in src/access-analyzer/main.py [0:0]
def get_keys(bq_client):
cai_table_query = bq_client.query(
f"SELECT\n"
f'REGEXP_EXTRACT(name, "projects/(.*)/serviceAccounts") AS project_id,\n'
f'REGEXP_EXTRACT(resource.data.name, "serviceAccounts/(.*)/keys") AS principal_name,\n'
f'REGEXP_EXTRACT(name, "keys/(.*)") AS key,\n'
f"resource.data.validAfterTime AS valid_after_time,\n"
f"requestTime AS request_time\n"
f"FROM `{project_id}.{dataset}.{table_prefix}_iam_googleapis_com_ServiceAccountKey`\n"
f"WHERE DATE(requestTime) = (\n"
f"SELECT CAST(MAX(requestTime) AS DATE) FROM \
`{project_id}.{dataset}.{table_prefix}_iam_googleapis_com_ServiceAccountKey`\n"
f")\n"
f'AND resource.data.keyType like "USER_MANAGED"'
)
sa_key_table = cai_table_query.result()
return sa_key_table