  2. The user or service account should be present in the respective organization where the Assessment is going to take place.

  3. Below  are the permissions required to run the GCP Assessment:

    • compute.disks.get

    • compute.disks.list

    • compute.instances.get

    • compute.instances.list

    • compute.instances.setLabels

    • compute.instances.setMetadata

    • compute.instances.update

    • compute.zones.get

    • compute.zones.list

    • monitoring.timeSeries.list

    • osconfig.osPolicyAssignments.create

    • osconfig.osPolicyAssignments.delete

    • osconfig.osPolicyAssignments.get

    • osconfig.osPolicyAssignments.list

    • osconfig.osPolicyAssignments.searchPolicies

    • osconfig.osPolicyAssignments.update

    • resourcemanager.projects.get

    • resourcemanager.projects.list

    • resourcemanager.folders.list

    • servicemanagement.services.bind

    • serviceusage.services.disable

    • serviceusage.services.enable

    • serviceusage.services.get

    • serviceusage.services.list

    • serviceusage.services.use

    • osconfig.osPolicyAssignmentReports.list

Getting Started

To get started, customers can choose to authenticate either using OAuth 2.0 or using the Service Account key file method.  Both the methods are explained below.

Using OAuth 2.0    

  1. Running Assessment on Windows can be done either through the cmd prompt or using Powershell.

    1. Windows cmd:

      curl https://audittool.s3.ap-south-1.amazonaws.com/script/gcp_scripts/run.bat -o run.bat &&  .\run.bat -oauth yes -oid  <org-id> -p <mention project if Assessment is needed to be done for specific project or ignore>

    2. Powershell cmd:

      curl https://audittool.s3.ap-south-1.amazonaws.com/script/gcp_scripts/run.bat -o run.bat;  .\run.bat -oauth yes -oid  <org-id> -p <mention project if Assessment need to be done for specific project or ignore>

  2. On a Linux machine, run the following command on the terminal.  

    curl https://audittool.s3.ap-south-1.amazonaws.com/script/gcp_scripts/run.sh --output run.sh && /bin/bash run.sh -oauth yes -oid  <org-id> -p <mention project if Assessment need to be done for specific project or ignore>

  3. You will then be redirected to the Google user credentials screen. Please select ‘Allow’ to begin the Assessment  process.

  5. The Assessment will take around 3 hours to complete. Once the Assessment is complete, a zip file will be generated in the same directory where the Assessment had begun from. Please share the zip file through email.

Using Service Account File Authentication

  1. Create the Service Account User

    1. Login to the console and search for a Service account in the search bar.

    2. Go and click on create service account

    3. Enter the service account name and continue

    4. We will not assign any roles here, you can click on DONE.

    5. A Service account has been created

    6. Now open that service account. Click on that newly created account.

       

    7. Create a new key by clicking on the key tab and add a new key.

    8. A new key will be saved in your local computer, this key will be used for authentication, please save the path of this key file. It is required for running the Assessment.

  1. Create lucidity Assessment role with req permissions

    1. Go to the organization directory and click on the role.

    2. Click on create role.

    3. Create the role and provide the required permissions as mentioned above.

    4. Your role has been created.

  1. Attach the role to the user at organization level

    1. Click on create assignment.

    2. Provide the service account that was created earlier and assign the role that was created in the earlier step.

    3. Click on done. You have assigned and created the new service account with lucidity req roles for running Assessment.

  1. Execute the Assessment

    1. On Windows Machine please run the following command on cmd prompt.

      curl https://audittool.s3.ap-south-1.amazonaws.com/script/gcp_scripts/run.bat -o run.bat &&  .\run.bat -oauth no-oid  <org-id> -p <mention project if Assessment need to be done for specific project or ignore> -c <provide saved key file PATH>

    2. On Windows, you may also choose to run the command using  Powershell.  

      curl https://audittool.s3.ap-south-1.amazonaws.com/script/gcp_scripts/run.bat -o run.bat;  .\run.bat -oauth no -oid  <org-id> -p <mention project if Assessment need to be done for specific project or ignore>  -c <provide saved key file PATH>

    3. On Linux Machine run the following command on terminal:

      https://audittool.s3.ap-south-1.amazonaws.com/script/gcp_scripts/run.sh --output run.sh && /bin/bash run.sh -oauth no -oid  <org-id> -p <mention project if Assessment need to be done for specific project or ignore> -c <provide saved key file PATH>

    4. The Assessment will take around 3 hours to complete. Once complete, please share the generated zip file with us through email.

Related articles