From 44f319c56c9231f747ae724ea2c5feef2efc1038 Mon Sep 17 00:00:00 2001 From: Automated Date: Wed, 12 Feb 2025 10:41:39 +0000 Subject: [PATCH] gcloud: Wed Feb 12 10:41:39 UTC 2025 --- gcloud/_version | 8 +- gcloud/alloydb/clusters/help | 3 + gcloud/alloydb/clusters/import | 99 +++++ gcloud/alpha/alloydb/clusters/help | 7 + gcloud/alpha/alloydb/clusters/import | 103 +++++ .../alpha/alloydb/clusters/migrate-cloud-sql | 327 +++++++++++++++ .../alpha/compute/future-reservations/create | 6 +- .../get-effective-firewalls | 1 + gcloud/alpha/compute/interconnects/create | 8 +- .../interconnects/wire-groups/add-endpoint | 48 +++ .../wire-groups/add-interconnect | 61 +++ .../compute/interconnects/wire-groups/help | 12 + .../interconnects/wire-groups/remove-endpoint | 49 +++ .../wire-groups/remove-interconnect | 54 +++ .../get-effective-firewalls | 1 + .../compute/networks/get-effective-firewalls | 1 + gcloud/alpha/compute/routers/create | 12 +- .../compute/url-maps/invalidate-cdn-cache | 32 +- gcloud/alpha/container/clusters/create | 20 +- gcloud/alpha/container/node-pools/create | 20 +- gcloud/alpha/container/node-pools/update | 24 +- gcloud/alpha/dataplex/entries/create | 8 +- .../deploy-policies/add-iam-policy-binding | 142 +++++++ .../deploy/deploy-policies/get-iam-policy | 105 +++++ gcloud/alpha/deploy/deploy-policies/help | 12 + .../deploy-policies/remove-iam-policy-binding | 147 +++++++ .../deploy/deploy-policies/set-iam-policy | 87 ++++ .../alpha/model-armor/floorsettings/describe | 31 ++ gcloud/alpha/model-armor/floorsettings/help | 31 ++ gcloud/alpha/model-armor/floorsettings/update | 127 ++++++ gcloud/alpha/model-armor/help | 35 ++ gcloud/alpha/model-armor/templates/create | 260 ++++++++++++ gcloud/alpha/model-armor/templates/delete | 81 ++++ gcloud/alpha/model-armor/templates/describe | 65 +++ gcloud/alpha/model-armor/templates/help | 46 +++ gcloud/alpha/model-armor/templates/list | 86 ++++ .../templates/sanitize-model-response | 105 +++++ .../templates/sanitize-user-prompt | 100 +++++ gcloud/alpha/model-armor/templates/update | 373 ++++++++++++++++++ gcloud/alpha/monitoring/snoozes/create | 20 +- .../multicast-group-definitions/create | 9 +- .../multicast-group-range-activations/create | 8 +- .../multicast-group-ranges/create | 9 +- .../network-services/multicast-groups/create | 8 +- gcloud/alpha/scc/findings/group | 8 +- gcloud/alpha/scc/findings/list | 8 +- gcloud/alpha/scc/findings/list-marks | 4 +- gcloud/alpha/spanner/instances/help | 2 +- gcloud/alpha/spanner/instances/move | 47 +-- gcloud/alpha/sql/instances/create | 12 +- gcloud/alpha/sql/instances/patch | 16 + .../storage/batch-operations/jobs/create | 16 +- gcloud/alpha/storage/buckets/create | 7 +- gcloud/alpha/workstations/configs/update | 25 +- gcloud/beta/alloydb/clusters/help | 7 + gcloud/beta/alloydb/clusters/import | 101 +++++ .../beta/alloydb/clusters/migrate-cloud-sql | 325 +++++++++++++++ .../get-effective-firewalls | 1 + gcloud/beta/compute/interconnects/create | 8 +- .../get-effective-firewalls | 1 + .../compute/networks/get-effective-firewalls | 1 + .../compute/url-maps/invalidate-cdn-cache | 33 +- gcloud/beta/container/clusters/create | 20 +- gcloud/beta/container/fleet/mesh/update | 34 +- gcloud/beta/container/hub/mesh/update | 34 +- gcloud/beta/container/node-pools/create | 20 +- gcloud/beta/container/node-pools/update | 24 +- gcloud/beta/dataflow/flex-template/build | 13 + .../deploy-policies/add-iam-policy-binding | 140 +++++++ .../deploy/deploy-policies/get-iam-policy | 103 +++++ gcloud/beta/deploy/deploy-policies/help | 12 + .../deploy-policies/remove-iam-policy-binding | 145 +++++++ .../deploy/deploy-policies/set-iam-policy | 85 ++++ gcloud/beta/monitoring/snoozes/create | 20 +- .../multicast-group-range-activations/create | 8 +- .../multicast-group-ranges/create | 9 +- gcloud/beta/scc/findings/group | 8 +- gcloud/beta/scc/findings/list | 8 +- gcloud/beta/scc/findings/list-marks | 4 +- gcloud/beta/services/api-keys/create | 10 + gcloud/beta/spanner/instances/help | 2 +- gcloud/beta/spanner/instances/move | 49 ++- gcloud/beta/sql/instances/create | 12 +- gcloud/beta/sql/instances/patch | 16 + gcloud/beta/workstations/configs/update | 25 +- gcloud/compute/interconnects/create | 8 +- gcloud/container/clusters/create | 20 +- gcloud/container/fleet/mesh/update | 34 +- gcloud/container/hub/mesh/update | 34 +- gcloud/container/node-pools/create | 20 +- gcloud/container/node-pools/update | 24 +- gcloud/dataflow/flex-template/build | 13 + gcloud/dataplex/entries/create | 8 +- .../deploy-policies/add-iam-policy-binding | 139 +++++++ gcloud/deploy/deploy-policies/get-iam-policy | 102 +++++ gcloud/deploy/deploy-policies/help | 12 + .../deploy-policies/remove-iam-policy-binding | 144 +++++++ gcloud/deploy/deploy-policies/set-iam-policy | 84 ++++ gcloud/model-armor/floorsettings/describe | 28 ++ gcloud/model-armor/floorsettings/help | 28 ++ gcloud/model-armor/floorsettings/update | 123 ++++++ gcloud/model-armor/help | 31 ++ gcloud/model-armor/templates/create | 257 ++++++++++++ gcloud/model-armor/templates/delete | 78 ++++ gcloud/model-armor/templates/describe | 62 +++ gcloud/model-armor/templates/help | 43 ++ gcloud/model-armor/templates/list | 83 ++++ .../templates/sanitize-model-response | 102 +++++ .../templates/sanitize-user-prompt | 95 +++++ gcloud/model-armor/templates/update | 370 +++++++++++++++++ gcloud/monitoring/snoozes/create | 20 +- gcloud/scc/findings/group | 8 +- gcloud/scc/findings/list | 8 +- gcloud/scc/findings/list-marks | 4 +- gcloud/spanner/instances/help | 3 +- gcloud/spanner/instances/move | 47 ++- gcloud/storage/buckets/create | 7 +- gcloud/workbench/instances/update | 15 + gcloud/workstations/configs/update | 25 +- 119 files changed, 5956 insertions(+), 337 deletions(-) create mode 100644 gcloud/alloydb/clusters/import create mode 100644 gcloud/alpha/alloydb/clusters/import create mode 100644 gcloud/alpha/alloydb/clusters/migrate-cloud-sql create mode 100644 gcloud/alpha/compute/interconnects/wire-groups/add-endpoint create mode 100644 gcloud/alpha/compute/interconnects/wire-groups/add-interconnect create mode 100644 gcloud/alpha/compute/interconnects/wire-groups/remove-endpoint create mode 100644 gcloud/alpha/compute/interconnects/wire-groups/remove-interconnect create mode 100644 gcloud/alpha/deploy/deploy-policies/add-iam-policy-binding create mode 100644 gcloud/alpha/deploy/deploy-policies/get-iam-policy create mode 100644 gcloud/alpha/deploy/deploy-policies/remove-iam-policy-binding create mode 100644 gcloud/alpha/deploy/deploy-policies/set-iam-policy create mode 100644 gcloud/alpha/model-armor/floorsettings/describe create mode 100644 gcloud/alpha/model-armor/floorsettings/help create mode 100644 gcloud/alpha/model-armor/floorsettings/update create mode 100644 gcloud/alpha/model-armor/help create mode 100644 gcloud/alpha/model-armor/templates/create create mode 100644 gcloud/alpha/model-armor/templates/delete create mode 100644 gcloud/alpha/model-armor/templates/describe create mode 100644 gcloud/alpha/model-armor/templates/help create mode 100644 gcloud/alpha/model-armor/templates/list create mode 100644 gcloud/alpha/model-armor/templates/sanitize-model-response create mode 100644 gcloud/alpha/model-armor/templates/sanitize-user-prompt create mode 100644 gcloud/alpha/model-armor/templates/update create mode 100644 gcloud/beta/alloydb/clusters/import create mode 100644 gcloud/beta/alloydb/clusters/migrate-cloud-sql create mode 100644 gcloud/beta/deploy/deploy-policies/add-iam-policy-binding create mode 100644 gcloud/beta/deploy/deploy-policies/get-iam-policy create mode 100644 gcloud/beta/deploy/deploy-policies/remove-iam-policy-binding create mode 100644 gcloud/beta/deploy/deploy-policies/set-iam-policy create mode 100644 gcloud/deploy/deploy-policies/add-iam-policy-binding create mode 100644 gcloud/deploy/deploy-policies/get-iam-policy create mode 100644 gcloud/deploy/deploy-policies/remove-iam-policy-binding create mode 100644 gcloud/deploy/deploy-policies/set-iam-policy create mode 100644 gcloud/model-armor/floorsettings/describe create mode 100644 gcloud/model-armor/floorsettings/help create mode 100644 gcloud/model-armor/floorsettings/update create mode 100644 gcloud/model-armor/help create mode 100644 gcloud/model-armor/templates/create create mode 100644 gcloud/model-armor/templates/delete create mode 100644 gcloud/model-armor/templates/describe create mode 100644 gcloud/model-armor/templates/help create mode 100644 gcloud/model-armor/templates/list create mode 100644 gcloud/model-armor/templates/sanitize-model-response create mode 100644 gcloud/model-armor/templates/sanitize-user-prompt create mode 100644 gcloud/model-armor/templates/update diff --git a/gcloud/_version b/gcloud/_version index 0b214333e..2b461ca82 100644 --- a/gcloud/_version +++ b/gcloud/_version @@ -1,8 +1,8 @@ -Google Cloud SDK 509.0.0 -alpha 2025.01.31 -beta 2025.01.31 +Google Cloud SDK 510.0.0 +alpha 2025.02.10 +beta 2025.02.10 bq 2.1.12 bundled-python3-unix 3.12.8 -core 2025.01.31 +core 2025.02.10 gcloud-crc32c 1.0.0 gsutil 5.33 diff --git a/gcloud/alloydb/clusters/help b/gcloud/alloydb/clusters/help index be9cfe499..60f1b08c5 100644 --- a/gcloud/alloydb/clusters/help +++ b/gcloud/alloydb/clusters/help @@ -31,6 +31,9 @@ COMMANDS export Export data from an AlloyDB cluster to Google Cloud Storage. + import + Import data into an AlloyDB cluster from Google Cloud Storage. + list List AlloyDB clusters in a given project and region. diff --git a/gcloud/alloydb/clusters/import b/gcloud/alloydb/clusters/import new file mode 100644 index 000000000..a3c41aec9 --- /dev/null +++ b/gcloud/alloydb/clusters/import @@ -0,0 +1,99 @@ +NAME + gcloud alloydb clusters import - import data into an AlloyDB cluster from + Google Cloud Storage + +SYNOPSIS + gcloud alloydb clusters import CLUSTER --gcs-uri=GCS_URI --region=REGION + (--sql | [--csv --table=TABLE : --columns=COLUMNS + --escape-character=ESCAPE_CHARACTER + --field-delimiter=FIELD_DELIMITER --quote-character=QUOTE_CHARACTER]) + [--async] [--database=DATABASE] [--user=USER] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Import data into an AlloyDB cluster from Google Cloud Storage. + +EXAMPLES + To import data into a cluster, run: + + $ gcloud alloydb clusters import my-cluster --region=us-central1 \ + --database=my-database \ + --gcs-uri=gs://my-bucket/source-file-path --sql --user=my-user" + +POSITIONAL ARGUMENTS + CLUSTER + AlloyDB cluster ID + +REQUIRED FLAGS + URI of the source file for import. + + This must be specified. + + --gcs-uri=GCS_URI + Path to the Google Cloud Storage file from which import has to be + done. + + --region=REGION + Regional location (e.g. asia-east1, us-east1). See the full list of + regions at https://cloud.google.com/sql/docs/instance-locations. + + Import options for the cluster. + + Exactly one of these must be specified: + + SQL import options for the cluster. + + --sql + Specify source file type. + + CSV import options for the cluster. + + --csv + Specify source file type. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --table=TABLE + Table name to which the data has to be imported. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --columns=COLUMNS + Comma-separated list of column names to be used for import. + + --escape-character=ESCAPE_CHARACTER + Escape character in the source file. + + --field-delimiter=FIELD_DELIMITER + Field delimiter in the source file. + + --quote-character=QUOTE_CHARACTER + Quote character in the source file. + +OPTIONAL FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --database=DATABASE + Database name from which export has to be done. + + --user=USER + Database user for the import. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha alloydb clusters import + + $ gcloud beta alloydb clusters import + diff --git a/gcloud/alpha/alloydb/clusters/help b/gcloud/alpha/alloydb/clusters/help index 3716eed47..18e19defe 100644 --- a/gcloud/alpha/alloydb/clusters/help +++ b/gcloud/alpha/alloydb/clusters/help @@ -32,9 +32,16 @@ COMMANDS export (ALPHA) Export data from an AlloyDB cluster to Google Cloud Storage. + import + (ALPHA) Import data to an AlloyDB cluster from Google Cloud Storage. + list (ALPHA) List AlloyDB clusters in a given project and region. + migrate-cloud-sql + (ALPHA) Migrate Cloud SQL instance to an AlloyDB cluster using an + existing Cloud SQL backup. + promote (ALPHA) Promote an AlloyDB SECONDARY cluster in a given project and region. diff --git a/gcloud/alpha/alloydb/clusters/import b/gcloud/alpha/alloydb/clusters/import new file mode 100644 index 000000000..61a4b9ae3 --- /dev/null +++ b/gcloud/alpha/alloydb/clusters/import @@ -0,0 +1,103 @@ +NAME + gcloud alpha alloydb clusters import - import data to an AlloyDB cluster + from Google Cloud Storage + +SYNOPSIS + gcloud alpha alloydb clusters import CLUSTER --gcs-uri=GCS_URI + --region=REGION + (--sql | [--csv --table=TABLE : --columns=COLUMNS + --escape-character=ESCAPE_CHARACTER + --field-delimiter=FIELD_DELIMITER --quote-character=QUOTE_CHARACTER]) + [--async] [--database=DATABASE] [--user=USER] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Import data to an AlloyDB cluster from Google Cloud Storage. + +EXAMPLES + To import data into a cluster, run: + + $ gcloud alpha alloydb clusters import my-cluster \ + --region=us-central1 --database=my-database \ + --gcs-uri=gs://my-bucket/source-file-path --sql --user=my-user" + +POSITIONAL ARGUMENTS + CLUSTER + AlloyDB cluster ID + +REQUIRED FLAGS + URI of the source file for import. + + This must be specified. + + --gcs-uri=GCS_URI + Path to the Google Cloud Storage file from which import has to be + done. + + --region=REGION + Regional location (e.g. asia-east1, us-east1). See the full list of + regions at https://cloud.google.com/sql/docs/instance-locations. + + Import options for the cluster. + + Exactly one of these must be specified: + + SQL import options for the cluster. + + --sql + Specify source file type. + + CSV import options for the cluster. + + --csv + Specify source file type. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --table=TABLE + Table name to which the data has to be imported. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --columns=COLUMNS + Comma-separated list of column names to be used for import. + + --escape-character=ESCAPE_CHARACTER + Escape character in the source file. + + --field-delimiter=FIELD_DELIMITER + Field delimiter in the source file. + + --quote-character=QUOTE_CHARACTER + Quote character in the source file. + +OPTIONAL FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --database=DATABASE + Database name from which export has to be done. + + --user=USER + Database user for the import. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: + + $ gcloud alloydb clusters import + + $ gcloud beta alloydb clusters import + diff --git a/gcloud/alpha/alloydb/clusters/migrate-cloud-sql b/gcloud/alpha/alloydb/clusters/migrate-cloud-sql new file mode 100644 index 000000000..982486f9e --- /dev/null +++ b/gcloud/alpha/alloydb/clusters/migrate-cloud-sql @@ -0,0 +1,327 @@ +NAME + gcloud alpha alloydb clusters migrate-cloud-sql - migrate Cloud SQL + instance to an AlloyDB cluster using an existing Cloud SQL backup + +SYNOPSIS + gcloud alpha alloydb clusters migrate-cloud-sql CLUSTER + --cloud-sql-backup-id=CLOUD_SQL_BACKUP_ID + --cloud-sql-instance-id=CLOUD_SQL_INSTANCE_ID + --cloud-sql-project-id=CLOUD_SQL_PROJECT_ID --password=PASSWORD + --region=REGION [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME] + [--async] [--database-version=DATABASE_VERSION] + [--enable-private-service-connect] [--network=NETWORK] + [--subscription-type=SUBSCRIPTION_TYPE] [--tags=[KEY=VALUE,...]] + [--continuous-backup-recovery-window-days=RECOVERY_PERIOD + --enable-continuous-backup + [--continuous-backup-encryption-key=CONTINUOUS_BACKUP_ENCRYPTION_KEY + : --continuous-backup-encryption-key-keyring=CONTINUOUS_BACKUP_ENCRYPTION_KEY_KEYRING --continuous-backup-encryption-key-location=CONTINUOUS_BACKUP_ENCRYPTION_KEY_LOCATION --continuous-backup-encryption-key-project=CONTINUOUS_BACKUP_ENCRYPTION_KEY_PROJECT]] + [--disable-automated-backup + | [--automated-backup-days-of-week=[DAYS_OF_WEEK,...] + --automated-backup-start-times=[START_TIMES,...] + : --automated-backup-window=TIMEOUT_PERIOD + [--automated-backup-encryption-key=AUTOMATED_BACKUP_ENCRYPTION_KEY + : --automated-backup-encryption-key-keyring=AUTOMATED_BACKUP_ENCRYPTION_KEY_KEYRING --automated-backup-encryption-key-location=AUTOMATED_BACKUP_ENCRYPTION_KEY_LOCATION --automated-backup-encryption-key-project=AUTOMATED_BACKUP_ENCRYPTION_KEY_PROJECT] --automated-backup-retention-count=RETENTION_COUNT | --automated-backup-retention-period=RETENTION_PERIOD]] + [--kms-key=KMS_KEY : --kms-keyring=KMS_KEYRING + --kms-location=KMS_LOCATION --kms-project=KMS_PROJECT] + [--maintenance-window-day=MAINTENANCE_WINDOW_DAY + --maintenance-window-hour=MAINTENANCE_WINDOW_HOUR] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Migrate Cloud SQL instance to an AlloyDB cluster using an existing + Cloud SQL backup. + +EXAMPLES + To migrate a Cloud SQL instance to an AlloyDB cluster from a backup, run: + + $ gcloud alpha alloydb clusters migrate-cloud-sql \ + my-alloydb-cluster --region=us-central1 \ + --cloud-sql-project-id=my-cloud-sql-project-id \ + --cloud-sql-instance-id=my-cloud-sql-cluster-id \ + --cloud-sql-backup-id=my-cloud-sql-backup-id + +POSITIONAL ARGUMENTS + CLUSTER + AlloyDB cluster ID + +REQUIRED FLAGS + Migrate Cloud SQL strategy. + + This must be specified. + + Migrate CloudSQL instance to an AlloyDB cluster by restoring from an + existing backup. + + --cloud-sql-backup-id=CLOUD_SQL_BACKUP_ID + CloudSQL backup ID to migrate from. This must be the backup ID + (myBackup). + + --cloud-sql-instance-id=CLOUD_SQL_INSTANCE_ID + CloudSQL instance ID to migrate from. This must be the instance ID + (myInstance). + + --cloud-sql-project-id=CLOUD_SQL_PROJECT_ID + CloudSQL project to migrate from. This must be the project ID + (myProject). + + --password=PASSWORD + Initial postgres user password to set up during cluster creation. + + --region=REGION + Regional location (e.g. asia-east1, us-east1). See the full list of + regions at https://cloud.google.com/sql/docs/instance-locations. + +OPTIONAL FLAGS + --allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME + Name of the allocated IP range for the private IP AlloyDB cluster, for + example: "google-managed-services-default". If set, the instance IPs + for this cluster will be created in the allocated range. The range name + must comply with RFC 1035. Specifically, the name must be 1-63 + characters long and match the regular expression + [a-z]([-a-z0-9][a-z0-9])?. + + --async + Return immediately, without waiting for the operation in progress to + complete. + + --database-version=DATABASE_VERSION + Database version of the cluster. DATABASE_VERSION must be one of: + POSTGRES_14, POSTGRES_15, POSTGRES_16. + + --enable-private-service-connect + Enable Private Service Connect (PSC) connectivity for the cluster. + + --network=NETWORK + Network in the current project that the instance will be part of. To + specify using a network with a shared VPC, use the full URL of the + network. For an example host project, testproject, and shared network, + testsharednetwork, this would be of the + form:--network=projects/testproject/global/networks/testsharednetwork + + --subscription-type=SUBSCRIPTION_TYPE + Subscription type of the cluster. SUBSCRIPTION_TYPE must be one of: + STANDARD, TRIAL. + + --tags=[KEY=VALUE,...] + List of tags KEY=VALUE pairs to bind. Each item must be expressed as + =. + + Example: 123/environment=production,123/costCenter=marketing + + Continuous Backup configuration. If unspecified, continuous backups are + enabled. + + --continuous-backup-recovery-window-days=RECOVERY_PERIOD + Recovery window of the log files and backups saved to support + Continuous Backups. + + --enable-continuous-backup + Enables Continuous Backups on the cluster. + + Key resource - The Cloud KMS (Key Management Service) cryptokey that + will be used to protect the continuous backup. The 'AlloyDB Service + Agent's service account must hold permission 'Cloud KMS CryptoKey + Encrypter/Decrypter'. The arguments in this group can be used to specify + the attributes of this resource. + + --continuous-backup-encryption-key=CONTINUOUS_BACKUP_ENCRYPTION_KEY + ID of the key or fully qualified identifier for the key. + + To set the kms-key attribute: + ▫ provide the argument --continuous-backup-encryption-key on the + command line. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --continuous-backup-encryption-key-keyring=CONTINUOUS_BACKUP_ENCRYPTION_KEY_KEYRING + The KMS keyring of the key. + + To set the kms-keyring attribute: + ▫ provide the argument --continuous-backup-encryption-key on the + command line with a fully specified name; + ▫ provide the argument --continuous-backup-encryption-key-keyring + on the command line. + + --continuous-backup-encryption-key-location=CONTINUOUS_BACKUP_ENCRYPTION_KEY_LOCATION + The Google Cloud location for the key. + + To set the kms-location attribute: + ▫ provide the argument --continuous-backup-encryption-key on the + command line with a fully specified name; + ▫ provide the argument + --continuous-backup-encryption-key-location on the command line. + + --continuous-backup-encryption-key-project=CONTINUOUS_BACKUP_ENCRYPTION_KEY_PROJECT + The Google Cloud project for the key. + + To set the kms-project attribute: + ▫ provide the argument --continuous-backup-encryption-key on the + command line with a fully specified name; + ▫ provide the argument --continuous-backup-encryption-key-project + on the command line; + ▫ set the property core/project. + + Automated backup policy. If unspecified, automated backups are disabled. + + At most one of these can be specified: + + --disable-automated-backup + Disables automated backups on the cluster. + + Enable automated backup policy. + + --automated-backup-days-of-week=[DAYS_OF_WEEK,...] + Comma-separated list of days of the week to perform a backup. At + least one day of the week must be provided. (e.g., + --automated-backup-days-of-week=MONDAY,WEDNESDAY,SUNDAY). + DAYS_OF_WEEK must be one of: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --automated-backup-start-times=[START_TIMES,...] + Comma-separated list of times during the day to start a backup. At + least one start time must be provided. The start times are assumed + to be in UTC and required to be an exact hour in the format HH:00. + (e.g., --automated-backup-start-times=01:00,13:00) + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --automated-backup-window=TIMEOUT_PERIOD + Length of the time window beginning at start time during which a + backup can be taken. If a backup does not succeed within this time + window, it will be canceled and considered failed. The backup + window must be at least 5 minutes long. There is no upper bound on + the window. If not set, it will default to 1 hour. + + Key resource - The Cloud KMS (Key Management Service) cryptokey that + will be used to protect the automated backups. The 'AlloyDB Service + Agent' service account must hold permission 'Cloud KMS CryptoKey + Encrypter/Decrypter'. The arguments in this group can be used to + specify the attributes of this resource. + + --automated-backup-encryption-key=AUTOMATED_BACKUP_ENCRYPTION_KEY + ID of the key or fully qualified identifier for the key. + + To set the kms-key attribute: + ◇ provide the argument --automated-backup-encryption-key on the + command line. + + This flag argument must be specified if any of the other + arguments in this group are specified. + + --automated-backup-encryption-key-keyring=AUTOMATED_BACKUP_ENCRYPTION_KEY_KEYRING + The KMS keyring of the key. + + To set the kms-keyring attribute: + ◇ provide the argument --automated-backup-encryption-key on the + command line with a fully specified name; + ◇ provide the argument + --automated-backup-encryption-key-keyring on the command line. + + --automated-backup-encryption-key-location=AUTOMATED_BACKUP_ENCRYPTION_KEY_LOCATION + The Google Cloud location for the key. + + To set the kms-location attribute: + ◇ provide the argument --automated-backup-encryption-key on the + command line with a fully specified name; + ◇ provide the argument + --automated-backup-encryption-key-location on the command line. + + --automated-backup-encryption-key-project=AUTOMATED_BACKUP_ENCRYPTION_KEY_PROJECT + The Google Cloud project for the key. + + To set the kms-project attribute: + ◇ provide the argument --automated-backup-encryption-key on the + command line with a fully specified name; + ◇ provide the argument + --automated-backup-encryption-key-project on the command line; + ◇ set the property core/project. + + Retention policy. If no retention policy is provided, all automated + backups will be retained. + + At most one of these can be specified: + + --automated-backup-retention-count=RETENTION_COUNT + Number of most recent successful backups retained. + + --automated-backup-retention-period=RETENTION_PERIOD + Retention period of the backup relative to creation time. See $ + gcloud topic datetimes for information on duration formats. + + Key resource - The Cloud KMS (Key Management Service) cryptokey that will + be used to protect the cluster. The 'AlloyDB Service Agent' service + account must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. + The arguments in this group can be used to specify the attributes of this + resource. + + --kms-key=KMS_KEY + ID of the key or fully qualified identifier for the key. + + To set the kms-key attribute: + ▸ provide the argument --kms-key on the command line. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --kms-keyring=KMS_KEYRING + The KMS keyring of the key. + + To set the kms-keyring attribute: + ▸ provide the argument --kms-key on the command line with a fully + specified name; + ▸ provide the argument --kms-keyring on the command line. + + --kms-location=KMS_LOCATION + The Google Cloud location for the key. + + To set the kms-location attribute: + ▸ provide the argument --kms-key on the command line with a fully + specified name; + ▸ provide the argument --kms-location on the command line. + + --kms-project=KMS_PROJECT + The Google Cloud project for the key. + + To set the kms-project attribute: + ▸ provide the argument --kms-key on the command line with a fully + specified name; + ▸ provide the argument --kms-project on the command line; + ▸ set the property core/project. + + Specify preferred day and time for maintenance. + + --maintenance-window-day=MAINTENANCE_WINDOW_DAY + Day of week for maintenance window, in UTC time zone. + MAINTENANCE_WINDOW_DAY must be one of: MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, SUNDAY. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --maintenance-window-hour=MAINTENANCE_WINDOW_HOUR + Hour of day for maintenance window, in UTC time zone. + + This flag argument must be specified if any of the other arguments in + this group are specified. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud beta alloydb clusters migrate-cloud-sql + diff --git a/gcloud/alpha/compute/future-reservations/create b/gcloud/alpha/compute/future-reservations/create index ccda4d721..d3890eaf5 100644 --- a/gcloud/alpha/compute/future-reservations/create +++ b/gcloud/alpha/compute/future-reservations/create @@ -12,7 +12,7 @@ SYNOPSIS --maintenance-freeze-duration=MAINTENANCE_FREEZE_DURATION --maintenance-interval=MAINTENANCE_INTERVAL --min-cpu-platform=MIN_CPU_PLATFORM] | [--tpu-version=TPU_VERSION - : --tpu-count=TPU_COUNT --workload-type=WORKLOAD_TYPE]) + : --chip-count=CHIP_COUNT --workload-type=WORKLOAD_TYPE]) (--start-time=START_TIME (--duration=DURATION | --end-time=END_TIME)) [--deployment-type=DEPLOYMENT_TYPE] [--description=DESCRIPTION] [--name-prefix=NAME_PREFIX] [--planning-status=PLANNING_STATUS] @@ -154,8 +154,8 @@ REQUIRED FLAGS This flag argument must be specified if any of the other arguments in this group are specified. - --tpu-count=TPU_COUNT - The number of TPUs to reserve. + --chip-count=CHIP_COUNT + The number of chips to reserve. --workload-type=WORKLOAD_TYPE The workload type of the TPU reservation. WORKLOAD_TYPE must be one diff --git a/gcloud/alpha/compute/instances/network-interfaces/get-effective-firewalls b/gcloud/alpha/compute/instances/network-interfaces/get-effective-firewalls index 6fd9be121..08d0130d0 100644 --- a/gcloud/alpha/compute/instances/network-interfaces/get-effective-firewalls +++ b/gcloud/alpha/compute/instances/network-interfaces/get-effective-firewalls @@ -32,6 +32,7 @@ EXAMPLES get-effective-firewalls example-instance --format="table( type, firewall_policy_name, + rule_type, priority, action, direction, diff --git a/gcloud/alpha/compute/interconnects/create b/gcloud/alpha/compute/interconnects/create index 9aa3a6464..0aeeef022 100644 --- a/gcloud/alpha/compute/interconnects/create +++ b/gcloud/alpha/compute/interconnects/create @@ -98,9 +98,13 @@ OPTIONAL FLAGS to use when creating a Cross-Cloud Interconnect. --requested-features=[FEATURES,...] - List of features requested for this interconnect. FEATURES must be - (only one value is supported): + List of features requested for this interconnect. FEATURES must be one + of: + CROSS_SITE_NETWORK + If specified then the interconnect is created on Cross-Site Network + capable hardware ports. This parameter can only be provided during + interconnect INSERT and cannot be changed using interconnect PATCH. MACSEC If specified then the interconnect is created on MACsec capable hardware ports. If not specified, the interconnect is created on diff --git a/gcloud/alpha/compute/interconnects/wire-groups/add-endpoint b/gcloud/alpha/compute/interconnects/wire-groups/add-endpoint new file mode 100644 index 000000000..40421414b --- /dev/null +++ b/gcloud/alpha/compute/interconnects/wire-groups/add-endpoint @@ -0,0 +1,48 @@ +NAME + gcloud alpha compute interconnects wire-groups add-endpoint - add endpoint + to a Compute Engine wire group + +SYNOPSIS + gcloud alpha compute interconnects wire-groups add-endpoint NAME + --cross-site-network=CROSS_SITE_NETWORK --endpoint-label=ENDPOINT_LABEL + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) gcloud alpha compute interconnects wire-groups add-endpoint is used + to add endpoints to a wire group. + + For an example, refer to the EXAMPLES section below. + +EXAMPLES + To add endpoint example-endpoint to wire group example-wire-group, run: + + $ gcloud alpha compute interconnects wire-groups add-endpoint \ + example-wire-group --project=example-project \ + --cross-site-network=example-cross-site-network \ + --endpoint-label=example-endpoint + +POSITIONAL ARGUMENTS + NAME + Name of the wire group to update. + +REQUIRED FLAGS + --cross-site-network=CROSS_SITE_NETWORK + Name of the crossSiteNetwork to operate on. + + --endpoint-label=ENDPOINT_LABEL + The endpoint label for the wire group. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/compute/interconnects/wire-groups/add-interconnect b/gcloud/alpha/compute/interconnects/wire-groups/add-interconnect new file mode 100644 index 000000000..2b4f9ded3 --- /dev/null +++ b/gcloud/alpha/compute/interconnects/wire-groups/add-interconnect @@ -0,0 +1,61 @@ +NAME + gcloud alpha compute interconnects wire-groups add-interconnect - add + interconnect to a Compute Engine wire group + +SYNOPSIS + gcloud alpha compute interconnects wire-groups add-interconnect NAME + --cross-site-network=CROSS_SITE_NETWORK --endpoint-label=ENDPOINT_LABEL + --interconnect=INTERCONNECT --interconnect-label=INTERCONNECT_LABEL + --vlan-tags=VLAN_TAGS [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) gcloud alpha compute interconnects wire-groups add-interconnect is + used to add interconnects to a wire group. + + For an example, refer to the EXAMPLES section below. + +EXAMPLES + To add an interconnect example-interconnect to wire group + example-wire-group, run: + + $ gcloud alpha compute interconnects wire-groups add-interconnect \ + example-wire-group --project=example-project \ + --cross-site-network=example-cross-site-network \ + --endpoint-label=example-endpoint \ + --interconnect-label=example-interconnect \ + --interconnect=some-interconnect-uri --vlan-tags=111,222 + +POSITIONAL ARGUMENTS + NAME + Name of the wire group to update. + +REQUIRED FLAGS + --cross-site-network=CROSS_SITE_NETWORK + Name of the crossSiteNetwork to operate on. + + --endpoint-label=ENDPOINT_LABEL + The endpoint label for the wire group. + + --interconnect=INTERCONNECT + The interconnect for the wire group endpoint. + + --interconnect-label=INTERCONNECT_LABEL + The interconnect label for the wire group endpoint. + + --vlan-tags=VLAN_TAGS + The vlan tags for the interconnect on the wire group endpoint. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/compute/interconnects/wire-groups/help b/gcloud/alpha/compute/interconnects/wire-groups/help index 54572e826..b7bccb81c 100644 --- a/gcloud/alpha/compute/interconnects/wire-groups/help +++ b/gcloud/alpha/compute/interconnects/wire-groups/help @@ -17,6 +17,12 @@ GCLOUD WIDE FLAGS COMMANDS COMMAND is one of the following: + add-endpoint + (ALPHA) Add endpoint to a Compute Engine wire group. + + add-interconnect + (ALPHA) Add interconnect to a Compute Engine wire group. + create (ALPHA) Create a Compute Engine wire group. @@ -29,6 +35,12 @@ COMMANDS list (ALPHA) List Google Compute Engine wire groups. + remove-endpoint + (ALPHA) Remove endpoint from a Compute Engine wire group. + + remove-interconnect + (ALPHA) Remove interconnect to a Compute Engine wire group. + update (ALPHA) Update a Compute Engine wire group. diff --git a/gcloud/alpha/compute/interconnects/wire-groups/remove-endpoint b/gcloud/alpha/compute/interconnects/wire-groups/remove-endpoint new file mode 100644 index 000000000..137fc6630 --- /dev/null +++ b/gcloud/alpha/compute/interconnects/wire-groups/remove-endpoint @@ -0,0 +1,49 @@ +NAME + gcloud alpha compute interconnects wire-groups remove-endpoint - remove + endpoint from a Compute Engine wire group + +SYNOPSIS + gcloud alpha compute interconnects wire-groups remove-endpoint NAME + --cross-site-network=CROSS_SITE_NETWORK --endpoint-label=ENDPOINT_LABEL + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) gcloud alpha compute interconnects wire-groups remove-endpoint is + used to remove endpoints from a wire group. + + For an example, refer to the EXAMPLES section below. + +EXAMPLES + To remove endpoint example-endpoint from wire group example-wire-group, + run: + + $ gcloud alpha compute interconnects wire-groups remove-endpoint \ + example-wire-group --project=example-project \ + --cross-site-network=example-cross-site-network \ + --endpoint-label=example-endpoint + +POSITIONAL ARGUMENTS + NAME + Name of the wire group to update. + +REQUIRED FLAGS + --cross-site-network=CROSS_SITE_NETWORK + Name of the crossSiteNetwork to operate on. + + --endpoint-label=ENDPOINT_LABEL + The endpoint label for the wire group. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/compute/interconnects/wire-groups/remove-interconnect b/gcloud/alpha/compute/interconnects/wire-groups/remove-interconnect new file mode 100644 index 000000000..76510395f --- /dev/null +++ b/gcloud/alpha/compute/interconnects/wire-groups/remove-interconnect @@ -0,0 +1,54 @@ +NAME + gcloud alpha compute interconnects wire-groups remove-interconnect - remove + interconnect to a Compute Engine wire group + +SYNOPSIS + gcloud alpha compute interconnects wire-groups remove-interconnect NAME + --cross-site-network=CROSS_SITE_NETWORK --endpoint-label=ENDPOINT_LABEL + --interconnect-label=INTERCONNECT_LABEL [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) gcloud alpha compute interconnects wire-groups remove-interconnect + is used to remove interconnects from a wire group endpoint. + + For an example, refer to the EXAMPLES section below. + +EXAMPLES + To remove an interconnect example-interconnect from wire group + example-wire-group, run: + + $ gcloud alpha compute interconnects wire-groups \ + remove-interconnect example-wire-group \ + --project=example-project \ + --cross-site-network=example-cross-site-network \ + --endpoint-label=example-endpoint \ + --interconnect-label=example-interconnect + +POSITIONAL ARGUMENTS + NAME + Name of the wire group to update. + +REQUIRED FLAGS + --cross-site-network=CROSS_SITE_NETWORK + Name of the crossSiteNetwork to operate on. + + --endpoint-label=ENDPOINT_LABEL + The endpoint label for the wire group. + + --interconnect-label=INTERCONNECT_LABEL + The interconnect label for the wire group endpoint. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/compute/network-firewall-policies/get-effective-firewalls b/gcloud/alpha/compute/network-firewall-policies/get-effective-firewalls index f11635bb7..a2bb0d836 100644 --- a/gcloud/alpha/compute/network-firewall-policies/get-effective-firewalls +++ b/gcloud/alpha/compute/network-firewall-policies/get-effective-firewalls @@ -33,6 +33,7 @@ EXAMPLES --region=region-a --format="table( type, firewall_policy_name, + rule_type, priority, action, direction, diff --git a/gcloud/alpha/compute/networks/get-effective-firewalls b/gcloud/alpha/compute/networks/get-effective-firewalls index fbe5c3122..cae8770f7 100644 --- a/gcloud/alpha/compute/networks/get-effective-firewalls +++ b/gcloud/alpha/compute/networks/get-effective-firewalls @@ -28,6 +28,7 @@ EXAMPLES example-network --format="table( type, firewall_policy_name, + rule_type, priority, action, direction, diff --git a/gcloud/alpha/compute/routers/create b/gcloud/alpha/compute/routers/create index cf070244d..16b82a828 100644 --- a/gcloud/alpha/compute/routers/create +++ b/gcloud/alpha/compute/routers/create @@ -2,7 +2,8 @@ NAME gcloud alpha compute routers create - create a Compute Engine router SYNOPSIS - gcloud alpha compute routers create NAME --network=NETWORK + gcloud alpha compute routers create NAME + (--ncc-gateway=NCC_GATEWAY | --network=NETWORK) [--advertisement-mode=MODE] [--asn=ASN] [--async] [--bgp-identifier-range=BGP_IDENTIFIER_RANGE] [--description=DESCRIPTION] [--encrypted-interconnect-router] @@ -20,8 +21,13 @@ POSITIONAL ARGUMENTS Name of the router to create. REQUIRED FLAGS - --network=NETWORK - The network for this router + Exactly one of these must be specified: + + --ncc-gateway=NCC_GATEWAY + The NCC gateway for this router. + + --network=NETWORK + The network for this router OPTIONAL FLAGS --advertisement-mode=MODE diff --git a/gcloud/alpha/compute/url-maps/invalidate-cdn-cache b/gcloud/alpha/compute/url-maps/invalidate-cdn-cache index 6671ff2fd..c918773da 100644 --- a/gcloud/alpha/compute/url-maps/invalidate-cdn-cache +++ b/gcloud/alpha/compute/url-maps/invalidate-cdn-cache @@ -3,8 +3,9 @@ NAME objects for a URL map in Cloud CDN caches SYNOPSIS - gcloud alpha compute url-maps invalidate-cdn-cache URLMAP --path=PATH - [--async] [--global] [--host=HOST] [--tags=TAGS] [GCLOUD_WIDE_FLAG ...] + gcloud alpha compute url-maps invalidate-cdn-cache URLMAP [--async] + [--global] [--host=HOST] [--path=PATH] [--tags=TAGS] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) gcloud alpha compute url-maps invalidate-cdn-cache requests that @@ -18,7 +19,18 @@ POSITIONAL ARGUMENTS URLMAP Name of the URL map to operate on. -REQUIRED FLAGS +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --global + (Default) The URL map is global. Regional URL maps are not supported. + + --host=HOST + If set, this invalidation will apply only to requests to the specified + host. + --path=PATH A path specifying which objects to invalidate. PATH must start with ``/'' and the only place a ``*'' is allowed is at the end following a @@ -39,21 +51,9 @@ REQUIRED FLAGS ◆ ``/x/y/'': ``/x/y/'' only (and not ``/x/y'') ◆ ``/x/y/*'': ``/x/y/'' and everything under it -OPTIONAL FLAGS - --async - Return immediately, without waiting for the operation in progress to - complete. - - --global - (Default) The URL map is global. Regional URL maps are not supported. - - --host=HOST - If set, this invalidation will apply only to requests to the specified - host. - --tags=TAGS A single tag or a comma-delimited list of tags. When multiple tags are - specified, the invalidation will apply them using boolean OR logic. + specified, the invalidation applies them using boolean OR logic. Example: ◆ --tags=abcd,user123 diff --git a/gcloud/alpha/container/clusters/create b/gcloud/alpha/container/clusters/create index 5048e8082..fa0d220eb 100644 --- a/gcloud/alpha/container/clusters/create +++ b/gcloud/alpha/container/clusters/create @@ -1380,18 +1380,14 @@ FLAGS net.core.netdev_max_backlog Any positive integer, less than 2147483647 - net.core.rmem_default Any positive - integer, less than - 2147483647 - net.core.rmem_max Any positive - integer, less than - 2147483647 - net.core.wmem_default Any positive - integer, less than - 2147483647 - net.core.wmem_max Any positive - integer, less than - 2147483647 + net.core.rmem_default Must be between + [2304, 2147483647] + net.core.rmem_max Must be between + [2304, 2147483647] + net.core.wmem_default Must be between + [4608, 2147483647] + net.core.wmem_max Must be between + [4608, 2147483647] net.core.optmem_max Any positive integer, less than 2147483647 diff --git a/gcloud/alpha/container/node-pools/create b/gcloud/alpha/container/node-pools/create index 39ed38c17..8550ac0d2 100644 --- a/gcloud/alpha/container/node-pools/create +++ b/gcloud/alpha/container/node-pools/create @@ -752,18 +752,14 @@ FLAGS net.core.netdev_max_backlog Any positive integer, less than 2147483647 - net.core.rmem_default Any positive - integer, less than - 2147483647 - net.core.rmem_max Any positive - integer, less than - 2147483647 - net.core.wmem_default Any positive - integer, less than - 2147483647 - net.core.wmem_max Any positive - integer, less than - 2147483647 + net.core.rmem_default Must be between + [2304, 2147483647] + net.core.rmem_max Must be between + [2304, 2147483647] + net.core.wmem_default Must be between + [4608, 2147483647] + net.core.wmem_max Must be between + [4608, 2147483647] net.core.optmem_max Any positive integer, less than 2147483647 diff --git a/gcloud/alpha/container/node-pools/update b/gcloud/alpha/container/node-pools/update index f4d56bcce..ccbbf36da 100644 --- a/gcloud/alpha/container/node-pools/update +++ b/gcloud/alpha/container/node-pools/update @@ -326,18 +326,18 @@ REQUIRED FLAGS net.core.netdev_max_backlog Any positive integer, less than 2147483647 - net.core.rmem_default Any positive - integer, less - than 2147483647 - net.core.rmem_max Any positive - integer, less - than 2147483647 - net.core.wmem_default Any positive - integer, less - than 2147483647 - net.core.wmem_max Any positive - integer, less - than 2147483647 + net.core.rmem_default Must be between + [2304, + 2147483647] + net.core.rmem_max Must be between + [2304, + 2147483647] + net.core.wmem_default Must be between + [4608, + 2147483647] + net.core.wmem_max Must be between + [4608, + 2147483647] net.core.optmem_max Any positive integer, less than 2147483647 diff --git a/gcloud/alpha/dataplex/entries/create b/gcloud/alpha/dataplex/entries/create index ab5124b7c..9d6074db5 100644 --- a/gcloud/alpha/dataplex/entries/create +++ b/gcloud/alpha/dataplex/entries/create @@ -27,7 +27,7 @@ EXAMPLES projects/my-project/locations/us-central1/entryTypes/my-type, run: $ gcloud alpha dataplex entries create my-dataplex-entry \ - --location=us-central --entry_group=my-entry-group \ + --location=us-central1 --entry_group=my-entry-group \ --entry-type \ projects/my-project/locations/us-central1/entryTypes/my-type @@ -35,7 +35,7 @@ EXAMPLES an existing entry my-parent-entry, run: $ gcloud alpha dataplex entries create my-child-entry \ - --location=us-central --entry_group=my-entry-group \ + --location=us-central1 --entry_group=my-entry-group \ --entry-type \ projects/my-project/locations/us-central1/entryTypes/my-type \ --parent-entry \ @@ -46,7 +46,7 @@ EXAMPLES labels and timestamps populated in its EntrySource, run: $ gcloud alpha dataplex entries create my-entry \ - --location=us-central --entry_group=my-entry-group \ + --location=us-central1 --entry_group=my-entry-group \ --entry-type \ projects/my-project/locations/us-central1/entryTypes/my-type \ --entry-source-description \ @@ -68,7 +68,7 @@ EXAMPLES To create a Dataplex Entry reading its aspects from a YAML file, run: $ gcloud alpha dataplex entries create my-entry \ - --location=us-central --entry_group=my-entry-group \ + --location=us-central1 --entry_group=my-entry-group \ --entry-type \ projects/my-project/locations/us-central1/entryTypes/my-type \ --aspects aspects.yaml diff --git a/gcloud/alpha/deploy/deploy-policies/add-iam-policy-binding b/gcloud/alpha/deploy/deploy-policies/add-iam-policy-binding new file mode 100644 index 000000000..6224b6e0e --- /dev/null +++ b/gcloud/alpha/deploy/deploy-policies/add-iam-policy-binding @@ -0,0 +1,142 @@ +NAME + gcloud alpha deploy deploy-policies add-iam-policy-binding - add IAM policy + binding for a Cloud Deploy Policy + +SYNOPSIS + gcloud alpha deploy deploy-policies add-iam-policy-binding + (DEPLOY_POLICY : --region=REGION) --member=PRINCIPAL --role=ROLE + [--condition=[KEY=VALUE,...] | --condition-from-file=PATH_TO_FILE] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Adds a policy binding to the IAM policy of a Cloud Deploy Policy. + One binding consists of a member and a role. + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +EXAMPLES + To add an IAM policy binding for the role of roles/clouddeploy.policyAdmin + for the user test-user@gmail.com on holiday-policy with the region + us-central1, run: + + $ gcloud alpha deploy deploy-policies add-iam-policy-binding \ + holiday-policy --region='us-central1' \ + --member='user:test-user@gmail.com' \ + --role='roles/clouddeploy.policyAdmin' + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to add the IAM policy + binding. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + +REQUIRED FLAGS + --member=PRINCIPAL + The principal to add the binding for. Should be of the form + user|group|serviceAccount:email or domain:domain. + + Examples: user:test-user@gmail.com, group:admins@example.com, + serviceAccount:test123@example.domain.com, or + domain:example.domain.com. + + Some resources also accept the following special values: + ◆ allUsers - Special identifier that represents anyone who is on the + internet, with or without a Google account. + ◆ allAuthenticatedUsers - Special identifier that represents anyone + who is authenticated with a Google account or a service account. + + --role=ROLE + Role name to assign to the principal. The role name is the complete + path of a predefined role, such as roles/logging.viewer, or the role ID + for a custom role, such as + organizations/{ORGANIZATION_ID}/roles/logging.viewer. + +OPTIONAL FLAGS + At most one of these can be specified: + + --condition=[KEY=VALUE,...] + A condition to include in the binding. When the condition is + explicitly specified as None (--condition=None), a binding without a + condition is added. When the condition is specified and is not None, + --role cannot be a basic role. Basic roles are roles/editor, + roles/owner, and roles/viewer. For more on conditions, refer to the + conditions overview guide: + https://cloud.google.com/iam/docs/conditions-overview + + When using the --condition flag, include the following key-value + pairs: + + expression + (Required) Condition expression that evaluates to True or False. + This uses a subset of Common Expression Language syntax. + + If the condition expression includes a comma, use a different + delimiter to separate the key-value pairs. Specify the delimiter + before listing the key-value pairs. For example, to specify a + colon (:) as the delimiter, do the following: + --condition=^:^title=TITLE:expression=EXPRESSION. For more + information, see + https://cloud.google.com/sdk/gcloud/reference/topic/escaping. + + title + (Required) A short string describing the purpose of the + expression. + + description + (Optional) Additional description for the expression. + + --condition-from-file=PATH_TO_FILE + Path to a local JSON or YAML file that defines the condition. To see + available fields, see the help for --condition. Use a full or + relative path to a local file containing the value of condition. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: + + $ gcloud deploy deploy-policies add-iam-policy-binding + + $ gcloud beta deploy deploy-policies add-iam-policy-binding + diff --git a/gcloud/alpha/deploy/deploy-policies/get-iam-policy b/gcloud/alpha/deploy/deploy-policies/get-iam-policy new file mode 100644 index 000000000..b289773e0 --- /dev/null +++ b/gcloud/alpha/deploy/deploy-policies/get-iam-policy @@ -0,0 +1,105 @@ +NAME + gcloud alpha deploy deploy-policies get-iam-policy - get the IAM policy for + a Cloud Deploy Policy + +SYNOPSIS + gcloud alpha deploy deploy-policies get-iam-policy + (DEPLOY_POLICY : --region=REGION) [--filter=EXPRESSION] [--limit=LIMIT] + [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) gcloud alpha deploy deploy-policies get-iam-policy displays the IAM + policy associated with a Cloud Deploy Policy. If formatted as JSON, the + output can be edited and used as a policy file for set-iam-policy. The + output includes an "etag" field identifying the version emitted and + allowing detection of concurrent policy updates; see $ gcloud alpha deploy + deploy-policies set-iam-policy for additional details. + +EXAMPLES + To print the IAM policy for a deploy policy my-holiday-policy in region + us-central1, run: + + $ gcloud alpha deploy deploy-policies get-iam-policy \ + my-holiday-policy --region=us-central1 + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to display the IAM + policy. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: + + $ gcloud deploy deploy-policies get-iam-policy + + $ gcloud beta deploy deploy-policies get-iam-policy + diff --git a/gcloud/alpha/deploy/deploy-policies/help b/gcloud/alpha/deploy/deploy-policies/help index 99cabbcef..9a645be5b 100644 --- a/gcloud/alpha/deploy/deploy-policies/help +++ b/gcloud/alpha/deploy/deploy-policies/help @@ -16,6 +16,9 @@ GCLOUD WIDE FLAGS COMMANDS COMMAND is one of the following: + add-iam-policy-binding + (ALPHA) Add IAM policy binding for a Cloud Deploy Policy. + delete (ALPHA) Delete a deploy policy. @@ -25,6 +28,15 @@ COMMANDS export (ALPHA) Returns the .yaml definition of the specified deploy policy. + get-iam-policy + (ALPHA) Get the IAM policy for a Cloud Deploy Policy. + + remove-iam-policy-binding + (ALPHA) Remove an IAM policy binding for a Cloud Deploy Policy. + + set-iam-policy + (ALPHA) Set the IAM policy for a Cloud Deploy Policy. + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/deploy/deploy-policies/remove-iam-policy-binding b/gcloud/alpha/deploy/deploy-policies/remove-iam-policy-binding new file mode 100644 index 000000000..64c7e93db --- /dev/null +++ b/gcloud/alpha/deploy/deploy-policies/remove-iam-policy-binding @@ -0,0 +1,147 @@ +NAME + gcloud alpha deploy deploy-policies remove-iam-policy-binding - remove an + IAM policy binding for a Cloud Deploy Policy + +SYNOPSIS + gcloud alpha deploy deploy-policies remove-iam-policy-binding + (DEPLOY_POLICY : --region=REGION) --member=PRINCIPAL --role=ROLE + [--all | --condition=[KEY=VALUE,...] + | --condition-from-file=PATH_TO_FILE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Removes a policy binding to the IAM policy of a Cloud Deploy + Policy. One binding consists of a member and a role. + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +EXAMPLES + To remove an IAM policy binding for the role of + roles/roles/clouddeploy.policyAdmin for the user test-user@gmail.com on + holiday-policy with the region us-central1, run: + + $ gcloud alpha deploy deploy-policies remove-iam-policy-binding \ + holiday-policy --region='us-central1' \ + --member='user:test-user@gmail.com' \ + --role='roles/roles/clouddeploy.policyAdmin' + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to remove the IAM + policy binding. The arguments in this group can be used to specify the + attributes of this resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + +REQUIRED FLAGS + --member=PRINCIPAL + The principal to remove the binding for. Should be of the form + user|group|serviceAccount:email or domain:domain. + + Examples: user:test-user@gmail.com, group:admins@example.com, + serviceAccount:test123@example.domain.com, or + domain:example.domain.com. + + Deleted principals have an additional deleted: prefix and a ?uid=UID + suffix, where UID is a unique identifier for the principal. Example: + deleted:user:test-user@gmail.com?uid=123456789012345678901. + + Some resources also accept the following special values: + ◆ allUsers - Special identifier that represents anyone who is on the + internet, with or without a Google account. + ◆ allAuthenticatedUsers - Special identifier that represents anyone + who is authenticated with a Google account or a service account. + + --role=ROLE + The role to remove the principal from. + +OPTIONAL FLAGS + At most one of these can be specified: + + --all + Remove all bindings with this role and principal, irrespective of any + conditions. + + --condition=[KEY=VALUE,...] + The condition of the binding that you want to remove. When the + condition is explicitly specified as None (--condition=None), a + binding without a condition is removed. Otherwise, only a binding + with a condition that exactly matches the specified condition + (including the optional description) is removed. For more on + conditions, refer to the conditions overview guide: + https://cloud.google.com/iam/docs/conditions-overview + + When using the --condition flag, include the following key-value + pairs: + + expression + (Required) Condition expression that evaluates to True or False. + This uses a subset of Common Expression Language syntax. + + If the condition expression includes a comma, use a different + delimiter to separate the key-value pairs. Specify the delimiter + before listing the key-value pairs. For example, to specify a + colon (:) as the delimiter, do the following: + --condition=^:^title=TITLE:expression=EXPRESSION. For more + information, see + https://cloud.google.com/sdk/gcloud/reference/topic/escaping. + + title + (Required) A short string describing the purpose of the + expression. + + description + (Optional) Additional description for the expression. + + --condition-from-file=PATH_TO_FILE + Path to a local JSON or YAML file that defines the condition. To see + available fields, see the help for --condition. Use a full or + relative path to a local file containing the value of condition. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: + + $ gcloud deploy deploy-policies remove-iam-policy-binding + + $ gcloud beta deploy deploy-policies remove-iam-policy-binding + diff --git a/gcloud/alpha/deploy/deploy-policies/set-iam-policy b/gcloud/alpha/deploy/deploy-policies/set-iam-policy new file mode 100644 index 000000000..485fd63ac --- /dev/null +++ b/gcloud/alpha/deploy/deploy-policies/set-iam-policy @@ -0,0 +1,87 @@ +NAME + gcloud alpha deploy deploy-policies set-iam-policy - set the IAM policy for + a Cloud Deploy Policy + +SYNOPSIS + gcloud alpha deploy deploy-policies set-iam-policy + (DEPLOY_POLICY : --region=REGION) POLICY_FILE [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Set the IAM policy associated with a Cloud Deploy Policy. + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +EXAMPLES + The following command will read an IAM policy defined in a JSON file + policy.json and set it for a deploy policy with identifier + my-holiday-policy in region us-central1: + + $ gcloud alpha deploy deploy-policies set-iam-policy \ + my-holiday-policy policy.json --region=us-central1 + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to set the IAM + policy. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + + POLICY_FILE + Path to a local JSON or YAML formatted file containing a valid policy. + + The output of the get-iam-policy command is a valid file, as is any + JSON or YAML file conforming to the structure of a Policy + (https://cloud.google.com/iam/reference/rest/v1/Policy). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: + + $ gcloud deploy deploy-policies set-iam-policy + + $ gcloud beta deploy deploy-policies set-iam-policy + diff --git a/gcloud/alpha/model-armor/floorsettings/describe b/gcloud/alpha/model-armor/floorsettings/describe new file mode 100644 index 000000000..315bdf0e3 --- /dev/null +++ b/gcloud/alpha/model-armor/floorsettings/describe @@ -0,0 +1,31 @@ +NAME + gcloud alpha model-armor floorsettings describe - describe the FloorSetting + resource + +SYNOPSIS + gcloud alpha model-armor floorsettings describe [--full-uri=FULL_URI] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Displays the floor setting resource with the given name. + +FLAGS + --full-uri=FULL_URI + Full uri of the floor setting + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor floorsettings describe + diff --git a/gcloud/alpha/model-armor/floorsettings/help b/gcloud/alpha/model-armor/floorsettings/help new file mode 100644 index 000000000..df7d6e393 --- /dev/null +++ b/gcloud/alpha/model-armor/floorsettings/help @@ -0,0 +1,31 @@ +NAME + gcloud alpha model-armor floorsettings - manage FloorSettings resources + +SYNOPSIS + gcloud alpha model-armor floorsettings COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage FloorSettings resources. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + (ALPHA) Describe the FloorSetting resource. + + update + (ALPHA) Update the FloorSetting resource. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor floorsettings + diff --git a/gcloud/alpha/model-armor/floorsettings/update b/gcloud/alpha/model-armor/floorsettings/update new file mode 100644 index 000000000..0ed5e393e --- /dev/null +++ b/gcloud/alpha/model-armor/floorsettings/update @@ -0,0 +1,127 @@ +NAME + gcloud alpha model-armor floorsettings update - update the FloorSetting + resource + +SYNOPSIS + gcloud alpha model-armor floorsettings update --full-uri=FULL_URI + [--enable-floor-setting-enforcement=ENABLE_FLOOR_SETTING_ENFORCEMENT] + [--malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT] + [--add-rai-settings-filters=confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE] | --clear-rai-settings-filters + | --rai-settings-filters=confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE] + | --remove-rai-settings-filters=confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE]] + [--advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT] + [--pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Updates the floor setting resource with the given name. + +REQUIRED FLAGS + --full-uri=FULL_URI + Full uri of the floor setting + +OPTIONAL FLAGS + --enable-floor-setting-enforcement=ENABLE_FLOOR_SETTING_ENFORCEMENT + Enable or disable the floor setting enforcement + + Malicious uri filter settings. + + --malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT + Malicious URI filter settings. + + RAI filter settings. + + At most one of these can be specified: + + --add-rai-settings-filters=confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Add rai filter settings. Sets add_rai_settings_filters value. + + Shorthand Example: + + --add-rai-settings-filters=string --add-rai-settings-filters=string + + JSON Example: + + --add-rai-settings-filters=["string"] + + File Example: + + --add-rai-settings-filters=path_to_file.(yaml|json) + + --clear-rai-settings-filters + Clear all rai filter settings. + + --rai-settings-filters=confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Set rai_settings_filters to new value. List of Responsible AI filters + enabled for floor setting. Sets rai_settings_filters value. + + Shorthand Example: + + --rai-settings-filters=string --rai-settings-filters=string + + JSON Example: + + --rai-settings-filters=["string"] + + File Example: + + --rai-settings-filters=path_to_file.(yaml|json) + + --remove-rai-settings-filters=confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Remove rai filter settings. Sets remove_rai_settings_filters value. + + Shorthand Example: + + --remove-rai-settings-filters=string --remove-rai-settings-filters=string + + JSON Example: + + --remove-rai-settings-filters=["string"] + + File Example: + + --remove-rai-settings-filters=path_to_file.(yaml|json) + + SDP filter settings. + + --advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE + The sdp filter settings enforcement. The value can be either "enable" + or "disable". + + --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE + The sdp filter settings enforcement. The value can be either "enable" + or "disable". + + --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT + The sdp filter settings enforcement. The value can be either + "ENABLED" or "DISABLED" + + PI and jailbreak filter settings. + + --pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL + The pi and jailbreak filter settings confidence level. The value can + be either "high", "medium-and-above" or "low-and-above" + + --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT + The pi and jailbreak filter settings enforcement. The value can be + either "enable" or "disable". + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor floorsettings update + diff --git a/gcloud/alpha/model-armor/help b/gcloud/alpha/model-armor/help new file mode 100644 index 000000000..91b708dcc --- /dev/null +++ b/gcloud/alpha/model-armor/help @@ -0,0 +1,35 @@ +NAME + gcloud alpha model-armor - model Armor is a service offering LLM-agnostic + security and AI safety measures to mitigate risks associated with large + language models (LLMs) + +SYNOPSIS + gcloud alpha model-armor GROUP [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Model Armor is a service offering LLM-agnostic security and AI + safety measures to mitigate risks associated with large language models + (LLMs). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +GROUPS + GROUP is one of the following: + + floorsettings + (ALPHA) Manage FloorSettings resources. + + templates + (ALPHA) Manage Template resources. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor + diff --git a/gcloud/alpha/model-armor/templates/create b/gcloud/alpha/model-armor/templates/create new file mode 100644 index 000000000..d68db4e7c --- /dev/null +++ b/gcloud/alpha/model-armor/templates/create @@ -0,0 +1,260 @@ +NAME + gcloud alpha model-armor templates create - create Model Armor Template + +SYNOPSIS + gcloud alpha model-armor templates create (TEMPLATE : --location=LOCATION) + (--malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT --rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE] + --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT + | --advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE --pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT) + [--labels=[LABELS,...]] [--request-id=REQUEST_ID] + [--template-metadata-custom-llm-response-safety-error-code=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_CODE --template-metadata-custom-llm-response-safety-error-message=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_MESSAGE --template-metadata-custom-prompt-safety-error-code=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_CODE --template-metadata-custom-prompt-safety-error-message=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_MESSAGE --template-metadata-ignore-partial-invocation-failures --template-metadata-log-operations --template-metadata-log-sanitize-operations] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Creates a new Template in a given project and location. + +EXAMPLES + To create a Template, run: $ gcloud alpha model-armor templates create my-template \ + --location=us-central1 \ + --malicious-uri-filter-settings-enforcement=enabled + +POSITIONAL ARGUMENTS + Template resource - Identifier. name of resource The arguments in this + group can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +REQUIRED FLAGS + Filters configuration. + + At least one of these must be specified: + + Malicious URI filter settings. + + --malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT + Tells whether the Malicious URI filter is enabled or disabled. + MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT must be one of: + + disabled + Disabled + enabled + Enabled + + Responsible AI Filter settings. + + --rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Required, List of Responsible AI filters enabled for template. + + confidenceLevel + Confidence level for this RAI filter. During data sanitization, + if data is classified under this filter with a confidence level + equal to or greater than the specified level, a positive match + is reported. If the confidence level is unspecified (i.e., 0), + the system will use a reasonable default level based on the + filter_type. + + filterType + Type of responsible AI filter. + + Shorthand Example: + + --rai-settings-filters=confidenceLevel=string,filterType=string --rai-settings-filters=confidenceLevel=string,filterType=string + + JSON Example: + + --rai-settings-filters='[{"confidenceLevel": "string", "filterType": "string"}]' + + File Example: + + --rai-settings-filters=path_to_file.(yaml|json) + + Sensitive Data Protection settings. + + Arguments for the sdp configuration. + + At most one of these can be specified: + + Sensitive Data Protection basic configuration. + + --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT + Tells whether the Sensitive Data Protection basic config is + enabled or disabled. BASIC_CONFIG_FILTER_ENFORCEMENT must be + one of: + + disabled + Disabled + enabled + Enabled + + Sensitive Data Protection Advanced configuration. + + --advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE + Optional Sensitive Data Protection Deidentify template resource + name. + + If provided then DeidentifyContent action is performed during + Sanitization using this template and inspect template. The + De-identified data will be returned in SdpDeidentifyResult. + Note that all info-types present in the deidentify template + must be present in inspect template. + + e.g. + organizations/{organization}/deidentifyTemplates/{deidentify_template}, + projects/{project}/deidentifyTemplates/{deidentify_template} + organizations/{organization}/locations/{location}/deidentifyTemplates/{deidentify_template} + projects/{project}/locations/{location}/deidentifyTemplates/{deidentify_template} + + --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE + Sensitive Data Protection inspect template resource name + + If only inspect template is provided (de-identify template not + provided), then Sensitive Data Protection InspectContent action + is performed during Sanitization. All Sensitive Data Protection + findings identified during inspection will be returned as + SdpFinding in SdpInsepctionResult e.g. + organizations/{organization}/inspectTemplates/{inspect_template}, + projects/{project}/inspectTemplates/{inspect_template} + organizations/{organization}/locations/{location}/inspectTemplates/{inspect_template} + projects/{project}/locations/{location}/inspectTemplates/{inspect_template} + + Prompt injection and Jailbreak Filter settings. + + --pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL + Confidence level for this filter. Confidence level is used to + determine the threshold for the filter. If detection confidence is + equal to or greater than the specified level, a positive match is + reported. Confidence level will only be used if the filter is + enabled. PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL must be + one of: + + high + Low chance of false positives. + low-and-above + Highest chance of a false positive. + medium-and-above + Some chance of false positives. + + --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT + Tells whether Prompt injection and Jailbreak filter is enabled or + disabled. PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT must be one + of: + + disabled + Enabled + enabled + Enabled + +OPTIONAL FLAGS + --labels=[LABELS,...] + Labels as key value pairs. + + KEY + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. + + VALUE + Values must contain only hyphens (-), underscores (_), lowercase + characters, and numbers. + + Shorthand Example: + + --labels=string=string + + JSON Example: + + --labels='{"string": "string"}' + + File Example: + + --labels=path_to_file.(yaml|json) + + --request-id=REQUEST_ID + An optional request ID to identify requests. Specify a unique request + ID so that if you must retry your request, the server will know to + ignore the request if it has already been completed. The server stores + the request ID for 60 minutes after the first request. + + For example, consider a situation where you make an initial request and + the request times out. If you make the request again with the same + request ID, the server can check if original operation with the same + request ID was received, and if so, will ignore the second request. + This prevents clients from accidentally creating duplicate commitments. + + The request ID must be a valid UUID with the exception that zero UUID + is not supported (00000000-0000-0000-0000-000000000000). + + Message describing TemplateMetadata + + --template-metadata-custom-llm-response-safety-error-code=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_CODE + Indicates the custom error code set by the user to be returned to the + end user if the LLM response trips Model Armor filters. + + --template-metadata-custom-llm-response-safety-error-message=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_MESSAGE + Indicates the custom error message set by the user to be returned to + the end user if the LLM response trips Model Armor filters. + + --template-metadata-custom-prompt-safety-error-code=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_CODE + Indicates the custom error code set by the user to be returned to the + end user by the service extension if the prompt trips Model Armor + filters. + + --template-metadata-custom-prompt-safety-error-message=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_MESSAGE + Indicates the custom error message set by the user to be returned to + the end user if the prompt trips Model Armor filters. + + --template-metadata-ignore-partial-invocation-failures + If true, partial detector failures should be ignored. + + --template-metadata-log-operations + If true, log template crud operations. + + --template-metadata-log-sanitize-operations + If true, log sanitize operations. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1alpha API. The full documentation for + this API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor templates create + diff --git a/gcloud/alpha/model-armor/templates/delete b/gcloud/alpha/model-armor/templates/delete new file mode 100644 index 000000000..da98f38b0 --- /dev/null +++ b/gcloud/alpha/model-armor/templates/delete @@ -0,0 +1,81 @@ +NAME + gcloud alpha model-armor templates delete - delete Model Armor Template + +SYNOPSIS + gcloud alpha model-armor templates delete (TEMPLATE : --location=LOCATION) + [--request-id=REQUEST_ID] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Deletes a Template. + +EXAMPLES + To delete a Template, run: $ gcloud alpha model-armor templates delete my-template \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Template resource - Name of the resource The arguments in this group can + be used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +FLAGS + --request-id=REQUEST_ID + An optional request ID to identify requests. Specify a unique request + ID so that if you must retry your request, the server will know to + ignore the request if it has already been completed. The server stores + the request ID for 60 minutes after the first request. + + For example, consider a situation where you make an initial request and + the request times out. If you make the request again with the same + request ID, the server can check if original operation with the same + request ID was received, and if so, will ignore the second request. + This prevents clients from accidentally creating duplicate commitments. + + The request ID must be a valid UUID with the exception that zero UUID + is not supported (00000000-0000-0000-0000-000000000000). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1alpha API. The full documentation for + this API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor templates delete + diff --git a/gcloud/alpha/model-armor/templates/describe b/gcloud/alpha/model-armor/templates/describe new file mode 100644 index 000000000..955ae6065 --- /dev/null +++ b/gcloud/alpha/model-armor/templates/describe @@ -0,0 +1,65 @@ +NAME + gcloud alpha model-armor templates describe - get Model Armor Template + +SYNOPSIS + gcloud alpha model-armor templates describe + (TEMPLATE : --location=LOCATION) [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Gets a Template. + +EXAMPLES + To get a Template, run: $ gcloud alpha model-armor templates describe my-template \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Template resource - Name of the resource The arguments in this group can + be used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1alpha API. The full documentation for + this API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor templates describe + diff --git a/gcloud/alpha/model-armor/templates/help b/gcloud/alpha/model-armor/templates/help new file mode 100644 index 000000000..871418aa7 --- /dev/null +++ b/gcloud/alpha/model-armor/templates/help @@ -0,0 +1,46 @@ +NAME + gcloud alpha model-armor templates - manage Template resources + +SYNOPSIS + gcloud alpha model-armor templates COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage Template resources. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + create + (ALPHA) Create Model Armor Template. + + delete + (ALPHA) Delete Model Armor Template. + + describe + (ALPHA) Get Model Armor Template. + + list + (ALPHA) List Model Armor Templates. + + sanitize-model-response + (ALPHA) Sanitize Model Response. + + sanitize-user-prompt + (ALPHA) Sanitize User Prompt. + + update + (ALPHA) Update Model Armor Template. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor templates + diff --git a/gcloud/alpha/model-armor/templates/list b/gcloud/alpha/model-armor/templates/list new file mode 100644 index 000000000..3a6ce81d1 --- /dev/null +++ b/gcloud/alpha/model-armor/templates/list @@ -0,0 +1,86 @@ +NAME + gcloud alpha model-armor templates list - list Model Armor Templates + +SYNOPSIS + gcloud alpha model-armor templates list --location=LOCATION + [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] + [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Lists Templates in a given project and location. + +EXAMPLES + To list Templates in a given project and location, run: $ gcloud alpha model-armor templates list list --location=us-central1 + +REQUIRED FLAGS + Location resource - Parent value for ListTemplatesRequest This represents + a Cloud resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument --location on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + --location=LOCATION + ID of the location or fully qualified identifier for the location. + + To set the location attribute: + ▸ provide the argument --location on the command line. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1alpha API. The full documentation for + this API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor templates list + diff --git a/gcloud/alpha/model-armor/templates/sanitize-model-response b/gcloud/alpha/model-armor/templates/sanitize-model-response new file mode 100644 index 000000000..f26bd9682 --- /dev/null +++ b/gcloud/alpha/model-armor/templates/sanitize-model-response @@ -0,0 +1,105 @@ +NAME + gcloud alpha model-armor templates sanitize-model-response - sanitize Model + Response + +SYNOPSIS + gcloud alpha model-armor templates sanitize-model-response + (TEMPLATE : --location=LOCATION) [--user-prompt=USER_PROMPT] + [--model-response-data-text=MODEL_RESPONSE_DATA_TEXT + | --model-response-data-byte-item-from-file=PATH_TO_FILE + --model-response-data-byte-item-type=MODEL_RESPONSE_DATA_BYTE_ITEM_TYPE] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Sanitizes a model response. + +EXAMPLES + To sanitize a model response, run: $ gcloud alpha model-armor templates sanitize-model-response \ + my-template --location=us-central1 \ + --model-response-data="test-model-response" + +POSITIONAL ARGUMENTS + Template resource - Represents resource name of template e.g. + name=projects/sample-project/locations/us-central1/templates/templ01 The + arguments in this group can be used to specify the attributes of this + resource. (NOTE) Some attributes are not given arguments in this group but + can be set in other ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +FLAGS + --user-prompt=USER_PROMPT + User Prompt associated with Model response. + + Arguments for the data item. + + At most one of these can be specified: + + --model-response-data-text=MODEL_RESPONSE_DATA_TEXT + Plaintext string data for sanitization. + + Represents Byte Data item. + + --model-response-data-byte-item-from-file=PATH_TO_FILE + Bytes Data. Use a full or relative path to a local file containing + the value of model_response_data_byte_item. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --model-response-data-byte-item-type=MODEL_RESPONSE_DATA_BYTE_ITEM_TYPE + The type of byte data. MODEL_RESPONSE_DATA_BYTE_ITEM_TYPE must be + one of: + + pdf + PDF + plaintext-utf8 + plain text + + This flag argument must be specified if any of the other arguments + in this group are specified. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1alpha API. The full documentation for + this API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor templates sanitize-model-response + diff --git a/gcloud/alpha/model-armor/templates/sanitize-user-prompt b/gcloud/alpha/model-armor/templates/sanitize-user-prompt new file mode 100644 index 000000000..098874acf --- /dev/null +++ b/gcloud/alpha/model-armor/templates/sanitize-user-prompt @@ -0,0 +1,100 @@ +NAME + gcloud alpha model-armor templates sanitize-user-prompt - sanitize User + Prompt + +SYNOPSIS + gcloud alpha model-armor templates sanitize-user-prompt + (TEMPLATE : --location=LOCATION) + [--user-prompt-data-text=USER_PROMPT_DATA_TEXT + | --byte-item-data-from-file=PATH_TO_FILE + --byte-item-data-type=BYTE_ITEM_DATA_TYPE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Sanitizes a user prompt. + +EXAMPLES + To sanitize a user prompt, run: $ gcloud alpha model-armor templates sanitize-user-prompt \ + my-template --location=us-central1 \ + --user-prompt-data="test-user-prompt" + +POSITIONAL ARGUMENTS + Template resource - Represents resource name of template e.g. + name=projects/sample-project/locations/us-central1/templates/templ01 The + arguments in this group can be used to specify the attributes of this + resource. (NOTE) Some attributes are not given arguments in this group but + can be set in other ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +FLAGS + Arguments for the data item. + + At most one of these can be specified: + + --user-prompt-data-text=USER_PROMPT_DATA_TEXT + Plaintext string data for sanitization. + + Represents Byte Data item. + + --byte-item-data-from-file=PATH_TO_FILE + Bytes Data. Use a full or relative path to a local file containing + the value of byte_item_data. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --byte-item-data-type=BYTE_ITEM_DATA_TYPE + The type of byte data. BYTE_ITEM_DATA_TYPE must be one of: + + pdf + PDF + plaintext-utf8 + plain text + + This flag argument must be specified if any of the other arguments + in this group are specified. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1alpha API. The full documentation for + this API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor templates sanitize-user-prompt + diff --git a/gcloud/alpha/model-armor/templates/update b/gcloud/alpha/model-armor/templates/update new file mode 100644 index 000000000..90ab9b659 --- /dev/null +++ b/gcloud/alpha/model-armor/templates/update @@ -0,0 +1,373 @@ +NAME + gcloud alpha model-armor templates update - update Model Armor Template + +SYNOPSIS + gcloud alpha model-armor templates update (TEMPLATE : --location=LOCATION) + [--request-id=REQUEST_ID] + [--clear-filter-config + --malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT | --advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE --pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT --rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE] + | --add-rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE] --clear-rai-settings-filters + | --remove-rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE]] + [--clear-template-metadata + --template-metadata-custom-llm-response-safety-error-code=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_CODE --template-metadata-custom-llm-response-safety-error-message=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_MESSAGE --template-metadata-custom-prompt-safety-error-code=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_CODE --template-metadata-custom-prompt-safety-error-message=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_MESSAGE --[no-]template-metadata-ignore-partial-invocation-failures --[no-]template-metadata-log-operations --[no-]template-metadata-log-sanitize-operations] + [--labels=[LABELS,...] + | --update-labels=[UPDATE_LABELS,...] --clear-labels + | --remove-labels=[__REMOVE_LABELS,...]] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Updates a Template. + +EXAMPLES + To update a Template, run: $ gcloud alpha model-armor templates update my-template \ + --location=us-central1 --clear-labels + +POSITIONAL ARGUMENTS + Template resource - Identifier. name of resource The arguments in this + group can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +FLAGS + --request-id=REQUEST_ID + An optional request ID to identify requests. Specify a unique request + ID so that if you must retry your request, the server will know to + ignore the request if it has already been completed. The server stores + the request ID for 60 minutes after the first request. + + For example, consider a situation where you make an initial request and + the request times out. If you make the request again with the same + request ID, the server can check if original operation with the same + request ID was received, and if so, will ignore the second request. + This prevents clients from accidentally creating duplicate commitments. + + The request ID must be a valid UUID with the exception that zero UUID + is not supported (00000000-0000-0000-0000-000000000000). + + Filters configuration. + + --clear-filter-config + Set template.filterConfig back to default value. + + Malicious URI filter settings. + + --malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT + Tells whether the Malicious URI filter is enabled or disabled. + MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT must be one of: + + disabled + Disabled + enabled + Enabled + + Sensitive Data Protection settings. + + Arguments for the sdp configuration. + + At most one of these can be specified: + + Sensitive Data Protection basic configuration. + + --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT + Tells whether the Sensitive Data Protection basic config is + enabled or disabled. BASIC_CONFIG_FILTER_ENFORCEMENT must be + one of: + + disabled + Disabled + enabled + Enabled + + Sensitive Data Protection Advanced configuration. + + --advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE + Optional Sensitive Data Protection Deidentify template resource + name. + + If provided then DeidentifyContent action is performed during + Sanitization using this template and inspect template. The + De-identified data will be returned in SdpDeidentifyResult. + Note that all info-types present in the deidentify template + must be present in inspect template. + + e.g. + organizations/{organization}/deidentifyTemplates/{deidentify_template}, + projects/{project}/deidentifyTemplates/{deidentify_template} + organizations/{organization}/locations/{location}/deidentifyTemplates/{deidentify_template} + projects/{project}/locations/{location}/deidentifyTemplates/{deidentify_template} + + --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE + Sensitive Data Protection inspect template resource name + + If only inspect template is provided (de-identify template not + provided), then Sensitive Data Protection InspectContent action + is performed during Sanitization. All Sensitive Data Protection + findings identified during inspection will be returned as + SdpFinding in SdpInsepctionResult e.g. + organizations/{organization}/inspectTemplates/{inspect_template}, + projects/{project}/inspectTemplates/{inspect_template} + organizations/{organization}/locations/{location}/inspectTemplates/{inspect_template} + projects/{project}/locations/{location}/inspectTemplates/{inspect_template} + + Prompt injection and Jailbreak Filter settings. + + --pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL + Confidence level for this filter. Confidence level is used to + determine the threshold for the filter. If detection confidence is + equal to or greater than the specified level, a positive match is + reported. Confidence level will only be used if the filter is + enabled. PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL must be + one of: + + high + Low chance of false positives. + low-and-above + Highest chance of a false positive. + medium-and-above + Some chance of false positives. + + --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT + Tells whether Prompt injection and Jailbreak filter is enabled or + disabled. PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT must be one + of: + + disabled + Enabled + enabled + Enabled + + Responsible AI Filter settings. + + Update rai_settings_filters. + + At most one of these can be specified: + + --rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Set rai_settings_filters to new value. List of Responsible AI + filters enabled for template. + + confidenceLevel + Confidence level for this RAI filter. During data + sanitization, if data is classified under this filter with a + confidence level equal to or greater than the specified + level, a positive match is reported. If the confidence level + is unspecified (i.e., 0), the system will use a reasonable + default level based on the filter_type. + + filterType + Type of responsible AI filter. + + Shorthand Example: + + --rai-settings-filters=confidenceLevel=string,filterType=string --rai-settings-filters=confidenceLevel=string,filterType=string + + JSON Example: + + --rai-settings-filters='[{"confidenceLevel": "string", "filterType": "string"}]' + + File Example: + + --rai-settings-filters=path_to_file.(yaml|json) + + --add-rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Add new value to rai_settings_filters list. List of Responsible + AI filters enabled for template. + + confidenceLevel + Confidence level for this RAI filter. During data + sanitization, if data is classified under this filter with a + confidence level equal to or greater than the specified + level, a positive match is reported. If the confidence level + is unspecified (i.e., 0), the system will use a reasonable + default level based on the filter_type. + + filterType + Type of responsible AI filter. + + Shorthand Example: + + --add-rai-settings-filters=confidenceLevel=string,filterType=string --add-rai-settings-filters=confidenceLevel=string,filterType=string + + JSON Example: + + --add-rai-settings-filters='[{"confidenceLevel": "string", "filterType": "string"}]' + + File Example: + + --add-rai-settings-filters=path_to_file.(yaml|json) + + At most one of these can be specified: + + --clear-rai-settings-filters + Clear rai_settings_filters value and set to empty list. + + --remove-rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Remove existing value from rai_settings_filters list. List of + Responsible AI filters enabled for template. + + confidenceLevel + Confidence level for this RAI filter. During data + sanitization, if data is classified under this filter with + a confidence level equal to or greater than the specified + level, a positive match is reported. If the confidence + level is unspecified (i.e., 0), the system will use a + reasonable default level based on the filter_type. + + filterType + Type of responsible AI filter. + + Shorthand Example: + + --remove-rai-settings-filters=confidenceLevel=string,filterType=string --remove-rai-settings-filters=confidenceLevel=string,filterType=string + + JSON Example: + + --remove-rai-settings-filters='[{"confidenceLevel": "string", "filterType": "string"}]' + + File Example: + + --remove-rai-settings-filters=path_to_file.(yaml|json) + + Message describing TemplateMetadata + + --clear-template-metadata + Set template.templateMetadata back to default value. + + --template-metadata-custom-llm-response-safety-error-code=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_CODE + Indicates the custom error code set by the user to be returned to the + end user if the LLM response trips Model Armor filters. + + --template-metadata-custom-llm-response-safety-error-message=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_MESSAGE + Indicates the custom error message set by the user to be returned to + the end user if the LLM response trips Model Armor filters. + + --template-metadata-custom-prompt-safety-error-code=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_CODE + Indicates the custom error code set by the user to be returned to the + end user by the service extension if the prompt trips Model Armor + filters. + + --template-metadata-custom-prompt-safety-error-message=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_MESSAGE + Indicates the custom error message set by the user to be returned to + the end user if the prompt trips Model Armor filters. + + --[no-]template-metadata-ignore-partial-invocation-failures + If true, partial detector failures should be ignored. Use + --template-metadata-ignore-partial-invocation-failures to enable and + --no-template-metadata-ignore-partial-invocation-failures to disable. + + --[no-]template-metadata-log-operations + If true, log template crud operations. Use + --template-metadata-log-operations to enable and + --no-template-metadata-log-operations to disable. + + --[no-]template-metadata-log-sanitize-operations + If true, log sanitize operations. Use + --template-metadata-log-sanitize-operations to enable and + --no-template-metadata-log-sanitize-operations to disable. + + Update labels. + + At most one of these can be specified: + + --labels=[LABELS,...] + Set labels to new value. Labels as key value pairs. + + KEY + Keys must start with a lowercase character and contain only + hyphens (-), underscores (_), lowercase characters, and numbers. + + VALUE + Values must contain only hyphens (-), underscores (_), lowercase + characters, and numbers. + + Shorthand Example: + + --labels=string=string + + JSON Example: + + --labels='{"string": "string"}' + + File Example: + + --labels=path_to_file.(yaml|json) + + --update-labels=[UPDATE_LABELS,...] + Update labels value or add key value pair. Labels as key value pairs. + + KEY + Keys must start with a lowercase character and contain only + hyphens (-), underscores (_), lowercase characters, and numbers. + + VALUE + Values must contain only hyphens (-), underscores (_), lowercase + characters, and numbers. + + Shorthand Example: + + --update-labels=string=string + + JSON Example: + + --update-labels='{"string": "string"}' + + File Example: + + --update-labels=path_to_file.(yaml|json) + + At most one of these can be specified: + + --clear-labels + Clear labels value and set to empty map. + + --remove-labels=[__REMOVE_LABELS,...] + Remove existing value from map labels. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1alpha API. The full documentation for + this API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud model-armor templates update + diff --git a/gcloud/alpha/monitoring/snoozes/create b/gcloud/alpha/monitoring/snoozes/create index a679e292d..c3f5cc314 100644 --- a/gcloud/alpha/monitoring/snoozes/create +++ b/gcloud/alpha/monitoring/snoozes/create @@ -3,7 +3,8 @@ NAME SYNOPSIS gcloud alpha monitoring snoozes create [--snooze-from-file=PATH_TO_FILE] - [--criteria-policies=CRITERIA_POLICIES,[...] + [--criteria-filter=CRITERIA_FILTER + --criteria-policies=CRITERIA_POLICIES,[...] --display-name=DISPLAY_NAME --end-time=END_TIME --start-time=START_TIME] [GCLOUD_WIDE_FLAG ...] @@ -21,7 +22,7 @@ EXAMPLES To create a snooze with command-line options, run: $ gcloud alpha monitoring snoozes create \ - --criteria-policies=LIST_OF_POLICIES \ + --criteria-policies=LIST_OF_POLICIES --criteria-filter=FILTER \ --display-name=DISPLAY_NAME --start-time=START_TIME \ --end-time=END_TIME @@ -34,6 +35,7 @@ EXAMPLES criteria: policies: - projects/MY-PROJECT/alertPolicies/MY-POLICY + filter: 'resource.labels.zone="us-central1-a" AND resource.labels.instance_id="1234567890"' interval: startTime: '2024-03-01T08:00:00Z' endTime: '2024-03-08T04:59:59.500Z' @@ -47,8 +49,20 @@ FLAGS Snooze Settings. If any of these are specified, they will overwrite fields in the --snooze-from-file flags if specified. + --criteria-filter=CRITERIA_FILTER + The filter that the Snooze applies to, which is a string to match on + Alert fields when silencing the alerts. It follows the standard + https://google.aip.dev/160 syntax. Filters can be defined for snoozes + that apply to one alerting policy. Filters must be a string formatted + as one or more resource labels with specific label values. If + multiple resource labels are used, then they must be connected with + an AND operator. For example: + resource.labels.instance_id="1234567890" AND + resource.labels.zone="us-central1-a" + --criteria-policies=CRITERIA_POLICIES,[...] - The policies that the Snooze applies to. + The policies that the Snooze applies to. Exactly 1 alert policy is + required if criteria-filter is specified at the same time. --display-name=DISPLAY_NAME The display name for the Snooze. diff --git a/gcloud/alpha/network-services/multicast-group-definitions/create b/gcloud/alpha/network-services/multicast-group-definitions/create index f1bed457a..fd2757499 100644 --- a/gcloud/alpha/network-services/multicast-group-definitions/create +++ b/gcloud/alpha/network-services/multicast-group-definitions/create @@ -8,8 +8,9 @@ SYNOPSIS --multicast-domain=MULTICAST_DOMAIN --reserved-internal-range=RESERVED_INTERNAL_RANGE [--async] [--consumer-accept-list=[CONSUMER_ACCEPT_LIST,...]] - [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]] - [--require-explicit-accept] [GCLOUD_WIDE_FLAG ...] + [--description=DESCRIPTION] [--[no-]enable-logging] + [--labels=[KEY=VALUE,...]] [--require-explicit-accept] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Create a multicast group definition in the specified location of @@ -77,6 +78,10 @@ OPTIONAL FLAGS --description=DESCRIPTION The description for the multicast group definition. + --[no-]enable-logging + Whether to enable logging for this multicast group definition. Use + --enable-logging to enable and --no-enable-logging to disable. + --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. diff --git a/gcloud/alpha/network-services/multicast-group-range-activations/create b/gcloud/alpha/network-services/multicast-group-range-activations/create index eee5973b9..f4fcf5974 100644 --- a/gcloud/alpha/network-services/multicast-group-range-activations/create +++ b/gcloud/alpha/network-services/multicast-group-range-activations/create @@ -7,8 +7,8 @@ SYNOPSIS (MULTICAST_GROUP_RANGE_ACTIVATION : --location=LOCATION) --multicast-domain-activation=MULTICAST_DOMAIN_ACTIVATION --multicast-group-range=MULTICAST_GROUP_RANGE [--async] - [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]] - [GCLOUD_WIDE_FLAG ...] + [--description=DESCRIPTION] [--[no-]enable-logging] + [--labels=[KEY=VALUE,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Create a multicast group range activation in the specified location @@ -72,6 +72,10 @@ OPTIONAL FLAGS --description=DESCRIPTION The description for the multicast group. + --[no-]enable-logging + Whether to enable logging for this multicast group range activation. + Use --enable-logging to enable and --no-enable-logging to disable. + --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. diff --git a/gcloud/alpha/network-services/multicast-group-ranges/create b/gcloud/alpha/network-services/multicast-group-ranges/create index a64a8a72b..a40d1282f 100644 --- a/gcloud/alpha/network-services/multicast-group-ranges/create +++ b/gcloud/alpha/network-services/multicast-group-ranges/create @@ -8,8 +8,9 @@ SYNOPSIS --multicast-domain=MULTICAST_DOMAIN --reserved-internal-range=RESERVED_INTERNAL_RANGE [--async] [--consumer-accept-list=[CONSUMER_ACCEPT_LIST,...]] - [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]] - [--require-explicit-accept] [GCLOUD_WIDE_FLAG ...] + [--description=DESCRIPTION] [--[no-]enable-logging] + [--labels=[KEY=VALUE,...]] [--require-explicit-accept] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Create a multicast group range in the specified location of the @@ -75,6 +76,10 @@ OPTIONAL FLAGS --description=DESCRIPTION The description for the multicast group range. + --[no-]enable-logging + Whether to enable logging for this multicast group range. Use + --enable-logging to enable and --no-enable-logging to disable. + --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. diff --git a/gcloud/alpha/network-services/multicast-groups/create b/gcloud/alpha/network-services/multicast-groups/create index f7dfe74be..7468cc343 100644 --- a/gcloud/alpha/network-services/multicast-groups/create +++ b/gcloud/alpha/network-services/multicast-groups/create @@ -7,8 +7,8 @@ SYNOPSIS (MULTICAST_GROUP : --location=LOCATION) --multicast-domain-activation=MULTICAST_DOMAIN_ACTIVATION --multicast-group-definition=MULTICAST_GROUP_DEFINITION [--async] - [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]] - [GCLOUD_WIDE_FLAG ...] + [--description=DESCRIPTION] [--[no-]enable-logging] + [--labels=[KEY=VALUE,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Create a multicast group in the specified location of the current @@ -70,6 +70,10 @@ OPTIONAL FLAGS --description=DESCRIPTION The description for the multicast group. + --[no-]enable-logging + Whether to enable logging for this multicast group. Use + --enable-logging to enable and --no-enable-logging to disable. + --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. diff --git a/gcloud/alpha/scc/findings/group b/gcloud/alpha/scc/findings/group index 650090922..6dac6fcd1 100644 --- a/gcloud/alpha/scc/findings/group +++ b/gcloud/alpha/scc/findings/group @@ -93,8 +93,8 @@ FLAGS must be a specified field in 'group_by'. See $ gcloud topic datetimes for information on supported duration formats. - The --compare-duration option is deprecated. For more information, [see - the deprecation notice] + The --compare-duration option is deprecated. For more information, see + the deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. @@ -152,8 +152,8 @@ FLAGS this field will default to the API's version of NOW. See $ gcloud topic datetimes for information on supported time formats. - The --read-time option is deprecated. For more information, [see the - deprecation notice] + The --read-time option is deprecated. For more information, see the + deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. diff --git a/gcloud/alpha/scc/findings/list b/gcloud/alpha/scc/findings/list index aa5f609c4..0066b6147 100644 --- a/gcloud/alpha/scc/findings/list +++ b/gcloud/alpha/scc/findings/list @@ -110,8 +110,8 @@ FLAGS must be a specified field in 'group_by'. See $ gcloud topic datetimes for information on supported duration formats. - The --compare-duration option is deprecated. For more information, [see - the deprecation notice] + The --compare-duration option is deprecated. For more information, see + the deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. @@ -156,8 +156,8 @@ FLAGS this field will default to the API's version of NOW. See $ gcloud topic datetimes for information on supported time formats. - The --read-time option is deprecated. For more information, [see the - deprecation notice] + The --read-time option is deprecated. For more information, see the + deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. diff --git a/gcloud/alpha/scc/findings/list-marks b/gcloud/alpha/scc/findings/list-marks index 686253bf7..3692e4162 100644 --- a/gcloud/alpha/scc/findings/list-marks +++ b/gcloud/alpha/scc/findings/list-marks @@ -99,8 +99,8 @@ FLAGS this field will default to the API's version of NOW. See $ gcloud topic datetimes for information on supported time formats. - The --read-time option is deprecated. For more information, [see the - deprecation notice] + The --read-time option is deprecated. For more information, see the + deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. diff --git a/gcloud/alpha/spanner/instances/help b/gcloud/alpha/spanner/instances/help index a57a5f6b4..023c29f67 100644 --- a/gcloud/alpha/spanner/instances/help +++ b/gcloud/alpha/spanner/instances/help @@ -44,7 +44,7 @@ COMMANDS move (ALPHA) Move the Cloud Spanner instance to the specified instance - config. + configuration. remove-iam-policy-binding (ALPHA) Remove IAM policy binding of a Cloud Spanner instance. diff --git a/gcloud/alpha/spanner/instances/move b/gcloud/alpha/spanner/instances/move index 74f944c9e..3d22ff640 100644 --- a/gcloud/alpha/spanner/instances/move +++ b/gcloud/alpha/spanner/instances/move @@ -1,30 +1,31 @@ NAME gcloud alpha spanner instances move - move the Cloud Spanner instance to - the specified instance config + the specified instance configuration SYNOPSIS gcloud alpha spanner instances move INSTANCE --target-config=TARGET_CONFIG - [--target-database-move-configs=[^:^database-id=DATABASE_ID:kms-keys=KEY1, + [--target-database-move-configs=[^:^database-id=DATABASE_ID:kms-key-names=KEY1, KEY2,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Move the Cloud Spanner instance to the specified instance config. + (ALPHA) Move the Cloud Spanner instance to the specified instance + configuration. EXAMPLES - To move the Cloud Spanner instance, which has two CMEK databases db1 and - db2 and a database db3 with Google managed encryption keys, to the target - instance configuration nam3 (us-east4, us-east1, us-central1), run: $ gcloud alpha spanner instances move my-instance-id \ + To move the Cloud Spanner instance, which has two CMEK-enabled databases + db1 and db2 and a database db3 with Google-managed encryption keys, to the + target instance configuration nam3 (us-east4, us-east1, us-central1), run: $ gcloud alpha spanner instances move my-instance-id \ --target-config=nam3 \ - --target-database-move-configs=^:^database-id=db1:kms-keys=proje\ - cts/myproject/locations/us-east4/keyRings/mykeyring/cryptoKeys/\ - cmek-key,projects/myproject/locations/us-east1/keyRings/mykeyring/\ - cryptoKeys/cmek-key,projects/myproject/locations/us-central1/\ - keyRings/mykeyring/cryptoKeys/cmek-key \ - --target-database-move-configs=^:^database-id=db2:kms-keys=proje\ - cts/myproject/locations/us-east4/keyRings/mykeyring/cryptoKeys/\ - cmek-key,projects/myproject/locations/us-east1/keyRings/mykeyring/\ - cryptoKeys/cmek-key,projects/myproject/locations/us-central1/\ - keyRings/mykeyring/cryptoKeys/cmek-key + --target-database-move-configs=^:^database-id=db1:kms-key-names=\ + projects/myproject/locations/us-east4/keyRings/mykeyring/\ + cryptoKeys/cmek-key,projects/myproject/locations/us-east1/keyRings/\ + mykeyring/cryptoKeys/cmek-key,projects/myproject/locations/\ + us-central1/keyRings/mykeyring/cryptoKeys/cmek-key \ + --target-database-move-configs=^:^database-id=db2:kms-key-names=\ + projects/myproject/locations/us-east4/keyRings/mykeyring/\ + cryptoKeys/cmek-key,projects/myproject/locations/us-east1/keyRings/\ + mykeyring/cryptoKeys/cmek-key,projects/myproject/locations/\ + us-central1/keyRings/mykeyring/cryptoKeys/cmek-key POSITIONAL ARGUMENTS INSTANCE @@ -35,24 +36,24 @@ REQUIRED FLAGS Target Instance configuration to move the instances. OPTIONAL FLAGS - --target-database-move-configs=[^:^database-id=DATABASE_ID:kms-keys=KEY1,KEY2,...] + --target-database-move-configs=[^:^database-id=DATABASE_ID:kms-key-names=KEY1,KEY2,...] Database level configurations for each database to be moved. Currently - only used for CMEK databases to specificy the target database KMS keys. - Sets target_database_move_configs value. + only used for CMEK-enabled databases to specificy the target database + KMS keys. Sets target_database_move_configs value. database-id Required, Sets database-id value. - kms-keys - Sets kms-keys value. + kms-key-names + Sets kms-key-names value. Shorthand Example: - --target-database-move-configs=database-id=string,kms-keys=string --target-database-move-configs=database-id=string,kms-keys=string + --target-database-move-configs=database-id=string,kms-key-names=string --target-database-move-configs=database-id=string,kms-key-names=string JSON Example: - --target-database-move-configs='[{"database-id": "string", "kms-keys": "string"}]' + --target-database-move-configs='[{"database-id": "string", "kms-key-names": "string"}]' File Example: diff --git a/gcloud/alpha/sql/instances/create b/gcloud/alpha/sql/instances/create index 5762c0be9..45e377e8e 100644 --- a/gcloud/alpha/sql/instances/create +++ b/gcloud/alpha/sql/instances/create @@ -14,7 +14,8 @@ SYNOPSIS [--backup-location=BACKUP_LOCATION] [--backup-start-time=BACKUP_START_TIME] [--cascadable-replica] [--collation=COLLATION] [--connector-enforcement=CONNECTOR_ENFORCEMENT] - [--cpu=CPU] [--database-flags=FLAG=VALUE,[FLAG=VALUE,...]] + [--cpu=CPU] [--custom-subject-alternative-names=DNS,[DNS,[DNS]]] + [--database-flags=FLAG=VALUE,[FLAG=VALUE,...]] [--database-version=DATABASE_VERSION; default="MYSQL_8_0"] [--[no-]deletion-protection] [--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE] @@ -203,6 +204,15 @@ FLAGS machine. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted. + --custom-subject-alternative-names=DNS,[DNS,[DNS]] + A comma-separated list of DNS names to add to the instance's SSL + certificate. A custom SAN is a structured way to add additional DNS + names (host names) that are not managed by Cloud SQL to an instance. It + allows for hostname verification during establishment of a database + connection using the DNS name over SSL/TLS. When you create and/or + update an instance, you can add a comma-separated list of up to three + DNS names to the server certificate of your instance. + --database-flags=FLAG=VALUE,[FLAG=VALUE,...] Comma-separated list of database flags to set on the instance. Use an equals sign to separate flag name and value. Flags without values, like diff --git a/gcloud/alpha/sql/instances/patch b/gcloud/alpha/sql/instances/patch index affbdaa7f..fc1b629ce 100644 --- a/gcloud/alpha/sql/instances/patch +++ b/gcloud/alpha/sql/instances/patch @@ -58,6 +58,8 @@ SYNOPSIS [--authorized-gae-apps=APP,[APP,...] | --clear-gae-apps] [--authorized-networks=NETWORK,[NETWORK,...] | --clear-authorized-networks] + [--clear-custom-subject-alternative-names + | --custom-subject-alternative-names=DNS,[DNS,[DNS]]] [--clear-database-flags | --database-flags=FLAG=VALUE,[FLAG=VALUE,...]] [--clear-labels | --remove-labels=[KEY,...]] [--clear-psc-auto-connections @@ -485,6 +487,20 @@ FLAGS Clear the list of external networks that are allowed to connect to the instance. + At most one of these can be specified: + + --clear-custom-subject-alternative-names + This clears the customer specified DNS names. + + --custom-subject-alternative-names=DNS,[DNS,[DNS]] + A comma-separated list of DNS names to add to the instance's SSL + certificate. A custom SAN is a structured way to add additional DNS + names (host names) that are not managed by Cloud SQL to an instance. + It allows for hostname verification during establishment of a + database connection using the DNS name over SSL/TLS. When you create + and/or update an instance, you can add a comma-separated list of up + to three DNS names to the server certificate of your instance. + At most one of these can be specified: --clear-database-flags diff --git a/gcloud/alpha/storage/batch-operations/jobs/create b/gcloud/alpha/storage/batch-operations/jobs/create index 632ea48e3..def169657 100644 --- a/gcloud/alpha/storage/batch-operations/jobs/create +++ b/gcloud/alpha/storage/batch-operations/jobs/create @@ -6,7 +6,8 @@ SYNOPSIS gcloud alpha storage batch-operations jobs create BATCH_JOB --bucket=BUCKET (--included-object-prefixes=[PREFIXES,...] | --manifest-location=MANIFEST_LOCATION) - (--put-kms-key=PUT_KMS_KEY | --put-metadata=KEY=VALUE,[KEY=VALUE,...] + (--put-metadata=KEY=VALUE,[KEY=VALUE,...] + | --rewrite-object=KEY=VALUE,[KEY=VALUE,...] | [--delete-object : --enable-permanent-object-deletion] | --[no-]put-object-event-based-hold --[no-]put-object-temporary-hold) [--description=DESCRIPTION] @@ -83,12 +84,6 @@ REQUIRED FLAGS Exactly one of these must be specified: - --put-kms-key=PUT_KMS_KEY - Sets the resource name of the Cloud KMS key that will be used to - encrypt the object. The Cloud KMS key must be located in same - location as the object. Format: - --put-kms-key=projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/CRYPTO_KEY - --put-metadata=KEY=VALUE,[KEY=VALUE,...] Sets object metadata. To set how content should be displayed, specify the the key-value pair Content-Disposition={VALUE}. To set how @@ -106,6 +101,13 @@ REQUIRED FLAGS specified by separating them with commas. For example, --put-metadata=Content-Disposition=inline,Content-Encoding=gzip + --rewrite-object=KEY=VALUE,[KEY=VALUE,...] + Rewrites object and the specified metadata. Currently only supports + rewriting kms-key. A metadata field MUST be specified. For example, + --rewrite-object=kms-key=projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/CRYPTO_KEY + will rewrite the Cloud KMS key that will be used to encrypt the + object. + Describes options to delete objects. --delete-object diff --git a/gcloud/alpha/storage/buckets/create b/gcloud/alpha/storage/buckets/create index 0b61c5ccc..8201491be 100644 --- a/gcloud/alpha/storage/buckets/create +++ b/gcloud/alpha/storage/buckets/create @@ -142,10 +142,9 @@ FLAGS --soft-delete-duration=SOFT_DELETE_DURATION Duration to retain soft-deleted objects. For example, "2w1d" is two - weeks and one day. The presence of this flag creates a bucket with a - soft delete policy enabled, meaning deleted objects can be restored if - requested within the inputted duration. See gcloud topic datetimes for - more information on the duration format. + weeks and one day. See gcloud topic datetimes for more information on + the duration format. Setting 0 will disable soft delete policy on the + bucket. Default is 7 days. --[no-]uniform-bucket-level-access, -b Turns on uniform bucket-level access setting. Default is False. Use diff --git a/gcloud/alpha/workstations/configs/update b/gcloud/alpha/workstations/configs/update index 98b4e9f7b..0d1714471 100644 --- a/gcloud/alpha/workstations/configs/update +++ b/gcloud/alpha/workstations/configs/update @@ -18,8 +18,7 @@ SYNOPSIS [--idle-timeout=IDLE_TIMEOUT] [--labels=[LABELS,...]] [--machine-type=MACHINE_TYPE] [--max-usable-workstations-count=MAX_USABLE_WORKSTATIONS_COUNT] - [--network-tags=[NETWORK_TAGS,...]] - [--pd-source-snapshot=PD_SOURCE_SNAPSHOT] [--pool-size=POOL_SIZE] + [--network-tags=[NETWORK_TAGS,...]] [--pool-size=POOL_SIZE] [--running-timeout=RUNNING_TIMEOUT] [--service-account=SERVICE_ACCOUNT] [--service-account-scopes=[SERVICE_ACCOUNT_SCOPES,...]] [--shielded-integrity-monitoring] [--shielded-secure-boot] @@ -33,6 +32,8 @@ SYNOPSIS [--disable-localhost-replacement | --enable-localhost-replacement] [--disable-ssh-to-vm | --enable-ssh-to-vm] [--disable-tcp-connections | --enable-tcp-connections] + [--pd-source-snapshot=PD_SOURCE_SNAPSHOT | --pd-disk-size=PD_DISK_SIZE + --pd-disk-type=PD_DISK_TYPE; default="pd-standard"] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -268,9 +269,6 @@ FLAGS $ gcloud alpha workstations configs update --network-tags=tag_1,tag_2 - --pd-source-snapshot=PD_SOURCE_SNAPSHOT - Name of the snapshot to use as the source for the home disk. - --pool-size=POOL_SIZE Number of instances to pool for faster Workstation startup. @@ -405,6 +403,23 @@ FLAGS --enable-tcp-connections If set, workstations allow plain TCP connections. + At most one of these can be specified: + + --pd-source-snapshot=PD_SOURCE_SNAPSHOT + Name of the snapshot to use as the source for the persistent + directory. + + --pd-source-snapshot cannot be specified when --pd-disk-size or + --pd-disk-type is specified. + + --pd-disk-size=PD_DISK_SIZE + Size of the persistent directory in GB. PD_DISK_SIZE must be one + of: 10, 50, 100, 200, 500, 1000. + + --pd-disk-type=PD_DISK_TYPE; default="pd-standard" + Type of the persistent directory. PD_DISK_TYPE must be one of: + pd-standard, pd-balanced, pd-ssd. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/alloydb/clusters/help b/gcloud/beta/alloydb/clusters/help index 0fc9ee04a..e63c4b60f 100644 --- a/gcloud/beta/alloydb/clusters/help +++ b/gcloud/beta/alloydb/clusters/help @@ -32,9 +32,16 @@ COMMANDS export (BETA) Export data from an AlloyDB cluster to Google Cloud Storage. + import + (BETA) Import data to an AlloyDB cluster from Google Cloud Storage. + list (BETA) List AlloyDB clusters in a given project and region. + migrate-cloud-sql + (BETA) Migrate Cloud SQL instance to an AlloyDB cluster using an + existing Cloud SQL backup. + promote (BETA) Promote an AlloyDB SECONDARY cluster in a given project and region. diff --git a/gcloud/beta/alloydb/clusters/import b/gcloud/beta/alloydb/clusters/import new file mode 100644 index 000000000..c53ee2b7b --- /dev/null +++ b/gcloud/beta/alloydb/clusters/import @@ -0,0 +1,101 @@ +NAME + gcloud beta alloydb clusters import - import data to an AlloyDB cluster + from Google Cloud Storage + +SYNOPSIS + gcloud beta alloydb clusters import CLUSTER --gcs-uri=GCS_URI + --region=REGION + (--sql | [--csv --table=TABLE : --columns=COLUMNS + --escape-character=ESCAPE_CHARACTER + --field-delimiter=FIELD_DELIMITER --quote-character=QUOTE_CHARACTER]) + [--async] [--database=DATABASE] [--user=USER] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Import data to an AlloyDB cluster from Google Cloud Storage. + +EXAMPLES + To import data into a cluster, run: + + $ gcloud beta alloydb clusters import my-cluster \ + --region=us-central1 --database=my-database \ + --gcs-uri=gs://my-bucket/source-file-path --sql --user=my-user" + +POSITIONAL ARGUMENTS + CLUSTER + AlloyDB cluster ID + +REQUIRED FLAGS + URI of the source file for import. + + This must be specified. + + --gcs-uri=GCS_URI + Path to the Google Cloud Storage file from which import has to be + done. + + --region=REGION + Regional location (e.g. asia-east1, us-east1). See the full list of + regions at https://cloud.google.com/sql/docs/instance-locations. + + Import options for the cluster. + + Exactly one of these must be specified: + + SQL import options for the cluster. + + --sql + Specify source file type. + + CSV import options for the cluster. + + --csv + Specify source file type. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --table=TABLE + Table name to which the data has to be imported. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --columns=COLUMNS + Comma-separated list of column names to be used for import. + + --escape-character=ESCAPE_CHARACTER + Escape character in the source file. + + --field-delimiter=FIELD_DELIMITER + Field delimiter in the source file. + + --quote-character=QUOTE_CHARACTER + Quote character in the source file. + +OPTIONAL FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --database=DATABASE + Database name from which export has to be done. + + --user=USER + Database user for the import. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud alloydb clusters import + + $ gcloud alpha alloydb clusters import + diff --git a/gcloud/beta/alloydb/clusters/migrate-cloud-sql b/gcloud/beta/alloydb/clusters/migrate-cloud-sql new file mode 100644 index 000000000..141dab036 --- /dev/null +++ b/gcloud/beta/alloydb/clusters/migrate-cloud-sql @@ -0,0 +1,325 @@ +NAME + gcloud beta alloydb clusters migrate-cloud-sql - migrate Cloud SQL instance + to an AlloyDB cluster using an existing Cloud SQL backup + +SYNOPSIS + gcloud beta alloydb clusters migrate-cloud-sql CLUSTER + --cloud-sql-backup-id=CLOUD_SQL_BACKUP_ID + --cloud-sql-instance-id=CLOUD_SQL_INSTANCE_ID + --cloud-sql-project-id=CLOUD_SQL_PROJECT_ID --password=PASSWORD + --region=REGION [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME] + [--async] [--database-version=DATABASE_VERSION] + [--enable-private-service-connect] [--network=NETWORK] + [--subscription-type=SUBSCRIPTION_TYPE] [--tags=[KEY=VALUE,...]] + [--continuous-backup-recovery-window-days=RECOVERY_PERIOD + --enable-continuous-backup + [--continuous-backup-encryption-key=CONTINUOUS_BACKUP_ENCRYPTION_KEY + : --continuous-backup-encryption-key-keyring=CONTINUOUS_BACKUP_ENCRYPTION_KEY_KEYRING --continuous-backup-encryption-key-location=CONTINUOUS_BACKUP_ENCRYPTION_KEY_LOCATION --continuous-backup-encryption-key-project=CONTINUOUS_BACKUP_ENCRYPTION_KEY_PROJECT]] + [--disable-automated-backup + | [--automated-backup-days-of-week=[DAYS_OF_WEEK,...] + --automated-backup-start-times=[START_TIMES,...] + : --automated-backup-window=TIMEOUT_PERIOD + [--automated-backup-encryption-key=AUTOMATED_BACKUP_ENCRYPTION_KEY + : --automated-backup-encryption-key-keyring=AUTOMATED_BACKUP_ENCRYPTION_KEY_KEYRING --automated-backup-encryption-key-location=AUTOMATED_BACKUP_ENCRYPTION_KEY_LOCATION --automated-backup-encryption-key-project=AUTOMATED_BACKUP_ENCRYPTION_KEY_PROJECT] --automated-backup-retention-count=RETENTION_COUNT | --automated-backup-retention-period=RETENTION_PERIOD]] + [--kms-key=KMS_KEY : --kms-keyring=KMS_KEYRING + --kms-location=KMS_LOCATION --kms-project=KMS_PROJECT] + [--maintenance-window-day=MAINTENANCE_WINDOW_DAY + --maintenance-window-hour=MAINTENANCE_WINDOW_HOUR] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Migrate Cloud SQL instance to an AlloyDB cluster using an existing + Cloud SQL backup. + +EXAMPLES + To migrate a Cloud SQL instance to an AlloyDB cluster from a backup, run: + + $ gcloud beta alloydb clusters migrate-cloud-sql \ + my-alloydb-cluster --region=us-central1 \ + --cloud-sql-project-id=my-cloud-sql-project-id \ + --cloud-sql-instance-id=my-cloud-sql-cluster-id \ + --cloud-sql-backup-id=my-cloud-sql-backup-id + +POSITIONAL ARGUMENTS + CLUSTER + AlloyDB cluster ID + +REQUIRED FLAGS + Migrate Cloud SQL strategy. + + This must be specified. + + Migrate CloudSQL instance to an AlloyDB cluster by restoring from an + existing backup. + + --cloud-sql-backup-id=CLOUD_SQL_BACKUP_ID + CloudSQL backup ID to migrate from. This must be the backup ID + (myBackup). + + --cloud-sql-instance-id=CLOUD_SQL_INSTANCE_ID + CloudSQL instance ID to migrate from. This must be the instance ID + (myInstance). + + --cloud-sql-project-id=CLOUD_SQL_PROJECT_ID + CloudSQL project to migrate from. This must be the project ID + (myProject). + + --password=PASSWORD + Initial postgres user password to set up during cluster creation. + + --region=REGION + Regional location (e.g. asia-east1, us-east1). See the full list of + regions at https://cloud.google.com/sql/docs/instance-locations. + +OPTIONAL FLAGS + --allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME + Name of the allocated IP range for the private IP AlloyDB cluster, for + example: "google-managed-services-default". If set, the instance IPs + for this cluster will be created in the allocated range. The range name + must comply with RFC 1035. Specifically, the name must be 1-63 + characters long and match the regular expression + [a-z]([-a-z0-9][a-z0-9])?. + + --async + Return immediately, without waiting for the operation in progress to + complete. + + --database-version=DATABASE_VERSION + Database version of the cluster. DATABASE_VERSION must be one of: + POSTGRES_14, POSTGRES_15, POSTGRES_16. + + --enable-private-service-connect + Enable Private Service Connect (PSC) connectivity for the cluster. + + --network=NETWORK + Network in the current project that the instance will be part of. To + specify using a network with a shared VPC, use the full URL of the + network. For an example host project, testproject, and shared network, + testsharednetwork, this would be of the + form:--network=projects/testproject/global/networks/testsharednetwork + + --subscription-type=SUBSCRIPTION_TYPE + Subscription type of the cluster. SUBSCRIPTION_TYPE must be one of: + STANDARD, TRIAL. + + --tags=[KEY=VALUE,...] + List of tags KEY=VALUE pairs to bind. Each item must be expressed as + =. + + Example: 123/environment=production,123/costCenter=marketing + + Continuous Backup configuration. If unspecified, continuous backups are + enabled. + + --continuous-backup-recovery-window-days=RECOVERY_PERIOD + Recovery window of the log files and backups saved to support + Continuous Backups. + + --enable-continuous-backup + Enables Continuous Backups on the cluster. + + Key resource - The Cloud KMS (Key Management Service) cryptokey that + will be used to protect the continuous backup. The 'AlloyDB Service + Agent's service account must hold permission 'Cloud KMS CryptoKey + Encrypter/Decrypter'. The arguments in this group can be used to specify + the attributes of this resource. + + --continuous-backup-encryption-key=CONTINUOUS_BACKUP_ENCRYPTION_KEY + ID of the key or fully qualified identifier for the key. + + To set the kms-key attribute: + ▫ provide the argument --continuous-backup-encryption-key on the + command line. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --continuous-backup-encryption-key-keyring=CONTINUOUS_BACKUP_ENCRYPTION_KEY_KEYRING + The KMS keyring of the key. + + To set the kms-keyring attribute: + ▫ provide the argument --continuous-backup-encryption-key on the + command line with a fully specified name; + ▫ provide the argument --continuous-backup-encryption-key-keyring + on the command line. + + --continuous-backup-encryption-key-location=CONTINUOUS_BACKUP_ENCRYPTION_KEY_LOCATION + The Google Cloud location for the key. + + To set the kms-location attribute: + ▫ provide the argument --continuous-backup-encryption-key on the + command line with a fully specified name; + ▫ provide the argument + --continuous-backup-encryption-key-location on the command line. + + --continuous-backup-encryption-key-project=CONTINUOUS_BACKUP_ENCRYPTION_KEY_PROJECT + The Google Cloud project for the key. + + To set the kms-project attribute: + ▫ provide the argument --continuous-backup-encryption-key on the + command line with a fully specified name; + ▫ provide the argument --continuous-backup-encryption-key-project + on the command line; + ▫ set the property core/project. + + Automated backup policy. If unspecified, automated backups are disabled. + + At most one of these can be specified: + + --disable-automated-backup + Disables automated backups on the cluster. + + Enable automated backup policy. + + --automated-backup-days-of-week=[DAYS_OF_WEEK,...] + Comma-separated list of days of the week to perform a backup. At + least one day of the week must be provided. (e.g., + --automated-backup-days-of-week=MONDAY,WEDNESDAY,SUNDAY). + DAYS_OF_WEEK must be one of: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --automated-backup-start-times=[START_TIMES,...] + Comma-separated list of times during the day to start a backup. At + least one start time must be provided. The start times are assumed + to be in UTC and required to be an exact hour in the format HH:00. + (e.g., --automated-backup-start-times=01:00,13:00) + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --automated-backup-window=TIMEOUT_PERIOD + Length of the time window beginning at start time during which a + backup can be taken. If a backup does not succeed within this time + window, it will be canceled and considered failed. The backup + window must be at least 5 minutes long. There is no upper bound on + the window. If not set, it will default to 1 hour. + + Key resource - The Cloud KMS (Key Management Service) cryptokey that + will be used to protect the automated backups. The 'AlloyDB Service + Agent' service account must hold permission 'Cloud KMS CryptoKey + Encrypter/Decrypter'. The arguments in this group can be used to + specify the attributes of this resource. + + --automated-backup-encryption-key=AUTOMATED_BACKUP_ENCRYPTION_KEY + ID of the key or fully qualified identifier for the key. + + To set the kms-key attribute: + ◇ provide the argument --automated-backup-encryption-key on the + command line. + + This flag argument must be specified if any of the other + arguments in this group are specified. + + --automated-backup-encryption-key-keyring=AUTOMATED_BACKUP_ENCRYPTION_KEY_KEYRING + The KMS keyring of the key. + + To set the kms-keyring attribute: + ◇ provide the argument --automated-backup-encryption-key on the + command line with a fully specified name; + ◇ provide the argument + --automated-backup-encryption-key-keyring on the command line. + + --automated-backup-encryption-key-location=AUTOMATED_BACKUP_ENCRYPTION_KEY_LOCATION + The Google Cloud location for the key. + + To set the kms-location attribute: + ◇ provide the argument --automated-backup-encryption-key on the + command line with a fully specified name; + ◇ provide the argument + --automated-backup-encryption-key-location on the command line. + + --automated-backup-encryption-key-project=AUTOMATED_BACKUP_ENCRYPTION_KEY_PROJECT + The Google Cloud project for the key. + + To set the kms-project attribute: + ◇ provide the argument --automated-backup-encryption-key on the + command line with a fully specified name; + ◇ provide the argument + --automated-backup-encryption-key-project on the command line; + ◇ set the property core/project. + + Retention policy. If no retention policy is provided, all automated + backups will be retained. + + At most one of these can be specified: + + --automated-backup-retention-count=RETENTION_COUNT + Number of most recent successful backups retained. + + --automated-backup-retention-period=RETENTION_PERIOD + Retention period of the backup relative to creation time. See $ + gcloud topic datetimes for information on duration formats. + + Key resource - The Cloud KMS (Key Management Service) cryptokey that will + be used to protect the cluster. The 'AlloyDB Service Agent' service + account must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. + The arguments in this group can be used to specify the attributes of this + resource. + + --kms-key=KMS_KEY + ID of the key or fully qualified identifier for the key. + + To set the kms-key attribute: + ▸ provide the argument --kms-key on the command line. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --kms-keyring=KMS_KEYRING + The KMS keyring of the key. + + To set the kms-keyring attribute: + ▸ provide the argument --kms-key on the command line with a fully + specified name; + ▸ provide the argument --kms-keyring on the command line. + + --kms-location=KMS_LOCATION + The Google Cloud location for the key. + + To set the kms-location attribute: + ▸ provide the argument --kms-key on the command line with a fully + specified name; + ▸ provide the argument --kms-location on the command line. + + --kms-project=KMS_PROJECT + The Google Cloud project for the key. + + To set the kms-project attribute: + ▸ provide the argument --kms-key on the command line with a fully + specified name; + ▸ provide the argument --kms-project on the command line; + ▸ set the property core/project. + + Specify preferred day and time for maintenance. + + --maintenance-window-day=MAINTENANCE_WINDOW_DAY + Day of week for maintenance window, in UTC time zone. + MAINTENANCE_WINDOW_DAY must be one of: MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, SUNDAY. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --maintenance-window-hour=MAINTENANCE_WINDOW_HOUR + Hour of day for maintenance window, in UTC time zone. + + This flag argument must be specified if any of the other arguments in + this group are specified. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. This + variant is also available: + + $ gcloud alpha alloydb clusters migrate-cloud-sql + diff --git a/gcloud/beta/compute/instances/network-interfaces/get-effective-firewalls b/gcloud/beta/compute/instances/network-interfaces/get-effective-firewalls index db8161345..0ac96f26e 100644 --- a/gcloud/beta/compute/instances/network-interfaces/get-effective-firewalls +++ b/gcloud/beta/compute/instances/network-interfaces/get-effective-firewalls @@ -32,6 +32,7 @@ EXAMPLES get-effective-firewalls example-instance --format="table( type, firewall_policy_name, + rule_type, priority, action, direction, diff --git a/gcloud/beta/compute/interconnects/create b/gcloud/beta/compute/interconnects/create index ca8d70a27..90c9b12e9 100644 --- a/gcloud/beta/compute/interconnects/create +++ b/gcloud/beta/compute/interconnects/create @@ -98,9 +98,13 @@ OPTIONAL FLAGS to use when creating a Cross-Cloud Interconnect. --requested-features=[FEATURES,...] - List of features requested for this interconnect. FEATURES must be - (only one value is supported): + List of features requested for this interconnect. FEATURES must be one + of: + CROSS_SITE_NETWORK + If specified then the interconnect is created on Cross-Site Network + capable hardware ports. This parameter can only be provided during + interconnect INSERT and cannot be changed using interconnect PATCH. MACSEC If specified then the interconnect is created on MACsec capable hardware ports. If not specified, the interconnect is created on diff --git a/gcloud/beta/compute/network-firewall-policies/get-effective-firewalls b/gcloud/beta/compute/network-firewall-policies/get-effective-firewalls index fad7dd0a3..c8e72847a 100644 --- a/gcloud/beta/compute/network-firewall-policies/get-effective-firewalls +++ b/gcloud/beta/compute/network-firewall-policies/get-effective-firewalls @@ -33,6 +33,7 @@ EXAMPLES --region=region-a --format="table( type, firewall_policy_name, + rule_type, priority, action, direction, diff --git a/gcloud/beta/compute/networks/get-effective-firewalls b/gcloud/beta/compute/networks/get-effective-firewalls index e4cfe1780..b55ef417e 100644 --- a/gcloud/beta/compute/networks/get-effective-firewalls +++ b/gcloud/beta/compute/networks/get-effective-firewalls @@ -28,6 +28,7 @@ EXAMPLES example-network --format="table( type, firewall_policy_name, + rule_type, priority, action, direction, diff --git a/gcloud/beta/compute/url-maps/invalidate-cdn-cache b/gcloud/beta/compute/url-maps/invalidate-cdn-cache index 062da2528..3683468f2 100644 --- a/gcloud/beta/compute/url-maps/invalidate-cdn-cache +++ b/gcloud/beta/compute/url-maps/invalidate-cdn-cache @@ -3,8 +3,9 @@ NAME objects for a URL map in Cloud CDN caches SYNOPSIS - gcloud beta compute url-maps invalidate-cdn-cache URLMAP --path=PATH - [--async] [--global] [--host=HOST] [GCLOUD_WIDE_FLAG ...] + gcloud beta compute url-maps invalidate-cdn-cache URLMAP [--async] + [--global] [--host=HOST] [--path=PATH] [--tags=TAGS] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) gcloud beta compute url-maps invalidate-cdn-cache requests that @@ -18,7 +19,18 @@ POSITIONAL ARGUMENTS URLMAP Name of the URL map to operate on. -REQUIRED FLAGS +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --global + (Default) The URL map is global. Regional URL maps are not supported. + + --host=HOST + If set, this invalidation will apply only to requests to the specified + host. + --path=PATH A path specifying which objects to invalidate. PATH must start with ``/'' and the only place a ``*'' is allowed is at the end following a @@ -39,17 +51,12 @@ REQUIRED FLAGS ◆ ``/x/y/'': ``/x/y/'' only (and not ``/x/y'') ◆ ``/x/y/*'': ``/x/y/'' and everything under it -OPTIONAL FLAGS - --async - Return immediately, without waiting for the operation in progress to - complete. + --tags=TAGS + A single tag or a comma-delimited list of tags. When multiple tags are + specified, the invalidation applies them using boolean OR logic. - --global - (Default) The URL map is global. Regional URL maps are not supported. - - --host=HOST - If set, this invalidation will apply only to requests to the specified - host. + Example: + ◆ --tags=abcd,user123 GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, diff --git a/gcloud/beta/container/clusters/create b/gcloud/beta/container/clusters/create index 28dbd4e7e..b00a5d4b5 100644 --- a/gcloud/beta/container/clusters/create +++ b/gcloud/beta/container/clusters/create @@ -1345,18 +1345,14 @@ FLAGS net.core.netdev_max_backlog Any positive integer, less than 2147483647 - net.core.rmem_default Any positive - integer, less than - 2147483647 - net.core.rmem_max Any positive - integer, less than - 2147483647 - net.core.wmem_default Any positive - integer, less than - 2147483647 - net.core.wmem_max Any positive - integer, less than - 2147483647 + net.core.rmem_default Must be between + [2304, 2147483647] + net.core.rmem_max Must be between + [2304, 2147483647] + net.core.wmem_default Must be between + [4608, 2147483647] + net.core.wmem_max Must be between + [4608, 2147483647] net.core.optmem_max Any positive integer, less than 2147483647 diff --git a/gcloud/beta/container/fleet/mesh/update b/gcloud/beta/container/fleet/mesh/update index da7fd7a4e..204193d42 100644 --- a/gcloud/beta/container/fleet/mesh/update +++ b/gcloud/beta/container/fleet/mesh/update @@ -5,8 +5,8 @@ NAME SYNOPSIS gcloud beta container fleet mesh update (--fleet-default-member-config=FLEET_DEFAULT_MEMBER_CONFIG - | [(--control-plane=CONTROL_PLANE - --management=MANAGEMENT --origin=ORIGIN) + | [(--origin=ORIGIN --config-api=CONFIG_API + | --control-plane=CONTROL_PLANE | --management=MANAGEMENT) : [--memberships=[MEMBERSHIPS,...] : --location=LOCATION]]) [GCLOUD_WIDE_FLAG ...] @@ -35,22 +35,28 @@ REQUIRED FLAGS At least one of these must be specified: - --control-plane=CONTROL_PLANE - (DEPRECATED) Control plane management to update to. - - The --control-plane flag is now deprecated. Please use --management - instead. See - https://cloud.google.com/service-mesh/docs/managed/provision-managed-anthos-service-mesh. - CONTROL_PLANE must be one of: automatic, manual, unspecified. - - --management=MANAGEMENT - The management mode to update to. MANAGEMENT must be one of: - automatic, manual. - --origin=ORIGIN Changing the origin of the membership. ORIGIN must be (only one value is supported): fleet. + At most one of these can be specified: + + --config-api=CONFIG_API + The API to use for mesh configuration. CONFIG_API must be one of: + istio, gateway. + + --control-plane=CONTROL_PLANE + (DEPRECATED) Control plane management to update to. + + The --control-plane flag is now deprecated. Please use + --management instead. See + https://cloud.google.com/service-mesh/docs/managed/provision-managed-anthos-service-mesh. + CONTROL_PLANE must be one of: automatic, manual, unspecified. + + --management=MANAGEMENT + The management mode to update to. MANAGEMENT must be one of: + automatic, manual. + Membership resource - The group of arguments defining one or more memberships. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given diff --git a/gcloud/beta/container/hub/mesh/update b/gcloud/beta/container/hub/mesh/update index 8b644cb54..04d32cc29 100644 --- a/gcloud/beta/container/hub/mesh/update +++ b/gcloud/beta/container/hub/mesh/update @@ -5,8 +5,8 @@ NAME SYNOPSIS gcloud beta container hub mesh update (--fleet-default-member-config=FLEET_DEFAULT_MEMBER_CONFIG - | [(--control-plane=CONTROL_PLANE - --management=MANAGEMENT --origin=ORIGIN) + | [(--origin=ORIGIN --config-api=CONFIG_API + | --control-plane=CONTROL_PLANE | --management=MANAGEMENT) : [--memberships=[MEMBERSHIPS,...] : --location=LOCATION]]) [GCLOUD_WIDE_FLAG ...] @@ -35,22 +35,28 @@ REQUIRED FLAGS At least one of these must be specified: - --control-plane=CONTROL_PLANE - (DEPRECATED) Control plane management to update to. - - The --control-plane flag is now deprecated. Please use --management - instead. See - https://cloud.google.com/service-mesh/docs/managed/provision-managed-anthos-service-mesh. - CONTROL_PLANE must be one of: automatic, manual, unspecified. - - --management=MANAGEMENT - The management mode to update to. MANAGEMENT must be one of: - automatic, manual. - --origin=ORIGIN Changing the origin of the membership. ORIGIN must be (only one value is supported): fleet. + At most one of these can be specified: + + --config-api=CONFIG_API + The API to use for mesh configuration. CONFIG_API must be one of: + istio, gateway. + + --control-plane=CONTROL_PLANE + (DEPRECATED) Control plane management to update to. + + The --control-plane flag is now deprecated. Please use + --management instead. See + https://cloud.google.com/service-mesh/docs/managed/provision-managed-anthos-service-mesh. + CONTROL_PLANE must be one of: automatic, manual, unspecified. + + --management=MANAGEMENT + The management mode to update to. MANAGEMENT must be one of: + automatic, manual. + Membership resource - The group of arguments defining one or more memberships. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given diff --git a/gcloud/beta/container/node-pools/create b/gcloud/beta/container/node-pools/create index c65dd6555..a67237529 100644 --- a/gcloud/beta/container/node-pools/create +++ b/gcloud/beta/container/node-pools/create @@ -734,18 +734,14 @@ FLAGS net.core.netdev_max_backlog Any positive integer, less than 2147483647 - net.core.rmem_default Any positive - integer, less than - 2147483647 - net.core.rmem_max Any positive - integer, less than - 2147483647 - net.core.wmem_default Any positive - integer, less than - 2147483647 - net.core.wmem_max Any positive - integer, less than - 2147483647 + net.core.rmem_default Must be between + [2304, 2147483647] + net.core.rmem_max Must be between + [2304, 2147483647] + net.core.wmem_default Must be between + [4608, 2147483647] + net.core.wmem_max Must be between + [4608, 2147483647] net.core.optmem_max Any positive integer, less than 2147483647 diff --git a/gcloud/beta/container/node-pools/update b/gcloud/beta/container/node-pools/update index 8329c2e45..202573cf2 100644 --- a/gcloud/beta/container/node-pools/update +++ b/gcloud/beta/container/node-pools/update @@ -326,18 +326,18 @@ REQUIRED FLAGS net.core.netdev_max_backlog Any positive integer, less than 2147483647 - net.core.rmem_default Any positive - integer, less - than 2147483647 - net.core.rmem_max Any positive - integer, less - than 2147483647 - net.core.wmem_default Any positive - integer, less - than 2147483647 - net.core.wmem_max Any positive - integer, less - than 2147483647 + net.core.rmem_default Must be between + [2304, + 2147483647] + net.core.rmem_max Must be between + [2304, + 2147483647] + net.core.wmem_default Must be between + [4608, + 2147483647] + net.core.wmem_max Must be between + [4608, + 2147483647] net.core.optmem_max Any positive integer, less than 2147483647 diff --git a/gcloud/beta/dataflow/flex-template/build b/gcloud/beta/dataflow/flex-template/build index 2431cff52..0588f361b 100644 --- a/gcloud/beta/dataflow/flex-template/build +++ b/gcloud/beta/dataflow/flex-template/build @@ -11,6 +11,7 @@ SYNOPSIS | --jar=[JAR,...] | --py-path=[PY_PATH,...])) [--additional-experiments=[ADDITIONAL_EXPERIMENTS,...]] [--additional-user-labels=[ADDITIONAL_USER_LABELS,...]] + [--cloud-build-service-account=CLOUD_BUILD_SERVICE_ACCOUNT] [--dataflow-kms-key=DATAFLOW_KMS_KEY] [--disable-public-ips] [--enable-streaming-engine] [--gcs-log-dir=GCS_LOG_DIR] [--image-repository-cert-path=IMAGE_REPOSITORY_CERT_PATH] @@ -133,6 +134,18 @@ OPTIONAL FLAGS --additional-user-labels=[ADDITIONAL_USER_LABELS,...] Default user labels to pass to the job. + --cloud-build-service-account=CLOUD_BUILD_SERVICE_ACCOUNT + Service account to run the Cloud Build in the format + projects/{project}/serviceAccounts/{service_account}. Ensure that the + account you are using to run 'gcloud dataflow flex-template build' has + 'ServiceAccountUser' role on the specified Cloud Build service account + you provide with the --cloud-build-service-account flag. The specified + service account must have required permissions to build the image. If + the specified service account is in a project that is different from + the project where you are starting builds, see + https://cloud.google.com/build/docs/securing-builds/configure-user-specified-service-accounts#cross-project_set_up + to grant the necessary access. + --dataflow-kms-key=DATAFLOW_KMS_KEY Default Cloud KMS key to protect the job resources. diff --git a/gcloud/beta/deploy/deploy-policies/add-iam-policy-binding b/gcloud/beta/deploy/deploy-policies/add-iam-policy-binding new file mode 100644 index 000000000..0b1495114 --- /dev/null +++ b/gcloud/beta/deploy/deploy-policies/add-iam-policy-binding @@ -0,0 +1,140 @@ +NAME + gcloud beta deploy deploy-policies add-iam-policy-binding - add IAM policy + binding for a Cloud Deploy Policy + +SYNOPSIS + gcloud beta deploy deploy-policies add-iam-policy-binding + (DEPLOY_POLICY : --region=REGION) --member=PRINCIPAL --role=ROLE + [--condition=[KEY=VALUE,...] | --condition-from-file=PATH_TO_FILE] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Adds a policy binding to the IAM policy of a Cloud Deploy Policy. + One binding consists of a member and a role. + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +EXAMPLES + To add an IAM policy binding for the role of roles/clouddeploy.policyAdmin + for the user test-user@gmail.com on holiday-policy with the region + us-central1, run: + + $ gcloud beta deploy deploy-policies add-iam-policy-binding \ + holiday-policy --region='us-central1' \ + --member='user:test-user@gmail.com' \ + --role='roles/clouddeploy.policyAdmin' + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to add the IAM policy + binding. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + +REQUIRED FLAGS + --member=PRINCIPAL + The principal to add the binding for. Should be of the form + user|group|serviceAccount:email or domain:domain. + + Examples: user:test-user@gmail.com, group:admins@example.com, + serviceAccount:test123@example.domain.com, or + domain:example.domain.com. + + Some resources also accept the following special values: + ◆ allUsers - Special identifier that represents anyone who is on the + internet, with or without a Google account. + ◆ allAuthenticatedUsers - Special identifier that represents anyone + who is authenticated with a Google account or a service account. + + --role=ROLE + Role name to assign to the principal. The role name is the complete + path of a predefined role, such as roles/logging.viewer, or the role ID + for a custom role, such as + organizations/{ORGANIZATION_ID}/roles/logging.viewer. + +OPTIONAL FLAGS + At most one of these can be specified: + + --condition=[KEY=VALUE,...] + A condition to include in the binding. When the condition is + explicitly specified as None (--condition=None), a binding without a + condition is added. When the condition is specified and is not None, + --role cannot be a basic role. Basic roles are roles/editor, + roles/owner, and roles/viewer. For more on conditions, refer to the + conditions overview guide: + https://cloud.google.com/iam/docs/conditions-overview + + When using the --condition flag, include the following key-value + pairs: + + expression + (Required) Condition expression that evaluates to True or False. + This uses a subset of Common Expression Language syntax. + + If the condition expression includes a comma, use a different + delimiter to separate the key-value pairs. Specify the delimiter + before listing the key-value pairs. For example, to specify a + colon (:) as the delimiter, do the following: + --condition=^:^title=TITLE:expression=EXPRESSION. For more + information, see + https://cloud.google.com/sdk/gcloud/reference/topic/escaping. + + title + (Required) A short string describing the purpose of the + expression. + + description + (Optional) Additional description for the expression. + + --condition-from-file=PATH_TO_FILE + Path to a local JSON or YAML file that defines the condition. To see + available fields, see the help for --condition. Use a full or + relative path to a local file containing the value of condition. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud deploy deploy-policies add-iam-policy-binding + + $ gcloud alpha deploy deploy-policies add-iam-policy-binding + diff --git a/gcloud/beta/deploy/deploy-policies/get-iam-policy b/gcloud/beta/deploy/deploy-policies/get-iam-policy new file mode 100644 index 000000000..2b32668e2 --- /dev/null +++ b/gcloud/beta/deploy/deploy-policies/get-iam-policy @@ -0,0 +1,103 @@ +NAME + gcloud beta deploy deploy-policies get-iam-policy - get the IAM policy for + a Cloud Deploy Policy + +SYNOPSIS + gcloud beta deploy deploy-policies get-iam-policy + (DEPLOY_POLICY : --region=REGION) [--filter=EXPRESSION] [--limit=LIMIT] + [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta deploy deploy-policies get-iam-policy displays the IAM + policy associated with a Cloud Deploy Policy. If formatted as JSON, the + output can be edited and used as a policy file for set-iam-policy. The + output includes an "etag" field identifying the version emitted and + allowing detection of concurrent policy updates; see $ gcloud beta deploy + deploy-policies set-iam-policy for additional details. + +EXAMPLES + To print the IAM policy for a deploy policy my-holiday-policy in region + us-central1, run: + + $ gcloud beta deploy deploy-policies get-iam-policy \ + my-holiday-policy --region=us-central1 + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to display the IAM + policy. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud deploy deploy-policies get-iam-policy + + $ gcloud alpha deploy deploy-policies get-iam-policy + diff --git a/gcloud/beta/deploy/deploy-policies/help b/gcloud/beta/deploy/deploy-policies/help index 2999b371f..9f0c50d89 100644 --- a/gcloud/beta/deploy/deploy-policies/help +++ b/gcloud/beta/deploy/deploy-policies/help @@ -16,6 +16,9 @@ GCLOUD WIDE FLAGS COMMANDS COMMAND is one of the following: + add-iam-policy-binding + (BETA) Add IAM policy binding for a Cloud Deploy Policy. + delete (BETA) Delete a deploy policy. @@ -25,6 +28,15 @@ COMMANDS export (BETA) Returns the .yaml definition of the specified deploy policy. + get-iam-policy + (BETA) Get the IAM policy for a Cloud Deploy Policy. + + remove-iam-policy-binding + (BETA) Remove an IAM policy binding for a Cloud Deploy Policy. + + set-iam-policy + (BETA) Set the IAM policy for a Cloud Deploy Policy. + NOTES This command is currently in beta and might change without notice. These variants are also available: diff --git a/gcloud/beta/deploy/deploy-policies/remove-iam-policy-binding b/gcloud/beta/deploy/deploy-policies/remove-iam-policy-binding new file mode 100644 index 000000000..43ccae178 --- /dev/null +++ b/gcloud/beta/deploy/deploy-policies/remove-iam-policy-binding @@ -0,0 +1,145 @@ +NAME + gcloud beta deploy deploy-policies remove-iam-policy-binding - remove an + IAM policy binding for a Cloud Deploy Policy + +SYNOPSIS + gcloud beta deploy deploy-policies remove-iam-policy-binding + (DEPLOY_POLICY : --region=REGION) --member=PRINCIPAL --role=ROLE + [--all | --condition=[KEY=VALUE,...] + | --condition-from-file=PATH_TO_FILE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Removes a policy binding to the IAM policy of a Cloud Deploy Policy. + One binding consists of a member and a role. + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +EXAMPLES + To remove an IAM policy binding for the role of + roles/roles/clouddeploy.policyAdmin for the user test-user@gmail.com on + holiday-policy with the region us-central1, run: + + $ gcloud beta deploy deploy-policies remove-iam-policy-binding \ + holiday-policy --region='us-central1' \ + --member='user:test-user@gmail.com' \ + --role='roles/roles/clouddeploy.policyAdmin' + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to remove the IAM + policy binding. The arguments in this group can be used to specify the + attributes of this resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + +REQUIRED FLAGS + --member=PRINCIPAL + The principal to remove the binding for. Should be of the form + user|group|serviceAccount:email or domain:domain. + + Examples: user:test-user@gmail.com, group:admins@example.com, + serviceAccount:test123@example.domain.com, or + domain:example.domain.com. + + Deleted principals have an additional deleted: prefix and a ?uid=UID + suffix, where UID is a unique identifier for the principal. Example: + deleted:user:test-user@gmail.com?uid=123456789012345678901. + + Some resources also accept the following special values: + ◆ allUsers - Special identifier that represents anyone who is on the + internet, with or without a Google account. + ◆ allAuthenticatedUsers - Special identifier that represents anyone + who is authenticated with a Google account or a service account. + + --role=ROLE + The role to remove the principal from. + +OPTIONAL FLAGS + At most one of these can be specified: + + --all + Remove all bindings with this role and principal, irrespective of any + conditions. + + --condition=[KEY=VALUE,...] + The condition of the binding that you want to remove. When the + condition is explicitly specified as None (--condition=None), a + binding without a condition is removed. Otherwise, only a binding + with a condition that exactly matches the specified condition + (including the optional description) is removed. For more on + conditions, refer to the conditions overview guide: + https://cloud.google.com/iam/docs/conditions-overview + + When using the --condition flag, include the following key-value + pairs: + + expression + (Required) Condition expression that evaluates to True or False. + This uses a subset of Common Expression Language syntax. + + If the condition expression includes a comma, use a different + delimiter to separate the key-value pairs. Specify the delimiter + before listing the key-value pairs. For example, to specify a + colon (:) as the delimiter, do the following: + --condition=^:^title=TITLE:expression=EXPRESSION. For more + information, see + https://cloud.google.com/sdk/gcloud/reference/topic/escaping. + + title + (Required) A short string describing the purpose of the + expression. + + description + (Optional) Additional description for the expression. + + --condition-from-file=PATH_TO_FILE + Path to a local JSON or YAML file that defines the condition. To see + available fields, see the help for --condition. Use a full or + relative path to a local file containing the value of condition. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud deploy deploy-policies remove-iam-policy-binding + + $ gcloud alpha deploy deploy-policies remove-iam-policy-binding + diff --git a/gcloud/beta/deploy/deploy-policies/set-iam-policy b/gcloud/beta/deploy/deploy-policies/set-iam-policy new file mode 100644 index 000000000..2999acd82 --- /dev/null +++ b/gcloud/beta/deploy/deploy-policies/set-iam-policy @@ -0,0 +1,85 @@ +NAME + gcloud beta deploy deploy-policies set-iam-policy - set the IAM policy for + a Cloud Deploy Policy + +SYNOPSIS + gcloud beta deploy deploy-policies set-iam-policy + (DEPLOY_POLICY : --region=REGION) POLICY_FILE [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Set the IAM policy associated with a Cloud Deploy Policy. + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +EXAMPLES + The following command will read an IAM policy defined in a JSON file + policy.json and set it for a deploy policy with identifier + my-holiday-policy in region us-central1: + + $ gcloud beta deploy deploy-policies set-iam-policy \ + my-holiday-policy policy.json --region=us-central1 + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to set the IAM + policy. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + + POLICY_FILE + Path to a local JSON or YAML formatted file containing a valid policy. + + The output of the get-iam-policy command is a valid file, as is any + JSON or YAML file conforming to the structure of a Policy + (https://cloud.google.com/iam/reference/rest/v1/Policy). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud deploy deploy-policies set-iam-policy + + $ gcloud alpha deploy deploy-policies set-iam-policy + diff --git a/gcloud/beta/monitoring/snoozes/create b/gcloud/beta/monitoring/snoozes/create index 427b2c314..407b1ec74 100644 --- a/gcloud/beta/monitoring/snoozes/create +++ b/gcloud/beta/monitoring/snoozes/create @@ -3,7 +3,8 @@ NAME SYNOPSIS gcloud beta monitoring snoozes create [--snooze-from-file=PATH_TO_FILE] - [--criteria-policies=CRITERIA_POLICIES,[...] + [--criteria-filter=CRITERIA_FILTER + --criteria-policies=CRITERIA_POLICIES,[...] --display-name=DISPLAY_NAME --end-time=END_TIME --start-time=START_TIME] [GCLOUD_WIDE_FLAG ...] @@ -21,7 +22,7 @@ EXAMPLES To create a snooze with command-line options, run: $ gcloud beta monitoring snoozes create \ - --criteria-policies=LIST_OF_POLICIES \ + --criteria-policies=LIST_OF_POLICIES --criteria-filter=FILTER \ --display-name=DISPLAY_NAME --start-time=START_TIME \ --end-time=END_TIME @@ -34,6 +35,7 @@ EXAMPLES criteria: policies: - projects/MY-PROJECT/alertPolicies/MY-POLICY + filter: 'resource.labels.zone="us-central1-a" AND resource.labels.instance_id="1234567890"' interval: startTime: '2024-03-01T08:00:00Z' endTime: '2024-03-08T04:59:59.500Z' @@ -47,8 +49,20 @@ FLAGS Snooze Settings. If any of these are specified, they will overwrite fields in the --snooze-from-file flags if specified. + --criteria-filter=CRITERIA_FILTER + The filter that the Snooze applies to, which is a string to match on + Alert fields when silencing the alerts. It follows the standard + https://google.aip.dev/160 syntax. Filters can be defined for snoozes + that apply to one alerting policy. Filters must be a string formatted + as one or more resource labels with specific label values. If + multiple resource labels are used, then they must be connected with + an AND operator. For example: + resource.labels.instance_id="1234567890" AND + resource.labels.zone="us-central1-a" + --criteria-policies=CRITERIA_POLICIES,[...] - The policies that the Snooze applies to. + The policies that the Snooze applies to. Exactly 1 alert policy is + required if criteria-filter is specified at the same time. --display-name=DISPLAY_NAME The display name for the Snooze. diff --git a/gcloud/beta/network-services/multicast-group-range-activations/create b/gcloud/beta/network-services/multicast-group-range-activations/create index 108ebfe9b..ad7122f4d 100644 --- a/gcloud/beta/network-services/multicast-group-range-activations/create +++ b/gcloud/beta/network-services/multicast-group-range-activations/create @@ -7,8 +7,8 @@ SYNOPSIS (MULTICAST_GROUP_RANGE_ACTIVATION : --location=LOCATION) --multicast-domain-activation=MULTICAST_DOMAIN_ACTIVATION --multicast-group-range=MULTICAST_GROUP_RANGE [--async] - [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]] - [GCLOUD_WIDE_FLAG ...] + [--description=DESCRIPTION] [--[no-]enable-logging] + [--labels=[KEY=VALUE,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) Create a multicast group range activation in the specified location @@ -72,6 +72,10 @@ OPTIONAL FLAGS --description=DESCRIPTION The description for the multicast group. + --[no-]enable-logging + Whether to enable logging for this multicast group range activation. + Use --enable-logging to enable and --no-enable-logging to disable. + --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. diff --git a/gcloud/beta/network-services/multicast-group-ranges/create b/gcloud/beta/network-services/multicast-group-ranges/create index d80158f57..fbfd597d5 100644 --- a/gcloud/beta/network-services/multicast-group-ranges/create +++ b/gcloud/beta/network-services/multicast-group-ranges/create @@ -8,8 +8,9 @@ SYNOPSIS --multicast-domain=MULTICAST_DOMAIN --reserved-internal-range=RESERVED_INTERNAL_RANGE [--async] [--consumer-accept-list=[CONSUMER_ACCEPT_LIST,...]] - [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]] - [--require-explicit-accept] [GCLOUD_WIDE_FLAG ...] + [--description=DESCRIPTION] [--[no-]enable-logging] + [--labels=[KEY=VALUE,...]] [--require-explicit-accept] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) Create a multicast group range in the specified location of the @@ -75,6 +76,10 @@ OPTIONAL FLAGS --description=DESCRIPTION The description for the multicast group range. + --[no-]enable-logging + Whether to enable logging for this multicast group range. Use + --enable-logging to enable and --no-enable-logging to disable. + --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. diff --git a/gcloud/beta/scc/findings/group b/gcloud/beta/scc/findings/group index 6eeace17c..3672b7490 100644 --- a/gcloud/beta/scc/findings/group +++ b/gcloud/beta/scc/findings/group @@ -93,8 +93,8 @@ FLAGS must be a specified field in 'group_by'. See $ gcloud topic datetimes for information on supported duration formats. - The --compare-duration option is deprecated. For more information, [see - the deprecation notice] + The --compare-duration option is deprecated. For more information, see + the deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. @@ -152,8 +152,8 @@ FLAGS this field will default to the API's version of NOW. See $ gcloud topic datetimes for information on supported time formats. - The --read-time option is deprecated. For more information, [see the - deprecation notice] + The --read-time option is deprecated. For more information, see the + deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. diff --git a/gcloud/beta/scc/findings/list b/gcloud/beta/scc/findings/list index e84006d62..7984ebe7f 100644 --- a/gcloud/beta/scc/findings/list +++ b/gcloud/beta/scc/findings/list @@ -110,8 +110,8 @@ FLAGS must be a specified field in 'group_by'. See $ gcloud topic datetimes for information on supported duration formats. - The --compare-duration option is deprecated. For more information, [see - the deprecation notice] + The --compare-duration option is deprecated. For more information, see + the deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. @@ -156,8 +156,8 @@ FLAGS this field will default to the API's version of NOW. See $ gcloud topic datetimes for information on supported time formats. - The --read-time option is deprecated. For more information, [see the - deprecation notice] + The --read-time option is deprecated. For more information, see the + deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. diff --git a/gcloud/beta/scc/findings/list-marks b/gcloud/beta/scc/findings/list-marks index 209d69346..649d3c11a 100644 --- a/gcloud/beta/scc/findings/list-marks +++ b/gcloud/beta/scc/findings/list-marks @@ -99,8 +99,8 @@ FLAGS this field will default to the API's version of NOW. See $ gcloud topic datetimes for information on supported time formats. - The --read-time option is deprecated. For more information, [see the - deprecation notice] + The --read-time option is deprecated. For more information, see the + deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. diff --git a/gcloud/beta/services/api-keys/create b/gcloud/beta/services/api-keys/create index 83dfc22fc..e7d6040d9 100644 --- a/gcloud/beta/services/api-keys/create +++ b/gcloud/beta/services/api-keys/create @@ -4,6 +4,7 @@ NAME SYNOPSIS gcloud beta services api-keys create [--annotations=[KEY=VALUE,...]] [--async] [--display-name=DISPLAY_NAME] [--key-id=KEY_ID] + [--service-account=SERVICE_ACCOUNT] [--api-target=service=SERVICE,[...] --allowed-application=[sha1_fingerprint=SHA1_FINGERPRINT, package_name=PACKAGE_NAME,...] @@ -51,6 +52,11 @@ EXAMPLES --api-target=service=bar.service.com \ --api-target=service=foo.service.com + To create a key with service account: + + $ gcloud beta services api-keys create \ + --service-account=my-service-account + To create a key with allowed API targets (service and methods are specified): @@ -81,6 +87,10 @@ FLAGS --key-id=KEY_ID User-specified ID of the key to create. + --service-account=SERVICE_ACCOUNT + The email of the service account the key is bound to. If this field is + specified, the key is a service account bound key and auth enabled. + --api-target=service=SERVICE,[...] Repeatable. Specify service and optionally one or multiple specific methods. Both fields are case insensitive. If you need to specify diff --git a/gcloud/beta/spanner/instances/help b/gcloud/beta/spanner/instances/help index 2ff941c6e..e3acd69db 100644 --- a/gcloud/beta/spanner/instances/help +++ b/gcloud/beta/spanner/instances/help @@ -38,7 +38,7 @@ COMMANDS move (BETA) Move the Cloud Spanner instance to the specified instance - config. + configuration. remove-iam-policy-binding (BETA) Remove IAM policy binding of a Cloud Spanner instance. diff --git a/gcloud/beta/spanner/instances/move b/gcloud/beta/spanner/instances/move index b2b0b8e77..19933a20c 100644 --- a/gcloud/beta/spanner/instances/move +++ b/gcloud/beta/spanner/instances/move @@ -1,18 +1,31 @@ NAME gcloud beta spanner instances move - move the Cloud Spanner instance to the - specified instance config + specified instance configuration SYNOPSIS gcloud beta spanner instances move INSTANCE --target-config=TARGET_CONFIG - [GCLOUD_WIDE_FLAG ...] + [--target-database-move-configs=[^:^database-id=DATABASE_ID:kms-key-names=KEY1, + KEY2,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (BETA) Move the Cloud Spanner instance to the specified instance config. + (BETA) Move the Cloud Spanner instance to the specified instance + configuration. EXAMPLES - To move the Cloud Spanner instance to the target instance configuration, - run: $ gcloud beta spanner instances move my-instance-id \ - --target-config=nam3 + To move the Cloud Spanner instance, which has two CMEK-enabled databases + db1 and db2 and a database db3 with Google-managed encryption keys, to the + target instance configuration nam3 (us-east4, us-east1, us-central1), run: $ gcloud beta spanner instances move my-instance-id \ + --target-config=nam3 \ + --target-database-move-configs=^:^database-id=db1:kms-key-names=\ + projects/myproject/locations/us-east4/keyRings/mykeyring/\ + cryptoKeys/cmek-key,projects/myproject/locations/us-east1/keyRings/\ + mykeyring/cryptoKeys/cmek-key,projects/myproject/locations/\ + us-central1/keyRings/mykeyring/cryptoKeys/cmek-key \ + --target-database-move-configs=^:^database-id=db2:kms-key-names=\ + projects/myproject/locations/us-east4/keyRings/mykeyring/\ + cryptoKeys/cmek-key,projects/myproject/locations/us-east1/keyRings/\ + mykeyring/cryptoKeys/cmek-key,projects/myproject/locations/\ + us-central1/keyRings/mykeyring/cryptoKeys/cmek-key POSITIONAL ARGUMENTS INSTANCE @@ -22,6 +35,30 @@ REQUIRED FLAGS --target-config=TARGET_CONFIG Target Instance configuration to move the instances. +OPTIONAL FLAGS + --target-database-move-configs=[^:^database-id=DATABASE_ID:kms-key-names=KEY1,KEY2,...] + Database level configurations for each database to be moved. Currently + only used for CMEK-enabled databases to specificy the target database + KMS keys. Sets target_database_move_configs value. + + database-id + Required, Sets database-id value. + + kms-key-names + Sets kms-key-names value. + + Shorthand Example: + + --target-database-move-configs=database-id=string,kms-key-names=string --target-database-move-configs=database-id=string,kms-key-names=string + + JSON Example: + + --target-database-move-configs='[{"database-id": "string", "kms-key-names": "string"}]' + + File Example: + + --target-database-move-configs=path_to_file.(yaml|json) + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/sql/instances/create b/gcloud/beta/sql/instances/create index d545db468..cddbf116a 100644 --- a/gcloud/beta/sql/instances/create +++ b/gcloud/beta/sql/instances/create @@ -14,7 +14,8 @@ SYNOPSIS [--backup-location=BACKUP_LOCATION] [--backup-start-time=BACKUP_START_TIME] [--cascadable-replica] [--collation=COLLATION] [--connector-enforcement=CONNECTOR_ENFORCEMENT] - [--cpu=CPU] [--database-flags=FLAG=VALUE,[FLAG=VALUE,...]] + [--cpu=CPU] [--custom-subject-alternative-names=DNS,[DNS,[DNS]]] + [--database-flags=FLAG=VALUE,[FLAG=VALUE,...]] [--database-version=DATABASE_VERSION; default="MYSQL_8_0"] [--[no-]deletion-protection] [--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE] @@ -203,6 +204,15 @@ FLAGS machine. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted. + --custom-subject-alternative-names=DNS,[DNS,[DNS]] + A comma-separated list of DNS names to add to the instance's SSL + certificate. A custom SAN is a structured way to add additional DNS + names (host names) that are not managed by Cloud SQL to an instance. It + allows for hostname verification during establishment of a database + connection using the DNS name over SSL/TLS. When you create and/or + update an instance, you can add a comma-separated list of up to three + DNS names to the server certificate of your instance. + --database-flags=FLAG=VALUE,[FLAG=VALUE,...] Comma-separated list of database flags to set on the instance. Use an equals sign to separate flag name and value. Flags without values, like diff --git a/gcloud/beta/sql/instances/patch b/gcloud/beta/sql/instances/patch index 3117faee7..36a6c8879 100644 --- a/gcloud/beta/sql/instances/patch +++ b/gcloud/beta/sql/instances/patch @@ -58,6 +58,8 @@ SYNOPSIS [--authorized-gae-apps=APP,[APP,...] | --clear-gae-apps] [--authorized-networks=NETWORK,[NETWORK,...] | --clear-authorized-networks] + [--clear-custom-subject-alternative-names + | --custom-subject-alternative-names=DNS,[DNS,[DNS]]] [--clear-database-flags | --database-flags=FLAG=VALUE,[FLAG=VALUE,...]] [--clear-labels | --remove-labels=[KEY,...]] [--clear-psc-auto-connections @@ -485,6 +487,20 @@ FLAGS Clear the list of external networks that are allowed to connect to the instance. + At most one of these can be specified: + + --clear-custom-subject-alternative-names + This clears the customer specified DNS names. + + --custom-subject-alternative-names=DNS,[DNS,[DNS]] + A comma-separated list of DNS names to add to the instance's SSL + certificate. A custom SAN is a structured way to add additional DNS + names (host names) that are not managed by Cloud SQL to an instance. + It allows for hostname verification during establishment of a + database connection using the DNS name over SSL/TLS. When you create + and/or update an instance, you can add a comma-separated list of up + to three DNS names to the server certificate of your instance. + At most one of these can be specified: --clear-database-flags diff --git a/gcloud/beta/workstations/configs/update b/gcloud/beta/workstations/configs/update index ad87f9863..055b50496 100644 --- a/gcloud/beta/workstations/configs/update +++ b/gcloud/beta/workstations/configs/update @@ -18,8 +18,7 @@ SYNOPSIS [--idle-timeout=IDLE_TIMEOUT] [--labels=[LABELS,...]] [--machine-type=MACHINE_TYPE] [--max-usable-workstations-count=MAX_USABLE_WORKSTATIONS_COUNT] - [--network-tags=[NETWORK_TAGS,...]] - [--pd-source-snapshot=PD_SOURCE_SNAPSHOT] [--pool-size=POOL_SIZE] + [--network-tags=[NETWORK_TAGS,...]] [--pool-size=POOL_SIZE] [--running-timeout=RUNNING_TIMEOUT] [--service-account=SERVICE_ACCOUNT] [--service-account-scopes=[SERVICE_ACCOUNT_SCOPES,...]] [--shielded-integrity-monitoring] [--shielded-secure-boot] @@ -33,6 +32,8 @@ SYNOPSIS [--disable-localhost-replacement | --enable-localhost-replacement] [--disable-ssh-to-vm | --enable-ssh-to-vm] [--disable-tcp-connections | --enable-tcp-connections] + [--pd-source-snapshot=PD_SOURCE_SNAPSHOT | --pd-disk-size=PD_DISK_SIZE + --pd-disk-type=PD_DISK_TYPE; default="pd-standard"] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -268,9 +269,6 @@ FLAGS $ gcloud beta workstations configs update --network-tags=tag_1,tag_2 - --pd-source-snapshot=PD_SOURCE_SNAPSHOT - Name of the snapshot to use as the source for the home disk. - --pool-size=POOL_SIZE Number of instances to pool for faster Workstation startup. @@ -405,6 +403,23 @@ FLAGS --enable-tcp-connections If set, workstations allow plain TCP connections. + At most one of these can be specified: + + --pd-source-snapshot=PD_SOURCE_SNAPSHOT + Name of the snapshot to use as the source for the persistent + directory. + + --pd-source-snapshot cannot be specified when --pd-disk-size or + --pd-disk-type is specified. + + --pd-disk-size=PD_DISK_SIZE + Size of the persistent directory in GB. PD_DISK_SIZE must be one + of: 10, 50, 100, 200, 500, 1000. + + --pd-disk-type=PD_DISK_TYPE; default="pd-standard" + Type of the persistent directory. PD_DISK_TYPE must be one of: + pd-standard, pd-balanced, pd-ssd. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/compute/interconnects/create b/gcloud/compute/interconnects/create index 8d1dc9ef1..b952158f3 100644 --- a/gcloud/compute/interconnects/create +++ b/gcloud/compute/interconnects/create @@ -94,9 +94,13 @@ OPTIONAL FLAGS to use when creating a Cross-Cloud Interconnect. --requested-features=[FEATURES,...] - List of features requested for this interconnect. FEATURES must be - (only one value is supported): + List of features requested for this interconnect. FEATURES must be one + of: + CROSS_SITE_NETWORK + If specified then the interconnect is created on Cross-Site Network + capable hardware ports. This parameter can only be provided during + interconnect INSERT and cannot be changed using interconnect PATCH. MACSEC If specified then the interconnect is created on MACsec capable hardware ports. If not specified, the interconnect is created on diff --git a/gcloud/container/clusters/create b/gcloud/container/clusters/create index 3d14a3543..192225fb5 100644 --- a/gcloud/container/clusters/create +++ b/gcloud/container/clusters/create @@ -1288,18 +1288,14 @@ FLAGS net.core.netdev_max_backlog Any positive integer, less than 2147483647 - net.core.rmem_default Any positive - integer, less than - 2147483647 - net.core.rmem_max Any positive - integer, less than - 2147483647 - net.core.wmem_default Any positive - integer, less than - 2147483647 - net.core.wmem_max Any positive - integer, less than - 2147483647 + net.core.rmem_default Must be between + [2304, 2147483647] + net.core.rmem_max Must be between + [2304, 2147483647] + net.core.wmem_default Must be between + [4608, 2147483647] + net.core.wmem_max Must be between + [4608, 2147483647] net.core.optmem_max Any positive integer, less than 2147483647 diff --git a/gcloud/container/fleet/mesh/update b/gcloud/container/fleet/mesh/update index 9b1d1ec3f..40484a369 100644 --- a/gcloud/container/fleet/mesh/update +++ b/gcloud/container/fleet/mesh/update @@ -5,8 +5,8 @@ NAME SYNOPSIS gcloud container fleet mesh update (--fleet-default-member-config=FLEET_DEFAULT_MEMBER_CONFIG - | [(--control-plane=CONTROL_PLANE - --management=MANAGEMENT --origin=ORIGIN) + | [(--origin=ORIGIN --config-api=CONFIG_API + | --control-plane=CONTROL_PLANE | --management=MANAGEMENT) : [--memberships=[MEMBERSHIPS,...] : --location=LOCATION]]) [GCLOUD_WIDE_FLAG ...] @@ -35,22 +35,28 @@ REQUIRED FLAGS At least one of these must be specified: - --control-plane=CONTROL_PLANE - (DEPRECATED) Control plane management to update to. - - The --control-plane flag is now deprecated. Please use --management - instead. See - https://cloud.google.com/service-mesh/docs/managed/provision-managed-anthos-service-mesh. - CONTROL_PLANE must be one of: automatic, manual, unspecified. - - --management=MANAGEMENT - The management mode to update to. MANAGEMENT must be one of: - automatic, manual. - --origin=ORIGIN Changing the origin of the membership. ORIGIN must be (only one value is supported): fleet. + At most one of these can be specified: + + --config-api=CONFIG_API + The API to use for mesh configuration. CONFIG_API must be one of: + istio, gateway. + + --control-plane=CONTROL_PLANE + (DEPRECATED) Control plane management to update to. + + The --control-plane flag is now deprecated. Please use + --management instead. See + https://cloud.google.com/service-mesh/docs/managed/provision-managed-anthos-service-mesh. + CONTROL_PLANE must be one of: automatic, manual, unspecified. + + --management=MANAGEMENT + The management mode to update to. MANAGEMENT must be one of: + automatic, manual. + Membership resource - The group of arguments defining one or more memberships. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given diff --git a/gcloud/container/hub/mesh/update b/gcloud/container/hub/mesh/update index 95173a734..ade7b6a52 100644 --- a/gcloud/container/hub/mesh/update +++ b/gcloud/container/hub/mesh/update @@ -5,8 +5,8 @@ NAME SYNOPSIS gcloud container hub mesh update (--fleet-default-member-config=FLEET_DEFAULT_MEMBER_CONFIG - | [(--control-plane=CONTROL_PLANE - --management=MANAGEMENT --origin=ORIGIN) + | [(--origin=ORIGIN --config-api=CONFIG_API + | --control-plane=CONTROL_PLANE | --management=MANAGEMENT) : [--memberships=[MEMBERSHIPS,...] : --location=LOCATION]]) [GCLOUD_WIDE_FLAG ...] @@ -35,22 +35,28 @@ REQUIRED FLAGS At least one of these must be specified: - --control-plane=CONTROL_PLANE - (DEPRECATED) Control plane management to update to. - - The --control-plane flag is now deprecated. Please use --management - instead. See - https://cloud.google.com/service-mesh/docs/managed/provision-managed-anthos-service-mesh. - CONTROL_PLANE must be one of: automatic, manual, unspecified. - - --management=MANAGEMENT - The management mode to update to. MANAGEMENT must be one of: - automatic, manual. - --origin=ORIGIN Changing the origin of the membership. ORIGIN must be (only one value is supported): fleet. + At most one of these can be specified: + + --config-api=CONFIG_API + The API to use for mesh configuration. CONFIG_API must be one of: + istio, gateway. + + --control-plane=CONTROL_PLANE + (DEPRECATED) Control plane management to update to. + + The --control-plane flag is now deprecated. Please use + --management instead. See + https://cloud.google.com/service-mesh/docs/managed/provision-managed-anthos-service-mesh. + CONTROL_PLANE must be one of: automatic, manual, unspecified. + + --management=MANAGEMENT + The management mode to update to. MANAGEMENT must be one of: + automatic, manual. + Membership resource - The group of arguments defining one or more memberships. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given diff --git a/gcloud/container/node-pools/create b/gcloud/container/node-pools/create index eb474f225..20cd082d9 100644 --- a/gcloud/container/node-pools/create +++ b/gcloud/container/node-pools/create @@ -722,18 +722,14 @@ FLAGS net.core.netdev_max_backlog Any positive integer, less than 2147483647 - net.core.rmem_default Any positive - integer, less than - 2147483647 - net.core.rmem_max Any positive - integer, less than - 2147483647 - net.core.wmem_default Any positive - integer, less than - 2147483647 - net.core.wmem_max Any positive - integer, less than - 2147483647 + net.core.rmem_default Must be between + [2304, 2147483647] + net.core.rmem_max Must be between + [2304, 2147483647] + net.core.wmem_default Must be between + [4608, 2147483647] + net.core.wmem_max Must be between + [4608, 2147483647] net.core.optmem_max Any positive integer, less than 2147483647 diff --git a/gcloud/container/node-pools/update b/gcloud/container/node-pools/update index a1bb7ba05..794682ebe 100644 --- a/gcloud/container/node-pools/update +++ b/gcloud/container/node-pools/update @@ -327,18 +327,18 @@ REQUIRED FLAGS net.core.netdev_max_backlog Any positive integer, less than 2147483647 - net.core.rmem_default Any positive - integer, less - than 2147483647 - net.core.rmem_max Any positive - integer, less - than 2147483647 - net.core.wmem_default Any positive - integer, less - than 2147483647 - net.core.wmem_max Any positive - integer, less - than 2147483647 + net.core.rmem_default Must be between + [2304, + 2147483647] + net.core.rmem_max Must be between + [2304, + 2147483647] + net.core.wmem_default Must be between + [4608, + 2147483647] + net.core.wmem_max Must be between + [4608, + 2147483647] net.core.optmem_max Any positive integer, less than 2147483647 diff --git a/gcloud/dataflow/flex-template/build b/gcloud/dataflow/flex-template/build index a931e435d..b66f9f2c6 100644 --- a/gcloud/dataflow/flex-template/build +++ b/gcloud/dataflow/flex-template/build @@ -11,6 +11,7 @@ SYNOPSIS | --jar=[JAR,...] | --py-path=[PY_PATH,...])) [--additional-experiments=[ADDITIONAL_EXPERIMENTS,...]] [--additional-user-labels=[ADDITIONAL_USER_LABELS,...]] + [--cloud-build-service-account=CLOUD_BUILD_SERVICE_ACCOUNT] [--dataflow-kms-key=DATAFLOW_KMS_KEY] [--disable-public-ips] [--enable-streaming-engine] [--gcs-log-dir=GCS_LOG_DIR] [--image-repository-cert-path=IMAGE_REPOSITORY_CERT_PATH] @@ -131,6 +132,18 @@ OPTIONAL FLAGS --additional-user-labels=[ADDITIONAL_USER_LABELS,...] Default user labels to pass to the job. + --cloud-build-service-account=CLOUD_BUILD_SERVICE_ACCOUNT + Service account to run the Cloud Build in the format + projects/{project}/serviceAccounts/{service_account}. Ensure that the + account you are using to run 'gcloud dataflow flex-template build' has + 'ServiceAccountUser' role on the specified Cloud Build service account + you provide with the --cloud-build-service-account flag. The specified + service account must have required permissions to build the image. If + the specified service account is in a project that is different from + the project where you are starting builds, see + https://cloud.google.com/build/docs/securing-builds/configure-user-specified-service-accounts#cross-project_set_up + to grant the necessary access. + --dataflow-kms-key=DATAFLOW_KMS_KEY Default Cloud KMS key to protect the job resources. diff --git a/gcloud/dataplex/entries/create b/gcloud/dataplex/entries/create index 7f4ae7b5a..9c7611544 100644 --- a/gcloud/dataplex/entries/create +++ b/gcloud/dataplex/entries/create @@ -27,7 +27,7 @@ EXAMPLES projects/my-project/locations/us-central1/entryTypes/my-type, run: $ gcloud dataplex entries create my-dataplex-entry \ - --location=us-central --entry_group=my-entry-group \ + --location=us-central1 --entry_group=my-entry-group \ --entry-type \ projects/my-project/locations/us-central1/entryTypes/my-type @@ -35,7 +35,7 @@ EXAMPLES an existing entry my-parent-entry, run: $ gcloud dataplex entries create my-child-entry \ - --location=us-central --entry_group=my-entry-group \ + --location=us-central1 --entry_group=my-entry-group \ --entry-type \ projects/my-project/locations/us-central1/entryTypes/my-type \ --parent-entry \ @@ -45,7 +45,7 @@ EXAMPLES To create a Dataplex Entry with its description, display name, ancestors, labels and timestamps populated in its EntrySource, run: - $ gcloud dataplex entries create my-entry --location=us-central \ + $ gcloud dataplex entries create my-entry --location=us-central1 \ --entry_group=my-entry-group \ --entry-type \ projects/my-project/locations/us-central1/entryTypes/my-type \ @@ -67,7 +67,7 @@ EXAMPLES To create a Dataplex Entry reading its aspects from a YAML file, run: - $ gcloud dataplex entries create my-entry --location=us-central \ + $ gcloud dataplex entries create my-entry --location=us-central1 \ --entry_group=my-entry-group \ --entry-type \ projects/my-project/locations/us-central1/entryTypes/my-type \ diff --git a/gcloud/deploy/deploy-policies/add-iam-policy-binding b/gcloud/deploy/deploy-policies/add-iam-policy-binding new file mode 100644 index 000000000..f22361394 --- /dev/null +++ b/gcloud/deploy/deploy-policies/add-iam-policy-binding @@ -0,0 +1,139 @@ +NAME + gcloud deploy deploy-policies add-iam-policy-binding - add IAM policy + binding for a Cloud Deploy Policy + +SYNOPSIS + gcloud deploy deploy-policies add-iam-policy-binding + (DEPLOY_POLICY : --region=REGION) --member=PRINCIPAL --role=ROLE + [--condition=[KEY=VALUE,...] | --condition-from-file=PATH_TO_FILE] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Adds a policy binding to the IAM policy of a Cloud Deploy Policy. One + binding consists of a member and a role. + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +EXAMPLES + To add an IAM policy binding for the role of roles/clouddeploy.policyAdmin + for the user test-user@gmail.com on holiday-policy with the region + us-central1, run: + + $ gcloud deploy deploy-policies add-iam-policy-binding \ + holiday-policy --region='us-central1' \ + --member='user:test-user@gmail.com' \ + --role='roles/clouddeploy.policyAdmin' + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to add the IAM policy + binding. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + +REQUIRED FLAGS + --member=PRINCIPAL + The principal to add the binding for. Should be of the form + user|group|serviceAccount:email or domain:domain. + + Examples: user:test-user@gmail.com, group:admins@example.com, + serviceAccount:test123@example.domain.com, or + domain:example.domain.com. + + Some resources also accept the following special values: + ◆ allUsers - Special identifier that represents anyone who is on the + internet, with or without a Google account. + ◆ allAuthenticatedUsers - Special identifier that represents anyone + who is authenticated with a Google account or a service account. + + --role=ROLE + Role name to assign to the principal. The role name is the complete + path of a predefined role, such as roles/logging.viewer, or the role ID + for a custom role, such as + organizations/{ORGANIZATION_ID}/roles/logging.viewer. + +OPTIONAL FLAGS + At most one of these can be specified: + + --condition=[KEY=VALUE,...] + A condition to include in the binding. When the condition is + explicitly specified as None (--condition=None), a binding without a + condition is added. When the condition is specified and is not None, + --role cannot be a basic role. Basic roles are roles/editor, + roles/owner, and roles/viewer. For more on conditions, refer to the + conditions overview guide: + https://cloud.google.com/iam/docs/conditions-overview + + When using the --condition flag, include the following key-value + pairs: + + expression + (Required) Condition expression that evaluates to True or False. + This uses a subset of Common Expression Language syntax. + + If the condition expression includes a comma, use a different + delimiter to separate the key-value pairs. Specify the delimiter + before listing the key-value pairs. For example, to specify a + colon (:) as the delimiter, do the following: + --condition=^:^title=TITLE:expression=EXPRESSION. For more + information, see + https://cloud.google.com/sdk/gcloud/reference/topic/escaping. + + title + (Required) A short string describing the purpose of the + expression. + + description + (Optional) Additional description for the expression. + + --condition-from-file=PATH_TO_FILE + Path to a local JSON or YAML file that defines the condition. To see + available fields, see the help for --condition. Use a full or + relative path to a local file containing the value of condition. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + These variants are also available: + + $ gcloud alpha deploy deploy-policies add-iam-policy-binding + + $ gcloud beta deploy deploy-policies add-iam-policy-binding + diff --git a/gcloud/deploy/deploy-policies/get-iam-policy b/gcloud/deploy/deploy-policies/get-iam-policy new file mode 100644 index 000000000..3cd91d3af --- /dev/null +++ b/gcloud/deploy/deploy-policies/get-iam-policy @@ -0,0 +1,102 @@ +NAME + gcloud deploy deploy-policies get-iam-policy - get the IAM policy for a + Cloud Deploy Policy + +SYNOPSIS + gcloud deploy deploy-policies get-iam-policy + (DEPLOY_POLICY : --region=REGION) [--filter=EXPRESSION] [--limit=LIMIT] + [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud deploy deploy-policies get-iam-policy displays the IAM policy + associated with a Cloud Deploy Policy. If formatted as JSON, the output can + be edited and used as a policy file for set-iam-policy. The output includes + an "etag" field identifying the version emitted and allowing detection of + concurrent policy updates; see $ gcloud deploy deploy-policies + set-iam-policy for additional details. + +EXAMPLES + To print the IAM policy for a deploy policy my-holiday-policy in region + us-central1, run: + + $ gcloud deploy deploy-policies get-iam-policy my-holiday-policy \ + --region=us-central1 + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to display the IAM + policy. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + These variants are also available: + + $ gcloud alpha deploy deploy-policies get-iam-policy + + $ gcloud beta deploy deploy-policies get-iam-policy + diff --git a/gcloud/deploy/deploy-policies/help b/gcloud/deploy/deploy-policies/help index a4c8ea964..f5eff89c6 100644 --- a/gcloud/deploy/deploy-policies/help +++ b/gcloud/deploy/deploy-policies/help @@ -16,6 +16,9 @@ GCLOUD WIDE FLAGS COMMANDS COMMAND is one of the following: + add-iam-policy-binding + Add IAM policy binding for a Cloud Deploy Policy. + delete Delete a deploy policy. @@ -25,6 +28,15 @@ COMMANDS export Returns the .yaml definition of the specified deploy policy. + get-iam-policy + Get the IAM policy for a Cloud Deploy Policy. + + remove-iam-policy-binding + Remove an IAM policy binding for a Cloud Deploy Policy. + + set-iam-policy + Set the IAM policy for a Cloud Deploy Policy. + NOTES These variants are also available: diff --git a/gcloud/deploy/deploy-policies/remove-iam-policy-binding b/gcloud/deploy/deploy-policies/remove-iam-policy-binding new file mode 100644 index 000000000..b167b5010 --- /dev/null +++ b/gcloud/deploy/deploy-policies/remove-iam-policy-binding @@ -0,0 +1,144 @@ +NAME + gcloud deploy deploy-policies remove-iam-policy-binding - remove an IAM + policy binding for a Cloud Deploy Policy + +SYNOPSIS + gcloud deploy deploy-policies remove-iam-policy-binding + (DEPLOY_POLICY : --region=REGION) --member=PRINCIPAL --role=ROLE + [--all | --condition=[KEY=VALUE,...] + | --condition-from-file=PATH_TO_FILE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Removes a policy binding to the IAM policy of a Cloud Deploy Policy. One + binding consists of a member and a role. + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +EXAMPLES + To remove an IAM policy binding for the role of + roles/roles/clouddeploy.policyAdmin for the user test-user@gmail.com on + holiday-policy with the region us-central1, run: + + $ gcloud deploy deploy-policies remove-iam-policy-binding \ + holiday-policy --region='us-central1' \ + --member='user:test-user@gmail.com' \ + --role='roles/roles/clouddeploy.policyAdmin' + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to remove the IAM + policy binding. The arguments in this group can be used to specify the + attributes of this resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + +REQUIRED FLAGS + --member=PRINCIPAL + The principal to remove the binding for. Should be of the form + user|group|serviceAccount:email or domain:domain. + + Examples: user:test-user@gmail.com, group:admins@example.com, + serviceAccount:test123@example.domain.com, or + domain:example.domain.com. + + Deleted principals have an additional deleted: prefix and a ?uid=UID + suffix, where UID is a unique identifier for the principal. Example: + deleted:user:test-user@gmail.com?uid=123456789012345678901. + + Some resources also accept the following special values: + ◆ allUsers - Special identifier that represents anyone who is on the + internet, with or without a Google account. + ◆ allAuthenticatedUsers - Special identifier that represents anyone + who is authenticated with a Google account or a service account. + + --role=ROLE + The role to remove the principal from. + +OPTIONAL FLAGS + At most one of these can be specified: + + --all + Remove all bindings with this role and principal, irrespective of any + conditions. + + --condition=[KEY=VALUE,...] + The condition of the binding that you want to remove. When the + condition is explicitly specified as None (--condition=None), a + binding without a condition is removed. Otherwise, only a binding + with a condition that exactly matches the specified condition + (including the optional description) is removed. For more on + conditions, refer to the conditions overview guide: + https://cloud.google.com/iam/docs/conditions-overview + + When using the --condition flag, include the following key-value + pairs: + + expression + (Required) Condition expression that evaluates to True or False. + This uses a subset of Common Expression Language syntax. + + If the condition expression includes a comma, use a different + delimiter to separate the key-value pairs. Specify the delimiter + before listing the key-value pairs. For example, to specify a + colon (:) as the delimiter, do the following: + --condition=^:^title=TITLE:expression=EXPRESSION. For more + information, see + https://cloud.google.com/sdk/gcloud/reference/topic/escaping. + + title + (Required) A short string describing the purpose of the + expression. + + description + (Optional) Additional description for the expression. + + --condition-from-file=PATH_TO_FILE + Path to a local JSON or YAML file that defines the condition. To see + available fields, see the help for --condition. Use a full or + relative path to a local file containing the value of condition. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + These variants are also available: + + $ gcloud alpha deploy deploy-policies remove-iam-policy-binding + + $ gcloud beta deploy deploy-policies remove-iam-policy-binding + diff --git a/gcloud/deploy/deploy-policies/set-iam-policy b/gcloud/deploy/deploy-policies/set-iam-policy new file mode 100644 index 000000000..298af96b0 --- /dev/null +++ b/gcloud/deploy/deploy-policies/set-iam-policy @@ -0,0 +1,84 @@ +NAME + gcloud deploy deploy-policies set-iam-policy - set the IAM policy for a + Cloud Deploy Policy + +SYNOPSIS + gcloud deploy deploy-policies set-iam-policy + (DEPLOY_POLICY : --region=REGION) POLICY_FILE [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Set the IAM policy associated with a Cloud Deploy Policy. + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +EXAMPLES + The following command will read an IAM policy defined in a JSON file + policy.json and set it for a deploy policy with identifier + my-holiday-policy in region us-central1: + + $ gcloud deploy deploy-policies set-iam-policy my-holiday-policy \ + policy.json --region=us-central1 + + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +POSITIONAL ARGUMENTS + Deploy policy resource - The deploy policy for which to set the IAM + policy. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument deploy_policy on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOY_POLICY + ID of the deploy policy or fully qualified identifier for the deploy + policy. + + To set the deploy_policy attribute: + ▸ provide the argument deploy_policy on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + Location of the deploy policy. + + To set the region attribute: + ▸ provide the argument deploy_policy on the command line with a + fully specified name; + ▸ provide the argument --region on the command line; + ▸ set the property deploy/region. + + POLICY_FILE + Path to a local JSON or YAML formatted file containing a valid policy. + + The output of the get-iam-policy command is a valid file, as is any + JSON or YAML file conforming to the structure of a Policy + (https://cloud.google.com/iam/reference/rest/v1/Policy). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the clouddeploy/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/deploy/ + +NOTES + These variants are also available: + + $ gcloud alpha deploy deploy-policies set-iam-policy + + $ gcloud beta deploy deploy-policies set-iam-policy + diff --git a/gcloud/model-armor/floorsettings/describe b/gcloud/model-armor/floorsettings/describe new file mode 100644 index 000000000..7250b8c9e --- /dev/null +++ b/gcloud/model-armor/floorsettings/describe @@ -0,0 +1,28 @@ +NAME + gcloud model-armor floorsettings describe - describe the FloorSetting + resource + +SYNOPSIS + gcloud model-armor floorsettings describe [--full-uri=FULL_URI] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Displays the floor setting resource with the given name. + +FLAGS + --full-uri=FULL_URI + Full uri of the floor setting + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This variant is also available: + + $ gcloud alpha model-armor floorsettings describe + diff --git a/gcloud/model-armor/floorsettings/help b/gcloud/model-armor/floorsettings/help new file mode 100644 index 000000000..8e447aad3 --- /dev/null +++ b/gcloud/model-armor/floorsettings/help @@ -0,0 +1,28 @@ +NAME + gcloud model-armor floorsettings - manage FloorSettings resources + +SYNOPSIS + gcloud model-armor floorsettings COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage FloorSettings resources. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + Describe the FloorSetting resource. + + update + Update the FloorSetting resource. + +NOTES + This variant is also available: + + $ gcloud alpha model-armor floorsettings + diff --git a/gcloud/model-armor/floorsettings/update b/gcloud/model-armor/floorsettings/update new file mode 100644 index 000000000..93d9879a5 --- /dev/null +++ b/gcloud/model-armor/floorsettings/update @@ -0,0 +1,123 @@ +NAME + gcloud model-armor floorsettings update - update the FloorSetting resource + +SYNOPSIS + gcloud model-armor floorsettings update --full-uri=FULL_URI + [--enable-floor-setting-enforcement=ENABLE_FLOOR_SETTING_ENFORCEMENT] + [--malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT] + [--add-rai-settings-filters=confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE] | --clear-rai-settings-filters + | --rai-settings-filters=confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE] + | --remove-rai-settings-filters=confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE]] + [--advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT] + [--pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Updates the floor setting resource with the given name. + +REQUIRED FLAGS + --full-uri=FULL_URI + Full uri of the floor setting + +OPTIONAL FLAGS + --enable-floor-setting-enforcement=ENABLE_FLOOR_SETTING_ENFORCEMENT + Enable or disable the floor setting enforcement + + Malicious uri filter settings. + + --malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT + Malicious URI filter settings. + + RAI filter settings. + + At most one of these can be specified: + + --add-rai-settings-filters=confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Add rai filter settings. Sets add_rai_settings_filters value. + + Shorthand Example: + + --add-rai-settings-filters=string --add-rai-settings-filters=string + + JSON Example: + + --add-rai-settings-filters=["string"] + + File Example: + + --add-rai-settings-filters=path_to_file.(yaml|json) + + --clear-rai-settings-filters + Clear all rai filter settings. + + --rai-settings-filters=confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Set rai_settings_filters to new value. List of Responsible AI filters + enabled for floor setting. Sets rai_settings_filters value. + + Shorthand Example: + + --rai-settings-filters=string --rai-settings-filters=string + + JSON Example: + + --rai-settings-filters=["string"] + + File Example: + + --rai-settings-filters=path_to_file.(yaml|json) + + --remove-rai-settings-filters=confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Remove rai filter settings. Sets remove_rai_settings_filters value. + + Shorthand Example: + + --remove-rai-settings-filters=string --remove-rai-settings-filters=string + + JSON Example: + + --remove-rai-settings-filters=["string"] + + File Example: + + --remove-rai-settings-filters=path_to_file.(yaml|json) + + SDP filter settings. + + --advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE + The sdp filter settings enforcement. The value can be either "enable" + or "disable". + + --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE + The sdp filter settings enforcement. The value can be either "enable" + or "disable". + + --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT + The sdp filter settings enforcement. The value can be either + "ENABLED" or "DISABLED" + + PI and jailbreak filter settings. + + --pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL + The pi and jailbreak filter settings confidence level. The value can + be either "high", "medium-and-above" or "low-and-above" + + --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT + The pi and jailbreak filter settings enforcement. The value can be + either "enable" or "disable". + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This variant is also available: + + $ gcloud alpha model-armor floorsettings update + diff --git a/gcloud/model-armor/help b/gcloud/model-armor/help new file mode 100644 index 000000000..6ce9c9464 --- /dev/null +++ b/gcloud/model-armor/help @@ -0,0 +1,31 @@ +NAME + gcloud model-armor - model Armor is a service offering LLM-agnostic + security and AI safety measures to mitigate risks associated with large + language models (LLMs) + +SYNOPSIS + gcloud model-armor GROUP [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Model Armor is a service offering LLM-agnostic security and AI safety + measures to mitigate risks associated with large language models (LLMs). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +GROUPS + GROUP is one of the following: + + floorsettings + Manage FloorSettings resources. + + templates + Manage Template resources. + +NOTES + This variant is also available: + + $ gcloud alpha model-armor + diff --git a/gcloud/model-armor/templates/create b/gcloud/model-armor/templates/create new file mode 100644 index 000000000..212fba064 --- /dev/null +++ b/gcloud/model-armor/templates/create @@ -0,0 +1,257 @@ +NAME + gcloud model-armor templates create - create Model Armor Template + +SYNOPSIS + gcloud model-armor templates create (TEMPLATE : --location=LOCATION) + (--malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT --rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE] + --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT + | --advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE --pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT) + [--labels=[LABELS,...]] [--request-id=REQUEST_ID] + [--template-metadata-custom-llm-response-safety-error-code=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_CODE --template-metadata-custom-llm-response-safety-error-message=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_MESSAGE --template-metadata-custom-prompt-safety-error-code=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_CODE --template-metadata-custom-prompt-safety-error-message=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_MESSAGE --template-metadata-ignore-partial-invocation-failures --template-metadata-log-operations --template-metadata-log-sanitize-operations] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Creates a new Template in a given project and location. + +EXAMPLES + To create a Template, run: $ gcloud model-armor templates create my-template \ + --location=us-central1 \ + --malicious-uri-filter-settings-enforcement=enabled + +POSITIONAL ARGUMENTS + Template resource - Identifier. name of resource The arguments in this + group can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +REQUIRED FLAGS + Filters configuration. + + At least one of these must be specified: + + Malicious URI filter settings. + + --malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT + Tells whether the Malicious URI filter is enabled or disabled. + MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT must be one of: + + disabled + Disabled + enabled + Enabled + + Responsible AI Filter settings. + + --rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Required, List of Responsible AI filters enabled for template. + + confidenceLevel + Confidence level for this RAI filter. During data sanitization, + if data is classified under this filter with a confidence level + equal to or greater than the specified level, a positive match + is reported. If the confidence level is unspecified (i.e., 0), + the system will use a reasonable default level based on the + filter_type. + + filterType + Type of responsible AI filter. + + Shorthand Example: + + --rai-settings-filters=confidenceLevel=string,filterType=string --rai-settings-filters=confidenceLevel=string,filterType=string + + JSON Example: + + --rai-settings-filters='[{"confidenceLevel": "string", "filterType": "string"}]' + + File Example: + + --rai-settings-filters=path_to_file.(yaml|json) + + Sensitive Data Protection settings. + + Arguments for the sdp configuration. + + At most one of these can be specified: + + Sensitive Data Protection basic configuration. + + --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT + Tells whether the Sensitive Data Protection basic config is + enabled or disabled. BASIC_CONFIG_FILTER_ENFORCEMENT must be + one of: + + disabled + Disabled + enabled + Enabled + + Sensitive Data Protection Advanced configuration. + + --advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE + Optional Sensitive Data Protection Deidentify template resource + name. + + If provided then DeidentifyContent action is performed during + Sanitization using this template and inspect template. The + De-identified data will be returned in SdpDeidentifyResult. + Note that all info-types present in the deidentify template + must be present in inspect template. + + e.g. + organizations/{organization}/deidentifyTemplates/{deidentify_template}, + projects/{project}/deidentifyTemplates/{deidentify_template} + organizations/{organization}/locations/{location}/deidentifyTemplates/{deidentify_template} + projects/{project}/locations/{location}/deidentifyTemplates/{deidentify_template} + + --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE + Sensitive Data Protection inspect template resource name + + If only inspect template is provided (de-identify template not + provided), then Sensitive Data Protection InspectContent action + is performed during Sanitization. All Sensitive Data Protection + findings identified during inspection will be returned as + SdpFinding in SdpInsepctionResult e.g. + organizations/{organization}/inspectTemplates/{inspect_template}, + projects/{project}/inspectTemplates/{inspect_template} + organizations/{organization}/locations/{location}/inspectTemplates/{inspect_template} + projects/{project}/locations/{location}/inspectTemplates/{inspect_template} + + Prompt injection and Jailbreak Filter settings. + + --pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL + Confidence level for this filter. Confidence level is used to + determine the threshold for the filter. If detection confidence is + equal to or greater than the specified level, a positive match is + reported. Confidence level will only be used if the filter is + enabled. PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL must be + one of: + + high + Low chance of false positives. + low-and-above + Highest chance of a false positive. + medium-and-above + Some chance of false positives. + + --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT + Tells whether Prompt injection and Jailbreak filter is enabled or + disabled. PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT must be one + of: + + disabled + Enabled + enabled + Enabled + +OPTIONAL FLAGS + --labels=[LABELS,...] + Labels as key value pairs. + + KEY + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. + + VALUE + Values must contain only hyphens (-), underscores (_), lowercase + characters, and numbers. + + Shorthand Example: + + --labels=string=string + + JSON Example: + + --labels='{"string": "string"}' + + File Example: + + --labels=path_to_file.(yaml|json) + + --request-id=REQUEST_ID + An optional request ID to identify requests. Specify a unique request + ID so that if you must retry your request, the server will know to + ignore the request if it has already been completed. The server stores + the request ID for 60 minutes after the first request. + + For example, consider a situation where you make an initial request and + the request times out. If you make the request again with the same + request ID, the server can check if original operation with the same + request ID was received, and if so, will ignore the second request. + This prevents clients from accidentally creating duplicate commitments. + + The request ID must be a valid UUID with the exception that zero UUID + is not supported (00000000-0000-0000-0000-000000000000). + + Message describing TemplateMetadata + + --template-metadata-custom-llm-response-safety-error-code=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_CODE + Indicates the custom error code set by the user to be returned to the + end user if the LLM response trips Model Armor filters. + + --template-metadata-custom-llm-response-safety-error-message=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_MESSAGE + Indicates the custom error message set by the user to be returned to + the end user if the LLM response trips Model Armor filters. + + --template-metadata-custom-prompt-safety-error-code=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_CODE + Indicates the custom error code set by the user to be returned to the + end user by the service extension if the prompt trips Model Armor + filters. + + --template-metadata-custom-prompt-safety-error-message=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_MESSAGE + Indicates the custom error message set by the user to be returned to + the end user if the prompt trips Model Armor filters. + + --template-metadata-ignore-partial-invocation-failures + If true, partial detector failures should be ignored. + + --template-metadata-log-operations + If true, log template crud operations. + + --template-metadata-log-sanitize-operations + If true, log sanitize operations. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1 API. The full documentation for this + API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This variant is also available: + + $ gcloud alpha model-armor templates create + diff --git a/gcloud/model-armor/templates/delete b/gcloud/model-armor/templates/delete new file mode 100644 index 000000000..b0c2697bf --- /dev/null +++ b/gcloud/model-armor/templates/delete @@ -0,0 +1,78 @@ +NAME + gcloud model-armor templates delete - delete Model Armor Template + +SYNOPSIS + gcloud model-armor templates delete (TEMPLATE : --location=LOCATION) + [--request-id=REQUEST_ID] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Deletes a Template. + +EXAMPLES + To delete a Template, run: $ gcloud model-armor templates delete my-template \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Template resource - Name of the resource The arguments in this group can + be used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +FLAGS + --request-id=REQUEST_ID + An optional request ID to identify requests. Specify a unique request + ID so that if you must retry your request, the server will know to + ignore the request if it has already been completed. The server stores + the request ID for 60 minutes after the first request. + + For example, consider a situation where you make an initial request and + the request times out. If you make the request again with the same + request ID, the server can check if original operation with the same + request ID was received, and if so, will ignore the second request. + This prevents clients from accidentally creating duplicate commitments. + + The request ID must be a valid UUID with the exception that zero UUID + is not supported (00000000-0000-0000-0000-000000000000). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1 API. The full documentation for this + API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This variant is also available: + + $ gcloud alpha model-armor templates delete + diff --git a/gcloud/model-armor/templates/describe b/gcloud/model-armor/templates/describe new file mode 100644 index 000000000..3cd622ce4 --- /dev/null +++ b/gcloud/model-armor/templates/describe @@ -0,0 +1,62 @@ +NAME + gcloud model-armor templates describe - get Model Armor Template + +SYNOPSIS + gcloud model-armor templates describe (TEMPLATE : --location=LOCATION) + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Gets a Template. + +EXAMPLES + To get a Template, run: $ gcloud model-armor templates describe my-template \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Template resource - Name of the resource The arguments in this group can + be used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1 API. The full documentation for this + API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This variant is also available: + + $ gcloud alpha model-armor templates describe + diff --git a/gcloud/model-armor/templates/help b/gcloud/model-armor/templates/help new file mode 100644 index 000000000..e39427c36 --- /dev/null +++ b/gcloud/model-armor/templates/help @@ -0,0 +1,43 @@ +NAME + gcloud model-armor templates - manage Template resources + +SYNOPSIS + gcloud model-armor templates COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage Template resources. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + create + Create Model Armor Template. + + delete + Delete Model Armor Template. + + describe + Get Model Armor Template. + + list + List Model Armor Templates. + + sanitize-model-response + Sanitize Model Response. + + sanitize-user-prompt + Sanitize User Prompt. + + update + Update Model Armor Template. + +NOTES + This variant is also available: + + $ gcloud alpha model-armor templates + diff --git a/gcloud/model-armor/templates/list b/gcloud/model-armor/templates/list new file mode 100644 index 000000000..35b8d2b57 --- /dev/null +++ b/gcloud/model-armor/templates/list @@ -0,0 +1,83 @@ +NAME + gcloud model-armor templates list - list Model Armor Templates + +SYNOPSIS + gcloud model-armor templates list --location=LOCATION [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Lists Templates in a given project and location. + +EXAMPLES + To list Templates in a given project and location, run: $ gcloud model-armor templates list list --location=us-central1 + +REQUIRED FLAGS + Location resource - Parent value for ListTemplatesRequest This represents + a Cloud resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument --location on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + --location=LOCATION + ID of the location or fully qualified identifier for the location. + + To set the location attribute: + ▸ provide the argument --location on the command line. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1 API. The full documentation for this + API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This variant is also available: + + $ gcloud alpha model-armor templates list + diff --git a/gcloud/model-armor/templates/sanitize-model-response b/gcloud/model-armor/templates/sanitize-model-response new file mode 100644 index 000000000..a1842c549 --- /dev/null +++ b/gcloud/model-armor/templates/sanitize-model-response @@ -0,0 +1,102 @@ +NAME + gcloud model-armor templates sanitize-model-response - sanitize Model + Response + +SYNOPSIS + gcloud model-armor templates sanitize-model-response + (TEMPLATE : --location=LOCATION) [--user-prompt=USER_PROMPT] + [--model-response-data-text=MODEL_RESPONSE_DATA_TEXT + | --model-response-data-byte-item-from-file=PATH_TO_FILE + --model-response-data-byte-item-type=MODEL_RESPONSE_DATA_BYTE_ITEM_TYPE] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Sanitizes a model response. + +EXAMPLES + To sanitize a model response, run: $ gcloud model-armor templates sanitize-model-response my-template \ + --location=us-central1 \ + --model-response-data="test-model-response" + +POSITIONAL ARGUMENTS + Template resource - Represents resource name of template e.g. + name=projects/sample-project/locations/us-central1/templates/templ01 The + arguments in this group can be used to specify the attributes of this + resource. (NOTE) Some attributes are not given arguments in this group but + can be set in other ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +FLAGS + --user-prompt=USER_PROMPT + User Prompt associated with Model response. + + Arguments for the data item. + + At most one of these can be specified: + + --model-response-data-text=MODEL_RESPONSE_DATA_TEXT + Plaintext string data for sanitization. + + Represents Byte Data item. + + --model-response-data-byte-item-from-file=PATH_TO_FILE + Bytes Data. Use a full or relative path to a local file containing + the value of model_response_data_byte_item. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --model-response-data-byte-item-type=MODEL_RESPONSE_DATA_BYTE_ITEM_TYPE + The type of byte data. MODEL_RESPONSE_DATA_BYTE_ITEM_TYPE must be + one of: + + pdf + PDF + plaintext-utf8 + plain text + + This flag argument must be specified if any of the other arguments + in this group are specified. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1 API. The full documentation for this + API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This variant is also available: + + $ gcloud alpha model-armor templates sanitize-model-response + diff --git a/gcloud/model-armor/templates/sanitize-user-prompt b/gcloud/model-armor/templates/sanitize-user-prompt new file mode 100644 index 000000000..6433a2840 --- /dev/null +++ b/gcloud/model-armor/templates/sanitize-user-prompt @@ -0,0 +1,95 @@ +NAME + gcloud model-armor templates sanitize-user-prompt - sanitize User Prompt + +SYNOPSIS + gcloud model-armor templates sanitize-user-prompt + (TEMPLATE : --location=LOCATION) + [--user-prompt-data-text=USER_PROMPT_DATA_TEXT + | --byte-item-data-from-file=PATH_TO_FILE + --byte-item-data-type=BYTE_ITEM_DATA_TYPE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Sanitizes a user prompt. + +EXAMPLES + To sanitize a user prompt, run: $ gcloud model-armor templates sanitize-user-prompt my-template \ + --location=us-central1 --user-prompt-data="test-user-prompt" + +POSITIONAL ARGUMENTS + Template resource - Represents resource name of template e.g. + name=projects/sample-project/locations/us-central1/templates/templ01 The + arguments in this group can be used to specify the attributes of this + resource. (NOTE) Some attributes are not given arguments in this group but + can be set in other ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +FLAGS + Arguments for the data item. + + At most one of these can be specified: + + --user-prompt-data-text=USER_PROMPT_DATA_TEXT + Plaintext string data for sanitization. + + Represents Byte Data item. + + --byte-item-data-from-file=PATH_TO_FILE + Bytes Data. Use a full or relative path to a local file containing + the value of byte_item_data. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --byte-item-data-type=BYTE_ITEM_DATA_TYPE + The type of byte data. BYTE_ITEM_DATA_TYPE must be one of: + + pdf + PDF + plaintext-utf8 + plain text + + This flag argument must be specified if any of the other arguments + in this group are specified. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1 API. The full documentation for this + API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This variant is also available: + + $ gcloud alpha model-armor templates sanitize-user-prompt + diff --git a/gcloud/model-armor/templates/update b/gcloud/model-armor/templates/update new file mode 100644 index 000000000..932d6e459 --- /dev/null +++ b/gcloud/model-armor/templates/update @@ -0,0 +1,370 @@ +NAME + gcloud model-armor templates update - update Model Armor Template + +SYNOPSIS + gcloud model-armor templates update (TEMPLATE : --location=LOCATION) + [--request-id=REQUEST_ID] + [--clear-filter-config + --malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT | --advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE --pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT --rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE] + | --add-rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE] --clear-rai-settings-filters + | --remove-rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL], + [filterType=FILTERTYPE]] + [--clear-template-metadata + --template-metadata-custom-llm-response-safety-error-code=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_CODE --template-metadata-custom-llm-response-safety-error-message=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_MESSAGE --template-metadata-custom-prompt-safety-error-code=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_CODE --template-metadata-custom-prompt-safety-error-message=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_MESSAGE --[no-]template-metadata-ignore-partial-invocation-failures --[no-]template-metadata-log-operations --[no-]template-metadata-log-sanitize-operations] + [--labels=[LABELS,...] + | --update-labels=[UPDATE_LABELS,...] --clear-labels + | --remove-labels=[__REMOVE_LABELS,...]] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Updates a Template. + +EXAMPLES + To update a Template, run: $ gcloud model-armor templates update my-template \ + --location=us-central1 --clear-labels + +POSITIONAL ARGUMENTS + Template resource - Identifier. name of resource The arguments in this + group can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument template on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TEMPLATE + ID of the template or fully qualified identifier for the template. + + To set the template attribute: + ▸ provide the argument template on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location id of the template resource. + + To set the location attribute: + ▸ provide the argument template on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +FLAGS + --request-id=REQUEST_ID + An optional request ID to identify requests. Specify a unique request + ID so that if you must retry your request, the server will know to + ignore the request if it has already been completed. The server stores + the request ID for 60 minutes after the first request. + + For example, consider a situation where you make an initial request and + the request times out. If you make the request again with the same + request ID, the server can check if original operation with the same + request ID was received, and if so, will ignore the second request. + This prevents clients from accidentally creating duplicate commitments. + + The request ID must be a valid UUID with the exception that zero UUID + is not supported (00000000-0000-0000-0000-000000000000). + + Filters configuration. + + --clear-filter-config + Set template.filterConfig back to default value. + + Malicious URI filter settings. + + --malicious-uri-filter-settings-enforcement=MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT + Tells whether the Malicious URI filter is enabled or disabled. + MALICIOUS_URI_FILTER_SETTINGS_ENFORCEMENT must be one of: + + disabled + Disabled + enabled + Enabled + + Sensitive Data Protection settings. + + Arguments for the sdp configuration. + + At most one of these can be specified: + + Sensitive Data Protection basic configuration. + + --basic-config-filter-enforcement=BASIC_CONFIG_FILTER_ENFORCEMENT + Tells whether the Sensitive Data Protection basic config is + enabled or disabled. BASIC_CONFIG_FILTER_ENFORCEMENT must be + one of: + + disabled + Disabled + enabled + Enabled + + Sensitive Data Protection Advanced configuration. + + --advanced-config-deidentify-template=ADVANCED_CONFIG_DEIDENTIFY_TEMPLATE + Optional Sensitive Data Protection Deidentify template resource + name. + + If provided then DeidentifyContent action is performed during + Sanitization using this template and inspect template. The + De-identified data will be returned in SdpDeidentifyResult. + Note that all info-types present in the deidentify template + must be present in inspect template. + + e.g. + organizations/{organization}/deidentifyTemplates/{deidentify_template}, + projects/{project}/deidentifyTemplates/{deidentify_template} + organizations/{organization}/locations/{location}/deidentifyTemplates/{deidentify_template} + projects/{project}/locations/{location}/deidentifyTemplates/{deidentify_template} + + --advanced-config-inspect-template=ADVANCED_CONFIG_INSPECT_TEMPLATE + Sensitive Data Protection inspect template resource name + + If only inspect template is provided (de-identify template not + provided), then Sensitive Data Protection InspectContent action + is performed during Sanitization. All Sensitive Data Protection + findings identified during inspection will be returned as + SdpFinding in SdpInsepctionResult e.g. + organizations/{organization}/inspectTemplates/{inspect_template}, + projects/{project}/inspectTemplates/{inspect_template} + organizations/{organization}/locations/{location}/inspectTemplates/{inspect_template} + projects/{project}/locations/{location}/inspectTemplates/{inspect_template} + + Prompt injection and Jailbreak Filter settings. + + --pi-and-jailbreak-filter-settings-confidence-level=PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL + Confidence level for this filter. Confidence level is used to + determine the threshold for the filter. If detection confidence is + equal to or greater than the specified level, a positive match is + reported. Confidence level will only be used if the filter is + enabled. PI_AND_JAILBREAK_FILTER_SETTINGS_CONFIDENCE_LEVEL must be + one of: + + high + Low chance of false positives. + low-and-above + Highest chance of a false positive. + medium-and-above + Some chance of false positives. + + --pi-and-jailbreak-filter-settings-enforcement=PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT + Tells whether Prompt injection and Jailbreak filter is enabled or + disabled. PI_AND_JAILBREAK_FILTER_SETTINGS_ENFORCEMENT must be one + of: + + disabled + Enabled + enabled + Enabled + + Responsible AI Filter settings. + + Update rai_settings_filters. + + At most one of these can be specified: + + --rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Set rai_settings_filters to new value. List of Responsible AI + filters enabled for template. + + confidenceLevel + Confidence level for this RAI filter. During data + sanitization, if data is classified under this filter with a + confidence level equal to or greater than the specified + level, a positive match is reported. If the confidence level + is unspecified (i.e., 0), the system will use a reasonable + default level based on the filter_type. + + filterType + Type of responsible AI filter. + + Shorthand Example: + + --rai-settings-filters=confidenceLevel=string,filterType=string --rai-settings-filters=confidenceLevel=string,filterType=string + + JSON Example: + + --rai-settings-filters='[{"confidenceLevel": "string", "filterType": "string"}]' + + File Example: + + --rai-settings-filters=path_to_file.(yaml|json) + + --add-rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Add new value to rai_settings_filters list. List of Responsible + AI filters enabled for template. + + confidenceLevel + Confidence level for this RAI filter. During data + sanitization, if data is classified under this filter with a + confidence level equal to or greater than the specified + level, a positive match is reported. If the confidence level + is unspecified (i.e., 0), the system will use a reasonable + default level based on the filter_type. + + filterType + Type of responsible AI filter. + + Shorthand Example: + + --add-rai-settings-filters=confidenceLevel=string,filterType=string --add-rai-settings-filters=confidenceLevel=string,filterType=string + + JSON Example: + + --add-rai-settings-filters='[{"confidenceLevel": "string", "filterType": "string"}]' + + File Example: + + --add-rai-settings-filters=path_to_file.(yaml|json) + + At most one of these can be specified: + + --clear-rai-settings-filters + Clear rai_settings_filters value and set to empty list. + + --remove-rai-settings-filters=[confidenceLevel=CONFIDENCELEVEL],[filterType=FILTERTYPE] + Remove existing value from rai_settings_filters list. List of + Responsible AI filters enabled for template. + + confidenceLevel + Confidence level for this RAI filter. During data + sanitization, if data is classified under this filter with + a confidence level equal to or greater than the specified + level, a positive match is reported. If the confidence + level is unspecified (i.e., 0), the system will use a + reasonable default level based on the filter_type. + + filterType + Type of responsible AI filter. + + Shorthand Example: + + --remove-rai-settings-filters=confidenceLevel=string,filterType=string --remove-rai-settings-filters=confidenceLevel=string,filterType=string + + JSON Example: + + --remove-rai-settings-filters='[{"confidenceLevel": "string", "filterType": "string"}]' + + File Example: + + --remove-rai-settings-filters=path_to_file.(yaml|json) + + Message describing TemplateMetadata + + --clear-template-metadata + Set template.templateMetadata back to default value. + + --template-metadata-custom-llm-response-safety-error-code=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_CODE + Indicates the custom error code set by the user to be returned to the + end user if the LLM response trips Model Armor filters. + + --template-metadata-custom-llm-response-safety-error-message=TEMPLATE_METADATA_CUSTOM_LLM_RESPONSE_SAFETY_ERROR_MESSAGE + Indicates the custom error message set by the user to be returned to + the end user if the LLM response trips Model Armor filters. + + --template-metadata-custom-prompt-safety-error-code=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_CODE + Indicates the custom error code set by the user to be returned to the + end user by the service extension if the prompt trips Model Armor + filters. + + --template-metadata-custom-prompt-safety-error-message=TEMPLATE_METADATA_CUSTOM_PROMPT_SAFETY_ERROR_MESSAGE + Indicates the custom error message set by the user to be returned to + the end user if the prompt trips Model Armor filters. + + --[no-]template-metadata-ignore-partial-invocation-failures + If true, partial detector failures should be ignored. Use + --template-metadata-ignore-partial-invocation-failures to enable and + --no-template-metadata-ignore-partial-invocation-failures to disable. + + --[no-]template-metadata-log-operations + If true, log template crud operations. Use + --template-metadata-log-operations to enable and + --no-template-metadata-log-operations to disable. + + --[no-]template-metadata-log-sanitize-operations + If true, log sanitize operations. Use + --template-metadata-log-sanitize-operations to enable and + --no-template-metadata-log-sanitize-operations to disable. + + Update labels. + + At most one of these can be specified: + + --labels=[LABELS,...] + Set labels to new value. Labels as key value pairs. + + KEY + Keys must start with a lowercase character and contain only + hyphens (-), underscores (_), lowercase characters, and numbers. + + VALUE + Values must contain only hyphens (-), underscores (_), lowercase + characters, and numbers. + + Shorthand Example: + + --labels=string=string + + JSON Example: + + --labels='{"string": "string"}' + + File Example: + + --labels=path_to_file.(yaml|json) + + --update-labels=[UPDATE_LABELS,...] + Update labels value or add key value pair. Labels as key value pairs. + + KEY + Keys must start with a lowercase character and contain only + hyphens (-), underscores (_), lowercase characters, and numbers. + + VALUE + Values must contain only hyphens (-), underscores (_), lowercase + characters, and numbers. + + Shorthand Example: + + --update-labels=string=string + + JSON Example: + + --update-labels='{"string": "string"}' + + File Example: + + --update-labels=path_to_file.(yaml|json) + + At most one of these can be specified: + + --clear-labels + Clear labels value and set to empty map. + + --remove-labels=[__REMOVE_LABELS,...] + Remove existing value from map labels. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the modelarmor/v1 API. The full documentation for this + API can be found at: + https://cloud.google.com/security-command-center/docs/model-armor-overview + +NOTES + This variant is also available: + + $ gcloud alpha model-armor templates update + diff --git a/gcloud/monitoring/snoozes/create b/gcloud/monitoring/snoozes/create index 6f4a1c66d..3cd99464a 100644 --- a/gcloud/monitoring/snoozes/create +++ b/gcloud/monitoring/snoozes/create @@ -3,7 +3,8 @@ NAME SYNOPSIS gcloud monitoring snoozes create [--snooze-from-file=PATH_TO_FILE] - [--criteria-policies=CRITERIA_POLICIES,[...] + [--criteria-filter=CRITERIA_FILTER + --criteria-policies=CRITERIA_POLICIES,[...] --display-name=DISPLAY_NAME --end-time=END_TIME --start-time=START_TIME] [GCLOUD_WIDE_FLAG ...] @@ -21,7 +22,7 @@ EXAMPLES To create a snooze with command-line options, run: $ gcloud monitoring snoozes create \ - --criteria-policies=LIST_OF_POLICIES \ + --criteria-policies=LIST_OF_POLICIES --criteria-filter=FILTER \ --display-name=DISPLAY_NAME --start-time=START_TIME \ --end-time=END_TIME @@ -34,6 +35,7 @@ EXAMPLES criteria: policies: - projects/MY-PROJECT/alertPolicies/MY-POLICY + filter: 'resource.labels.zone="us-central1-a" AND resource.labels.instance_id="1234567890"' interval: startTime: '2024-03-01T08:00:00Z' endTime: '2024-03-08T04:59:59.500Z' @@ -47,8 +49,20 @@ FLAGS Snooze Settings. If any of these are specified, they will overwrite fields in the --snooze-from-file flags if specified. + --criteria-filter=CRITERIA_FILTER + The filter that the Snooze applies to, which is a string to match on + Alert fields when silencing the alerts. It follows the standard + https://google.aip.dev/160 syntax. Filters can be defined for snoozes + that apply to one alerting policy. Filters must be a string formatted + as one or more resource labels with specific label values. If + multiple resource labels are used, then they must be connected with + an AND operator. For example: + resource.labels.instance_id="1234567890" AND + resource.labels.zone="us-central1-a" + --criteria-policies=CRITERIA_POLICIES,[...] - The policies that the Snooze applies to. + The policies that the Snooze applies to. Exactly 1 alert policy is + required if criteria-filter is specified at the same time. --display-name=DISPLAY_NAME The display name for the Snooze. diff --git a/gcloud/scc/findings/group b/gcloud/scc/findings/group index ac6ec99fd..64b12c3b7 100644 --- a/gcloud/scc/findings/group +++ b/gcloud/scc/findings/group @@ -92,8 +92,8 @@ FLAGS must be a specified field in 'group_by'. See $ gcloud topic datetimes for information on supported duration formats. - The --compare-duration option is deprecated. For more information, [see - the deprecation notice] + The --compare-duration option is deprecated. For more information, see + the deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. @@ -151,8 +151,8 @@ FLAGS this field will default to the API's version of NOW. See $ gcloud topic datetimes for information on supported time formats. - The --read-time option is deprecated. For more information, [see the - deprecation notice] + The --read-time option is deprecated. For more information, see the + deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. diff --git a/gcloud/scc/findings/list b/gcloud/scc/findings/list index 3b0236866..b387b5d70 100644 --- a/gcloud/scc/findings/list +++ b/gcloud/scc/findings/list @@ -107,8 +107,8 @@ FLAGS must be a specified field in 'group_by'. See $ gcloud topic datetimes for information on supported duration formats. - The --compare-duration option is deprecated. For more information, [see - the deprecation notice] + The --compare-duration option is deprecated. For more information, see + the deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. @@ -153,8 +153,8 @@ FLAGS this field will default to the API's version of NOW. See $ gcloud topic datetimes for information on supported time formats. - The --read-time option is deprecated. For more information, [see the - deprecation notice] + The --read-time option is deprecated. For more information, see the + deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. diff --git a/gcloud/scc/findings/list-marks b/gcloud/scc/findings/list-marks index fcaafb274..4843efd25 100644 --- a/gcloud/scc/findings/list-marks +++ b/gcloud/scc/findings/list-marks @@ -99,8 +99,8 @@ FLAGS this field will default to the API's version of NOW. See $ gcloud topic datetimes for information on supported time formats. - The --read-time option is deprecated. For more information, [see the - deprecation notice] + The --read-time option is deprecated. For more information, see the + deprecation notice (https://cloud.google.com/security-command-center/docs/release-notes#April_15_2024) on the SCC release notes page. diff --git a/gcloud/spanner/instances/help b/gcloud/spanner/instances/help index 4e0b549bd..6e6f51983 100644 --- a/gcloud/spanner/instances/help +++ b/gcloud/spanner/instances/help @@ -37,7 +37,8 @@ COMMANDS List the Cloud Spanner instances in this project. move - Move the Cloud Spanner instance to the specified instance config. + Move the Cloud Spanner instance to the specified instance + configuration. remove-iam-policy-binding Remove IAM policy binding of a Cloud Spanner instance. diff --git a/gcloud/spanner/instances/move b/gcloud/spanner/instances/move index 428e5bd1f..d5d00631c 100644 --- a/gcloud/spanner/instances/move +++ b/gcloud/spanner/instances/move @@ -1,17 +1,30 @@ NAME gcloud spanner instances move - move the Cloud Spanner instance to the - specified instance config + specified instance configuration SYNOPSIS gcloud spanner instances move INSTANCE --target-config=TARGET_CONFIG - [GCLOUD_WIDE_FLAG ...] + [--target-database-move-configs=[^:^database-id=DATABASE_ID:kms-key-names=KEY1, + KEY2,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - Move the Cloud Spanner instance to the specified instance config. + Move the Cloud Spanner instance to the specified instance configuration. EXAMPLES - To move the Cloud Spanner instance to the target instance configuration, - run: $ gcloud spanner instances move my-instance-id --target-config=nam3 + To move the Cloud Spanner instance, which has two CMEK-enabled databases + db1 and db2 and a database db3 with Google-managed encryption keys, to the + target instance configuration nam3 (us-east4, us-east1, us-central1), run: $ gcloud spanner instances move my-instance-id \ + --target-config=nam3 \ + --target-database-move-configs=^:^database-id=db1:kms-key-names=\ + projects/myproject/locations/us-east4/keyRings/mykeyring/\ + cryptoKeys/cmek-key,projects/myproject/locations/us-east1/keyRings/\ + mykeyring/cryptoKeys/cmek-key,projects/myproject/locations/\ + us-central1/keyRings/mykeyring/cryptoKeys/cmek-key \ + --target-database-move-configs=^:^database-id=db2:kms-key-names=\ + projects/myproject/locations/us-east4/keyRings/mykeyring/\ + cryptoKeys/cmek-key,projects/myproject/locations/us-east1/keyRings/\ + mykeyring/cryptoKeys/cmek-key,projects/myproject/locations/\ + us-central1/keyRings/mykeyring/cryptoKeys/cmek-key POSITIONAL ARGUMENTS INSTANCE @@ -21,6 +34,30 @@ REQUIRED FLAGS --target-config=TARGET_CONFIG Target Instance configuration to move the instances. +OPTIONAL FLAGS + --target-database-move-configs=[^:^database-id=DATABASE_ID:kms-key-names=KEY1,KEY2,...] + Database level configurations for each database to be moved. Currently + only used for CMEK-enabled databases to specificy the target database + KMS keys. Sets target_database_move_configs value. + + database-id + Required, Sets database-id value. + + kms-key-names + Sets kms-key-names value. + + Shorthand Example: + + --target-database-move-configs=database-id=string,kms-key-names=string --target-database-move-configs=database-id=string,kms-key-names=string + + JSON Example: + + --target-database-move-configs='[{"database-id": "string", "kms-key-names": "string"}]' + + File Example: + + --target-database-move-configs=path_to_file.(yaml|json) + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/storage/buckets/create b/gcloud/storage/buckets/create index 8a8248133..36e069e38 100644 --- a/gcloud/storage/buckets/create +++ b/gcloud/storage/buckets/create @@ -123,10 +123,9 @@ FLAGS --soft-delete-duration=SOFT_DELETE_DURATION Duration to retain soft-deleted objects. For example, "2w1d" is two - weeks and one day. The presence of this flag creates a bucket with a - soft delete policy enabled, meaning deleted objects can be restored if - requested within the inputted duration. See gcloud topic datetimes for - more information on the duration format. + weeks and one day. See gcloud topic datetimes for more information on + the duration format. Setting 0 will disable soft delete policy on the + bucket. Default is 7 days. --[no-]uniform-bucket-level-access, -b Turns on uniform bucket-level access setting. Default is False. Use diff --git a/gcloud/workbench/instances/update b/gcloud/workbench/instances/update index 904420301..b246a183d 100644 --- a/gcloud/workbench/instances/update +++ b/gcloud/workbench/instances/update @@ -7,6 +7,8 @@ SYNOPSIS [--machine-type=MACHINE_TYPE --metadata=[KEY=VALUE,...] --tags=[TAGS,...] --accelerator-core-count=ACCELERATOR_CORE_COUNT --accelerator-type=ACCELERATOR_TYPE + [--container-repository=CONTAINER_REPOSITORY + : --container-tag=CONTAINER_TAG] --custom-gpu-driver-path=CUSTOM_GPU_DRIVER_PATH --install-gpu-driver=INSTALL_GPU_DRIVER --shielded-integrity-monitoring=SHIELDED_INTEGRITY_MONITORING @@ -98,6 +100,19 @@ FLAGS NVIDIA_TESLA_P4_VWS, NVIDIA_L4, NVIDIA_H100_80GB, NVIDIA_H100_MEGA_80GB. + Container image configurations. + + --container-repository=CONTAINER_REPOSITORY + The path to the container image repository. For example: + gcr.io/{project_id}/{image_name}. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --container-tag=CONTAINER_TAG + The tag of the container image. If not specified, this defaults to + the latest tag. + GPU driver configurations. --custom-gpu-driver-path=CUSTOM_GPU_DRIVER_PATH diff --git a/gcloud/workstations/configs/update b/gcloud/workstations/configs/update index d7315b2e7..bd7e5bd9b 100644 --- a/gcloud/workstations/configs/update +++ b/gcloud/workstations/configs/update @@ -17,8 +17,7 @@ SYNOPSIS [--idle-timeout=IDLE_TIMEOUT] [--labels=[LABELS,...]] [--machine-type=MACHINE_TYPE] [--max-usable-workstations-count=MAX_USABLE_WORKSTATIONS_COUNT] - [--network-tags=[NETWORK_TAGS,...]] - [--pd-source-snapshot=PD_SOURCE_SNAPSHOT] [--pool-size=POOL_SIZE] + [--network-tags=[NETWORK_TAGS,...]] [--pool-size=POOL_SIZE] [--running-timeout=RUNNING_TIMEOUT] [--service-account=SERVICE_ACCOUNT] [--service-account-scopes=[SERVICE_ACCOUNT_SCOPES,...]] [--shielded-integrity-monitoring] [--shielded-secure-boot] @@ -29,6 +28,8 @@ SYNOPSIS | --container-predefined-image=CONTAINER_PREDEFINED_IMAGE] [--disable-ssh-to-vm | --enable-ssh-to-vm] [--disable-tcp-connections | --enable-tcp-connections] + [--pd-source-snapshot=PD_SOURCE_SNAPSHOT | --pd-disk-size=PD_DISK_SIZE + --pd-disk-type=PD_DISK_TYPE; default="pd-standard"] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -215,9 +216,6 @@ FLAGS $ gcloud workstations configs update --network-tags=tag_1,tag_2 - --pd-source-snapshot=PD_SOURCE_SNAPSHOT - Name of the snapshot to use as the source for the home disk. - --pool-size=POOL_SIZE Number of instances to pool for faster Workstation startup. @@ -323,6 +321,23 @@ FLAGS --enable-tcp-connections If set, workstations allow plain TCP connections. + At most one of these can be specified: + + --pd-source-snapshot=PD_SOURCE_SNAPSHOT + Name of the snapshot to use as the source for the persistent + directory. + + --pd-source-snapshot cannot be specified when --pd-disk-size or + --pd-disk-type is specified. + + --pd-disk-size=PD_DISK_SIZE + Size of the persistent directory in GB. PD_DISK_SIZE must be one + of: 10, 50, 100, 200, 500, 1000. + + --pd-disk-type=PD_DISK_TYPE; default="pd-standard" + Type of the persistent directory. PD_DISK_TYPE must be one of: + pd-standard, pd-balanced, pd-ssd. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format,