1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-19 07:15:23 +00:00

gcloud: Thu Jan 19 00:56:33 UTC 2023

This commit is contained in:
Automated 2023-01-19 00:56:33 +00:00
parent 348d9760ee
commit 1248f773ec
1462 changed files with 51835 additions and 5402 deletions

View file

@ -0,0 +1,111 @@
NAME
gcloud alpha storage buckets add-iam-policy-binding - add an IAM policy
binding to a bucket
SYNOPSIS
gcloud alpha storage buckets add-iam-policy-binding URL --member=PRINCIPAL
--role=ROLE
[--condition=[KEY=VALUE,...]
| --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Add an IAM policy binding to a bucket. For more information, see
Cloud Identity and Access Management
(https://cloud.google.com/storage/docs/access-control/iam).
EXAMPLES
To grant a single role to a single principal for BUCKET:
$ gcloud alpha storage buckets add-iam-policy-binding gs://BUCKET \
--member=user:john.doe@example.com \
--role=roles/storage.objectCreator
To make objects in BUCKET publicly readable:
$ gcloud alpha storage buckets add-iam-policy-binding gs://BUCKET \
--member=AllUsers --role=roles/storage.objectViewer
To specify a custom role for a principal on BUCKET:
$ gcloud alpha storage buckets add-iam-policy-binding gs://BUCKET \
--member=user:john.doe@example.com --role=roles/customRoleName
POSITIONAL ARGUMENTS
URL
URL of bucket to add IAM policy binding to.
REQUIRED FLAGS
--member=PRINCIPAL
The principal to add the binding for. Should be of the form
user|group|serviceAccount:email or domain:domain.
Examples: user:test-user@gmail.com, group:admins@example.com,
serviceAccount:test123@example.domain.com, or
domain:example.domain.com.
Some resources also accept the following special values:
◆ allUsers - Special identifier that represents anyone who is on the
internet, with or without a Google account.
◆ allAuthenticatedUsers - Special identifier that represents anyone
who is authenticated with a Google account or a service account.
--role=ROLE
Role name to assign to the principal. The role name is the complete
path of a predefined role, such as roles/logging.viewer, or the role ID
for a custom role, such as
organizations/{ORGANIZATION_ID}/roles/logging.viewer.
OPTIONAL FLAGS
At most one of these can be specified:
--condition=[KEY=VALUE,...]
A condition to include in the binding. When the condition is
explicitly specified as None (--condition=None), a binding without a
condition is added. When the condition is specified and is not None,
--role cannot be a basic role. Basic roles are roles/editor,
roles/owner, and roles/viewer. For more on conditions, refer to the
conditions overview guide:
https://cloud.google.com/iam/docs/conditions-overview
When using the --condition flag, include the following key-value
pairs:
expression
(Required) Condition expression that evaluates to True or False.
This uses a subset of Common Expression Language syntax.
If the condition expression includes a comma, use a different
delimiter to separate the key-value pairs. Specify the delimiter
before listing the key-value pairs. For example, to specify a
colon (:) as the delimiter, do the following:
--condition=^:^title=TITLE:expression=EXPRESSION. For more
information, see
https://cloud.google.com/sdk/gcloud/reference/topic/escaping.
title
(Required) A short string describing the purpose of the
expression.
description
(Optional) Additional description for the expression.
--condition-from-file=CONDITION_FROM_FILE
Path to a local JSON or YAML file that defines the condition. To see
available fields, see the help for --condition.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist. This variant is also available:
$ gcloud storage buckets add-iam-policy-binding

View file

@ -2,13 +2,15 @@ NAME
gcloud alpha storage buckets create - create buckets for storing objects
SYNOPSIS
gcloud alpha storage buckets create URL
gcloud alpha storage buckets create URL [--additional-headers=HEADER=VALUE]
[--default-encryption-key=DEFAULT_ENCRYPTION_KEY,
-k DEFAULT_ENCRYPTION_KEY]
[--default-storage-class=DEFAULT_STORAGE_CLASS,
-c DEFAULT_STORAGE_CLASS, -s DEFAULT_STORAGE_CLASS]
[--location=LOCATION, -l LOCATION]
[--[no-]enable-autoclass] [--location=LOCATION, -l LOCATION]
[--[no-]pap, --[no-]public-access-prevention]
[--placement=REGION,REGION]
[--recovery-point-objective=SETTING, --rpo=SETTING]
[--retention-period=RETENTION_PERIOD]
[--[no-]uniform-bucket-level-access, -b] [GCLOUD_WIDE_FLAG ...]
@ -32,6 +34,12 @@ POSITIONAL ARGUMENTS
The URL of the bucket to create.
FLAGS
--additional-headers=HEADER=VALUE
Includes arbitrary headers in storage API calls. Accepts a comma
separated list of key=value pairs, e.g. header1=value1,header2=value2.
Overrides the default storage/additional_headers property value for
this command invocation.
--default-encryption-key=DEFAULT_ENCRYPTION_KEY, -k DEFAULT_ENCRYPTION_KEY
Set the default KMS key using the full path to the key, which has the
following form:
@ -43,6 +51,11 @@ FLAGS
If not specified, the default storage class used by Cloud Storage is
"Standard".
--[no-]enable-autoclass
The Autoclass feature automatically selects the best storage class for
objects based on access patterns. Use --enable-autoclass to enable and
--no-enable-autoclass to disable.
--location=LOCATION, -l LOCATION
Location (https://cloud.google.com/storage/docs/locations) for the
bucket. If not specified, the location used by Cloud Storage is us. A
@ -51,10 +64,28 @@ FLAGS
--[no-]pap, --[no-]public-access-prevention
Sets public access prevention to "enforced". For details on how exactly
public access is blocked, see:
http://cloud/storage/docs/public-access-prevention. Use
http://cloud.google.com/storage/docs/public-access-prevention. Use
--public-access-prevention to enable and --no-public-access-prevention
to disable.
--placement=REGION,REGION
A comma-separated list of exactly 2 regions that form the custom
dual-region. Only regions within the same continent are or will ever be
valid. Invalid location pairs (such as mixed-continent, or with
unsupported regions) will return an error.
--recovery-point-objective=SETTING, --rpo=SETTING
Sets the recovery point objective
(https://cloud.google.com/architecture/dr-scenarios-planning-guide#basics_of_dr_planning)
of a bucket. This flag can only be used with multi-region and
dual-region buckets. DEFAULT option is valid for multi-region and
dual-regions buckets. ASYNC_TURBO option is only valid for dual-region
buckets. If unspecified when the bucket is created, it defaults to
DEFAULT for dual-region and multi-region buckets. For more information,
see Turbo Replication
(https://cloud.google.com/storage/docs/turbo-replication). SETTING must
be one of: ASYNC_TURBO, DEFAULT.
--retention-period=RETENTION_PERIOD
Minimum retention period
(https://cloud.google.com/storage/docs/bucket-lock#retention-periods)

View file

@ -3,7 +3,8 @@ NAME
SYNOPSIS
gcloud alpha storage buckets delete URLS [URLS ...]
[--continue-on-error, -c] [GCLOUD_WIDE_FLAG ...]
[--additional-headers=HEADER=VALUE] [--continue-on-error, -c]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Deletes one or more Cloud Storage buckets.
@ -23,6 +24,12 @@ POSITIONAL ARGUMENTS
Specifies the URLs of the buckets to delete.
FLAGS
--additional-headers=HEADER=VALUE
Includes arbitrary headers in storage API calls. Accepts a comma
separated list of key=value pairs, e.g. header1=value1,header2=value2.
Overrides the default storage/additional_headers property value for
this command invocation.
--continue-on-error, -c
If any operations are unsuccessful, the command will exit with a
non-zero exit status after completing the remaining operations. This

View file

@ -2,7 +2,8 @@ NAME
gcloud alpha storage buckets describe - describes Cloud Storage buckets
SYNOPSIS
gcloud alpha storage buckets describe URL [GCLOUD_WIDE_FLAG ...]
gcloud alpha storage buckets describe URL
[--additional-headers=HEADER=VALUE] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Describe a Cloud Storage bucket.
@ -21,6 +22,13 @@ POSITIONAL ARGUMENTS
URL
Specifies URL of bucket to describe.
FLAGS
--additional-headers=HEADER=VALUE
Includes arbitrary headers in storage API calls. Accepts a comma
separated list of key=value pairs, e.g. header1=value1,header2=value2.
Overrides the default storage/additional_headers property value for
this command invocation.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -0,0 +1,42 @@
NAME
gcloud alpha storage buckets get-iam-policy - get the IAM policy for a
bucket
SYNOPSIS
gcloud alpha storage buckets get-iam-policy URL [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Get the IAM policy for a bucket. For more information, see Cloud
Identity and Access Management
(https://cloud.google.com/storage/docs/access-control/iam).
EXAMPLES
To get the IAM policy for BUCKET:
$ gcloud alpha storage buckets get-iam-policy gs://BUCKET
To output the IAM policy for BUCKET to a file:
$ gcloud alpha storage buckets get-iam-policy gs://BUCKET > \
policy.txt
POSITIONAL ARGUMENTS
URL
Request IAM policy for this bucket.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist. This variant is also available:
$ gcloud storage buckets get-iam-policy

View file

@ -21,6 +21,9 @@ GROUPS
COMMANDS
COMMAND is one of the following:
add-iam-policy-binding
(ALPHA) Add an IAM policy binding to a bucket.
create
(ALPHA) Create buckets for storing objects.
@ -30,9 +33,18 @@ COMMANDS
describe
(ALPHA) Describes Cloud Storage buckets.
get-iam-policy
(ALPHA) Get the IAM policy for a bucket.
list
(ALPHA) Lists Cloud Storage buckets.
remove-iam-policy-binding
(ALPHA) Remove an IAM policy binding from a bucket.
set-iam-policy
(ALPHA) Set the IAM policy for a bucket.
update
(ALPHA) Update bucket settings.

View file

@ -2,7 +2,8 @@ NAME
gcloud alpha storage buckets list - lists Cloud Storage buckets
SYNOPSIS
gcloud alpha storage buckets list [URLS ...] [--filter=EXPRESSION]
gcloud alpha storage buckets list [URLS ...]
[--additional-headers=HEADER=VALUE] [--filter=EXPRESSION]
[--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri]
[GCLOUD_WIDE_FLAG ...]
@ -26,6 +27,13 @@ POSITIONAL ARGUMENTS
[URLS ...]
Specifies URL of buckets to List.
FLAGS
--additional-headers=HEADER=VALUE
Includes arbitrary headers in storage API calls. Accepts a comma
separated list of key=value pairs, e.g. header1=value1,header2=value2.
Overrides the default storage/additional_headers property value for
this command invocation.
LIST COMMAND FLAGS
--filter=EXPRESSION
Apply a Boolean filter EXPRESSION to each resource item to be listed.

View file

@ -28,8 +28,8 @@ DESCRIPTION
the create command uses the Cloud Pub/Sub topic
projects/default-project/topics/example-bucket.
In order to enable notifications, your project's [Cloud Storage service
agent] (https://cloud.google.com/storage/docs/projects#service-accounts)
In order to enable notifications, your project's Cloud Storage service
agent (https://cloud.google.com/storage/docs/projects#service-accounts)
must have the IAM permission "pubsub.topics.publish". This command checks
to see if the destination Cloud Pub/Sub topic grants the service agent this
permission. If not, the create command attempts to grant it.

View file

@ -0,0 +1,108 @@
NAME
gcloud alpha storage buckets remove-iam-policy-binding - remove an IAM
policy binding from a bucket
SYNOPSIS
gcloud alpha storage buckets remove-iam-policy-binding URL
--member=PRINCIPAL --role=ROLE
[--all | --condition=[KEY=VALUE,...]
| --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Removes a policy binding from the IAM policy of a bucket, given a
bucket URL and the binding. For more information, see Cloud Identity and
Access Management
(https://cloud.google.com/storage/docs/access-control/iam).
EXAMPLES
To remove an IAM policy binding from the role of
roles/storage.objectCreator for the user john.doe@example.com on BUCKET:
$ gcloud alpha storage buckets remove-iam-policy-binding \
gs://BUCKET --member=user:john.doe@example.com \
--role=roles/storage.objectCreator
POSITIONAL ARGUMENTS
URL
URL of bucket to remove IAM policy binding from.
REQUIRED FLAGS
--member=PRINCIPAL
The principal to remove the binding for. Should be of the form
user|group|serviceAccount:email or domain:domain.
Examples: user:test-user@gmail.com, group:admins@example.com,
serviceAccount:test123@example.domain.com, or
domain:example.domain.com.
Deleted principals have an additional deleted: prefix and a ?uid=UID
suffix, where UID is a unique identifier for the principal. Example:
deleted:user:test-user@gmail.com?uid=123456789012345678901.
Some resources also accept the following special values:
◆ allUsers - Special identifier that represents anyone who is on the
internet, with or without a Google account.
◆ allAuthenticatedUsers - Special identifier that represents anyone
who is authenticated with a Google account or a service account.
--role=ROLE
The role to remove the principal from.
OPTIONAL FLAGS
At most one of these can be specified:
--all
Remove all bindings with this role and principal, irrespective of any
conditions.
--condition=[KEY=VALUE,...]
The condition of the binding that you want to remove. When the
condition is explicitly specified as None (--condition=None), a
binding without a condition is removed. Otherwise, only a binding
with a condition that exactly matches the specified condition
(including the optional description) is removed. For more on
conditions, refer to the conditions overview guide:
https://cloud.google.com/iam/docs/conditions-overview
When using the --condition flag, include the following key-value
pairs:
expression
(Required) Condition expression that evaluates to True or False.
This uses a subset of Common Expression Language syntax.
If the condition expression includes a comma, use a different
delimiter to separate the key-value pairs. Specify the delimiter
before listing the key-value pairs. For example, to specify a
colon (:) as the delimiter, do the following:
--condition=^:^title=TITLE:expression=EXPRESSION. For more
information, see
https://cloud.google.com/sdk/gcloud/reference/topic/escaping.
title
(Required) A short string describing the purpose of the
expression.
description
(Optional) Additional description for the expression.
--condition-from-file=CONDITION_FROM_FILE
Path to a local JSON or YAML file that defines the condition. To see
available fields, see the help for --condition.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist. This variant is also available:
$ gcloud storage buckets remove-iam-policy-binding

View file

@ -0,0 +1,61 @@
NAME
gcloud alpha storage buckets set-iam-policy - set the IAM policy for a
bucket
SYNOPSIS
gcloud alpha storage buckets set-iam-policy URLS [URLS ...] POLICY_FILE
[--continue-on-error, -c] [--etag=ETAG, -e ETAG] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Set the IAM policy for a bucket. For more information, see Cloud
Identity and Access Management
(https://cloud.google.com/storage/docs/access-control/iam).
EXAMPLES
To set the IAM policy in POLICY-FILE on BUCKET:
$ gcloud alpha storage buckets set-iam-policy gs://BUCKET POLICY-FILE
To set the IAM policy in POLICY-FILE on all buckets beginning with "b":
$ gcloud alpha storage buckets set-iam-policy gs://b* POLICY-FILE
POSITIONAL ARGUMENTS
URLS [URLS ...]
URLs for buckets to apply the IAM policy to. Can include wildcards.
POLICY_FILE
Path to a local JSON or YAML formatted file containing a valid policy.
The output of the get-iam-policy command is a valid file, as is any
JSON or YAML file conforming to the structure of a Policy
(https://cloud.google.com/iam/reference/rest/v1/Policy).
FLAGS
--continue-on-error, -c
If any operations are unsuccessful, the command will exit with a
non-zero exit status after completing the remaining operations. This
flag takes effect only in sequential execution mode (i.e. processor and
thread count are set to 1). Parallelism is default.
--etag=ETAG, -e ETAG
Custom etag to set on IAM policy. API will reject etags that do not
match this value, making it useful as a precondition during concurrent
operations.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist. This variant is also available:
$ gcloud storage buckets set-iam-policy

View file

@ -3,12 +3,19 @@ NAME
SYNOPSIS
gcloud alpha storage buckets update URL [URL ...]
[--canned-acl=PREDEFINED_ACL,
--predefined-acl=PREDEFINED_ACL, -a PREDEFINED_ACL]
[--continue-on-error, -c] [--[no-]default-event-based-hold]
[--default-storage-class=DEFAULT_STORAGE_CLASS]
[--[no-]lock-retention-period] [--[no-]requester-pays]
[--[no-]uniform-bucket-level-access] [--[no-]versioning]
[--additional-headers=HEADER=VALUE] [--continue-on-error, -c]
[--[no-]default-event-based-hold] [--[no-]enable-autoclass]
[--lock-retention-period]
[--recovery-point-objective=SETTING, --rpo=SETTING]
[--[no-]requester-pays] [--[no-]uniform-bucket-level-access]
[--[no-]versioning]
[--acl-file=ACL_FILE --add-acl-grant=[ACL_GRANT,...]
--canned-acl=PREDEFINED_ACL, --predefined-acl=PREDEFINED_ACL,
-a PREDEFINED_ACL --remove-acl-grant=REMOVE_ACL_GRANT]
[--add-default-object-acl-grant=[DEFAULT_OBJECT_ACL_GRANT,...]
--default-object-acl-file=DEFAULT_OBJECT_ACL_FILE
--predefined-default-object-acl=PREDEFINED_DEFAULT_OBJECT_ACL
--remove-default-object-acl-grant=REMOVE_DEFAULT_OBJECT_ACL_GRANT]
[--clear-cors | --cors-file=CORS_FILE]
[--clear-default-encryption-key
| --default-encryption-key=DEFAULT_ENCRYPTION_KEY]
@ -45,10 +52,11 @@ POSITIONAL ARGUMENTS
URLs of the buckets to update.
FLAGS
--canned-acl=PREDEFINED_ACL, --predefined-acl=PREDEFINED_ACL, -a PREDEFINED_ACL
Applies predefined, or "canned," ACLs to a resource. See docs for a
list of predefined ACL constants:
https://cloud.google.com/storage/docs/access-control/lists#predefined-acl
--additional-headers=HEADER=VALUE
Includes arbitrary headers in storage API calls. Accepts a comma
separated list of key=value pairs, e.g. header1=value1,header2=value2.
Overrides the default storage/additional_headers property value for
this command invocation.
--continue-on-error, -c
If any operations are unsuccessful, the command will exit with a
@ -63,15 +71,28 @@ FLAGS
retroactively). Use --default-event-based-hold to enable and
--no-default-event-based-hold to disable.
--default-storage-class=DEFAULT_STORAGE_CLASS
Sets the default storage class for the bucket.
--[no-]enable-autoclass
The Autoclass feature automatically selects the best storage class for
objects based on access patterns. Use --enable-autoclass to enable and
--no-enable-autoclass to disable.
--[no-]lock-retention-period
--lock-retention-period
Locks an unlocked retention policy on the buckets. Caution: A locked
retention policy cannot be removed from a bucket or reduced in
duration. Once locked, deleting the bucket is the only way to "remove"
a retention policy. Use --lock-retention-period to enable and
--no-lock-retention-period to disable.
a retention policy.
--recovery-point-objective=SETTING, --rpo=SETTING
Sets the recovery point objective
(https://cloud.google.com/architecture/dr-scenarios-planning-guide#basics_of_dr_planning)
of a bucket. This flag can only be used with multi-region and
dual-region buckets. DEFAULT option is valid for multi-region and
dual-regions buckets. ASYNC_TURBO option is only valid for dual-region
buckets. If unspecified when the bucket is created, it defaults to
DEFAULT for dual-region and multi-region buckets. For more information,
see Turbo Replication
(https://cloud.google.com/storage/docs/turbo-replication). SETTING must
be one of: ASYNC_TURBO, DEFAULT.
--[no-]requester-pays
Allows you to configure a Cloud Storage bucket so that the requester
@ -88,6 +109,42 @@ FLAGS
Allows you to configure a Cloud Storage bucket to keep old versions of
objects. Use --versioning to enable and --no-versioning to disable.
--acl-file=ACL_FILE
Path to a local JSON or YAML formatted file containing a valid policy.
The output of gcloud storage [buckets|objects] describe
--format="multi(acl:format=json)" is a valid file and can be edited for
more fine-grained control.
--add-acl-grant=[ACL_GRANT,...]
Key-value pairs mirroring the JSON accepted by your cloud provider. For
example, for Google Cloud
Storage,--add-acl-grant=entity=user-tim@gmail.com,role=OWNER
--canned-acl=PREDEFINED_ACL, --predefined-acl=PREDEFINED_ACL, -a PREDEFINED_ACL
Applies predefined, or "canned," ACLs to a resource. See docs for a
list of predefined ACL constants:
https://cloud.google.com/storage/docs/access-control/lists#predefined-acl
--remove-acl-grant=REMOVE_ACL_GRANT
Key-value pairs mirroring the JSON accepted by your cloud provider. For
example, for Google Cloud Storage, --remove-acl-grant=ENTITY, where
ENTITY has a valid ACL entity format, such as user-tim@gmail.com,
group-admins, allUsers, etc.
--add-default-object-acl-grant=[DEFAULT_OBJECT_ACL_GRANT,...]
Adds default object ACL grant. See --add-acl-grant help text for more
details.
--default-object-acl-file=DEFAULT_OBJECT_ACL_FILE
Sets the default object ACL from file for the bucket.
--predefined-default-object-acl=PREDEFINED_DEFAULT_OBJECT_ACL
Apply a predefined set of default object access controls tobuckets
--remove-default-object-acl-grant=REMOVE_DEFAULT_OBJECT_ACL_GRANT
Removes default object ACL grant. See --remove-acl-grant help text for
more details.
At most one of these can be specified:
--clear-cors
@ -192,7 +249,7 @@ FLAGS
If True, sets public access prevention to "enforced". If False, sets
public access prevention to "inherited". For details on how exactly
public access is blocked, see:
http://cloud/storage/docs/public-access-prevention. Use
http://cloud.google.com/storage/docs/public-access-prevention. Use
--public-access-prevention to enable and
--no-public-access-prevention to disable.