************** TUDO **************

===== Autenticação =====
gcloud auth activate-service-account --key-file [KEY_FILE]

===== Revogar autenticação =====
gcloud auth revoke [ACCOUNTS …] [--all] [GCLOUD_WIDE_FLAG …]

===== Listar configs =====
gcloud config configurations list

===== Criar projetos =====
gcloud projects create PROJECT_ID --folder=FOLDER_ID
-- ou --
gcloud projects create PROJECT_ID --organization=ORGANIZATION_ID

===== Listar projetos =====
gcloud projects list

===== Criar buckets =====
gsutil mb [-c nearline] gs://some-bucket

===== Listar buckets =====
gsutil ls
-- ou --
gsutil ls gs://

===== Cópia de arquivos =====
gsutil cp [OBJECT_LOCATION] gs://[DESTINATION_BUCKET_NAME]/

===== Deletar arquivos =====
gsutil rm gs://[BUCKET_NAME]/[OBJECT_NAME]


************** SERVICE ACCOUNTS **************

===== Criar service account =====
gcloud iam service-accounts create [SA-NAME] \
    --description "[SA-DESCRIPTION]" \
    --display-name "[SA-DISPLAY-NAME]"

===== Listar service accounts =====
gcloud iam service-accounts list

===== Atribuir papel ao service account =====
gcloud projects add-iam-policy-binding my-project-123 \
  --member serviceAccount:my-sa-123@my-project-123.iam.gserviceaccount.com \
  --role roles/editor

===== Ver papeis atribuídos a uma service account =====
gcloud iam service-accounts get-iam-policy \
    my-sa-123@my-project-123.iam.gserviceaccount.com

===== Criar chave de service account =====
gcloud iam service-accounts keys create ~/key.json \
  --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com
(obs: o usuário deve ter o papel "arministrador de chave de conta de serviço")

===== Listar chaves de service accounts =====
gcloud iam service-accounts keys list \
    --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com