1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-16 12:22:03 +00:00

gcloud: Tue Mar 1 21:43:54 UTC 2022

This commit is contained in:
Automated 2022-03-01 21:43:54 +00:00
parent c1c3b75313
commit 21878eea72
1018 changed files with 4838 additions and 3409 deletions

View file

@ -18,20 +18,15 @@ EXAMPLES
To create a certificate using a CSR:
$ gcloud beta privateca certificates create frontend-server-tls \
--issuer=server-tls-1 --issuer-location=us \
--csr=./csr.pem \
--cert-output-file=./cert.pem \
--validity=P30D
--issuer=server-tls-1 --issuer-location=us --csr=./csr.pem \
--cert-output-file=./cert.pem --validity=P30D
To create a certificate using a client-generated key:
$ gcloud beta privateca certificates create frontend-server-tls \
--issuer=server-tls-1 --issuer-location=us \
--generate-key \
--key-output-file=./key \
--cert-output-file=./cert.pem \
--dns-san=www.joonix.net \
--reusable-config=server-tls
--issuer=server-tls-1 --issuer-location=us --generate-key \
--key-output-file=./key --cert-output-file=./cert.pem \
--dns-san=www.joonix.net --reusable-config=server-tls
POSITIONAL ARGUMENTS
CERTIFICATE resource - The name of the certificate to issue. If the

View file

@ -14,14 +14,14 @@ EXAMPLES
To get metadata for the 'frontend-server-tls' certificate:
$ gcloud beta privateca certificates describe frontend-server-tls \
--issuer=server-tls-1 --issuer-location=us-west1
--issuer=server-tls-1 --issuer-location=us-west1
To download the PEM-encoded certificate for the 'frontend-server-tls'
certificate to a file called 'frontend-server-tls.crt':
$ gcloud beta privateca certificates describe frontend-server-tls \
--issuer=server-tls-1 --issuer-location=us-west1 \
--format="value(pem_cert)" > ./frontend-server-tls.crt
--issuer=server-tls-1 --issuer-location=us-west1 \
--format="value(pem_cert)" > ./frontend-server-tls.crt
POSITIONAL ARGUMENTS
CERTIFICATE resource - The certificate for which to obtain metadata. The

View file

@ -15,17 +15,16 @@ EXAMPLES
To revoke the 'frontend-server-tls' certificate due to key compromise:
$ gcloud beta privateca certificates revoke \
--certificate=frontend-server-tls \
--issuer=server-tls-1 --issuer-location=us-west1 \
--reason=key_compromise
--certificate=frontend-server-tls --issuer=server-tls-1 \
--issuer-location=us-west1 --reason=key_compromise
To revoke the a certificate with the serial number
'7dc1d9186372de2e1f4824abb1c4c9e5e43cbb40' due to a newer one being issued:
$ gcloud beta privateca certificates revoke \
--serial-number=7dc1d9186372de2e1f4824abb1c4c9e5e43cbb40 \
--issuer=server-tls-1 --issuer-location=us-west1 \
--reason=superseded
--serial-number=7dc1d9186372de2e1f4824abb1c4c9e5e43cbb40 \
--issuer=server-tls-1 --issuer-location=us-west1 \
--reason=superseded
REQUIRED FLAGS
The certificate identifier.

View file

@ -11,8 +11,8 @@ EXAMPLES
To update labels on a certificate:
$ gcloud beta privateca certificates update frontend-server-tls \
--issuer=server-tls-1 --issuer-location=us \
--update-labels=in_use=true
--issuer=server-tls-1 --issuer-location=us \
--update-labels=in_use=true
POSITIONAL ARGUMENTS
CERTIFICATE resource - The certificate to update. The arguments in this

View file

@ -20,9 +20,8 @@ EXAMPLES
the CA 'prod-root' with the location 'us-west1', run:
$ gcloud beta privateca roots add-iam-policy-binding prod-root \
--location='us-west1' \
--member='user:test-user@gmail.com' \
--role='roles/privateca.certificateManager'
--location='us-west1' --member='user:test-user@gmail.com' \
--role='roles/privateca.certificateManager'
POSITIONAL ARGUMENTS
Certificate Authority resource - The certificate authority for which to

View file

@ -25,35 +25,34 @@ EXAMPLES
To create a root CA that supports one layer of subordinates:
$ gcloud beta privateca roots create prod-root \
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/k1/cryptoKeyVersions/1"
\
--subject="CN=Joonix Production Root CA, O=Google" \
--max-chain-length=1
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
gs/kr1/cryptoKeys/k1/cryptoKeyVersions/1" \
--subject="CN=Joonix Production Root CA, O=Google" \
--max-chain-length=1
To create a root CA and restrict what it can issue:
$ gcloud beta privateca roots create prod-root \
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/k1/cryptoKeyVersions/1"
\
--subject="CN=Joonix Production Root CA, O=Google" \
--issuance-policy=policy.yaml
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
gs/kr1/cryptoKeys/k1/cryptoKeyVersions/1" \
--subject="CN=Joonix Production Root CA, O=Google" \
--issuance-policy=policy.yaml
To create a root CA that doesn't publicly publish CA certificate and CRLs:
$ gcloud beta privateca roots create root-2 \
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/k1/cryptoKeyVersions/1"
\
--subject="CN=Joonix Production Root CA, O=Google" \
--issuance-policy=policy.yaml \
--no-publish-ca-cert \
--no-publish-crl
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
gs/kr1/cryptoKeys/k1/cryptoKeyVersions/1" \
--subject="CN=Joonix Production Root CA, O=Google" \
--issuance-policy=policy.yaml --no-publish-ca-cert \
--no-publish-crl
To create a root CA that is based on an existing CA:
$ gcloud beta privateca roots create prod-root \
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/k1/cryptoKeyVersions/1"
\
--from-ca=source-root --from-ca-location=us-central1
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
gs/kr1/cryptoKeys/k1/cryptoKeyVersions/1" --from-ca=source-root \
--from-ca-location=us-central1
POSITIONAL ARGUMENTS
Certificate Authority resource - The name of the root CA to create. The

View file

@ -12,15 +12,13 @@ DESCRIPTION
EXAMPLES
To get metadata for the root CA 'prod-root' in location 'us-west1':
$ gcloud beta privateca roots describe server-tls-1 \
--location=us
$ gcloud beta privateca roots describe server-tls-1 --location=us
To download the PEM-encoded CA certificate for the 'prod-root' CA in
location 'us-west1' to a file called 'prod-root.crt':
$ gcloud beta privateca roots describe prod-root \
--location=us-west1 \
--format="value(pem_cert)" > ./prod-root.crt
--location=us-west1 --format="value(pem_cert)" > ./prod-root.crt
POSITIONAL ARGUMENTS
Certificate Authority resource - The certificate authority for which to

View file

@ -20,9 +20,8 @@ EXAMPLES
the CA 'prod-root' with the location 'us-west1', run:
$ gcloud beta privateca roots remove-iam-policy-binding prod-root \
--location='us-west1' \
--member='user:test-user@gmail.com' \
--role='roles/privateca.certificateManager'
--location='us-west1' --member='user:test-user@gmail.com' \
--role='roles/privateca.certificateManager'
POSITIONAL ARGUMENTS
Certificate Authority resource - The certificate authority for which to

View file

@ -12,15 +12,13 @@ SYNOPSIS
EXAMPLES
To update labels on a root CA:
$ gcloud beta privateca roots update prod-root \
--location=us-west1 \
--update-labels=foo=bar
$ gcloud beta privateca roots update prod-root --location=us-west1 \
--update-labels=foo=bar
To disable publishing CRLs for a root CA:
$ gcloud beta privateca roots update prod-root \
--location=us-west1 \
--no-publish-crl
$ gcloud beta privateca roots update prod-root --location=us-west1 \
--no-publish-crl
POSITIONAL ARGUMENTS
CERTIFICATE AUTHORITY resource - The certificate authority to update. The

View file

@ -12,8 +12,7 @@ EXAMPLES
using a PEM certificate chain in 'chain.crt':
$ gcloud beta privateca subordinates activate server-tls-1 \
--location=us \
--pem-chain=./chain.crt
--location=us --pem-chain=./chain.crt
POSITIONAL ARGUMENTS
CERTIFICATE AUTHORITY resource - The certificate authority to activate.

View file

@ -20,10 +20,9 @@ EXAMPLES
the CA 'server-tls-1' with the location 'us-west1', run:
$ gcloud beta privateca subordinates add-iam-policy-binding \
server-tls-1 \
--location='us-west1' \
--member='user:test-user@gmail.com' \
--role='roles/privateca.certificateManager'
server-tls-1 --location='us-west1' \
--member='user:test-user@gmail.com' \
--role='roles/privateca.certificateManager'
POSITIONAL ARGUMENTS
Certificate Authority resource - The certificate authority for which to

View file

@ -29,26 +29,28 @@ EXAMPLES
CA:
$ gcloud beta privateca subordinates create server-tls-1 \
--subject="CN=Joonix TLS CA, O=Google" \
--issuer=prod-root --issuer-location=us-west1 \
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
--subject="CN=Joonix TLS CA, O=Google" --issuer=prod-root \
--issuer-location=us-west1 \
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
gs/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
To create a subordinate CA named 'server-tls-1' whose issuer is located
elsewhere:
$ gcloud beta privateca subordinates create server-tls-1 \
--subject="CN=Joonix TLS CA, O=Google" \
--create-csr \
--csr-output-file="./csr.pem" \
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
--subject="CN=Joonix TLS CA, O=Google" --create-csr \
--csr-output-file="./csr.pem" \
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
gs/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
To create a subordinate CA named 'server-tls-1' chaining up to a root CA
named 'prod-root' based on an existing CA:
$ gcloud beta privateca subordinates create server-tls-1 \
--issuer=prod-root --issuer-location=us-west1 \
--from-ca=source-ca --from-ca-location=us-central1 \
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRings/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
--issuer=prod-root --issuer-location=us-west1 \
--from-ca=source-ca --from-ca-location=us-central1 \
--kms-key-version="projects/joonix-pki/locations/us-west1/keyRin\
gs/kr1/cryptoKeys/key2/cryptoKeyVersions/1"
POSITIONAL ARGUMENTS
Certificate Authority resource - The name of the subordinate CA to create.

View file

@ -14,14 +14,14 @@ EXAMPLES
'us-west1':
$ gcloud beta privateca subordinates describe server-tls-1 \
--location=us-west1
--location=us-west1
To download the PEM-encoded CA certificate for the 'server-tls-1' CA in
location 'us-west1' to a file called 'server-tls-1.crt':
$ gcloud beta privateca subordinates describe server-tls-1 \
--location=us-west1 \
--format="value(pem_cert)" > ./server-tls-1.crt
--location=us-west1 --format="value(pem_cert)" > \
./server-tls-1.crt
POSITIONAL ARGUMENTS
Certificate Authority resource - The certificate authority for which to

View file

@ -20,10 +20,9 @@ EXAMPLES
the CA 'server-tls-1' with the location 'us-west1', run:
$ gcloud beta privateca subordinates remove-iam-policy-binding \
server-tls-1 \
--location='us-west1' \
--member='user:test-user@gmail.com' \
--role='roles/privateca.certificateManager'
server-tls-1 --location='us-west1' \
--member='user:test-user@gmail.com' \
--role='roles/privateca.certificateManager'
POSITIONAL ARGUMENTS
Certificate Authority resource - The certificate authority for which to

View file

@ -14,14 +14,12 @@ EXAMPLES
To update labels on a subordinate CA:
$ gcloud beta privateca subordinates update server-tls-1 \
--location=us-west1 \
--update-labels=foo=bar
--location=us-west1 --update-labels=foo=bar
To disable publishing CRLs for a subordinate CA:
$ gcloud beta privateca subordinates update server-tls-1 \
--location=us-west1 \
--no-publish-crl
--location=us-west1 --no-publish-crl
POSITIONAL ARGUMENTS
CERTIFICATE AUTHORITY resource - The certificate authority to update. The