diff --git a/gcloud/_version b/gcloud/_version index 529a3c6e7..973ed6825 100644 --- a/gcloud/_version +++ b/gcloud/_version @@ -1,8 +1,8 @@ -Google Cloud SDK 440.0.0 -alpha 2023.07.21 -beta 2023.07.21 -bq 2.0.94 +Google Cloud SDK 441.0.0 +alpha 2023.07.28 +beta 2023.07.28 +bq 2.0.95 bundled-python3-unix 3.9.16 -core 2023.07.21 +core 2023.07.28 gcloud-crc32c 1.0.0 gsutil 5.25 diff --git a/gcloud/alpha/bigtable/app-profiles/update b/gcloud/alpha/bigtable/app-profiles/update index b7bdbe1c5..72e48cfb4 100644 --- a/gcloud/alpha/bigtable/app-profiles/update +++ b/gcloud/alpha/bigtable/app-profiles/update @@ -98,10 +98,6 @@ FLAGS --transactional-writes Allow transactional writes with a Single Cluster Routing policy. - If your app profile has single row transactions enabled, you must - specify this flag when updating that app profile. If you do not - specify this flag, then single row transactions are disabled. - GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/alpha/billing/accounts/add-iam-policy-binding b/gcloud/alpha/billing/accounts/add-iam-policy-binding index f8690ef9a..df1f0817b 100644 --- a/gcloud/alpha/billing/accounts/add-iam-policy-binding +++ b/gcloud/alpha/billing/accounts/add-iam-policy-binding @@ -10,6 +10,14 @@ DESCRIPTION (ALPHA) Add an IAM policy binding to the IAM policy of a Cloud Billing account. A binding consists of a member and a role. +EXAMPLES + To add someone@example.com as a Billing Account Administrator for billing + account 123456-789876-543210, run: + + $ gcloud alpha billing accounts add-iam-policy-binding \ + 123456-789876-543210 --member='user:someone@example.com' \ + --role='roles/billing.admin' + POSITIONAL ARGUMENTS Account resource - Name of the Cloud Billing account for which to add the IAM policy binding. This represents a Cloud resource. diff --git a/gcloud/alpha/billing/accounts/remove-iam-policy-binding b/gcloud/alpha/billing/accounts/remove-iam-policy-binding index f179f3ba4..88c8b881d 100644 --- a/gcloud/alpha/billing/accounts/remove-iam-policy-binding +++ b/gcloud/alpha/billing/accounts/remove-iam-policy-binding @@ -10,6 +10,14 @@ DESCRIPTION (ALPHA) Remove an IAM policy binding to the IAM policy from a Cloud Billing account. A binding consists of a member and a role. +EXAMPLES + To remove someone@example.com as a Billing Account Administrator from + billing account 123456-789876-543210, run: + + $ gcloud alpha billing accounts remove-iam-policy-binding \ + 123456-789876-543210 --member='user:someone@example.com' \ + --role='roles/billing.admin' + POSITIONAL ARGUMENTS Account resource - Name of the Cloud Billing account for which to remove the IAM policy binding. This represents a Cloud resource. diff --git a/gcloud/alpha/bms/help b/gcloud/alpha/bms/help index 0c2d14fab..a536e6350 100644 --- a/gcloud/alpha/bms/help +++ b/gcloud/alpha/bms/help @@ -24,6 +24,9 @@ GROUPS nfs-shares (ALPHA) Manage NFS shares in Bare Metal Solution. + os-images + (ALPHA) Manage bare metal os images in Bare Metal Solution. + serial-console-ssh-keys (ALPHA) Manage SSH keys for accessing the interactive serial console in Bare Metal Solution. diff --git a/gcloud/alpha/bms/os-images/help b/gcloud/alpha/bms/os-images/help new file mode 100644 index 000000000..9ea985db2 --- /dev/null +++ b/gcloud/alpha/bms/os-images/help @@ -0,0 +1,27 @@ +NAME + gcloud alpha bms os-images - manage bare metal os images in Bare Metal + Solution + +SYNOPSIS + gcloud alpha bms os-images COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage bare metal os images in Bare Metal Solution. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + list + (ALPHA) List Bare Metal Solution OS images in a project. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/bms/os-images/list b/gcloud/alpha/bms/os-images/list new file mode 100644 index 000000000..effbe640d --- /dev/null +++ b/gcloud/alpha/bms/os-images/list @@ -0,0 +1,43 @@ +NAME + gcloud alpha bms os-images list - list Bare Metal Solution OS images in a + project + +SYNOPSIS + gcloud alpha bms os-images list [--filter=EXPRESSION] [--limit=LIMIT] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) List Bare Metal Solution OS images in a project. + +EXAMPLES + To list all OS images within the project, run: + + $ gcloud alpha bms os-images list + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --filter, --limit. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/certificate-manager/certificates/create b/gcloud/alpha/certificate-manager/certificates/create index 2dacf4da6..72f64e7c7 100644 --- a/gcloud/alpha/certificate-manager/certificates/create +++ b/gcloud/alpha/certificate-manager/certificates/create @@ -151,6 +151,10 @@ OPTIONAL FLAGS certificate can be attached to/associated with. Defaults to DEFAULT. SCOPE must be one of: + all-regions + Certificates with scope ALL_REGIONS are currently used for + Cross-region Internal Application Load Balancer only. + default Certificates with DEFAULT scope are used for Load Balancing and Cloud CDN. diff --git a/gcloud/alpha/compute/backend-services/create b/gcloud/alpha/compute/backend-services/create index 88d124fbc..8e55fa92b 100644 --- a/gcloud/alpha/compute/backend-services/create +++ b/gcloud/alpha/compute/backend-services/create @@ -181,13 +181,19 @@ FLAGS AUTOMATIC. --connection-drain-on-failover - Connection drain is enabled by default and on failover or failback - connections will be drained. If connection drain is disabled, the - existing connection state will be cleared immediately on a best effort - basis on failover or failback, all connections will then be served by - the active pool of instances. Not compatible with the --global flag, - load balancing scheme must be INTERNAL or EXTERNAL, and the protocol - must be TCP. + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Only applicable when the backend service protocol is TCP. Not + applicable to any other load balancer. Enabled by default, this option + instructs the load balancer to allow established TCP connections to + persist for up to 300 seconds on instances or endpoints in primary + backends during failover, and on instances or endpoints in failover + backends during failback. For details, see: Connection draining on + failover and failback for internal passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#connection_draining) + and Connection draining on failover and failback for external + passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#connection_draining). --connection-draining-timeout=CONNECTION_DRAINING_TIMEOUT Connection draining timeout to be used during removal of VMs from @@ -247,16 +253,18 @@ FLAGS An optional, textual description for the backend service. --drop-traffic-if-unhealthy - Enable dropping of traffic if there are no healthy VMs detected in both - the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based external and - internal passthrough Network Load Balancers as part of a connection - tracking policy. For details, see: Connection persistence on unhealthy - backends for internal passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for external + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Not applicable to any other load balancer. This option + instructs the load balancer to drop packets when all instances or + endpoints in primary and failover backends do not pass their load + balancer health checks. For details, see: Dropping traffic when all + backend VMs are unhealthy for internal passthrough Network Load + Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#drop_traffic) + and Dropping traffic when all backend VMs are unhealthy for external passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#drop_traffic). --[no-]enable-cdn Enable or disable Cloud CDN for the backend service. Only available for @@ -278,9 +286,16 @@ FLAGS and --no-enable-strong-affinity to disable. --failover-ratio=FAILOVER_RATIO - If the ratio of the healthy VMs in the primary backend is at or below - this number, traffic arriving at the load-balanced IP will be directed - to the failover backend(s). Not compatible with the --global flag. + Applicable only to backend service-based external passthrough Network + load balancers and internal passthrough Network load balancers as part + of a failover policy. Not applicable to any other load balancer. This + option defines the ratio used to control when failover and failback + occur. For details, see: Failover ratio for internal passthrough + Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#failover_ratio) + and Failover ratio for external passthrough Network Load Balancer + overview + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#failover_ratio). --health-checks=HEALTH_CHECK,[...] Specifies a list of health check objects for checking the health of the diff --git a/gcloud/alpha/compute/backend-services/update b/gcloud/alpha/compute/backend-services/update index 15a4d1fee..022e95195 100644 --- a/gcloud/alpha/compute/backend-services/update +++ b/gcloud/alpha/compute/backend-services/update @@ -128,13 +128,19 @@ FLAGS AUTOMATIC. --connection-drain-on-failover - Connection drain is enabled by default and on failover or failback - connections will be drained. If connection drain is disabled, the - existing connection state will be cleared immediately on a best effort - basis on failover or failback, all connections will then be served by - the active pool of instances. Not compatible with the --global flag, - load balancing scheme must be INTERNAL or EXTERNAL, and the protocol - must be TCP. + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Only applicable when the backend service protocol is TCP. Not + applicable to any other load balancer. Enabled by default, this option + instructs the load balancer to allow established TCP connections to + persist for up to 300 seconds on instances or endpoints in primary + backends during failover, and on instances or endpoints in failover + backends during failback. For details, see: Connection draining on + failover and failback for internal passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#connection_draining) + and Connection draining on failover and failback for external + passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#connection_draining). --connection-draining-timeout=CONNECTION_DRAINING_TIMEOUT Connection draining timeout to be used during removal of VMs from @@ -155,16 +161,18 @@ FLAGS An optional, textual description for the backend service. --drop-traffic-if-unhealthy - Enable dropping of traffic if there are no healthy VMs detected in both - the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based external and - internal passthrough Network Load Balancers as part of a connection - tracking policy. For details, see: Connection persistence on unhealthy - backends for internal passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for external + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Not applicable to any other load balancer. This option + instructs the load balancer to drop packets when all instances or + endpoints in primary and failover backends do not pass their load + balancer health checks. For details, see: Dropping traffic when all + backend VMs are unhealthy for internal passthrough Network Load + Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#drop_traffic) + and Dropping traffic when all backend VMs are unhealthy for external passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#drop_traffic). --edge-security-policy=EDGE_SECURITY_POLICY The edge security policy that will be set for this backend service. To @@ -191,9 +199,16 @@ FLAGS and --no-enable-strong-affinity to disable. --failover-ratio=FAILOVER_RATIO - If the ratio of the healthy VMs in the primary backend is at or below - this number, traffic arriving at the load-balanced IP will be directed - to the failover backend(s). Not compatible with the --global flag. + Applicable only to backend service-based external passthrough Network + load balancers and internal passthrough Network load balancers as part + of a failover policy. Not applicable to any other load balancer. This + option defines the ratio used to control when failover and failback + occur. For details, see: Failover ratio for internal passthrough + Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#failover_ratio) + and Failover ratio for external passthrough Network Load Balancer + overview + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#failover_ratio). --health-checks=HEALTH_CHECK,[...] Specifies a list of health check objects for checking the health of the diff --git a/gcloud/alpha/compute/instance-templates/create b/gcloud/alpha/compute/instance-templates/create index f5e8b766c..72137ff67 100644 --- a/gcloud/alpha/compute/instance-templates/create +++ b/gcloud/alpha/compute/instance-templates/create @@ -347,8 +347,7 @@ FLAGS Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must - be the same as the instance zone. You can't use this option with - boot disks. + be the same as the instance zone. storage-pool The name of the storage pool in which the new disk is created. The diff --git a/gcloud/alpha/compute/instance-templates/create-with-container b/gcloud/alpha/compute/instance-templates/create-with-container index 0bd01f74c..4511087ed 100644 --- a/gcloud/alpha/compute/instance-templates/create-with-container +++ b/gcloud/alpha/compute/instance-templates/create-with-container @@ -359,6 +359,12 @@ FLAGS among other restrictions. For more information, see https://cloud.google.com/compute/docs/disks/sharing-disks-between-vms. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description for the instance template. diff --git a/gcloud/alpha/compute/instances/bulk/create b/gcloud/alpha/compute/instances/bulk/create index 17ac92254..d05cc5b28 100644 --- a/gcloud/alpha/compute/instances/bulk/create +++ b/gcloud/alpha/compute/instances/bulk/create @@ -382,6 +382,12 @@ OPTIONAL FLAGS Path to a Customer-Supplied Encryption Key (CSEK) key file for the image. Must be specified with image-csek-required. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + storage-pool The name of the storage pool in which the new disk is created. The new disk and the storage pool must be in the same location. diff --git a/gcloud/alpha/compute/instances/create b/gcloud/alpha/compute/instances/create index d4c10a164..7b1b59b9e 100644 --- a/gcloud/alpha/compute/instances/create +++ b/gcloud/alpha/compute/instances/create @@ -426,8 +426,7 @@ FLAGS Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must - be the same as the instance zone. You can't use this option with - boot disks. + be the same as the instance zone. storage-pool The name of the storage pool in which the new disk is created. The diff --git a/gcloud/alpha/compute/instances/create-with-container b/gcloud/alpha/compute/instances/create-with-container index 9a0ffbff3..dbf99bd40 100644 --- a/gcloud/alpha/compute/instances/create-with-container +++ b/gcloud/alpha/compute/instances/create-with-container @@ -386,6 +386,12 @@ FLAGS among other restrictions. For more information, see https://cloud.google.com/compute/docs/disks/sharing-disks-between-vms. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description of the instances. diff --git a/gcloud/alpha/compute/network-endpoint-groups/create b/gcloud/alpha/compute/network-endpoint-groups/create index 66be0f7e4..069a8c2da 100644 --- a/gcloud/alpha/compute/network-endpoint-groups/create +++ b/gcloud/alpha/compute/network-endpoint-groups/create @@ -41,8 +41,8 @@ FLAGS If this flag isn't specified for a NEG with endpoint type gce-vm-ip-port or non-gcp-private-ip-port, then every network endpoint - in the network endpoint group must have a port specified. For a NEG - with endpoint type internet-ip-port and internet-fqdn-port. If the + in the network endpoint group must have a port specified. For a global + NEG with endpoint type internet-ip-port and internet-fqdn-port if the default port is not specified, the well-known port for your backend protocol is used (80 for HTTP, 443 for HTTPS). diff --git a/gcloud/alpha/compute/queued-resources/create b/gcloud/alpha/compute/queued-resources/create index b8c2fa3ca..4949dd56b 100644 --- a/gcloud/alpha/compute/queued-resources/create +++ b/gcloud/alpha/compute/queued-resources/create @@ -366,6 +366,12 @@ OPTIONAL FLAGS Path to a Customer-Supplied Encryption Key (CSEK) key file for the image. Must be specified with image-csek-required. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description of the instances. diff --git a/gcloud/alpha/compute/routers/nats/create b/gcloud/alpha/compute/routers/nats/create index 5882de813..6327709c7 100644 --- a/gcloud/alpha/compute/routers/nats/create +++ b/gcloud/alpha/compute/routers/nats/create @@ -129,7 +129,7 @@ OPTIONAL FLAGS ENDPOINT_TYPE_SWG For Secure Web Gateway Endpoints ENDPOINT_TYPE_MANAGED_PROXY_LB - For Regional Internal/External HTTP(S) and TCP Proxy load balancer endpoints + For regional Application Load Balancers (internal and external) and regional proxy Network Load Balancers (internal and external) endpoints The default is ENDPOINT_TYPE_VM. diff --git a/gcloud/alpha/compute/ssl-policies/create b/gcloud/alpha/compute/ssl-policies/create index 07a238c04..e9f15cd36 100644 --- a/gcloud/alpha/compute/ssl-policies/create +++ b/gcloud/alpha/compute/ssl-policies/create @@ -14,9 +14,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY diff --git a/gcloud/alpha/compute/ssl-policies/delete b/gcloud/alpha/compute/ssl-policies/delete index b4236dcc4..828163772 100644 --- a/gcloud/alpha/compute/ssl-policies/delete +++ b/gcloud/alpha/compute/ssl-policies/delete @@ -14,9 +14,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY [SSL_POLICY ...] diff --git a/gcloud/alpha/compute/ssl-policies/describe b/gcloud/alpha/compute/ssl-policies/describe index ed68ef9a7..cde7c2df0 100644 --- a/gcloud/alpha/compute/ssl-policies/describe +++ b/gcloud/alpha/compute/ssl-policies/describe @@ -12,9 +12,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY diff --git a/gcloud/alpha/compute/ssl-policies/list-available-features b/gcloud/alpha/compute/ssl-policies/list-available-features index 0afac4066..35f729df7 100644 --- a/gcloud/alpha/compute/ssl-policies/list-available-features +++ b/gcloud/alpha/compute/ssl-policies/list-available-features @@ -14,9 +14,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. FLAGS --region=REGION diff --git a/gcloud/alpha/compute/ssl-policies/update b/gcloud/alpha/compute/ssl-policies/update index 22b3e0359..783b6118c 100644 --- a/gcloud/alpha/compute/ssl-policies/update +++ b/gcloud/alpha/compute/ssl-policies/update @@ -14,9 +14,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY diff --git a/gcloud/alpha/compute/target-pools/help b/gcloud/alpha/compute/target-pools/help index 0afa17aff..272c2d915 100644 --- a/gcloud/alpha/compute/target-pools/help +++ b/gcloud/alpha/compute/target-pools/help @@ -6,7 +6,8 @@ SYNOPSIS gcloud alpha compute target-pools GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Control Compute Engine target pools for Network Load Balancing. + (ALPHA) Control Compute Engine target pools for external passthrough + Network Load Balancers. For more information about target pools, see the target pools documentation (https://cloud.google.com/load-balancing/docs/target-pools). diff --git a/gcloud/alpha/config/get b/gcloud/alpha/config/get index 89009f60e..29d6ebd0e 100644 --- a/gcloud/alpha/config/get +++ b/gcloud/alpha/config/get @@ -589,6 +589,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/alpha/config/help b/gcloud/alpha/config/help index 87a1e00ce..3c5ab1375 100644 --- a/gcloud/alpha/config/help +++ b/gcloud/alpha/config/help @@ -621,6 +621,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/alpha/config/list b/gcloud/alpha/config/list index f7e30a9e7..1c277f946 100644 --- a/gcloud/alpha/config/list +++ b/gcloud/alpha/config/list @@ -633,6 +633,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/alpha/config/set b/gcloud/alpha/config/set index acbadf1ac..3ff3c6f8a 100644 --- a/gcloud/alpha/config/set +++ b/gcloud/alpha/config/set @@ -636,6 +636,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/alpha/config/unset b/gcloud/alpha/config/unset index df63d8913..db8079087 100644 --- a/gcloud/alpha/config/unset +++ b/gcloud/alpha/config/unset @@ -597,6 +597,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/alpha/container/clusters/create b/gcloud/alpha/container/clusters/create index eecc1b888..8cb9d3089 100644 --- a/gcloud/alpha/container/clusters/create +++ b/gcloud/alpha/container/clusters/create @@ -145,7 +145,7 @@ FLAGS Attaches accelerators (e.g. GPUs) to all nodes. type - (Required) The specific type (e.g. nvidia-tesla-k80 for nVidia + (Required) The specific type (e.g. nvidia-tesla-k80 for NVIDIA Tesla K80) of accelerator to attach to the instances. Use gcloud compute accelerator-types list to learn about all available accelerator types. @@ -158,15 +158,15 @@ FLAGS (Optional) The NVIDIA driver version to install. GPU_DRIVER_VERSION must be one of: - `default`: Install the default driver version. If you omit the flag `gpu-driver-version`, - this is the default option. + `default`: Install the default driver version. `latest`: Install the latest available driver version. Available only for nodes that use Container-Optimized OS. `disabled`: Skip automatic driver installation. You must [manually install a driver](https://cloud.google.com/kubernetes-engine/docs/how-to/gpus#installing_drivers) - after you create the cluster. + after you create the cluster. If you omit the flag `gpu-driver-version`, + this is the default option. gpu-partition-size (Optional) The GPU partition size used when running multi-instance @@ -573,9 +573,6 @@ FLAGS endpoint from any Google Cloud region or on-premises environment regardless of the private cluster's region. - Must be used in conjunction with '--enable-ip-alias' and - '--enable-private-nodes'. - --enable-multi-networking Enables multi-networking on the cluster. Multi-networking is disabled by default. diff --git a/gcloud/alpha/container/clusters/create-auto b/gcloud/alpha/container/clusters/create-auto index 615fa52e5..63b6522da 100644 --- a/gcloud/alpha/container/clusters/create-auto +++ b/gcloud/alpha/container/clusters/create-auto @@ -206,9 +206,6 @@ FLAGS endpoint from any Google Cloud region or on-premises environment regardless of the private cluster's region. - Must be used in conjunction with '--enable-ip-alias' and - '--enable-private-nodes'. - --fleet-project=PROJECT_ID_OR_NUMBER Sets fleet host project for the cluster. If specified, the current cluster will be registered as a fleet membership under the fleet host diff --git a/gcloud/alpha/container/fleet/memberships/generate-gateway-rbac b/gcloud/alpha/container/fleet/memberships/generate-gateway-rbac index 0712520f8..65d924171 100644 --- a/gcloud/alpha/container/fleet/memberships/generate-gateway-rbac +++ b/gcloud/alpha/container/fleet/memberships/generate-gateway-rbac @@ -74,6 +74,17 @@ EXAMPLES test-acct@test-project.iam.gserviceaccount.com \ --role=role/mynamespace/namespace-reader + The users provided can be using a Google identity (only email) or using + external identity providers (starting with + "principal://iam.googleapis.com"): + + $ gcloud alpha container fleet memberships generate-gateway-rbac \ + --membership=my-cluster \ + --users=foo@example.com,principal://iam.googleapis.com/\ + locations/global/workforcePools/pool/subject/user \ + --role=clusterrole/cluster-admin --context=my-cluster-context \ + --kubeconfig=/home/user/custom_kubeconfig --apply + FLAGS --anthos-support If specified, this command will generate RBAC policy file for anthos diff --git a/gcloud/alpha/container/fleet/operations/help b/gcloud/alpha/container/fleet/operations/help index 414b6df5c..2671d36f1 100644 --- a/gcloud/alpha/container/fleet/operations/help +++ b/gcloud/alpha/container/fleet/operations/help @@ -19,6 +19,12 @@ COMMANDS describe (ALPHA) Describe a long-running operation. + list + (ALPHA) List long-running operations. + + wait + (ALPHA) Poll a long-running operation for completion. + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/container/fleet/operations/list b/gcloud/alpha/container/fleet/operations/list new file mode 100644 index 000000000..44719c42a --- /dev/null +++ b/gcloud/alpha/container/fleet/operations/list @@ -0,0 +1,67 @@ +NAME + gcloud alpha container fleet operations list - list long-running operations + +SYNOPSIS + gcloud alpha container fleet operations list + [--location=LOCATION; default="-"] [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) List long-running operations. + +EXAMPLES + To list all operations in location us-west1, run: + + $ gcloud alpha container fleet operations list --location=us-west1 + +FLAGS + --location=LOCATION; default="-" + The location name. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/container/fleet/operations/wait b/gcloud/alpha/container/fleet/operations/wait new file mode 100644 index 000000000..ffc8b7e90 --- /dev/null +++ b/gcloud/alpha/container/fleet/operations/wait @@ -0,0 +1,62 @@ +NAME + gcloud alpha container fleet operations wait - poll a long-running + operation for completion + +SYNOPSIS + gcloud alpha container fleet operations wait + (OPERATION : --location=LOCATION; default="global") + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Poll a long-running operation for completion. + +EXAMPLES + To wait for an operation in location us-west1 to complete, run: + + $ gcloud alpha container fleet operations wait OPERATION \ + --location=us-west1 + +POSITIONAL ARGUMENTS + Operation resource - operation to wait. The arguments in this group can be + used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument operation on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + OPERATION + ID of the operation or fully qualified identifier for the operation. + + To set the name attribute: + ▸ provide the argument operation on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION; default="global" + Google Cloud location for the operation. + + To set the location attribute: + ▸ provide the argument operation on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/container/hub/memberships/generate-gateway-rbac b/gcloud/alpha/container/hub/memberships/generate-gateway-rbac index 356595b31..eed867bfb 100644 --- a/gcloud/alpha/container/hub/memberships/generate-gateway-rbac +++ b/gcloud/alpha/container/hub/memberships/generate-gateway-rbac @@ -74,6 +74,17 @@ EXAMPLES test-acct@test-project.iam.gserviceaccount.com \ --role=role/mynamespace/namespace-reader + The users provided can be using a Google identity (only email) or using + external identity providers (starting with + "principal://iam.googleapis.com"): + + $ gcloud alpha container hub memberships generate-gateway-rbac \ + --membership=my-cluster \ + --users=foo@example.com,principal://iam.googleapis.com/\ + locations/global/workforcePools/pool/subject/user \ + --role=clusterrole/cluster-admin --context=my-cluster-context \ + --kubeconfig=/home/user/custom_kubeconfig --apply + FLAGS --anthos-support If specified, this command will generate RBAC policy file for anthos diff --git a/gcloud/alpha/container/hub/operations/help b/gcloud/alpha/container/hub/operations/help index 1e7bc8678..c207c56e3 100644 --- a/gcloud/alpha/container/hub/operations/help +++ b/gcloud/alpha/container/hub/operations/help @@ -19,6 +19,12 @@ COMMANDS describe (ALPHA) Describe a long-running operation. + list + (ALPHA) List long-running operations. + + wait + (ALPHA) Poll a long-running operation for completion. + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/container/hub/operations/list b/gcloud/alpha/container/hub/operations/list new file mode 100644 index 000000000..aeac451c4 --- /dev/null +++ b/gcloud/alpha/container/hub/operations/list @@ -0,0 +1,67 @@ +NAME + gcloud alpha container hub operations list - list long-running operations + +SYNOPSIS + gcloud alpha container hub operations list + [--location=LOCATION; default="-"] [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) List long-running operations. + +EXAMPLES + To list all operations in location us-west1, run: + + $ gcloud alpha container hub operations list --location=us-west1 + +FLAGS + --location=LOCATION; default="-" + The location name. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/container/hub/operations/wait b/gcloud/alpha/container/hub/operations/wait new file mode 100644 index 000000000..9e185b938 --- /dev/null +++ b/gcloud/alpha/container/hub/operations/wait @@ -0,0 +1,62 @@ +NAME + gcloud alpha container hub operations wait - poll a long-running operation + for completion + +SYNOPSIS + gcloud alpha container hub operations wait + (OPERATION : --location=LOCATION; default="global") + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Poll a long-running operation for completion. + +EXAMPLES + To wait for an operation in location us-west1 to complete, run: + + $ gcloud alpha container hub operations wait OPERATION \ + --location=us-west1 + +POSITIONAL ARGUMENTS + Operation resource - operation to wait. The arguments in this group can be + used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument operation on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + OPERATION + ID of the operation or fully qualified identifier for the operation. + + To set the name attribute: + ▸ provide the argument operation on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION; default="global" + Google Cloud location for the operation. + + To set the location attribute: + ▸ provide the argument operation on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/container/node-pools/create b/gcloud/alpha/container/node-pools/create index 4c09edd07..2206a696c 100644 --- a/gcloud/alpha/container/node-pools/create +++ b/gcloud/alpha/container/node-pools/create @@ -95,7 +95,7 @@ FLAGS Attaches accelerators (e.g. GPUs) to all nodes. type - (Required) The specific type (e.g. nvidia-tesla-k80 for nVidia + (Required) The specific type (e.g. nvidia-tesla-k80 for NVIDIA Tesla K80) of accelerator to attach to the instances. Use gcloud compute accelerator-types list to learn about all available accelerator types. @@ -108,15 +108,15 @@ FLAGS (Optional) The NVIDIA driver version to install. GPU_DRIVER_VERSION must be one of: - `default`: Install the default driver version. If you omit the flag `gpu-driver-version`, - this is the default option. + `default`: Install the default driver version. `latest`: Install the latest available driver version. Available only for nodes that use Container-Optimized OS. `disabled`: Skip automatic driver installation. You must [manually install a driver](https://cloud.google.com/kubernetes-engine/docs/how-to/gpus#installing_drivers) - after you create the cluster. + after you create the cluster. If you omit the flag `gpu-driver-version`, + this is the default option. gpu-partition-size (Optional) The GPU partition size used when running multi-instance diff --git a/gcloud/alpha/dataplex/datascan/create b/gcloud/alpha/dataplex/datascan/create index f5a7015b9..f65165ca2 100644 --- a/gcloud/alpha/dataplex/datascan/create +++ b/gcloud/alpha/dataplex/datascan/create @@ -14,7 +14,11 @@ SYNOPSIS [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Create a Dataplex Datascan. + (ALPHA) (DEPRECATED) Create a Dataplex Datascan. + + This command is deprecated. Please use gcloud alpha dataplex datascans + create data-profile instead to create a data profile scan and use gcloud + alpha dataplex datascans create data-quality to create a data quality scan. EXAMPLES Create a Dataplex datascan job. diff --git a/gcloud/alpha/dataplex/datascan/delete b/gcloud/alpha/dataplex/datascan/delete index e6c38bf85..8308a926f 100644 --- a/gcloud/alpha/dataplex/datascan/delete +++ b/gcloud/alpha/dataplex/datascan/delete @@ -6,7 +6,10 @@ SYNOPSIS [--async] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Delete a Dataplex Datascan resource. + (ALPHA) (DEPRECATED) This command is deprecated. Please use gcloud alpha + dataplex datascans instead. + + Delete a Dataplex Datascan resource. EXAMPLES To delete a Dataplex Datascan test-datascan in location us-central1, run: diff --git a/gcloud/alpha/dataplex/datascan/describe b/gcloud/alpha/dataplex/datascan/describe index efd3cd061..2381fd466 100644 --- a/gcloud/alpha/dataplex/datascan/describe +++ b/gcloud/alpha/dataplex/datascan/describe @@ -6,8 +6,11 @@ SYNOPSIS [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Displays all details of a Dataplex Datascan resource given a valid - Datascan ID. + (ALPHA) (DEPRECATED) This command is deprecated. Please use gcloud alpha + dataplex datascans instead. + + Displays all details of a Dataplex Datascan resource given a valid Datascan + ID. EXAMPLES To describe a Dataplex Datascan test-datascan in project test-project diff --git a/gcloud/alpha/dataplex/datascan/help b/gcloud/alpha/dataplex/datascan/help index 19749e685..f7afcdaec 100644 --- a/gcloud/alpha/dataplex/datascan/help +++ b/gcloud/alpha/dataplex/datascan/help @@ -5,7 +5,10 @@ SYNOPSIS gcloud alpha dataplex datascan GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Manage Dataplex Datascan. + (ALPHA) (DEPRECATED) Manage Dataplex Datascan. + + This command is deprecated. Please use gcloud alpha dataplex datascans + instead. GCLOUD WIDE FLAGS These flags are available to all commands: --help. @@ -16,25 +19,25 @@ GROUPS GROUP is one of the following: jobs - (ALPHA) Manage Dataplex Datascan Jobs services. + (ALPHA) (DEPRECATED) Manage Dataplex Datascan Jobs services. COMMANDS COMMAND is one of the following: create - (ALPHA) Create a Dataplex Datascan. + (ALPHA) (DEPRECATED) Create a Dataplex Datascan. delete - (ALPHA) Delete a Dataplex Datascan resource. + (ALPHA) (DEPRECATED) Delete a Dataplex Datascan resource. describe - (ALPHA) Describe a Dataplex lake resource. + (ALPHA) (DEPRECATED) Describe a Dataplex lake resource. list - (ALPHA) List Dataplex Datascan resources under a project. + (ALPHA) (DEPRECATED) List Dataplex Datascan resources under a project. run - (ALPHA) Run a Dataplex DataScan resource. + (ALPHA) (DEPRECATED) Run a Dataplex DataScan resource. NOTES This command is currently in alpha and might change without notice. If this diff --git a/gcloud/alpha/dataplex/datascan/jobs/describe b/gcloud/alpha/dataplex/datascan/jobs/describe index 13b679600..ed87dcee7 100644 --- a/gcloud/alpha/dataplex/datascan/jobs/describe +++ b/gcloud/alpha/dataplex/datascan/jobs/describe @@ -8,7 +8,10 @@ SYNOPSIS [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Describe a Dataplex job running a particular datascan. + (ALPHA) (DEPRECATED) This command is deprecated. Please use gcloud alpha + dataplex datascans jobs instead. + + Describe a Dataplex job running a particular datascan. Displays all details of a Dataplex job given a valid job ID. diff --git a/gcloud/alpha/dataplex/datascan/jobs/help b/gcloud/alpha/dataplex/datascan/jobs/help index 36e871057..dd2d1c3f9 100644 --- a/gcloud/alpha/dataplex/datascan/jobs/help +++ b/gcloud/alpha/dataplex/datascan/jobs/help @@ -6,7 +6,10 @@ SYNOPSIS gcloud alpha dataplex datascan jobs COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Manage Dataplex Datascan Jobs services. + (ALPHA) (DEPRECATED) Manage Dataplex Datascan Jobs services. + + This command is deprecated. Please use gcloud alpha dataplex datascans jobs + instead. GCLOUD WIDE FLAGS These flags are available to all commands: --help. @@ -17,10 +20,11 @@ COMMANDS COMMAND is one of the following: describe - (ALPHA) Describe a Dataplex job running a particular datascan. + (ALPHA) (DEPRECATED) Describe a Dataplex job running a particular + datascan. list - (ALPHA) List job runs of a Dataplex datascan resource. + (ALPHA) (DEPRECATED) List job runs of a Dataplex datascan resource. NOTES This command is currently in alpha and might change without notice. If this diff --git a/gcloud/alpha/dataplex/datascan/jobs/list b/gcloud/alpha/dataplex/datascan/jobs/list index 9474f324b..7318a9af6 100644 --- a/gcloud/alpha/dataplex/datascan/jobs/list +++ b/gcloud/alpha/dataplex/datascan/jobs/list @@ -9,8 +9,10 @@ SYNOPSIS [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) List Jobs runs of a Datascan under a specific project, location and - task. + (ALPHA) (DEPRECATED) This command is deprecated. Please use gcloud alpha + dataplex datascans jobs instead. + + List Jobs runs of a Datascan under a specific project, location and task. EXAMPLES To list all the Dataplex job runs for a datascan test-datascan in location diff --git a/gcloud/alpha/dataplex/datascan/list b/gcloud/alpha/dataplex/datascan/list index 3b928c5f7..fc7c48832 100644 --- a/gcloud/alpha/dataplex/datascan/list +++ b/gcloud/alpha/dataplex/datascan/list @@ -8,8 +8,10 @@ SYNOPSIS [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) List all Dataplex Datascan resource under a specific project and - location. + (ALPHA) (DEPRECATED) This command is deprecated. Please use gcloud alpha + dataplex datascans instead. + + List all Dataplex Datascan resource under a specific project and location. EXAMPLES To list all Dataplex Datascan resources in project=test-project in location diff --git a/gcloud/alpha/dataplex/datascan/run b/gcloud/alpha/dataplex/datascan/run index 0684c7d12..f22341777 100644 --- a/gcloud/alpha/dataplex/datascan/run +++ b/gcloud/alpha/dataplex/datascan/run @@ -6,7 +6,10 @@ SYNOPSIS [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Run a Dataplex Datascan resource given a valid Datascan ID. + (ALPHA) (DEPRECATED) This command is deprecated. Please use gcloud alpha + dataplex datascans instead. + + Run a Dataplex Datascan resource given a valid Datascan ID. EXAMPLES To run a Dataplex Datascan test-datascan in location us-central1 , run: diff --git a/gcloud/alpha/dataplex/datascans/create/data-profile b/gcloud/alpha/dataplex/datascans/create/data-profile new file mode 100644 index 000000000..3c2cea8a4 --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/create/data-profile @@ -0,0 +1,172 @@ +NAME + gcloud alpha dataplex datascans create data-profile - create a Dataplex + data profile scan job + +SYNOPSIS + gcloud alpha dataplex datascans create data-profile + (DATASCAN : --location=LOCATION) + (--data-source-entity=DATA_SOURCE_ENTITY + | --data-source-resource=DATA_SOURCE_RESOURCE) + [--description=DESCRIPTION] [--display-name=DISPLAY_NAME] + [--labels=[KEY=VALUE,...]] [--async | --validate-only] + [--data-profile-spec-file=DATA_PROFILE_SPEC_FILE + | --exclude-field-names=EXCLUDE_FIELD_NAMES + --include-field-names=INCLUDE_FIELD_NAMES + --row-filter=ROW_FILTER --sampling-percent=SAMPLING_PERCENT] + [--incremental-field=INCREMENTAL_FIELD --on-demand=ON_DEMAND + | --schedule=SCHEDULE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Represents a user-visible job which provides the insights for the + related data source about the structure, content and relationships (such as + null percent, cardinality, min/max/mean, etc). + +EXAMPLES + To create a data profile scan data-profile-datascan in project test-project + located in us-central1, run: + + $ gcloud alpha dataplex datascans create data-profile data-profile \ + data-profile-datascan --project=test-project \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + you want to create a data profile scan for. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the dataScans attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +REQUIRED FLAGS + Data source for the data profile scan. + + Exactly one of these must be specified: + + --data-source-entity=DATA_SOURCE_ENTITY + Dataplex entity that contains the data for the data profile scan, of + the form: + projects/{project_number}/locations/{location_id}/lakes/{lake_id}/zones/{zone_id}/entities/{entity_id}. + + --data-source-resource=DATA_SOURCE_RESOURCE + Fully-qualified service resource name of the cloud resource that + contains the data for the data profile scan, of the form: + //bigquery.googleapis.com/projects/{project_number}/datasets/{dataset_id}/tables/{table_id}. + +OPTIONAL FLAGS + --description=DESCRIPTION + Description of the data profile scan. + + --display-name=DISPLAY_NAME + Display name of the data profile scan. + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + At most one of --async | --validate-only can be specified. + + At most one of these can be specified: + + --async + Return immediately, without waiting for the operation in progress to + complete. + + --validate-only + Validate the create action, but don't actually perform it. + + Data spec for the data profile scan. + + At most one of these can be specified: + + --data-profile-spec-file=DATA_PROFILE_SPEC_FILE + path to the JSON/YAML file containing the spec for the data profile + scan. The JSON representation reference: + https://cloud.google.com/dataplex/docs/reference/rest/v1/DataProfileSpec + + Command line spec arguments for the data profile scan. + + --exclude-field-names=EXCLUDE_FIELD_NAMES + Names of the fields to exclude from data profile. If specified, the + respective fields will be excluded from data profile, regardless of + the fields specified in the --include-field-names flag. + + --include-field-names=INCLUDE_FIELD_NAMES + Names of the fields to include in data profile. If not specified, + all fields at the time of profile scan job execution are included. + The fields listed in the --exclude-field-names flag are excluded. + + --row-filter=ROW_FILTER + A filter applied to all rows in a single data profile scan job. + + --sampling-percent=SAMPLING_PERCENT + The percentage of the records to be selected from the dataset for + data profile scan. + + Data profile scan execution settings. + + --incremental-field=INCREMENTAL_FIELD + Field that contains values that monotonically increase over time + (e.g. timestamp). + + Data profile scan scheduling and trigger settings. + + At most one of these can be specified: + + --on-demand=ON_DEMAND + If set, the scan runs one-time shortly after data profile scan + creation. + + --schedule=SCHEDULE + Cron schedule (https://en.wikipedia.org/wiki/Cron) for running + scans periodically. To explicitly set a timezone to the cron tab, + apply a prefix in the cron tab: "CRON_TZ=${IANA_TIME_ZONE}" or + "TZ=${IANA_TIME_ZONE}". The ${IANA_TIME_ZONE} may only be a valid + string from IANA time zone database. For example, + CRON_TZ=America/New_York 1 * * * * or TZ=America/New_York 1 * * * + *. This field is required for RECURRING scans. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans create data-profile + diff --git a/gcloud/alpha/dataplex/datascans/create/data-quality b/gcloud/alpha/dataplex/datascans/create/data-quality new file mode 100644 index 000000000..8bab73e5a --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/create/data-quality @@ -0,0 +1,147 @@ +NAME + gcloud alpha dataplex datascans create data-quality - create a Dataplex + data quality scan job + +SYNOPSIS + gcloud alpha dataplex datascans create data-quality + (DATASCAN : --location=LOCATION) + --data-quality-spec-file=DATA_QUALITY_SPEC_FILE + (--data-source-entity=DATA_SOURCE_ENTITY + | --data-source-resource=DATA_SOURCE_RESOURCE) + [--description=DESCRIPTION] [--display-name=DISPLAY_NAME] + [--labels=[KEY=VALUE,...]] [--async | --validate-only] + [--incremental-field=INCREMENTAL_FIELD --on-demand=ON_DEMAND + | --schedule=SCHEDULE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Represents a user-visible job which provides the insights for the + related data source and generates queries based on the rules and runs + against the data to get data quality check results. + +EXAMPLES + To create a data quality scan data-quality-datascan in project test-project + located in us-central1 with data spec file data-quality-spec.json, run: + + $ gcloud alpha dataplex datascans create data-quality data-quality \ + data-quality-datascan --project=test-project \ + --location=us-central1 \ + --data-quality-spec-file="data-quality-spec.json" + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + you want to create a data quality scan for. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the dataScans attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +REQUIRED FLAGS + --data-quality-spec-file=DATA_QUALITY_SPEC_FILE + path to the JSON/YAML file containing the spec for the data quality + scan. The json representation reference: + https://cloud.google.com/dataplex/docs/reference/rest/v1/DataQualitySpec + + Data source for the data quality scan. + + Exactly one of these must be specified: + + --data-source-entity=DATA_SOURCE_ENTITY + Dataplex entity that contains the data for the data quality scan, of + the form: + projects/{project_number}/locations/{location_id}/lakes/{lake_id}/zones/{zone_id}/entities/{entity_id}. + + --data-source-resource=DATA_SOURCE_RESOURCE + Fully-qualified service resource name of the cloud resource that + contains the data for the data quality scan, of the form: + //bigquery.googleapis.com/projects/{project_number}/datasets/{dataset_id}/tables/{table_id}. + +OPTIONAL FLAGS + --description=DESCRIPTION + Description of the data quality scan. + + --display-name=DISPLAY_NAME + Display name of the data quality scan. + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + At most one of --async | --validate-only can be specified. + + At most one of these can be specified: + + --async + Return immediately, without waiting for the operation in progress to + complete. + + --validate-only + Validate the create action, but don't actually perform it. + + Data quality scan execution settings. + + --incremental-field=INCREMENTAL_FIELD + Field that contains values that monotonically increase over time + (e.g. timestamp). + + Data quality scan scheduling and trigger settings + + At most one of these can be specified: + + --on-demand=ON_DEMAND + If set, the scan runs one-time shortly after data quality scan + creation. + + --schedule=SCHEDULE + Cron schedule (https://en.wikipedia.org/wiki/Cron) for running + scans periodically. To explicitly set a timezone to the cron tab, + apply a prefix in the cron tab: "CRON_TZ=${IANA_TIME_ZONE}" or + "TZ=${IANA_TIME_ZONE}". The ${IANA_TIME_ZONE} may only be a valid + string from IANA time zone database. For example, + CRON_TZ=America/New_York 1 * * * * or TZ=America/New_York 1 * * * + *. This field is required for RECURRING scans. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans create data-quality + diff --git a/gcloud/alpha/dataplex/datascans/create/help b/gcloud/alpha/dataplex/datascans/create/help new file mode 100644 index 000000000..700f4f3e3 --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/create/help @@ -0,0 +1,31 @@ +NAME + gcloud alpha dataplex datascans create - manage Dataplex Datascans creation + +SYNOPSIS + gcloud alpha dataplex datascans create COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage Dataplex Datascans creation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + data-profile + (ALPHA) Create a Dataplex data profile scan job. + + data-quality + (ALPHA) Create a Dataplex data quality scan job. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans create + diff --git a/gcloud/alpha/dataplex/datascans/delete b/gcloud/alpha/dataplex/datascans/delete new file mode 100644 index 000000000..724d68ed6 --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/delete @@ -0,0 +1,74 @@ +NAME + gcloud alpha dataplex datascans delete - delete a Dataplex Datascan + resource + +SYNOPSIS + gcloud alpha dataplex datascans delete (DATASCAN : --location=LOCATION) + [--async] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Delete a Dataplex Datascan resource. + +EXAMPLES + To delete a Dataplex Datascan test-datascan in location us-central1, run: + + $ gcloud alpha dataplex datascans delete test-datascan \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex Datascan + you want to delete. The arguments in this group can be used to specify the + attributes of this resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the datascan attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans delete + diff --git a/gcloud/alpha/dataplex/datascans/describe b/gcloud/alpha/dataplex/datascans/describe new file mode 100644 index 000000000..d779c056b --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/describe @@ -0,0 +1,82 @@ +NAME + gcloud alpha dataplex datascans describe - describe a Dataplex datascan + resource + +SYNOPSIS + gcloud alpha dataplex datascans describe (DATASCAN : --location=LOCATION) + [--view=VIEW] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Displays all details of a Dataplex Datascan resource given a valid + Datascan ID. + +EXAMPLES + To describe a Dataplex Datascan test-datascan in project test-project + location us-central1 , run: + + $ gcloud alpha dataplex datascans describe test-datascan \ + --project=test-project --location=us-central1 + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex Datascan + you want to retrieve. The arguments in this group can be used to specify + the attributes of this resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the datascan attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +FLAGS + --view=VIEW + Displays spec data based on the argument value. The default view is + 'basic'. VIEW must be one of: + + basic + Does not include spec data in response. + + full + Includes spec data in response. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans describe + diff --git a/gcloud/alpha/dataplex/datascans/get-iam-policy b/gcloud/alpha/dataplex/datascans/get-iam-policy new file mode 100644 index 000000000..a16c44aa6 --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/get-iam-policy @@ -0,0 +1,101 @@ +NAME + gcloud alpha dataplex datascans get-iam-policy - get the IAM policy for a + Dataplex datascan resource + +SYNOPSIS + gcloud alpha dataplex datascans get-iam-policy + (DATASCAN : --location=LOCATION) [--filter=EXPRESSION] [--limit=LIMIT] + [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Displays the IAM policy associated with a Dataplex datascan + resource. If formatted as JSON, the output can be edited and used as a + policy file for set-iam-policy. The output includes an "etag" field + identifying the version emitted and allowing detection of concurrent policy + updates. + +EXAMPLES + To print the IAM policy for Dataplex datascan test-datascan in location + us-central1, run: + + $ gcloud alpha dataplex datascans get-iam-policy test-datascan \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + IAM policy you want to retrieve. The arguments in this group can be used + to specify the attributes of this resource. (NOTE) Some attributes are not + given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the datascan attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans get-iam-policy + diff --git a/gcloud/alpha/dataplex/datascans/help b/gcloud/alpha/dataplex/datascans/help new file mode 100644 index 000000000..22d4a1b24 --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/help @@ -0,0 +1,56 @@ +NAME + gcloud alpha dataplex datascans - manage Dataplex Datascan + +SYNOPSIS + gcloud alpha dataplex datascans GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage Dataplex Datascan. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +GROUPS + GROUP is one of the following: + + create + (ALPHA) Manage Dataplex Datascans creation. + + jobs + (ALPHA) Manage Dataplex Datascan Jobs service. + + update + (ALPHA) Manage Dataplex Datascans updation. + +COMMANDS + COMMAND is one of the following: + + delete + (ALPHA) Delete a Dataplex Datascan resource. + + describe + (ALPHA) Describe a Dataplex datascan resource. + + get-iam-policy + (ALPHA) Get the IAM policy for a Dataplex datascan resource. + + list + (ALPHA) List Dataplex Datascan resources under a project. + + run + (ALPHA) Run a Dataplex DataScan resource. + + set-iam-policy + (ALPHA) Set the IAM policy to a Dataplex datascan as defined in a JSON + or YAML file. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans + diff --git a/gcloud/alpha/dataplex/datascans/jobs/describe b/gcloud/alpha/dataplex/datascans/jobs/describe new file mode 100644 index 000000000..7d1c031ef --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/jobs/describe @@ -0,0 +1,98 @@ +NAME + gcloud alpha dataplex datascans jobs describe - describe a Dataplex + datascan job + +SYNOPSIS + gcloud alpha dataplex datascans jobs describe + (JOB : --datascan=DATASCAN --location=LOCATION) [--view=VIEW] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Describe a Dataplex datascan job. + + Displays all details of a Dataplex job given a valid job ID. + +EXAMPLES + To describe a Dataplex job test-job running a datascan test-datascan in + location us-central1, run: + + $ gcloud alpha dataplex datascans jobs describe test-job \ + --location=us-central1 --datascan=test-datascan + + To describe the details of Dataplex job test-job running a datascan + test-datascan in location us-central1, run: + + $ gcloud alpha dataplex datascans jobs describe test-job \ + --location=us-central1 --datascan=test-datascan --view=FULL + +POSITIONAL ARGUMENTS + Job resource - Arguments and flags that define the Dataplex Job running a + particular Datascan you want to retrieve. The arguments in this group can + be used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument job on the command line with a fully specified + name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + JOB + ID of the job or fully qualified identifier for the job. + + To set the job attribute: + ▸ provide the argument job on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --datascan=DATASCAN + Datascan ID of the Dataplex datascan resource. + + To set the datascan attribute: + ▸ provide the argument job on the command line with a fully + specified name; + ▸ provide the argument --datascan on the command line. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument job on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +FLAGS + --view=VIEW + Displays spec and result data based on the argument value. The default + view is 'basic'. VIEW must be one of: + + basic + Does not include spec and result data in response. + + full + Includes spec and result data in response. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans jobs describe + diff --git a/gcloud/alpha/dataplex/datascans/jobs/help b/gcloud/alpha/dataplex/datascans/jobs/help new file mode 100644 index 000000000..d906cc1c2 --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/jobs/help @@ -0,0 +1,32 @@ +NAME + gcloud alpha dataplex datascans jobs - manage Dataplex Datascan Jobs + service + +SYNOPSIS + gcloud alpha dataplex datascans jobs COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage Dataplex Datascan Jobs service. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + (ALPHA) Describe a Dataplex datascan job. + + list + (ALPHA) List job runs of a Dataplex datascan resource. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans jobs + diff --git a/gcloud/alpha/dataplex/datascans/jobs/list b/gcloud/alpha/dataplex/datascans/jobs/list new file mode 100644 index 000000000..33e652ade --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/jobs/list @@ -0,0 +1,104 @@ +NAME + gcloud alpha dataplex datascans jobs list - list job runs of a Dataplex + datascan resource + +SYNOPSIS + gcloud alpha dataplex datascans jobs list + (--datascan=DATASCAN : --location=LOCATION) [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) List Jobs runs of a Datascan under a specific project, location and + task. + +EXAMPLES + To list all the Dataplex job runs for a datascan test-datascan in location + us-central1, run: + + gcloud alpha dataplex datascans jobs list --location=us-central1 --datascan=test-datascan + +REQUIRED FLAGS + Datascan resource - Arguments and flags that define the Dataplex Datascan + to list the Jobs running the Datascan. The arguments in this group can be + used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument --datascan on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + --datascan=DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the datascan attribute: + ▸ provide the argument --datascan on the command line. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument --datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans jobs list + diff --git a/gcloud/alpha/dataplex/datascans/list b/gcloud/alpha/dataplex/datascans/list new file mode 100644 index 000000000..cf9cfb6cd --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/list @@ -0,0 +1,96 @@ +NAME + gcloud alpha dataplex datascans list - list Dataplex Datascan resources + under a project + +SYNOPSIS + gcloud alpha dataplex datascans list [--location=LOCATION] + [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] + [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) List all Dataplex Datascan resource under a specific project and + location. + +EXAMPLES + To list all Dataplex Datascan resources in project=test-project in location + us-central, run: + + $ gcloud alpha dataplex datascans list --project=test-project \ + --location=us-central1 + + To list all Dataplex Datascan in all locations, run: + + $ gcloud alpha dataplex datascans list --project=test-project \ + --location=- + +FLAGS + Location resource - Arguments and flags that define the Dataplex Datascan + you want to list. This represents a Cloud resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument --location on the command line with a fully + specified name; + ◆ set the property dataplex/location with a fully specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + --location=LOCATION + ID of the location or fully qualified identifier for the location. + + To set the location attribute: + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans list + diff --git a/gcloud/alpha/dataplex/datascans/run b/gcloud/alpha/dataplex/datascans/run new file mode 100644 index 000000000..a3cee6847 --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/run @@ -0,0 +1,68 @@ +NAME + gcloud alpha dataplex datascans run - run a Dataplex DataScan resource + +SYNOPSIS + gcloud alpha dataplex datascans run (DATASCAN : --location=LOCATION) + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Run a Dataplex Datascan resource given a valid Datascan ID. + +EXAMPLES + To run a Dataplex Datascan test-datascan in location us-central1 , run: + + $ gcloud alpha dataplex datascans run test-datascan \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex Datascan + you want to run. The arguments in this group can be used to specify the + attributes of this resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the datascan attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans run + diff --git a/gcloud/alpha/dataplex/datascans/set-iam-policy b/gcloud/alpha/dataplex/datascans/set-iam-policy new file mode 100644 index 000000000..cb9771a0f --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/set-iam-policy @@ -0,0 +1,75 @@ +NAME + gcloud alpha dataplex datascans set-iam-policy - set the IAM policy to a + Dataplex datascan as defined in a JSON or YAML file + +SYNOPSIS + gcloud alpha dataplex datascans set-iam-policy + (DATASCAN : --location=LOCATION) POLICY_FILE [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) See https://cloud.google.com/iam/docs/managing-policies for details + of the policy file format and contents. + +EXAMPLES + The following command will read an IAM policy defined in a JSON file + policy.son and set it for the Dataplex datascan test-datascan defined in + location us-central1: + + $ gcloud alpha dataplex datascans set-iam-policy \ + --location=us-central1 test-datascan policy.json + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + you want to set IAM policy binding to. The arguments in this group can be + used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the dataScans attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + + POLICY_FILE + Path to a local JSON or YAML formatted file containing a valid policy. + + The output of the get-iam-policy command is a valid file, as is any + JSON or YAML file conforming to the structure of a Policy + (https://cloud.google.com/iam/reference/rest/v1/Policy). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans set-iam-policy + diff --git a/gcloud/alpha/dataplex/datascans/update/data-profile b/gcloud/alpha/dataplex/datascans/update/data-profile new file mode 100644 index 000000000..4b7d671f2 --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/update/data-profile @@ -0,0 +1,150 @@ +NAME + gcloud alpha dataplex datascans update data-profile - update a Dataplex + data profile scan job + +SYNOPSIS + gcloud alpha dataplex datascans update data-profile + (DATASCAN : --location=LOCATION) [--description=DESCRIPTION] + [--display-name=DISPLAY_NAME] [--labels=[KEY=VALUE,...]] + [--async | --validate-only] + [--data-profile-spec-file=DATA_PROFILE_SPEC_FILE + | --exclude-field-names=EXCLUDE_FIELD_NAMES + --include-field-names=INCLUDE_FIELD_NAMES + --row-filter=ROW_FILTER --sampling-percent=SAMPLING_PERCENT] + [--on-demand=ON_DEMAND | --schedule=SCHEDULE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Represents a user-visible job which provides the insights for the + related data source about the structure, content and relationships (such as + null percent, cardinality, min/max/mean, etc). + +EXAMPLES + To update description of a data profile scan data-profile-datascan in + project test-project located in us-central1, run: + + $ gcloud alpha dataplex datascans update data-profile data-profile \ + data-profile-datascan --project=test-project \ + --location=us-central1 --description="Description is updated." + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + you want to update a data profile scan for. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the dataScans attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +FLAGS + --description=DESCRIPTION + Description of the data profile scan + + --display-name=DISPLAY_NAME + Display name of the data profile scan + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + At most one of --async | --validate-only can be specified. + + At most one of these can be specified: + + --async + Return immediately, without waiting for the operation in progress to + complete. + + --validate-only + Validate the update action, but don't actually perform it. + + Data spec for the data profile scan. + + At most one of these can be specified: + + --data-profile-spec-file=DATA_PROFILE_SPEC_FILE + path to the JSON/YAML file containing the spec for the data profile + scan. The JSON representation reference: + https://cloud.google.com/dataplex/docs/reference/rest/v1/DataProfileSpec + + Command line spec arguments for the data profile scan. + + --exclude-field-names=EXCLUDE_FIELD_NAMES + Names of the fields to exclude from data profile. If specified, the + respective fields will be excluded from data profile, regardless of + the fields specified in the --include-field-names flag. + + --include-field-names=INCLUDE_FIELD_NAMES + Names of the fields to include in data profile. If not specified, + all fields at the time of profile scan job execution are included. + The fields listed in the --exclude-field-names flag are excluded. + + --row-filter=ROW_FILTER + A filter applied to all rows in a single data profile scan job. + + --sampling-percent=SAMPLING_PERCENT + The percentage of the records to be selected from the dataset for + data profile scan. + + Data profile scan execution settings. + + Data profile scan scheduling and trigger settings + + At most one of these can be specified: + + --on-demand=ON_DEMAND + If set, the scan runs one-time shortly after data profile scan + updation. + + --schedule=SCHEDULE + Cron schedule (https://en.wikipedia.org/wiki/Cron) for running + scans periodically. To explicitly set a timezone to the cron tab, + apply a prefix in the cron tab: "CRON_TZ=${IANA_TIME_ZONE}" or + "TZ=${IANA_TIME_ZONE}". The ${IANA_TIME_ZONE} may only be a valid + string from IANA time zone database. For example, + CRON_TZ=America/New_York 1 * * * * or TZ=America/New_York 1 * * * + *. This field is required for RECURRING scans. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans update data-profile + diff --git a/gcloud/alpha/dataplex/datascans/update/data-quality b/gcloud/alpha/dataplex/datascans/update/data-quality new file mode 100644 index 000000000..7ba5df3d3 --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/update/data-quality @@ -0,0 +1,124 @@ +NAME + gcloud alpha dataplex datascans update data-quality - update a Dataplex + data quality scan job + +SYNOPSIS + gcloud alpha dataplex datascans update data-quality + (DATASCAN : --location=LOCATION) + [--data-quality-spec-file=DATA_QUALITY_SPEC_FILE] + [--description=DESCRIPTION] [--display-name=DISPLAY_NAME] + [--labels=[KEY=VALUE,...]] [--async | --validate-only] + [--on-demand=ON_DEMAND | --schedule=SCHEDULE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Represents a user-visible job which provides the insights for the + related data source and generates queries based on the rules and runs + against the data to get data quality check results. + +EXAMPLES + To update description of a data quality scan data-quality-datascan in + project test-project located in us-central1, run: + + $ gcloud alpha dataplex datascans update data-quality data-quality \ + data-quality-datascan --project=test-project \ + --location=us-central1 --description="Description is updated." + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + you want to update a data quality scan for. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the dataScans attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +FLAGS + --data-quality-spec-file=DATA_QUALITY_SPEC_FILE + path to the JSON/YAML file containing the spec for the data quality + scan. The json representation reference: + https://cloud.google.com/dataplex/docs/reference/rest/v1/DataQualitySpec + + --description=DESCRIPTION + Description of the data quality scan + + --display-name=DISPLAY_NAME + Display name of the data quality scan + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + At most one of --async | --validate-only can be specified. + + At most one of these can be specified: + + --async + Return immediately, without waiting for the operation in progress to + complete. + + --validate-only + Validate the update action, but don't actually perform it. + + Data quality scan execution settings. + + Data quality scan scheduling and trigger settings + + At most one of these can be specified: + + --on-demand=ON_DEMAND + If set, the scan runs one-time shortly after data quality scan + updation. + + --schedule=SCHEDULE + Cron schedule (https://en.wikipedia.org/wiki/Cron) for running + scans periodically. To explicitly set a timezone to the cron tab, + apply a prefix in the cron tab: "CRON_TZ=${IANA_TIME_ZONE}" or + "TZ=${IANA_TIME_ZONE}". The ${IANA_TIME_ZONE} may only be a valid + string from IANA time zone database. For example, + CRON_TZ=America/New_York 1 * * * * or TZ=America/New_York 1 * * * + *. This field is required for RECURRING scans. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans update data-quality + diff --git a/gcloud/alpha/dataplex/datascans/update/help b/gcloud/alpha/dataplex/datascans/update/help new file mode 100644 index 000000000..83f6e1e15 --- /dev/null +++ b/gcloud/alpha/dataplex/datascans/update/help @@ -0,0 +1,31 @@ +NAME + gcloud alpha dataplex datascans update - manage Dataplex Datascans updation + +SYNOPSIS + gcloud alpha dataplex datascans update COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage Dataplex Datascans updation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + data-profile + (ALPHA) Update a Dataplex data profile scan job. + + data-quality + (ALPHA) Update a Dataplex data quality scan job. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. This variant is also available: + + $ gcloud dataplex datascans update + diff --git a/gcloud/alpha/dataplex/help b/gcloud/alpha/dataplex/help index b5ba7f2fb..2cc219b19 100644 --- a/gcloud/alpha/dataplex/help +++ b/gcloud/alpha/dataplex/help @@ -28,6 +28,9 @@ GROUPS (ALPHA) Manage Dataplex Data Taxonomies. datascan + (ALPHA) (DEPRECATED) Manage Dataplex Datascan. + + datascans (ALPHA) Manage Dataplex Datascan. environments diff --git a/gcloud/alpha/dataproc/jobs/submit/flink b/gcloud/alpha/dataproc/jobs/submit/flink new file mode 100644 index 000000000..05fe573b5 --- /dev/null +++ b/gcloud/alpha/dataproc/jobs/submit/flink @@ -0,0 +1,152 @@ +NAME + gcloud alpha dataproc jobs submit flink - submit a Flink job to a cluster + +SYNOPSIS + gcloud alpha dataproc jobs submit flink + (--class=MAIN_CLASS | --jar=MAIN_JAR) + (--cluster=CLUSTER | --cluster-labels=[KEY=VALUE,...]) [--async] + [--bucket=BUCKET] [--driver-log-levels=[PACKAGE=LEVEL,...]] + [--jars=[JAR,...]] [--labels=[KEY=VALUE,...]] + [--max-failures-per-hour=MAX_FAILURES_PER_HOUR] + [--max-failures-total=MAX_FAILURES_TOTAL] + [--properties=[PROPERTY=VALUE,...]] [--properties-file=PROPERTIES_FILE] + [--region=REGION] [--savepoint=SAVEPOINT] [GCLOUD_WIDE_FLAG ...] + [-- JOB_ARGS ...] + +DESCRIPTION + (ALPHA) Submit a Flink job to a cluster. + +EXAMPLES + To submit a Flink job that runs the main class of a jar, run: + + $ gcloud alpha dataproc jobs submit flink --cluster=my-cluster \ + --region=us-central1 --jar=my_jar.jar -- arg1 arg2 + + To submit a Flink job that runs a specific class as an entrypoint: + + $ gcloud alpha dataproc jobs submit flink --cluster=my-cluster \ + --region=us-central1 --class=org.my.main.Class \ + --jars=my_jar.jar -- arg1 arg2 + + To submit a Flink job that runs a jar that is on the cluster, run: + + $ gcloud alpha dataproc jobs submit flink --cluster=my-cluster \ + --region=us-central1 \ + --jar=/usr/lib/flink/examples/streaming/TopSpeedWindowing.jar + +POSITIONAL ARGUMENTS + [-- JOB_ARGS ...] + The job arguments to pass. + + The '--' argument must be specified between gcloud specific args on the + left and JOB_ARGS on the right. + +REQUIRED FLAGS + Exactly one of these must be specified: + + --class=MAIN_CLASS + The class containing the main method of the driver. Must be in a + provided jar or jar that is already on the classpath + + --jar=MAIN_JAR + The HCFS URI of jar file containing the driver jar. + + Exactly one of these must be specified: + + --cluster=CLUSTER + The Dataproc cluster to submit the job to. + + --cluster-labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + Labels of Dataproc cluster on which to place the job. + +OPTIONAL FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --bucket=BUCKET + The Cloud Storage bucket to stage files in. Defaults to the cluster's + configured bucket. + + --driver-log-levels=[PACKAGE=LEVEL,...] + List of package to log4j log level pairs to configure driver logging. + For example: root=FATAL,com.example=INFO. + + --jars=[JAR,...] + Comma-separated list of jar files to provide to the task manager + classpaths. + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + --max-failures-per-hour=MAX_FAILURES_PER_HOUR + Specifies the maximum number of times a job can be restarted per hour + in event of failure. Default is 0 (no retries after job failure). + + --max-failures-total=MAX_FAILURES_TOTAL + Specifies the maximum total number of times a job can be restarted + after the job fails. Default is 0 (no retries after job failure). + + --properties=[PROPERTY=VALUE,...] + List of key=value pairs to configure Flink. For a list of available + properties, see: + https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/config/. + + --properties-file=PROPERTIES_FILE + Path to a local file or a file in a Cloud Storage bucket containing + configuration properties for the job. The client machine running this + command must have read permission to the file. + + Specify properties in the form of property=value in the text file. For + example: + + # Properties to set for the job: + key1=value1 + key2=value2 + # Comment out properties not used. + # key3=value3 + + If a property is set in both --properties and --properties-file, the + value defined in --properties takes precedence. + + --region=REGION + Dataproc region to use. Each Dataproc region constitutes an independent + resource namespace constrained to deploying instances into Compute + Engine zones inside the region. Overrides the default dataproc/region + property value for this command invocation. + + --savepoint=SAVEPOINT + HCFS URI of the savepoint that is used to refer to the state of the + previously stopped job. The new job will resume previous state from + there. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: + + $ gcloud dataproc jobs submit flink + + $ gcloud beta dataproc jobs submit flink + diff --git a/gcloud/alpha/dataproc/jobs/submit/help b/gcloud/alpha/dataproc/jobs/submit/help index 5d17093db..df553b3fb 100644 --- a/gcloud/alpha/dataproc/jobs/submit/help +++ b/gcloud/alpha/dataproc/jobs/submit/help @@ -63,6 +63,9 @@ GCLOUD WIDE FLAGS COMMANDS COMMAND is one of the following: + flink + (ALPHA) Submit a Flink job to a cluster. + hadoop (ALPHA) Submit a Hadoop job to a cluster. diff --git a/gcloud/alpha/filestore/instances/create b/gcloud/alpha/filestore/instances/create index 75d24a0d7..82fd733f1 100644 --- a/gcloud/alpha/filestore/instances/create +++ b/gcloud/alpha/filestore/instances/create @@ -118,9 +118,9 @@ REQUIRED FLAGS A list of IPv4 addresses or CIDR ranges that are allowed to mount the file share. IPv4 addresses format: {octet 1}.{octet 2}.{octet 3}.{octet 4}. CIDR range format: {octet 1}.{octet 2}.{octet - 3}.{octet 4}/{mask size}. Overlapping IP ranges, even across - NfsExportOptions, are not allowed and will return an error. The - limit of IP ranges/addresses for each FileShareConfig among all + 3}.{octet 4}/{mask size}. Overlapping IP ranges are allowed for all + tiers other than BASIC_HDD and BASIC_SSD. The limit of IP + ranges/addresses for each FileShareConfig among all NfsExportOptions is 64 per instance. access-mode diff --git a/gcloud/alpha/filestore/instances/update b/gcloud/alpha/filestore/instances/update index 267e60be0..def817de2 100644 --- a/gcloud/alpha/filestore/instances/update +++ b/gcloud/alpha/filestore/instances/update @@ -132,9 +132,9 @@ FLAGS A list of IPv4 addresses or CIDR ranges that are allowed to mount the file share. IPv4 addresses format: {octet 1}.{octet 2}.{octet 3}.{octet 4}. CIDR range format: {octet 1}.{octet 2}.{octet - 3}.{octet 4}/{mask size}. Overlapping IP ranges, even across - NfsExportOptions, are not allowed and will return an error. The - limit of IP ranges/addresses for each FileShareConfig among all + 3}.{octet 4}/{mask size}. Overlapping IP ranges are allowed for all + tiers other than BASIC_HDD and BASIC_SSD. The limit of IP + ranges/addresses for each FileShareConfig among all NfsExportOptions is 64 per instance. access-mode diff --git a/gcloud/alpha/infra-manager/deployments/apply b/gcloud/alpha/infra-manager/deployments/apply index f5e7ffc04..769afb86f 100644 --- a/gcloud/alpha/infra-manager/deployments/apply +++ b/gcloud/alpha/infra-manager/deployments/apply @@ -9,12 +9,11 @@ SYNOPSIS [--import-existing-resources=IMPORT_EXISTING_RESOURCES] [--labels=[KEY=VALUE,...]] [--service-account=SERVICE_ACCOUNT] [--worker-pool=WORKER_POOL] - [--input-values=[KEY=VALUE,...] --gcs-source=GCS_SOURCE - | --git-source-directory=GIT_SOURCE_DIRECTORY + [--gcs-source=GCS_SOURCE | --git-source-directory=GIT_SOURCE_DIRECTORY --git-source-ref=GIT_SOURCE_REF --git-source-repo=GIT_SOURCE_REPO - | --ignore-file=IGNORE_FILE - --local-source=LOCAL_SOURCE --stage-bucket=STAGE_BUCKET] - [GCLOUD_WIDE_FLAG ...] + | --ignore-file=IGNORE_FILE --local-source=LOCAL_SOURCE + --stage-bucket=STAGE_BUCKET --input-values=[KEY=VALUE,...] + | --inputs-file=INPUTS_FILE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) This command updates a deployment when it already exists, otherwise @@ -130,19 +129,6 @@ FLAGS execute. Format: projects/{project}/locations/{location}/workerPools/{workerPoolId} - --input-values=[KEY=VALUE,...] - Input variable values for the Terraform blueprint. It only accepts - (key, value) pairs where value is a scalar value. - - Examples: - - Pass input values on command line: - - $ gcloud alpha infra-manager deployments apply \ - projects/p1/location/us-central1/deployments/my-deployment \ - --gcs-source="gs://my-bucket" \ - --input-values=projects=p1,region=r - At most one of these can be specified: --gcs-source=GCS_SOURCE @@ -240,6 +226,34 @@ FLAGS --local-source="./path/to/blueprint" \ --stage-bucket="gs://my-bucket" + At most one of these can be specified: + + --input-values=[KEY=VALUE,...] + Input variable values for the Terraform blueprint. It only accepts + (key, value) pairs where value is a scalar value. + + Examples: + + Pass input values on command line: + + $ gcloud alpha infra-manager deployments apply \ + projects/p1/location/us-central1/deployments/my-deployment \ + --gcs-source="gs://my-bucket" \ + --input-values=projects=p1,region=r + + --inputs-file=INPUTS_FILE + A .tfvars file containing terraform variable values. --inputs-file + flag is supported for python version 3.6 and above. + + Examples: + + Pass input values on the command line: + + $ gcloud alpha infra-manager deployments apply \ + projects/p1/location/us-central1/deployments/my-deployment \ + --gcs-source="gs://my-bucket" \ + --inputs-file=path-to-tfvar-file.tfvar + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/alpha/infra-manager/deployments/export-lock b/gcloud/alpha/infra-manager/deployments/export-lock new file mode 100644 index 000000000..c97b5b428 --- /dev/null +++ b/gcloud/alpha/infra-manager/deployments/export-lock @@ -0,0 +1,65 @@ +NAME + gcloud alpha infra-manager deployments export-lock - exports lock info of a + deployment + +SYNOPSIS + gcloud alpha infra-manager deployments export-lock + (DEPLOYMENT : --location=LOCATION) [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) This command exports lock info of a deployment. + +EXAMPLES + Export lock info for deployment + projects/p1/locations/us-central1/deployments/my-deployment: + + $ gcloud alpha infra-manager deployments export-lock \ + projects/p1/location/us-central1/deployments/my-deployment + +POSITIONAL ARGUMENTS + Deployment resource - the deployment to be used as parent. The arguments + in this group can be used to specify the attributes of this resource. + (NOTE) Some attributes are not given arguments in this group but can be + set in other ways. + + To set the project attribute: + ◆ provide the argument DEPLOYMENT on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOYMENT + ID of the deployment or fully qualified identifier for the + deployment. + + To set the deployment attribute: + ▸ provide the argument DEPLOYMENT on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The Cloud location for the deployment. + + To set the location attribute: + ▸ provide the argument DEPLOYMENT on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property blueprints/location. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/infra-manager/deployments/export-statefile b/gcloud/alpha/infra-manager/deployments/export-statefile new file mode 100644 index 000000000..3cfc8ba85 --- /dev/null +++ b/gcloud/alpha/infra-manager/deployments/export-statefile @@ -0,0 +1,70 @@ +NAME + gcloud alpha infra-manager deployments export-statefile - export a + terraform state file + +SYNOPSIS + gcloud alpha infra-manager deployments export-statefile + (DEPLOYMENT : --location=LOCATION) [--draft] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) This command generates a signed url to download a terraform state + file. + +EXAMPLES + Export state file for my-deployment: + + $ gcloud alpha infra-manager deployments export-statefile \ + projects/p1/location/us-central1/deployments/my-deployment + +POSITIONAL ARGUMENTS + Deployment resource - the deployment to be used as parent. The arguments + in this group can be used to specify the attributes of this resource. + (NOTE) Some attributes are not given arguments in this group but can be + set in other ways. + + To set the project attribute: + ◆ provide the argument DEPLOYMENT on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOYMENT + ID of the deployment or fully qualified identifier for the + deployment. + + To set the deployment attribute: + ▸ provide the argument DEPLOYMENT on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The Cloud location for the deployment. + + To set the location attribute: + ▸ provide the argument DEPLOYMENT on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property blueprints/location. + +FLAGS + --draft + If this flag is set to true, the exported deployment state file will be + the draft state + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/infra-manager/deployments/help b/gcloud/alpha/infra-manager/deployments/help index f65351147..217d88401 100644 --- a/gcloud/alpha/infra-manager/deployments/help +++ b/gcloud/alpha/infra-manager/deployments/help @@ -24,9 +24,24 @@ COMMANDS describe (ALPHA) Describe deployments. + export-lock + (ALPHA) Exports lock info of a deployment. + + export-statefile + (ALPHA) Export a terraform state file. + + import-statefile + (ALPHA) Import a terraform state file. + list (ALPHA) List deployments. + lock + (ALPHA) Locks the deployment. + + unlock + (ALPHA) Unlocks the deployment. + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/infra-manager/deployments/import-statefile b/gcloud/alpha/infra-manager/deployments/import-statefile new file mode 100644 index 000000000..dc09576f2 --- /dev/null +++ b/gcloud/alpha/infra-manager/deployments/import-statefile @@ -0,0 +1,71 @@ +NAME + gcloud alpha infra-manager deployments import-statefile - import a + terraform state file + +SYNOPSIS + gcloud alpha infra-manager deployments import-statefile + (DEPLOYMENT : --location=LOCATION) --lock-id=LOCK_ID + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) This command generates a signed url to upload a terraform state + file. + +EXAMPLES + Import state file for my-deployment with lock-id 1658343229583347: + + $ gcloud alpha infra-manager deployments import-statefile \ + projects/p1/location/us-central1/deployments/my-deployment \ + --lock-id=1658343229583347 + +POSITIONAL ARGUMENTS + Deployment resource - the deployment to be used as parent. The arguments + in this group can be used to specify the attributes of this resource. + (NOTE) Some attributes are not given arguments in this group but can be + set in other ways. + + To set the project attribute: + ◆ provide the argument DEPLOYMENT on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOYMENT + ID of the deployment or fully qualified identifier for the + deployment. + + To set the deployment attribute: + ▸ provide the argument DEPLOYMENT on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The Cloud location for the deployment. + + To set the location attribute: + ▸ provide the argument DEPLOYMENT on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property blueprints/location. + +REQUIRED FLAGS + --lock-id=LOCK_ID + Lock ID of the lock file to verify person importing owns lock. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/infra-manager/deployments/lock b/gcloud/alpha/infra-manager/deployments/lock new file mode 100644 index 000000000..94937a64d --- /dev/null +++ b/gcloud/alpha/infra-manager/deployments/lock @@ -0,0 +1,68 @@ +NAME + gcloud alpha infra-manager deployments lock - locks the deployment + +SYNOPSIS + gcloud alpha infra-manager deployments lock + (DEPLOYMENT : --location=LOCATION) [--async] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) This command locks the deployment and generates a lockId. + +EXAMPLES + Lock deployment my-deployment under project p1 and location us-central1: + + $ gcloud alpha infra-manager deployments lock \ + projects/p1/location/us-central1/deployments/my-deployment + +POSITIONAL ARGUMENTS + Deployment resource - the deployment to be used as parent. The arguments + in this group can be used to specify the attributes of this resource. + (NOTE) Some attributes are not given arguments in this group but can be + set in other ways. + + To set the project attribute: + ◆ provide the argument DEPLOYMENT on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOYMENT + ID of the deployment or fully qualified identifier for the + deployment. + + To set the deployment attribute: + ▸ provide the argument DEPLOYMENT on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The Cloud location for the deployment. + + To set the location attribute: + ▸ provide the argument DEPLOYMENT on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property blueprints/location. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/infra-manager/deployments/unlock b/gcloud/alpha/infra-manager/deployments/unlock new file mode 100644 index 000000000..2210c7876 --- /dev/null +++ b/gcloud/alpha/infra-manager/deployments/unlock @@ -0,0 +1,80 @@ +NAME + gcloud alpha infra-manager deployments unlock - unlocks the deployment + +SYNOPSIS + gcloud alpha infra-manager deployments unlock + (DEPLOYMENT : --location=LOCATION) --lock-id=LOCK_ID [--async] + [--disable-validate-update] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) This command releases the lock on deployment. + +EXAMPLES + Unlock deployment my-deployment under project p1 and location us-central1 + with lock-id 1234: + + $ gcloud alpha infra-manager deployments unlock \ + projects/p1/location/us-central1/deployments/my-deployment \ + --lock-id=1234 + +POSITIONAL ARGUMENTS + Deployment resource - the deployment to be used as parent. The arguments + in this group can be used to specify the attributes of this resource. + (NOTE) Some attributes are not given arguments in this group but can be + set in other ways. + + To set the project attribute: + ◆ provide the argument DEPLOYMENT on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DEPLOYMENT + ID of the deployment or fully qualified identifier for the + deployment. + + To set the deployment attribute: + ▸ provide the argument DEPLOYMENT on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The Cloud location for the deployment. + + To set the location attribute: + ▸ provide the argument DEPLOYMENT on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property blueprints/location. + +REQUIRED FLAGS + --lock-id=LOCK_ID + Lock ID of the lock file to verify person importing owns lock. + +OPTIONAL FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --disable-validate-update + If this flag is set to true, the unlock mechanism will only unlock the + deployment instead of validating the state file and triggering an + update deployment workflow. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/infra-manager/revisions/export-statefile b/gcloud/alpha/infra-manager/revisions/export-statefile new file mode 100644 index 000000000..83efce417 --- /dev/null +++ b/gcloud/alpha/infra-manager/revisions/export-statefile @@ -0,0 +1,74 @@ +NAME + gcloud alpha infra-manager revisions export-statefile - export a terraform + state file + +SYNOPSIS + gcloud alpha infra-manager revisions export-statefile + (REVISION : --deployment=DEPLOYMENT --location=LOCATION) + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) This command generates a signed url to download a terraform state + file. + +EXAMPLES + Export state file for revision + projects/p1/locations/l1/deployments/d1/revisions/r-0: + + $ gcloud alpha infra-manager revisions export-statefile \ + projects/p1/locations/l1/deployments/d1/revisions/r-0 + +POSITIONAL ARGUMENTS + Revision resource - the revision to be used as parent. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument REVISION on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + REVISION + ID of the revision or fully qualified identifier for the revision. + + To set the revision attribute: + ▸ provide the argument REVISION on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --deployment=DEPLOYMENT + The deployment for the revision. + + To set the deployment attribute: + ▸ provide the argument REVISION on the command line with a fully + specified name; + ▸ provide the argument --deployment on the command line. + + --location=LOCATION + The Cloud location for the revision. + + To set the location attribute: + ▸ provide the argument REVISION on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property blueprints/location. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/infra-manager/revisions/help b/gcloud/alpha/infra-manager/revisions/help index 2768e21b1..91c5c6c1a 100644 --- a/gcloud/alpha/infra-manager/revisions/help +++ b/gcloud/alpha/infra-manager/revisions/help @@ -18,6 +18,9 @@ COMMANDS describe (ALPHA) Describe revisions. + export-statefile + (ALPHA) Export a terraform state file. + list (ALPHA) List revisions. diff --git a/gcloud/alpha/kms/help b/gcloud/alpha/kms/help index 72b37ffd6..47db6d5fb 100644 --- a/gcloud/alpha/kms/help +++ b/gcloud/alpha/kms/help @@ -71,6 +71,12 @@ COMMANDS mac-verify (ALPHA) Verify a user signature file using a MAC key version. + raw-decrypt + (ALPHA) Decrypt a ciphertext file using a raw key. + + raw-encrypt + (ALPHA) Encrypt a plaintext file using a raw key. + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/kms/inventory/search-protected-resources b/gcloud/alpha/kms/inventory/search-protected-resources index ad59e6f63..51ae5de23 100644 --- a/gcloud/alpha/kms/inventory/search-protected-resources +++ b/gcloud/alpha/kms/inventory/search-protected-resources @@ -6,8 +6,9 @@ SYNOPSIS gcloud alpha kms inventory search-protected-resources --scope=ORGANIZATION_ID (--keyname=KEYNAME : --keyring=KEYRING --location=LOCATION) - [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] - [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] + [--resource-types=[RESOURCE_TYPES,...]] [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) gcloud alpha kms inventory search-protected-resources returns a @@ -61,6 +62,23 @@ REQUIRED FLAGS specified name; ▸ provide the argument --location on the command line. +FLAGS + --resource-types=[RESOURCE_TYPES,...] + A list of resource types that this request searches for. If empty, it + will search all the trackable resource types + (https://cloud.google.com/kms/docs/view-key-usage#tracked-resource-types). + + Regular expressions are also supported. For example: + + ◆ compute.googleapis.com.* snapshots resources whose type starts with + compute.googleapis.com. + ◆ .*Image snapshots resources whose type ends with Image. + ◆ .*Image.* snapshots resources whose type contains Image. + + See RE2 (https://github.com/google/re2/wiki/Syntax) for all supported + regular expression syntax. If the regular expression does not match any + supported resource type, an INVALID_ARGUMENT error will be returned. + LIST COMMAND FLAGS --filter=EXPRESSION Apply a Boolean filter EXPRESSION to each resource item to be listed. diff --git a/gcloud/alpha/kms/raw-decrypt b/gcloud/alpha/kms/raw-decrypt new file mode 100644 index 000000000..bd170e41b --- /dev/null +++ b/gcloud/alpha/kms/raw-decrypt @@ -0,0 +1,98 @@ +NAME + gcloud alpha kms raw-decrypt - decrypt a ciphertext file using a raw key + +SYNOPSIS + gcloud alpha kms raw-decrypt --ciphertext-file=CIPHERTEXT_FILE + --plaintext-file=PLAINTEXT_FILE + [--additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE] + [--initialization-vector-file=INITIALIZATION_VECTOR_FILE] [--key=KEY] + [--keyring=KEYRING] [--location=LOCATION] + [--skip-integrity-verification] [--version=VERSION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) gcloud alpha kms raw-decrypt decrypts the given ciphertext file + using the given CryptoKey containing a raw key and writes the result to the + named plaintext file. The ciphertext file must not be larger than 64KiB. + + The supported algorithms are: AES-128-GCM, AES-256-GCM, AES-128-CBC, + AES-256-CBC, AES-128-CTR, and AES-256-CTR. + + AES-GCM provides authentication which means that it accepts additional + authenticated data (AAD). So, the flag --additional-authenticated-data-file + is only valid with AES-128-GCM and AES-256-GCM algorithms. If AAD is + provided during encryption, it must be provided during decryption too. The + file must not be larger than 64KiB. + + If --plaintext-file or --additional-authenticated-data-file or + --initialization-vector-file is set to '-', that file is read from stdin. + Similarly, if --ciphertext-file is set to '-', the ciphertext is written to + stdout. + + By default, the command performs integrity verification on data sent to and + received from Cloud KMS. Use --skip-integrity-verification to disable + integrity verification. + +EXAMPLES + The following command reads and decrypts the file path/to/input/ciphertext. + The file will be decrypted using the CryptoKey KEYNAME containing a raw + key, from the KeyRing KEYRING in the global location. It uses the + additional authenticated data file path/to/input/aad (only valid with the + AES-GCM algorithms) and the initialization vector file path/to/input/iv. + The resulting plaintext will be written to path/to/output/plaintext. + + $ gcloud alpha kms raw-decrypt --key=KEYNAME --keyring=KEYRING \ + --location=global --ciphertext-file=path/to/input/ciphertext \ + --additional-authenticated-data-file=path/to/input/aad \ + --initialization-vector-file=path/to/input/iv \ + --plaintext-file=path/to/output/plaintext + +REQUIRED FLAGS + --ciphertext-file=CIPHERTEXT_FILE + File path of the ciphertext file to decrypt. + + --plaintext-file=PLAINTEXT_FILE + File path of the plaintext file to store the decrypted data. + +OPTIONAL FLAGS + --additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE + File path to the optional file containing the additional authenticated + data. + + --initialization-vector-file=INITIALIZATION_VECTOR_FILE + File path to the optional file containing the initialization vector for + decryption. + + --key=KEY + The (raw) key to use for decryption. + + --keyring=KEYRING + Key ring of the key. + + --location=LOCATION + Location of the keyring. + + --skip-integrity-verification + Skip integrity verification on request and response API fields. + + --version=VERSION + Version to use for decryption. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: + + $ gcloud kms raw-decrypt + + $ gcloud beta kms raw-decrypt + diff --git a/gcloud/alpha/kms/raw-encrypt b/gcloud/alpha/kms/raw-encrypt new file mode 100644 index 000000000..a10517ddc --- /dev/null +++ b/gcloud/alpha/kms/raw-encrypt @@ -0,0 +1,117 @@ +NAME + gcloud alpha kms raw-encrypt - encrypt a plaintext file using a raw key + +SYNOPSIS + gcloud alpha kms raw-encrypt --ciphertext-file=CIPHERTEXT_FILE + --plaintext-file=PLAINTEXT_FILE + [--additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE] + [--initialization-vector-file=INITIALIZATION_VECTOR_FILE] [--key=KEY] + [--keyring=KEYRING] [--location=LOCATION] + [--skip-integrity-verification] [--version=VERSION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Encrypts the given plaintext file using the given CryptoKey + containing a raw key and writes the result to the named ciphertext file. + The plaintext file must not be larger than 64KiB. For the AES-CBC + algorithms, no server-side padding is being done, so the plaintext must be + a multiple of the block size. + + The supported algorithms are: AES-128-GCM, AES-256-GCM, AES-128-CBC, + AES-256-CBC, AES-128-CTR, and AES-256-CTR. + + AES-GCM provides authentication which means that it accepts additional + authenticated data (AAD). So, the flag --additional-authenticated-data-file + is only valid with AES-128-GCM and AES-256-GCM algorithms. + + The initialization vector (flag --initialization-vector-file) is only + supported for AES-CBC and AES-CTR algorithms, and must be 16B in length. + + Therefore, both additional authenticated data and initialization vector + can't be provided during encryption. If an additional authenticated data + file is provided, its contents must also be provided during decryption. The + file must not be larger than 64KiB. + + The flag --version indicates the version of the key to use for encryption. + + If --plaintext-file or --additional-authenticated-data-file or + --initialization-vector-file is set to '-', that file is read from stdin. + Similarly, if --ciphertext-file is set to '-', the ciphertext is written to + stdout. + + By default, the command performs integrity verification on data sent to and + received from Cloud KMS. Use --skip-integrity-verification to disable + integrity verification. + +EXAMPLES + The following command reads and encrypts the file path/to/input/plaintext. + The file will be encrypted using the AES-GCM CryptoKey KEYNAME from the + KeyRing KEYRING in the global location using the additional authenticated + data file path/to/input/aad. The resulting ciphertext will be written to + path/to/output/ciphertext. + + $ gcloud alpha kms raw-encrypt --key=KEYNAME --keyring=KEYRING \ + --location=global --plaintext-file=path/to/input/plaintext \ + --additional-authenticated-data-file=path/to/input/aad \ + --ciphertext-file=path/to/output/ciphertext + + The following command reads and encrypts the file path/to/input/plaintext. + The file will be encrypted using the AES-CBC CryptoKey KEYNAME from the + KeyRing KEYRING in the global location using the initialization vector + stored at path/to/input/aad. The resulting ciphertext will be written to + path/to/output/ciphertext. + + $ gcloud alpha kms raw-encrypt --key=KEYNAME --keyring=KEYRING \ + --location=global --plaintext-file=path/to/input/plaintext \ + --initialization-vector-file=path/to/input/iv \ + --ciphertext-file=path/to/output/ciphertext + +REQUIRED FLAGS + --ciphertext-file=CIPHERTEXT_FILE + File path of the ciphertext file to output. + + --plaintext-file=PLAINTEXT_FILE + File path of the plaintext file to encrypt. + +OPTIONAL FLAGS + --additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE + File path to the optional file containing the additional authenticated + data. + + --initialization-vector-file=INITIALIZATION_VECTOR_FILE + File path to the optional file containing the initialization vector for + encryption. + + --key=KEY + The key to use for encryption. + + --keyring=KEYRING + Key ring of the key. + + --location=LOCATION + Location of the keyring. + + --skip-integrity-verification + Skip integrity verification on request and response API fields. + + --version=VERSION + Version to use for encryption. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: + + $ gcloud kms raw-encrypt + + $ gcloud beta kms raw-encrypt + diff --git a/gcloud/alpha/network-connectivity/internal-ranges/update b/gcloud/alpha/network-connectivity/internal-ranges/update index 9b14923ec..ccf787aeb 100644 --- a/gcloud/alpha/network-connectivity/internal-ranges/update +++ b/gcloud/alpha/network-connectivity/internal-ranges/update @@ -4,9 +4,10 @@ NAME SYNOPSIS gcloud alpha network-connectivity internal-ranges update - (INTERNAL_RANGE : --region=REGION) - (--ip-cidr-range=IP_CIDR_RANGE | --prefix-length=PREFIX_LENGTH) - [--async] [GCLOUD_WIDE_FLAG ...] + (INTERNAL_RANGE : --region=REGION) [--async] + [--clear-overlaps | --overlaps=[OVERLAPS,...]] + [--ip-cidr-range=IP_CIDR_RANGE | --prefix-length=PREFIX_LENGTH] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Update the details of an internal range. @@ -55,8 +56,25 @@ POSITIONAL ARGUMENTS ▸ provide the argument --region on the command line; ▸ use default global location . -REQUIRED FLAGS - Exactly one of these must be specified: +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + At most one of these can be specified: + + --clear-overlaps + Clear existing overlap fields for the range. + + --overlaps=[OVERLAPS,...] + Overlap specifications for the range being updated. OVERLAPS must be + (only one value is supported): + + overlap-route-range + Allows for creation or existence of routes that have a more + specific destination than the created range. + + At most one of these can be specified: --ip-cidr-range=IP_CIDR_RANGE IP range that this internal range defines. @@ -65,11 +83,6 @@ REQUIRED FLAGS An alternative to ip-cidr-range. Can be set when trying to create a reservation that automatically finds a free range of the given size. -OPTIONAL FLAGS - --async - Return immediately, without waiting for the operation in progress to - complete. - GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/alpha/network-security/security-profile-groups/create b/gcloud/alpha/network-security/security-profile-groups/create index 44c8d7a9a..4904539a7 100644 --- a/gcloud/alpha/network-security/security-profile-groups/create +++ b/gcloud/alpha/network-security/security-profile-groups/create @@ -6,70 +6,120 @@ SYNOPSIS gcloud alpha network-security security-profile-groups create (SECURITY_PROFILE_GROUP : --location=LOCATION --organization=ORGANIZATION) - --threat-prevention-profile=THREAT_PREVENTION_PROFILE [--async] - [--description=DESCRIPTION] [GCLOUD_WIDE_FLAG ...] + (--threat-prevention-profile=THREAT_PREVENTION_PROFILE + : --security-profile-location=SECURITY_PROFILE_LOCATION + --security-profile-organization=SECURITY_PROFILE_ORGANIZATION) + [--async] [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Create a new Security Profile Group with the given name. EXAMPLES To create a Security Profile Group with the name my-security-profile-group, - with a fully specified threat prevention profile using - --threat-prevention-profile flag and optional description as optional - description, run: + with a threat prevention profile using --threat-prevention-profile flag and + optional description as optional description, run: $ gcloud alpha network-security security-profile-groups create \ - my-security-profile-group --organization=1234 \ - --location=global \ - --threat-prevention-profile=`organizations/1234/locations/\ + my-security-profile-group --organization=1234 \ + --location=global \ + --threat-prevention-profile=`organizations/1234/locations/\ global/securityProfiles/my-security-profile` \ --description='optional description' POSITIONAL ARGUMENTS - Security profile group resource - Name of the security profile group to be - created. The arguments in this group can be used to specify the attributes - of this resource. + Security profile group resource - Security Profile Group Name. The + arguments in this group can be used to specify the attributes of this + resource. This must be specified. SECURITY_PROFILE_GROUP - ID of the security profile group or fully qualified identifier for - the security profile group. + ID of the security_profile_group or fully qualified identifier for + the security_profile_group. To set the security_profile_group attribute: - ▸ provide the argument security_profile_group on the command line. + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line. This positional argument must be specified if any of the other arguments in this group are specified. --location=LOCATION - Location ID of the resource. + location of the security_profile_group - Global. To set the location attribute: - ▸ provide the argument security_profile_group on the command line + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line with a fully specified name; - ▸ provide the argument --location on the command line; - ▸ use default global location . + ▸ provide the argument --location on the command line. --organization=ORGANIZATION - Organization number. + Organization ID of Security Profile Group To set the organization attribute: - ▸ provide the argument security_profile_group on the command line + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line with a fully specified name; ▸ provide the argument --organization on the command line. REQUIRED FLAGS - --threat-prevention-profile=THREAT_PREVENTION_PROFILE - Name of the security profile of type threat prevention. + Security Profile resource - Path to Security Profile resource. The + arguments in this group can be used to specify the attributes of this + resource. + + This must be specified. + + --threat-prevention-profile=THREAT_PREVENTION_PROFILE + ID of the Security Profile or fully qualified identifier for the + Security Profile. + + To set the security_profile attribute: + ▸ provide the argument --threat-prevention-profile on the command + line. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --security-profile-location=SECURITY_PROFILE_LOCATION + Location of the Security Profile. NOTE: Only global security profiles + are supported. + + To set the security-profile-location attribute: + ▸ provide the argument --threat-prevention-profile on the command + line with a fully specified name; + ▸ provide the argument --security-profile-location on the command + line; + ▸ provide the argument --location on the command line; + ▸ provide the argument + networksecurity.organizations.locations.securityProfileGroups on + the command line with a fully specified name. + + --security-profile-organization=SECURITY_PROFILE_ORGANIZATION + Organization ID of the Security Profile. + + To set the security-profile-organization attribute: + ▸ provide the argument --threat-prevention-profile on the command + line with a fully specified name; + ▸ provide the argument --security-profile-organization on the + command line; + ▸ provide the argument --organization on the command line; + ▸ provide the argument + networksecurity.organizations.locations.securityProfileGroups on + the command line with a fully specified name. OPTIONAL FLAGS --async Return immediately, without waiting for the operation in progress to - complete. + complete. The default is False. --description=DESCRIPTION - Description of the security profile group. + Brief description of the security profile group + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, @@ -79,10 +129,6 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. -API REFERENCE - This command uses the networksecurity/v1alpha1 API. The full documentation - for this API can be found at: https://cloud.google.com/networking - NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/network-security/security-profile-groups/delete b/gcloud/alpha/network-security/security-profile-groups/delete index 5d9b01248..f6da8b291 100644 --- a/gcloud/alpha/network-security/security-profile-groups/delete +++ b/gcloud/alpha/network-security/security-profile-groups/delete @@ -25,8 +25,8 @@ POSITIONAL ARGUMENTS This must be specified. SECURITY_PROFILE_GROUP - ID of the security profile group or fully qualified identifier for - the security profile group. + ID of the security_profile_group or fully qualified identifier for + the security_profile_group. To set the security_profile_group attribute: ▸ provide the argument security_profile_group on the command line. diff --git a/gcloud/alpha/network-security/security-profile-groups/describe b/gcloud/alpha/network-security/security-profile-groups/describe index 51168c879..78c1e3377 100644 --- a/gcloud/alpha/network-security/security-profile-groups/describe +++ b/gcloud/alpha/network-security/security-profile-groups/describe @@ -26,8 +26,8 @@ POSITIONAL ARGUMENTS This must be specified. SECURITY_PROFILE_GROUP - ID of the security profile group or fully qualified identifier for - the security profile group. + ID of the security_profile_group or fully qualified identifier for + the security_profile_group. To set the security_profile_group attribute: ▸ provide the argument security_profile_group on the command line. diff --git a/gcloud/alpha/network-security/security-profile-groups/update b/gcloud/alpha/network-security/security-profile-groups/update index 403040dba..4b5b709ca 100644 --- a/gcloud/alpha/network-security/security-profile-groups/update +++ b/gcloud/alpha/network-security/security-profile-groups/update @@ -6,68 +6,139 @@ SYNOPSIS gcloud alpha network-security security-profile-groups update (SECURITY_PROFILE_GROUP : --location=LOCATION --organization=ORGANIZATION) [--async] - [--description=DESCRIPTION] - [--threat-prevention-profile=THREAT_PREVENTION_PROFILE] + [--description=DESCRIPTION] [--update-labels=[KEY=VALUE,...]] + [--clear-labels | --remove-labels=[KEY,...]] + [--threat-prevention-profile=THREAT_PREVENTION_PROFILE + : --security-profile-location=SECURITY_PROFILE_LOCATION + --security-profile-organization=SECURITY_PROFILE_ORGANIZATION] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Update the details of a Security Profile Group. + (ALPHA) Update details of a Security Profile Group. EXAMPLES To update a Security Profile Group with new threat prevention profile my-new-security-profile, run: $ gcloud alpha network-security security-profile-groups update \ - my-security-profile-group --organization=1234 \ - --location=global \ - --threat-prevention-profile=`organizations/1234/locations/\ + my-security-profile-group --organization=1234 \ + --location=global \ + --threat-prevention-profile=`organizations/1234/locations/\ global/securityProfiles/my-new-security-profile` \ --description='New Security Profile of type threat prevention' POSITIONAL ARGUMENTS - Security profile group resource - Name of the Security Profile Group to be - updated. The arguments in this group can be used to specify the attributes - of this resource. + Security profile group resource - Security Profile Group Name. The + arguments in this group can be used to specify the attributes of this + resource. This must be specified. SECURITY_PROFILE_GROUP - ID of the security profile group or fully qualified identifier for - the security profile group. + ID of the security_profile_group or fully qualified identifier for + the security_profile_group. To set the security_profile_group attribute: - ▸ provide the argument security_profile_group on the command line. + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line. This positional argument must be specified if any of the other arguments in this group are specified. --location=LOCATION - Location ID of the resource. + location of the security_profile_group - Global. To set the location attribute: - ▸ provide the argument security_profile_group on the command line + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line with a fully specified name; - ▸ provide the argument --location on the command line; - ▸ use default global location . + ▸ provide the argument --location on the command line. --organization=ORGANIZATION - Organization number. + Organization ID of Security Profile Group To set the organization attribute: - ▸ provide the argument security_profile_group on the command line + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line with a fully specified name; ▸ provide the argument --organization on the command line. FLAGS --async Return immediately, without waiting for the operation in progress to - complete. + complete. The default is False. --description=DESCRIPTION - New description of the Security Profile Group. + Brief description of the security profile group - --threat-prevention-profile=THREAT_PREVENTION_PROFILE - Name of the security profile of type threat prevention. + --update-labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to update. If a label exists, its value + is modified. Otherwise, a new label is created. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + At most one of these can be specified: + + --clear-labels + Remove all labels. If --update-labels is also specified then + --clear-labels is applied first. + + For example, to remove all labels: + + $ gcloud alpha network-security security-profile-groups update \ + --clear-labels + + To remove all existing labels and create two new labels, foo and baz: + + $ gcloud alpha network-security security-profile-groups update \ + --clear-labels --update-labels foo=bar,baz=qux + + --remove-labels=[KEY,...] + List of label keys to remove. If a label does not exist it is + silently ignored. If --update-labels is also specified then + --update-labels is applied first. + + Security Profile resource - Path to Security Profile resource. The + arguments in this group can be used to specify the attributes of this + resource. + + --threat-prevention-profile=THREAT_PREVENTION_PROFILE + ID of the Security Profile or fully qualified identifier for the + Security Profile. + + To set the security_profile attribute: + ▸ provide the argument --threat-prevention-profile on the command + line. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --security-profile-location=SECURITY_PROFILE_LOCATION + Location of the Security Profile. NOTE: Only global security profiles + are supported. + + To set the security-profile-location attribute: + ▸ provide the argument --threat-prevention-profile on the command + line with a fully specified name; + ▸ provide the argument --security-profile-location on the command + line; + ▸ provide the argument --location on the command line; + ▸ provide the argument + networksecurity.organizations.locations.securityProfileGroups on + the command line with a fully specified name. + + --security-profile-organization=SECURITY_PROFILE_ORGANIZATION + Organization ID of the Security Profile. + + To set the security-profile-organization attribute: + ▸ provide the argument --threat-prevention-profile on the command + line with a fully specified name; + ▸ provide the argument --security-profile-organization on the + command line; + ▸ provide the argument --organization on the command line; + ▸ provide the argument + networksecurity.organizations.locations.securityProfileGroups on + the command line with a fully specified name. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, @@ -77,10 +148,6 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. -API REFERENCE - This command uses the networksecurity/v1alpha1 API. The full documentation - for this API can be found at: https://cloud.google.com/networking - NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/notebooks/instances/create b/gcloud/alpha/notebooks/instances/create index 56bbe67d0..f670f75e9 100644 --- a/gcloud/alpha/notebooks/instances/create +++ b/gcloud/alpha/notebooks/instances/create @@ -170,8 +170,8 @@ OPTIONAL FLAGS complete. --instance-owners=INSTANCE_OWNERS - The owners of this instance after creation. Format: alias@example.com. - Currently supports one owner only. If not specified, all of the service + The owners of this instance after creation. Format:alias@example.com. + Currently supports one owner only.If not specified, all of the service account users of the VM instance's service account can use the instance. diff --git a/gcloud/alpha/pubsub/subscriptions/create b/gcloud/alpha/pubsub/subscriptions/create index 2b9cdf67d..7e4c2743f 100644 --- a/gcloud/alpha/pubsub/subscriptions/create +++ b/gcloud/alpha/pubsub/subscriptions/create @@ -174,7 +174,11 @@ OPTIONAL FLAGS --write-metadata Whether or not to write message metadata including message ID, - publish timestamp, ordering key, and attributes to BigQuery. + publish timestamp, ordering key, and attributes to BigQuery. The + subscription name, message_id, and publish_time fields are put in + their own columns while all other message properties other than + data (for example, an ordering_key, if present) are written to a + JSON object in the attributes column. Cloud Storage Config Options. The Cloud Pub/Sub service account associated with the enclosing subscription's parent project (i.e., @@ -216,7 +220,11 @@ OPTIONAL FLAGS --cloud-storage-write-metadata Whether or not to write the subscription name, message_id, publish_time, attributes, and ordering_key as additional fields in - the output. This has an effect only for subscriptions with + the output. The subscription name, message_id, and publish_time + fields are put in their own fields while all other message + properties other than data (for example, an ordering_key, if + present) are added as entries in the attributes map. This has an + effect only for subscriptions with --cloud-storage-output-format=avro. Dead Letter Queue Options. The Cloud Pub/Sub service account associated diff --git a/gcloud/alpha/pubsub/subscriptions/update b/gcloud/alpha/pubsub/subscriptions/update index 66819d25d..d163dc79e 100644 --- a/gcloud/alpha/pubsub/subscriptions/update +++ b/gcloud/alpha/pubsub/subscriptions/update @@ -144,7 +144,11 @@ FLAGS --write-metadata Whether or not to write message metadata including message ID, - publish timestamp, ordering key, and attributes to BigQuery. + publish timestamp, ordering key, and attributes to BigQuery. The + subscription name, message_id, and publish_time fields are put in + their own columns while all other message properties other than + data (for example, an ordering_key, if present) are written to a + JSON object in the attributes column. At most one of these can be specified: @@ -195,7 +199,11 @@ FLAGS --cloud-storage-write-metadata Whether or not to write the subscription name, message_id, publish_time, attributes, and ordering_key as additional fields - in the output. This has an effect only for subscriptions with + in the output. The subscription name, message_id, and + publish_time fields are put in their own fields while all other + message properties other than data (for example, an ordering_key, + if present) are added as entries in the attributes map. This has + an effect only for subscriptions with --cloud-storage-output-format=avro. At most one of these can be specified: diff --git a/gcloud/alpha/run/deploy b/gcloud/alpha/run/deploy index dddf8a6f0..3f60ff76c 100644 --- a/gcloud/alpha/run/deploy +++ b/gcloud/alpha/run/deploy @@ -38,7 +38,9 @@ SYNOPSIS --binary-authorization=POLICY | --clear-binary-authorization --clear-encryption-key-shutdown-hours | --encryption-key-shutdown-hours=ENCRYPTION_KEY_SHUTDOWN_HOURS - --clear-key | --key=KEY --clear-post-key-revocation-action-type + --clear-key | --key=KEY --clear-network + | --network=NETWORK --subnet=SUBNET --clear-network-tags + | --network-tags=[TAG,...] --clear-post-key-revocation-action-type | --post-key-revocation-action-type=POST_KEY_REVOCATION_ACTION_TYPE] [--region=REGION | --cluster=CLUSTER --cluster-location=CLUSTER_LOCATION @@ -503,6 +505,39 @@ FLAGS --key=KEY CMEK key reference to encrypt the container with. + At most one of these can be specified: + + --clear-network + Disconnect this Cloud Run Service from the Google Compute Engine + subnetwork it has connected to. + + Direct VPC egress setting flags group. + + --network=NETWORK + The Compute Engine network that the Cloud Run Service will + connect to. If --subnet is also specified, subnet must be a + subnetwork of the network specified by this --network flag. To + reset this field to its default, pass an empty string. + + --subnet=SUBNET + The Google Compute Engine subnetwork that the Cloud Run Service + will connect to. If --network is also specified, subnet must be a + subnetwork of the network specified by the --network flag. If + --network is not specified, network will be looked up from this + subnetwork. To reset this field to its default, pass an empty + string. + + At most one of these can be specified: + + --clear-network-tags + Clears all existing Compute Engine tags from the Cloud Run + Service. + + --network-tags=[TAG,...] + Applies the given Compute Engine tags (comma separated) on the + Cloud Run Service. To reset this field to its default, pass an + empty string. + At most one of these can be specified: --clear-post-key-revocation-action-type diff --git a/gcloud/alpha/run/jobs/create b/gcloud/alpha/run/jobs/create index 1954711c5..51857423e 100644 --- a/gcloud/alpha/run/jobs/create +++ b/gcloud/alpha/run/jobs/create @@ -14,6 +14,7 @@ SYNOPSIS [--vpc-connector=VPC_CONNECTOR] [--vpc-egress=VPC_EGRESS] [--async | --execute-now --wait] [--env-vars-file=FILE_PATH | --set-env-vars=[KEY=VALUE,...]] + [--network=NETWORK --network-tags=[TAG,...] --subnet=SUBNET] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -186,6 +187,25 @@ OPTIONAL FLAGS --set-env-vars=[KEY=VALUE,...] List of key-value pairs to set as environment variables. + Direct VPC egress setting flags group. + + --network=NETWORK + The Compute Engine network that the Cloud Run Job will connect to. If + --subnet is also specified, subnet must be a subnetwork of the + network specified by this --network flag. To reset this field to its + default, pass an empty string. + + --network-tags=[TAG,...] + Applies the given Compute Engine tags (comma separated) on the Cloud + Run Job. To reset this field to its default, pass an empty string. + + --subnet=SUBNET + The Google Compute Engine subnetwork that the Cloud Run Job will + connect to. If --network is also specified, subnet must be a + subnetwork of the network specified by the --network flag. If + --network is not specified, network will be looked up from this + subnetwork. To reset this field to its default, pass an empty string. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/alpha/run/jobs/deploy b/gcloud/alpha/run/jobs/deploy index c157c1283..ca9b6c3db 100644 --- a/gcloud/alpha/run/jobs/deploy +++ b/gcloud/alpha/run/jobs/deploy @@ -16,7 +16,10 @@ SYNOPSIS [--clear-env-vars | --env-vars-file=FILE_PATH | --set-env-vars=[KEY=VALUE,...] | --remove-env-vars=[KEY,...] --update-env-vars=[KEY=VALUE,...]] - [--image=IMAGE | --source=SOURCE] [GCLOUD_WIDE_FLAG ...] + [--clear-network + | --network=NETWORK --subnet=SUBNET --clear-network-tags + | --network-tags=[TAG,...]] [--image=IMAGE | --source=SOURCE] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Creates or updates a Cloud Run job. @@ -197,6 +200,38 @@ FLAGS --update-env-vars=[KEY=VALUE,...] List of key-value pairs to set as environment variables. + At most one of these can be specified: + + --clear-network + Disconnect this Cloud Run Job from the Google Compute Engine + subnetwork it has connected to. + + Direct VPC egress setting flags group. + + --network=NETWORK + The Compute Engine network that the Cloud Run Job will connect to. + If --subnet is also specified, subnet must be a subnetwork of the + network specified by this --network flag. To reset this field to + its default, pass an empty string. + + --subnet=SUBNET + The Google Compute Engine subnetwork that the Cloud Run Job will + connect to. If --network is also specified, subnet must be a + subnetwork of the network specified by the --network flag. If + --network is not specified, network will be looked up from this + subnetwork. To reset this field to its default, pass an empty + string. + + At most one of these can be specified: + + --clear-network-tags + Clears all existing Compute Engine tags from the Cloud Run Job. + + --network-tags=[TAG,...] + Applies the given Compute Engine tags (comma separated) on the + Cloud Run Job. To reset this field to its default, pass an empty + string. + At most one of these can be specified: --image=IMAGE diff --git a/gcloud/alpha/run/jobs/update b/gcloud/alpha/run/jobs/update index e044c328c..3dcaecebb 100644 --- a/gcloud/alpha/run/jobs/update +++ b/gcloud/alpha/run/jobs/update @@ -21,6 +21,9 @@ SYNOPSIS | --remove-env-vars=[KEY,...] --update-env-vars=[KEY=VALUE,...]] [--clear-labels | --remove-labels=[KEY,...] --labels=[KEY=VALUE,...] | --update-labels=[KEY=VALUE,...]] + [--clear-network + | --network=NETWORK --subnet=SUBNET --clear-network-tags + | --network-tags=[TAG,...]] [--clear-secrets | --set-secrets=[KEY=VALUE,...] | --remove-secrets=[KEY,...] --update-secrets=[KEY=VALUE,...]] [GCLOUD_WIDE_FLAG ...] @@ -246,6 +249,38 @@ FLAGS List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created. + At most one of these can be specified: + + --clear-network + Disconnect this Cloud Run Job from the Google Compute Engine + subnetwork it has connected to. + + Direct VPC egress setting flags group. + + --network=NETWORK + The Compute Engine network that the Cloud Run Job will connect to. + If --subnet is also specified, subnet must be a subnetwork of the + network specified by this --network flag. To reset this field to + its default, pass an empty string. + + --subnet=SUBNET + The Google Compute Engine subnetwork that the Cloud Run Job will + connect to. If --network is also specified, subnet must be a + subnetwork of the network specified by the --network flag. If + --network is not specified, network will be looked up from this + subnetwork. To reset this field to its default, pass an empty + string. + + At most one of these can be specified: + + --clear-network-tags + Clears all existing Compute Engine tags from the Cloud Run Job. + + --network-tags=[TAG,...] + Applies the given Compute Engine tags (comma separated) on the + Cloud Run Job. To reset this field to its default, pass an empty + string. + Specify secrets to mount or provide as environment variables. Keys starting with a forward slash '/' are mount paths. All other keys correspond to environment variables. Values should be in the form diff --git a/gcloud/alpha/run/services/replace b/gcloud/alpha/run/services/replace index 5ecabec43..bac0e33a1 100644 --- a/gcloud/alpha/run/services/replace +++ b/gcloud/alpha/run/services/replace @@ -3,8 +3,8 @@ NAME service specification SYNOPSIS - gcloud alpha run services replace FILE [--async] [--namespace=NAMESPACE] - [--platform=PLATFORM; default="managed"] + gcloud alpha run services replace FILE [--async] [--dry-run] + [--namespace=NAMESPACE] [--platform=PLATFORM; default="managed"] [--region=REGION | --cluster=CLUSTER --cluster-location=CLUSTER_LOCATION | --context=CONTEXT --kubeconfig=KUBECONFIG] [GCLOUD_WIDE_FLAG ...] @@ -27,6 +27,10 @@ FLAGS Return immediately, without waiting for the operation in progress to complete. + --dry-run + If set to true, only validates the configuration. The configuration + will not be applied. + Only applicable if connecting to Cloud Run for Anthos deployed on Google Cloud or Cloud Run for Anthos deployed on VMware. Specify --platform=gke or --platform=kubernetes to use: diff --git a/gcloud/alpha/run/services/update b/gcloud/alpha/run/services/update index d7ba2cf47..15036a143 100644 --- a/gcloud/alpha/run/services/update +++ b/gcloud/alpha/run/services/update @@ -27,7 +27,9 @@ SYNOPSIS --binary-authorization=POLICY | --clear-binary-authorization --clear-encryption-key-shutdown-hours | --encryption-key-shutdown-hours=ENCRYPTION_KEY_SHUTDOWN_HOURS - --clear-key | --key=KEY --clear-post-key-revocation-action-type + --clear-key | --key=KEY --clear-network + | --network=NETWORK --subnet=SUBNET --clear-network-tags + | --network-tags=[TAG,...] --clear-post-key-revocation-action-type | --post-key-revocation-action-type=POST_KEY_REVOCATION_ACTION_TYPE] [--clear-env-vars | --env-vars-file=FILE_PATH | --set-env-vars=[KEY=VALUE,...] @@ -336,6 +338,39 @@ FLAGS --key=KEY CMEK key reference to encrypt the container with. + At most one of these can be specified: + + --clear-network + Disconnect this Cloud Run Service from the Google Compute Engine + subnetwork it has connected to. + + Direct VPC egress setting flags group. + + --network=NETWORK + The Compute Engine network that the Cloud Run Service will + connect to. If --subnet is also specified, subnet must be a + subnetwork of the network specified by this --network flag. To + reset this field to its default, pass an empty string. + + --subnet=SUBNET + The Google Compute Engine subnetwork that the Cloud Run Service + will connect to. If --network is also specified, subnet must be a + subnetwork of the network specified by the --network flag. If + --network is not specified, network will be looked up from this + subnetwork. To reset this field to its default, pass an empty + string. + + At most one of these can be specified: + + --clear-network-tags + Clears all existing Compute Engine tags from the Cloud Run + Service. + + --network-tags=[TAG,...] + Applies the given Compute Engine tags (comma separated) on the + Cloud Run Service. To reset this field to its default, pass an + empty string. + At most one of these can be specified: --clear-post-key-revocation-action-type diff --git a/gcloud/alpha/storage/cp b/gcloud/alpha/storage/cp index 4830955b6..0ca1f3625 100644 --- a/gcloud/alpha/storage/cp +++ b/gcloud/alpha/storage/cp @@ -241,8 +241,7 @@ FLAGS At most one of these can be specified: --ignore-symlinks - Ignore file symlinks instead of copying what they point to. Symlinks - pointing to directories will always be ignored. + Ignore file symlinks instead of copying what they point to. --preserve-symlinks Preserve symlinks instead of copying what they point to. With this @@ -252,6 +251,8 @@ FLAGS downloaded while this feature is enabled, as described at https://cloud.google.com/storage-transfer/docs/metadata-preservation#posix_to. + Directory symlinks are only followed if this flag is specified. + CAUTION: No validation is applied to the symlink target paths. Once downloaded, preserved symlinks will point to whatever path was specified by the placeholder, regardless of the location or diff --git a/gcloud/alpha/storage/mv b/gcloud/alpha/storage/mv index 9df2e52d4..3ce7baf88 100644 --- a/gcloud/alpha/storage/mv +++ b/gcloud/alpha/storage/mv @@ -248,8 +248,7 @@ FLAGS At most one of these can be specified: --ignore-symlinks - Ignore file symlinks instead of copying what they point to. Symlinks - pointing to directories will always be ignored. + Ignore file symlinks instead of copying what they point to. --preserve-symlinks Preserve symlinks instead of copying what they point to. With this @@ -259,6 +258,8 @@ FLAGS downloaded while this feature is enabled, as described at https://cloud.google.com/storage-transfer/docs/metadata-preservation#posix_to. + Directory symlinks are only followed if this flag is specified. + CAUTION: No validation is applied to the symlink target paths. Once downloaded, preserved symlinks will point to whatever path was specified by the placeholder, regardless of the location or diff --git a/gcloud/alpha/storage/rm b/gcloud/alpha/storage/rm index 830bc6e9d..dade1a172 100644 --- a/gcloud/alpha/storage/rm +++ b/gcloud/alpha/storage/rm @@ -69,7 +69,7 @@ FLAGS thread count are set to 1). Parallelism is default. --read-paths-from-stdin, -I - Read the list of resources to remove from stdin. + Read the list of URLs from stdin. --recursive, -R, -r Recursively delete the contents of buckets or directories that match diff --git a/gcloud/alpha/storage/rsync b/gcloud/alpha/storage/rsync index 8a673b5d3..4a19cecee 100644 --- a/gcloud/alpha/storage/rsync +++ b/gcloud/alpha/storage/rsync @@ -174,9 +174,8 @@ FLAGS binary data, using this option may result in longer uploads. --ignore-symlinks - Ignore file symlinks instead of copying what they point to. Symlinks - pointing to directories will always be ignored. Enabled by default, use - --no-ignore-symlinks to disable. + Ignore file symlinks instead of copying what they point to. Enabled by + default, use --no-ignore-symlinks to disable. --preserve-posix, -P Causes POSIX attributes to be preserved when objects are copied. With diff --git a/gcloud/alpha/workstations/configs/create b/gcloud/alpha/workstations/configs/create index 820c3456a..5348be73c 100644 --- a/gcloud/alpha/workstations/configs/create +++ b/gcloud/alpha/workstations/configs/create @@ -12,6 +12,7 @@ SYNOPSIS [--container-run-as-user=CONTAINER_RUN_AS_USER] [--container-working-dir=CONTAINER_WORKING_DIR] [--disable-public-ip-addresses] [--enable-confidential-compute] + [--enable-nested-virtualization] [--idle-timeout=IDLE_TIMEOUT; default=7200] [--labels=[LABELS,...]] [--machine-type=MACHINE_TYPE; default="e2-standard-4"] [--network-tags=[NETWORK_TAGS,...]] @@ -138,6 +139,10 @@ FLAGS Default value is false. If set, instances will have confidential compute enabled. + --enable-nested-virtualization + Default value is false. If set, instances will have nested + virtualization enabled. + --idle-timeout=IDLE_TIMEOUT; default=7200 How long (in seconds) to wait before automatically stopping an instance that hasn't received any user traffic. A value of 0 indicates that this diff --git a/gcloud/alpha/workstations/configs/update b/gcloud/alpha/workstations/configs/update index b8c6c9d72..ca8931266 100644 --- a/gcloud/alpha/workstations/configs/update +++ b/gcloud/alpha/workstations/configs/update @@ -12,11 +12,12 @@ SYNOPSIS [--container-run-as-user=CONTAINER_RUN_AS_USER] [--container-working-dir=CONTAINER_WORKING_DIR] [--disable-public-ip-addresses] [--enable-confidential-compute] - [--idle-timeout=IDLE_TIMEOUT] [--labels=[LABELS,...]] - [--machine-type=MACHINE_TYPE] [--network-tags=[NETWORK_TAGS,...]] - [--pool-size=POOL_SIZE] [--running-timeout=RUNNING_TIMEOUT] - [--service-account=SERVICE_ACCOUNT] [--shielded-integrity-monitoring] - [--shielded-secure-boot] [--shielded-vtpm] + [--enable-nested-virtualization] [--idle-timeout=IDLE_TIMEOUT] + [--labels=[LABELS,...]] [--machine-type=MACHINE_TYPE] + [--network-tags=[NETWORK_TAGS,...]] [--pool-size=POOL_SIZE] + [--running-timeout=RUNNING_TIMEOUT] [--service-account=SERVICE_ACCOUNT] + [--shielded-integrity-monitoring] [--shielded-secure-boot] + [--shielded-vtpm] [--accelerator-count=ACCELERATOR_COUNT : --accelerator-type=ACCELERATOR_TYPE] [--container-custom-image=CONTAINER_CUSTOM_IMAGE @@ -126,6 +127,10 @@ FLAGS Default value is false. If set, instances will have confidential compute enabled. + --enable-nested-virtualization + Default value is false. If set, instances will have nested + virtualization enabled. + --idle-timeout=IDLE_TIMEOUT How long (in seconds) to wait before automatically stopping an instance that hasn't received any user traffic. A value of 0 indicates that this diff --git a/gcloud/artifacts/repositories/set-cleanup-policies b/gcloud/artifacts/repositories/set-cleanup-policies index f120e2fb3..2968d1f7f 100644 --- a/gcloud/artifacts/repositories/set-cleanup-policies +++ b/gcloud/artifacts/repositories/set-cleanup-policies @@ -4,8 +4,8 @@ NAME SYNOPSIS gcloud artifacts repositories set-cleanup-policies - (REPOSITORY : --location=LOCATION) - (--dry-run [--policy=POLICY : --overwrite]) [GCLOUD_WIDE_FLAG ...] + (REPOSITORY : --location=LOCATION) (--dry-run --policy=POLICY) + [GCLOUD_WIDE_FLAG ...] DESCRIPTION Set or update cleanup policies for an Artifact Registry repository. @@ -68,18 +68,9 @@ REQUIRED FLAGS --dry-run Disable deleting images according to cleanup policies. - Setting Policies - - --policy=POLICY - Path to a local JSON formatted file containing valid cleanup - policies. - - This flag argument must be specified if any of the other arguments - in this group are specified. - - --overwrite - Delete existing policies and replace with the specified set of - policies. + --policy=POLICY + Path to a local JSON formatted file containing valid cleanup + policies. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, diff --git a/gcloud/beta/bigtable/app-profiles/update b/gcloud/beta/bigtable/app-profiles/update index 5d2ec685b..caaca3eba 100644 --- a/gcloud/beta/bigtable/app-profiles/update +++ b/gcloud/beta/bigtable/app-profiles/update @@ -98,10 +98,6 @@ FLAGS --transactional-writes Allow transactional writes with a Single Cluster Routing policy. - If your app profile has single row transactions enabled, you must - specify this flag when updating that app profile. If you do not - specify this flag, then single row transactions are disabled. - GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/billing/accounts/add-iam-policy-binding b/gcloud/beta/billing/accounts/add-iam-policy-binding index 2d573cc7e..deb414ddb 100644 --- a/gcloud/beta/billing/accounts/add-iam-policy-binding +++ b/gcloud/beta/billing/accounts/add-iam-policy-binding @@ -10,6 +10,14 @@ DESCRIPTION (BETA) Add an IAM policy binding to the IAM policy of a Cloud Billing account. A binding consists of a member and a role. +EXAMPLES + To add someone@example.com as a Billing Account Administrator for billing + account 123456-789876-543210, run: + + $ gcloud beta billing accounts add-iam-policy-binding \ + 123456-789876-543210 --member='user:someone@example.com' \ + --role='roles/billing.admin' + POSITIONAL ARGUMENTS Account resource - Name of the Cloud Billing account for which to add the IAM policy binding. This represents a Cloud resource. diff --git a/gcloud/beta/billing/accounts/remove-iam-policy-binding b/gcloud/beta/billing/accounts/remove-iam-policy-binding index 69a31a105..dc28e86fc 100644 --- a/gcloud/beta/billing/accounts/remove-iam-policy-binding +++ b/gcloud/beta/billing/accounts/remove-iam-policy-binding @@ -10,6 +10,14 @@ DESCRIPTION (BETA) Remove an IAM policy binding to the IAM policy from a Cloud Billing account. A binding consists of a member and a role. +EXAMPLES + To remove someone@example.com as a Billing Account Administrator from + billing account 123456-789876-543210, run: + + $ gcloud beta billing accounts remove-iam-policy-binding \ + 123456-789876-543210 --member='user:someone@example.com' \ + --role='roles/billing.admin' + POSITIONAL ARGUMENTS Account resource - Name of the Cloud Billing account for which to remove the IAM policy binding. This represents a Cloud resource. diff --git a/gcloud/beta/certificate-manager/certificates/create b/gcloud/beta/certificate-manager/certificates/create index 178a3ba66..c5999e21d 100644 --- a/gcloud/beta/certificate-manager/certificates/create +++ b/gcloud/beta/certificate-manager/certificates/create @@ -151,6 +151,10 @@ OPTIONAL FLAGS certificate can be attached to/associated with. Defaults to DEFAULT. SCOPE must be one of: + all-regions + Certificates with scope ALL_REGIONS are currently used for + Cross-region Internal Application Load Balancer only. + default Certificates with DEFAULT scope are used for Load Balancing and Cloud CDN. diff --git a/gcloud/beta/compute/backend-services/create b/gcloud/beta/compute/backend-services/create index dd44a928f..9883cc71b 100644 --- a/gcloud/beta/compute/backend-services/create +++ b/gcloud/beta/compute/backend-services/create @@ -180,13 +180,19 @@ FLAGS AUTOMATIC. --connection-drain-on-failover - Connection drain is enabled by default and on failover or failback - connections will be drained. If connection drain is disabled, the - existing connection state will be cleared immediately on a best effort - basis on failover or failback, all connections will then be served by - the active pool of instances. Not compatible with the --global flag, - load balancing scheme must be INTERNAL or EXTERNAL, and the protocol - must be TCP. + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Only applicable when the backend service protocol is TCP. Not + applicable to any other load balancer. Enabled by default, this option + instructs the load balancer to allow established TCP connections to + persist for up to 300 seconds on instances or endpoints in primary + backends during failover, and on instances or endpoints in failover + backends during failback. For details, see: Connection draining on + failover and failback for internal passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#connection_draining) + and Connection draining on failover and failback for external + passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#connection_draining). --connection-draining-timeout=CONNECTION_DRAINING_TIMEOUT Connection draining timeout to be used during removal of VMs from @@ -246,16 +252,18 @@ FLAGS An optional, textual description for the backend service. --drop-traffic-if-unhealthy - Enable dropping of traffic if there are no healthy VMs detected in both - the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based external and - internal passthrough Network Load Balancers as part of a connection - tracking policy. For details, see: Connection persistence on unhealthy - backends for internal passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for external + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Not applicable to any other load balancer. This option + instructs the load balancer to drop packets when all instances or + endpoints in primary and failover backends do not pass their load + balancer health checks. For details, see: Dropping traffic when all + backend VMs are unhealthy for internal passthrough Network Load + Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#drop_traffic) + and Dropping traffic when all backend VMs are unhealthy for external passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#drop_traffic). --[no-]enable-cdn Enable or disable Cloud CDN for the backend service. Only available for @@ -277,9 +285,16 @@ FLAGS and --no-enable-strong-affinity to disable. --failover-ratio=FAILOVER_RATIO - If the ratio of the healthy VMs in the primary backend is at or below - this number, traffic arriving at the load-balanced IP will be directed - to the failover backend(s). Not compatible with the --global flag. + Applicable only to backend service-based external passthrough Network + load balancers and internal passthrough Network load balancers as part + of a failover policy. Not applicable to any other load balancer. This + option defines the ratio used to control when failover and failback + occur. For details, see: Failover ratio for internal passthrough + Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#failover_ratio) + and Failover ratio for external passthrough Network Load Balancer + overview + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#failover_ratio). --health-checks=HEALTH_CHECK,[...] Specifies a list of health check objects for checking the health of the diff --git a/gcloud/beta/compute/backend-services/update b/gcloud/beta/compute/backend-services/update index bf02c72b6..dd7b72685 100644 --- a/gcloud/beta/compute/backend-services/update +++ b/gcloud/beta/compute/backend-services/update @@ -127,13 +127,19 @@ FLAGS AUTOMATIC. --connection-drain-on-failover - Connection drain is enabled by default and on failover or failback - connections will be drained. If connection drain is disabled, the - existing connection state will be cleared immediately on a best effort - basis on failover or failback, all connections will then be served by - the active pool of instances. Not compatible with the --global flag, - load balancing scheme must be INTERNAL or EXTERNAL, and the protocol - must be TCP. + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Only applicable when the backend service protocol is TCP. Not + applicable to any other load balancer. Enabled by default, this option + instructs the load balancer to allow established TCP connections to + persist for up to 300 seconds on instances or endpoints in primary + backends during failover, and on instances or endpoints in failover + backends during failback. For details, see: Connection draining on + failover and failback for internal passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#connection_draining) + and Connection draining on failover and failback for external + passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#connection_draining). --connection-draining-timeout=CONNECTION_DRAINING_TIMEOUT Connection draining timeout to be used during removal of VMs from @@ -154,16 +160,18 @@ FLAGS An optional, textual description for the backend service. --drop-traffic-if-unhealthy - Enable dropping of traffic if there are no healthy VMs detected in both - the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based external and - internal passthrough Network Load Balancers as part of a connection - tracking policy. For details, see: Connection persistence on unhealthy - backends for internal passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for external + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Not applicable to any other load balancer. This option + instructs the load balancer to drop packets when all instances or + endpoints in primary and failover backends do not pass their load + balancer health checks. For details, see: Dropping traffic when all + backend VMs are unhealthy for internal passthrough Network Load + Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#drop_traffic) + and Dropping traffic when all backend VMs are unhealthy for external passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#drop_traffic). --edge-security-policy=EDGE_SECURITY_POLICY The edge security policy that will be set for this backend service. To @@ -190,9 +198,16 @@ FLAGS and --no-enable-strong-affinity to disable. --failover-ratio=FAILOVER_RATIO - If the ratio of the healthy VMs in the primary backend is at or below - this number, traffic arriving at the load-balanced IP will be directed - to the failover backend(s). Not compatible with the --global flag. + Applicable only to backend service-based external passthrough Network + load balancers and internal passthrough Network load balancers as part + of a failover policy. Not applicable to any other load balancer. This + option defines the ratio used to control when failover and failback + occur. For details, see: Failover ratio for internal passthrough + Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#failover_ratio) + and Failover ratio for external passthrough Network Load Balancer + overview + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#failover_ratio). --health-checks=HEALTH_CHECK,[...] Specifies a list of health check objects for checking the health of the diff --git a/gcloud/beta/compute/commitments/create b/gcloud/beta/compute/commitments/create index c7b674528..347271807 100644 --- a/gcloud/beta/compute/commitments/create +++ b/gcloud/beta/compute/commitments/create @@ -98,10 +98,11 @@ OPTIONAL FLAGS --type=TYPE; default="general-purpose" Type of commitment. memory-optimized indicates that the commitment is for memory-optimized VMs. TYPE must be one of: accelerator-optimized, - compute-optimized, compute-optimized-c2d, compute-optimized-c3, - general-purpose, general-purpose-e2, general-purpose-n2, - general-purpose-n2d, general-purpose-t2d, graphics-optimized, - memory-optimized, memory-optimized-m3. + accelerator-optimized-a3, compute-optimized, compute-optimized-c2d, + compute-optimized-c3, compute-optimized-h3, general-purpose, + general-purpose-e2, general-purpose-n2, general-purpose-n2d, + general-purpose-t2d, graphics-optimized, memory-optimized, + memory-optimized-m3. Manage the reservations to be created with the commitment. diff --git a/gcloud/beta/compute/instance-templates/create b/gcloud/beta/compute/instance-templates/create index 89d4e45b5..4f004855b 100644 --- a/gcloud/beta/compute/instance-templates/create +++ b/gcloud/beta/compute/instance-templates/create @@ -319,6 +319,12 @@ FLAGS among other restrictions. For more information, see https://cloud.google.com/compute/docs/disks/sharing-disks-between-vms. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description for the instance template. diff --git a/gcloud/beta/compute/instance-templates/create-with-container b/gcloud/beta/compute/instance-templates/create-with-container index 5babe1c67..89b4be50c 100644 --- a/gcloud/beta/compute/instance-templates/create-with-container +++ b/gcloud/beta/compute/instance-templates/create-with-container @@ -351,6 +351,12 @@ FLAGS among other restrictions. For more information, see https://cloud.google.com/compute/docs/disks/sharing-disks-between-vms. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description for the instance template. diff --git a/gcloud/beta/compute/instances/bulk/create b/gcloud/beta/compute/instances/bulk/create index 820b1c719..771a331ba 100644 --- a/gcloud/beta/compute/instances/bulk/create +++ b/gcloud/beta/compute/instances/bulk/create @@ -362,6 +362,12 @@ OPTIONAL FLAGS Path to a Customer-Supplied Encryption Key (CSEK) key file for the image. Must be specified with image-csek-required. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description of the instances. diff --git a/gcloud/beta/compute/instances/create b/gcloud/beta/compute/instances/create index ecf71b9e7..0cdd2f041 100644 --- a/gcloud/beta/compute/instances/create +++ b/gcloud/beta/compute/instances/create @@ -358,8 +358,7 @@ FLAGS Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must - be the same as the instance zone. You can't use this option with - boot disks. + be the same as the instance zone. --csek-key-file=FILE Path to a Customer-Supplied Encryption Key (CSEK) key file that maps diff --git a/gcloud/beta/compute/instances/create-with-container b/gcloud/beta/compute/instances/create-with-container index 55059f599..6137f1481 100644 --- a/gcloud/beta/compute/instances/create-with-container +++ b/gcloud/beta/compute/instances/create-with-container @@ -361,6 +361,12 @@ FLAGS among other restrictions. For more information, see https://cloud.google.com/compute/docs/disks/sharing-disks-between-vms. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description of the instances. diff --git a/gcloud/beta/compute/network-endpoint-groups/create b/gcloud/beta/compute/network-endpoint-groups/create index c7c4bbb7d..b4fa7662f 100644 --- a/gcloud/beta/compute/network-endpoint-groups/create +++ b/gcloud/beta/compute/network-endpoint-groups/create @@ -41,8 +41,8 @@ FLAGS If this flag isn't specified for a NEG with endpoint type gce-vm-ip-port or non-gcp-private-ip-port, then every network endpoint - in the network endpoint group must have a port specified. For a NEG - with endpoint type internet-ip-port and internet-fqdn-port. If the + in the network endpoint group must have a port specified. For a global + NEG with endpoint type internet-ip-port and internet-fqdn-port if the default port is not specified, the well-known port for your backend protocol is used (80 for HTTP, 443 for HTTPS). @@ -56,7 +56,8 @@ FLAGS network is used if unspecified. This is only supported for NEGs with endpoint type gce-vm-ip-port, - non-gcp-private-ip-port, gce-vm-ip, or private-service-connect. + non-gcp-private-ip-port, gce-vm-ip, private-service-connect, + internet-ip-port, or internet-fqdn-port. For Private Service Connect NEGs, you can optionally specify --network and --subnet if --psc-target-service points to a published service. If diff --git a/gcloud/beta/compute/network-endpoint-groups/list-network-endpoints b/gcloud/beta/compute/network-endpoint-groups/list-network-endpoints index 01187c1ea..7029b5fb0 100644 --- a/gcloud/beta/compute/network-endpoint-groups/list-network-endpoints +++ b/gcloud/beta/compute/network-endpoint-groups/list-network-endpoints @@ -4,8 +4,9 @@ NAME SYNOPSIS gcloud beta compute network-endpoint-groups list-network-endpoints NAME - [--global | --zone=ZONE] [--filter=EXPRESSION] [--limit=LIMIT] - [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [GCLOUD_WIDE_FLAG ...] + [--global | --region=REGION | --zone=ZONE] [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) List network endpoints in a network endpoint group. @@ -27,6 +28,26 @@ FLAGS --global If set, the network endpoint group is global. + --region=REGION + Region of the network endpoint group to operate on. If not specified, + you might be prompted to select a region (interactive mode only). + + To avoid prompting when this flag is omitted, you can set the + compute/region property: + + $ gcloud config set compute/region REGION + + A list of regions can be fetched by running: + + $ gcloud compute regions list + + To unset the property, run: + + $ gcloud config unset compute/region + + Alternatively, the region can be stored in the environment variable + CLOUDSDK_COMPUTE_REGION. + --zone=ZONE Zone of the network endpoint group to operate on. If not specified and the compute/zone property isn't set, you might be prompted to diff --git a/gcloud/beta/compute/network-endpoint-groups/update b/gcloud/beta/compute/network-endpoint-groups/update index 9baf0207c..e7064d941 100644 --- a/gcloud/beta/compute/network-endpoint-groups/update +++ b/gcloud/beta/compute/network-endpoint-groups/update @@ -6,8 +6,8 @@ SYNOPSIS gcloud beta compute network-endpoint-groups update NAME (--add-endpoint=[fqdn=FQDN],[instance=INSTANCE],[ip=IP],[port=PORT] | --remove-endpoint=[fqdn=FQDN], - [instance=INSTANCE],[ip=IP],[port=PORT]) [--global | --zone=ZONE] - [GCLOUD_WIDE_FLAG ...] + [instance=INSTANCE],[ip=IP],[port=PORT]) + [--global | --region=REGION | --zone=ZONE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) Update a Compute Engine network endpoint group. @@ -160,6 +160,26 @@ OPTIONAL FLAGS --global If set, the network endpoint group is global. + --region=REGION + Region of the network endpoint group to operate on. If not specified, + you might be prompted to select a region (interactive mode only). + + To avoid prompting when this flag is omitted, you can set the + compute/region property: + + $ gcloud config set compute/region REGION + + A list of regions can be fetched by running: + + $ gcloud compute regions list + + To unset the property, run: + + $ gcloud config unset compute/region + + Alternatively, the region can be stored in the environment variable + CLOUDSDK_COMPUTE_REGION. + --zone=ZONE Zone of the network endpoint group to operate on. If not specified and the compute/zone property isn't set, you might be prompted to diff --git a/gcloud/beta/compute/networks/subnets/create b/gcloud/beta/compute/networks/subnets/create index 768bd00ea..9ea183269 100644 --- a/gcloud/beta/compute/networks/subnets/create +++ b/gcloud/beta/compute/networks/subnets/create @@ -101,6 +101,8 @@ OPTIONAL FLAGS --purpose=PURPOSE The purpose of this subnetwork. PURPOSE must be one of: + GLOBAL_MANAGED_PROXY + Reserved for Global HTTP(S) Load Balancing. INTERNAL_HTTPS_LOAD_BALANCER Reserved for Internal HTTP(S) Load Balancing. PRIVATE @@ -154,8 +156,8 @@ OPTIONAL FLAGS --role=ROLE The role of subnetwork. This field is required when the purpose is set - to REGIONAL_MANAGED_PROXY or INTERNAL_HTTPS_LOAD_BALANCER. ROLE must be - one of: + to GLOBAL_MANAGED_PROXY, REGIONAL_MANAGED_PROXY or + INTERNAL_HTTPS_LOAD_BALANCER. ROLE must be one of: ACTIVE The ACTIVE subnet that is currently used. diff --git a/gcloud/beta/compute/routers/nats/create b/gcloud/beta/compute/routers/nats/create index 6c5bc3f95..49b8f4989 100644 --- a/gcloud/beta/compute/routers/nats/create +++ b/gcloud/beta/compute/routers/nats/create @@ -128,10 +128,13 @@ OPTIONAL FLAGS For VM Endpoints ENDPOINT_TYPE_SWG For Secure Web Gateway Endpoints + ENDPOINT_TYPE_MANAGED_PROXY_LB + For regional Application Load Balancers (internal and external) and regional proxy Network Load Balancers (internal and external) endpoints The default is ENDPOINT_TYPE_VM. - ENDPOINT_TYPE must be one of: ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG. + ENDPOINT_TYPE must be one of: ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, + ENDPOINT_TYPE_MANAGED_PROXY_LB. --icmp-idle-timeout=ICMP_IDLE_TIMEOUT Timeout for ICMP connections. See diff --git a/gcloud/beta/compute/ssl-policies/create b/gcloud/beta/compute/ssl-policies/create index 3602a5e38..00099eb4a 100644 --- a/gcloud/beta/compute/ssl-policies/create +++ b/gcloud/beta/compute/ssl-policies/create @@ -14,9 +14,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY diff --git a/gcloud/beta/compute/ssl-policies/delete b/gcloud/beta/compute/ssl-policies/delete index 876e48d75..f4d84ff05 100644 --- a/gcloud/beta/compute/ssl-policies/delete +++ b/gcloud/beta/compute/ssl-policies/delete @@ -14,9 +14,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY [SSL_POLICY ...] diff --git a/gcloud/beta/compute/ssl-policies/describe b/gcloud/beta/compute/ssl-policies/describe index 41dfebfdc..60d25ca94 100644 --- a/gcloud/beta/compute/ssl-policies/describe +++ b/gcloud/beta/compute/ssl-policies/describe @@ -12,9 +12,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY diff --git a/gcloud/beta/compute/ssl-policies/list-available-features b/gcloud/beta/compute/ssl-policies/list-available-features index f37dbcd19..2329e5148 100644 --- a/gcloud/beta/compute/ssl-policies/list-available-features +++ b/gcloud/beta/compute/ssl-policies/list-available-features @@ -14,9 +14,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. FLAGS --region=REGION diff --git a/gcloud/beta/compute/ssl-policies/update b/gcloud/beta/compute/ssl-policies/update index c3004529c..56e9e2e8c 100644 --- a/gcloud/beta/compute/ssl-policies/update +++ b/gcloud/beta/compute/ssl-policies/update @@ -14,9 +14,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY diff --git a/gcloud/beta/compute/target-pools/help b/gcloud/beta/compute/target-pools/help index 3cf4520a2..15ab28df5 100644 --- a/gcloud/beta/compute/target-pools/help +++ b/gcloud/beta/compute/target-pools/help @@ -6,7 +6,8 @@ SYNOPSIS gcloud beta compute target-pools COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (BETA) Control Compute Engine target pools for Network Load Balancing. + (BETA) Control Compute Engine target pools for external passthrough Network + Load Balancers. For more information about target pools, see the target pools documentation (https://cloud.google.com/load-balancing/docs/target-pools). diff --git a/gcloud/beta/config/get b/gcloud/beta/config/get index 2d775bad4..7422b037d 100644 --- a/gcloud/beta/config/get +++ b/gcloud/beta/config/get @@ -589,6 +589,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/beta/config/help b/gcloud/beta/config/help index 6bedeb88e..70187c4fb 100644 --- a/gcloud/beta/config/help +++ b/gcloud/beta/config/help @@ -621,6 +621,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/beta/config/list b/gcloud/beta/config/list index 7965f512e..0aaf77d35 100644 --- a/gcloud/beta/config/list +++ b/gcloud/beta/config/list @@ -633,6 +633,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/beta/config/set b/gcloud/beta/config/set index 6ff209fab..6024ec430 100644 --- a/gcloud/beta/config/set +++ b/gcloud/beta/config/set @@ -636,6 +636,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/beta/config/unset b/gcloud/beta/config/unset index a374b04fb..25ba70747 100644 --- a/gcloud/beta/config/unset +++ b/gcloud/beta/config/unset @@ -597,6 +597,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/beta/container/clusters/create b/gcloud/beta/container/clusters/create index 983e01624..3d9dbc77f 100644 --- a/gcloud/beta/container/clusters/create +++ b/gcloud/beta/container/clusters/create @@ -141,7 +141,7 @@ FLAGS Attaches accelerators (e.g. GPUs) to all nodes. type - (Required) The specific type (e.g. nvidia-tesla-k80 for nVidia + (Required) The specific type (e.g. nvidia-tesla-k80 for NVIDIA Tesla K80) of accelerator to attach to the instances. Use gcloud compute accelerator-types list to learn about all available accelerator types. @@ -154,15 +154,15 @@ FLAGS (Optional) The NVIDIA driver version to install. GPU_DRIVER_VERSION must be one of: - `default`: Install the default driver version. If you omit the flag `gpu-driver-version`, - this is the default option. + `default`: Install the default driver version. `latest`: Install the latest available driver version. Available only for nodes that use Container-Optimized OS. `disabled`: Skip automatic driver installation. You must [manually install a driver](https://cloud.google.com/kubernetes-engine/docs/how-to/gpus#installing_drivers) - after you create the cluster. + after you create the cluster. If you omit the flag `gpu-driver-version`, + this is the default option. gpu-partition-size (Optional) The GPU partition size used when running multi-instance @@ -569,9 +569,6 @@ FLAGS endpoint from any Google Cloud region or on-premises environment regardless of the private cluster's region. - Must be used in conjunction with '--enable-ip-alias' and - '--enable-private-nodes'. - --enable-multi-networking Enables multi-networking on the cluster. Multi-networking is disabled by default. diff --git a/gcloud/beta/container/clusters/create-auto b/gcloud/beta/container/clusters/create-auto index ef12e06e1..40ff8e536 100644 --- a/gcloud/beta/container/clusters/create-auto +++ b/gcloud/beta/container/clusters/create-auto @@ -206,9 +206,6 @@ FLAGS endpoint from any Google Cloud region or on-premises environment regardless of the private cluster's region. - Must be used in conjunction with '--enable-ip-alias' and - '--enable-private-nodes'. - --fleet-project=PROJECT_ID_OR_NUMBER Sets fleet host project for the cluster. If specified, the current cluster will be registered as a fleet membership under the fleet host diff --git a/gcloud/beta/container/fleet/memberships/generate-gateway-rbac b/gcloud/beta/container/fleet/memberships/generate-gateway-rbac index 2a59f7402..985f45882 100644 --- a/gcloud/beta/container/fleet/memberships/generate-gateway-rbac +++ b/gcloud/beta/container/fleet/memberships/generate-gateway-rbac @@ -74,6 +74,17 @@ EXAMPLES test-acct@test-project.iam.gserviceaccount.com \ --role=role/mynamespace/namespace-reader + The users provided can be using a Google identity (only email) or using + external identity providers (starting with + "principal://iam.googleapis.com"): + + $ gcloud beta container fleet memberships generate-gateway-rbac \ + --membership=my-cluster \ + --users=foo@example.com,principal://iam.googleapis.com/\ + locations/global/workforcePools/pool/subject/user \ + --role=clusterrole/cluster-admin --context=my-cluster-context \ + --kubeconfig=/home/user/custom_kubeconfig --apply + FLAGS --anthos-support If specified, this command will generate RBAC policy file for anthos diff --git a/gcloud/beta/container/hub/memberships/generate-gateway-rbac b/gcloud/beta/container/hub/memberships/generate-gateway-rbac index fb6e3a5b8..e09747f38 100644 --- a/gcloud/beta/container/hub/memberships/generate-gateway-rbac +++ b/gcloud/beta/container/hub/memberships/generate-gateway-rbac @@ -74,6 +74,17 @@ EXAMPLES test-acct@test-project.iam.gserviceaccount.com \ --role=role/mynamespace/namespace-reader + The users provided can be using a Google identity (only email) or using + external identity providers (starting with + "principal://iam.googleapis.com"): + + $ gcloud beta container hub memberships generate-gateway-rbac \ + --membership=my-cluster \ + --users=foo@example.com,principal://iam.googleapis.com/\ + locations/global/workforcePools/pool/subject/user \ + --role=clusterrole/cluster-admin --context=my-cluster-context \ + --kubeconfig=/home/user/custom_kubeconfig --apply + FLAGS --anthos-support If specified, this command will generate RBAC policy file for anthos diff --git a/gcloud/beta/container/node-pools/create b/gcloud/beta/container/node-pools/create index 7d24f2b1f..6818c2928 100644 --- a/gcloud/beta/container/node-pools/create +++ b/gcloud/beta/container/node-pools/create @@ -92,7 +92,7 @@ FLAGS Attaches accelerators (e.g. GPUs) to all nodes. type - (Required) The specific type (e.g. nvidia-tesla-k80 for nVidia + (Required) The specific type (e.g. nvidia-tesla-k80 for NVIDIA Tesla K80) of accelerator to attach to the instances. Use gcloud compute accelerator-types list to learn about all available accelerator types. @@ -105,15 +105,15 @@ FLAGS (Optional) The NVIDIA driver version to install. GPU_DRIVER_VERSION must be one of: - `default`: Install the default driver version. If you omit the flag `gpu-driver-version`, - this is the default option. + `default`: Install the default driver version. `latest`: Install the latest available driver version. Available only for nodes that use Container-Optimized OS. `disabled`: Skip automatic driver installation. You must [manually install a driver](https://cloud.google.com/kubernetes-engine/docs/how-to/gpus#installing_drivers) - after you create the cluster. + after you create the cluster. If you omit the flag `gpu-driver-version`, + this is the default option. gpu-partition-size (Optional) The GPU partition size used when running multi-instance diff --git a/gcloud/beta/dataproc/jobs/submit/flink b/gcloud/beta/dataproc/jobs/submit/flink new file mode 100644 index 000000000..50d753a5d --- /dev/null +++ b/gcloud/beta/dataproc/jobs/submit/flink @@ -0,0 +1,150 @@ +NAME + gcloud beta dataproc jobs submit flink - submit a Flink job to a cluster + +SYNOPSIS + gcloud beta dataproc jobs submit flink + (--class=MAIN_CLASS | --jar=MAIN_JAR) + (--cluster=CLUSTER | --cluster-labels=[KEY=VALUE,...]) [--async] + [--bucket=BUCKET] [--driver-log-levels=[PACKAGE=LEVEL,...]] + [--jars=[JAR,...]] [--labels=[KEY=VALUE,...]] + [--max-failures-per-hour=MAX_FAILURES_PER_HOUR] + [--max-failures-total=MAX_FAILURES_TOTAL] + [--properties=[PROPERTY=VALUE,...]] [--properties-file=PROPERTIES_FILE] + [--region=REGION] [--savepoint=SAVEPOINT] [GCLOUD_WIDE_FLAG ...] + [-- JOB_ARGS ...] + +DESCRIPTION + (BETA) Submit a Flink job to a cluster. + +EXAMPLES + To submit a Flink job that runs the main class of a jar, run: + + $ gcloud beta dataproc jobs submit flink --cluster=my-cluster \ + --region=us-central1 --jar=my_jar.jar -- arg1 arg2 + + To submit a Flink job that runs a specific class as an entrypoint: + + $ gcloud beta dataproc jobs submit flink --cluster=my-cluster \ + --region=us-central1 --class=org.my.main.Class \ + --jars=my_jar.jar -- arg1 arg2 + + To submit a Flink job that runs a jar that is on the cluster, run: + + $ gcloud beta dataproc jobs submit flink --cluster=my-cluster \ + --region=us-central1 \ + --jar=/usr/lib/flink/examples/streaming/TopSpeedWindowing.jar + +POSITIONAL ARGUMENTS + [-- JOB_ARGS ...] + The job arguments to pass. + + The '--' argument must be specified between gcloud specific args on the + left and JOB_ARGS on the right. + +REQUIRED FLAGS + Exactly one of these must be specified: + + --class=MAIN_CLASS + The class containing the main method of the driver. Must be in a + provided jar or jar that is already on the classpath + + --jar=MAIN_JAR + The HCFS URI of jar file containing the driver jar. + + Exactly one of these must be specified: + + --cluster=CLUSTER + The Dataproc cluster to submit the job to. + + --cluster-labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + Labels of Dataproc cluster on which to place the job. + +OPTIONAL FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --bucket=BUCKET + The Cloud Storage bucket to stage files in. Defaults to the cluster's + configured bucket. + + --driver-log-levels=[PACKAGE=LEVEL,...] + List of package to log4j log level pairs to configure driver logging. + For example: root=FATAL,com.example=INFO. + + --jars=[JAR,...] + Comma-separated list of jar files to provide to the task manager + classpaths. + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + --max-failures-per-hour=MAX_FAILURES_PER_HOUR + Specifies the maximum number of times a job can be restarted per hour + in event of failure. Default is 0 (no retries after job failure). + + --max-failures-total=MAX_FAILURES_TOTAL + Specifies the maximum total number of times a job can be restarted + after the job fails. Default is 0 (no retries after job failure). + + --properties=[PROPERTY=VALUE,...] + List of key=value pairs to configure Flink. For a list of available + properties, see: + https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/config/. + + --properties-file=PROPERTIES_FILE + Path to a local file or a file in a Cloud Storage bucket containing + configuration properties for the job. The client machine running this + command must have read permission to the file. + + Specify properties in the form of property=value in the text file. For + example: + + # Properties to set for the job: + key1=value1 + key2=value2 + # Comment out properties not used. + # key3=value3 + + If a property is set in both --properties and --properties-file, the + value defined in --properties takes precedence. + + --region=REGION + Dataproc region to use. Each Dataproc region constitutes an independent + resource namespace constrained to deploying instances into Compute + Engine zones inside the region. Overrides the default dataproc/region + property value for this command invocation. + + --savepoint=SAVEPOINT + HCFS URI of the savepoint that is used to refer to the state of the + previously stopped job. The new job will resume previous state from + there. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud dataproc jobs submit flink + + $ gcloud alpha dataproc jobs submit flink + diff --git a/gcloud/beta/dataproc/jobs/submit/help b/gcloud/beta/dataproc/jobs/submit/help index b63d31485..d78100d18 100644 --- a/gcloud/beta/dataproc/jobs/submit/help +++ b/gcloud/beta/dataproc/jobs/submit/help @@ -63,6 +63,9 @@ GCLOUD WIDE FLAGS COMMANDS COMMAND is one of the following: + flink + (BETA) Submit a Flink job to a cluster. + hadoop (BETA) Submit a Hadoop job to a cluster. diff --git a/gcloud/beta/filestore/instances/create b/gcloud/beta/filestore/instances/create index b9068ddb1..86eb5e4db 100644 --- a/gcloud/beta/filestore/instances/create +++ b/gcloud/beta/filestore/instances/create @@ -128,9 +128,9 @@ REQUIRED FLAGS A list of IPv4 addresses or CIDR ranges that are allowed to mount the file share. IPv4 addresses format: {octet 1}.{octet 2}.{octet 3}.{octet 4}. CIDR range format: {octet 1}.{octet 2}.{octet - 3}.{octet 4}/{mask size}. Overlapping IP ranges, even across - NfsExportOptions, are not allowed and will return an error. The - limit of IP ranges/addresses for each FileShareConfig among all + 3}.{octet 4}/{mask size}. Overlapping IP ranges are allowed for all + tiers other than BASIC_HDD and BASIC_SSD. The limit of IP + ranges/addresses for each FileShareConfig among all NfsExportOptions is 64 per instance. access-mode diff --git a/gcloud/beta/filestore/instances/update b/gcloud/beta/filestore/instances/update index bc0139ba8..b5f110faa 100644 --- a/gcloud/beta/filestore/instances/update +++ b/gcloud/beta/filestore/instances/update @@ -129,9 +129,9 @@ FLAGS A list of IPv4 addresses or CIDR ranges that are allowed to mount the file share. IPv4 addresses format: {octet 1}.{octet 2}.{octet 3}.{octet 4}. CIDR range format: {octet 1}.{octet 2}.{octet - 3}.{octet 4}/{mask size}. Overlapping IP ranges, even across - NfsExportOptions, are not allowed and will return an error. The - limit of IP ranges/addresses for each FileShareConfig among all + 3}.{octet 4}/{mask size}. Overlapping IP ranges are allowed for all + tiers other than BASIC_HDD and BASIC_SSD. The limit of IP + ranges/addresses for each FileShareConfig among all NfsExportOptions is 64 per instance. access-mode diff --git a/gcloud/beta/kms/help b/gcloud/beta/kms/help index 0f03d9dba..7a58a5ab4 100644 --- a/gcloud/beta/kms/help +++ b/gcloud/beta/kms/help @@ -71,6 +71,12 @@ COMMANDS mac-verify (BETA) Verify a user signature file using a MAC key version. + raw-decrypt + (BETA) Decrypt a ciphertext file using a raw key. + + raw-encrypt + (BETA) Encrypt a plaintext file using a raw key. + NOTES This command is currently in beta and might change without notice. These variants are also available: diff --git a/gcloud/beta/kms/inventory/search-protected-resources b/gcloud/beta/kms/inventory/search-protected-resources index b48803653..c1e4682d8 100644 --- a/gcloud/beta/kms/inventory/search-protected-resources +++ b/gcloud/beta/kms/inventory/search-protected-resources @@ -6,8 +6,9 @@ SYNOPSIS gcloud beta kms inventory search-protected-resources --scope=ORGANIZATION_ID (--keyname=KEYNAME : --keyring=KEYRING --location=LOCATION) - [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] - [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] + [--resource-types=[RESOURCE_TYPES,...]] [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) gcloud beta kms inventory search-protected-resources returns a list @@ -60,6 +61,23 @@ REQUIRED FLAGS specified name; ▸ provide the argument --location on the command line. +FLAGS + --resource-types=[RESOURCE_TYPES,...] + A list of resource types that this request searches for. If empty, it + will search all the trackable resource types + (https://cloud.google.com/kms/docs/view-key-usage#tracked-resource-types). + + Regular expressions are also supported. For example: + + ◆ compute.googleapis.com.* snapshots resources whose type starts with + compute.googleapis.com. + ◆ .*Image snapshots resources whose type ends with Image. + ◆ .*Image.* snapshots resources whose type contains Image. + + See RE2 (https://github.com/google/re2/wiki/Syntax) for all supported + regular expression syntax. If the regular expression does not match any + supported resource type, an INVALID_ARGUMENT error will be returned. + LIST COMMAND FLAGS --filter=EXPRESSION Apply a Boolean filter EXPRESSION to each resource item to be listed. diff --git a/gcloud/beta/kms/raw-decrypt b/gcloud/beta/kms/raw-decrypt new file mode 100644 index 000000000..185c08101 --- /dev/null +++ b/gcloud/beta/kms/raw-decrypt @@ -0,0 +1,96 @@ +NAME + gcloud beta kms raw-decrypt - decrypt a ciphertext file using a raw key + +SYNOPSIS + gcloud beta kms raw-decrypt --ciphertext-file=CIPHERTEXT_FILE + --plaintext-file=PLAINTEXT_FILE + [--additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE] + [--initialization-vector-file=INITIALIZATION_VECTOR_FILE] [--key=KEY] + [--keyring=KEYRING] [--location=LOCATION] + [--skip-integrity-verification] [--version=VERSION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta kms raw-decrypt decrypts the given ciphertext file using + the given CryptoKey containing a raw key and writes the result to the named + plaintext file. The ciphertext file must not be larger than 64KiB. + + The supported algorithms are: AES-128-GCM, AES-256-GCM, AES-128-CBC, + AES-256-CBC, AES-128-CTR, and AES-256-CTR. + + AES-GCM provides authentication which means that it accepts additional + authenticated data (AAD). So, the flag --additional-authenticated-data-file + is only valid with AES-128-GCM and AES-256-GCM algorithms. If AAD is + provided during encryption, it must be provided during decryption too. The + file must not be larger than 64KiB. + + If --plaintext-file or --additional-authenticated-data-file or + --initialization-vector-file is set to '-', that file is read from stdin. + Similarly, if --ciphertext-file is set to '-', the ciphertext is written to + stdout. + + By default, the command performs integrity verification on data sent to and + received from Cloud KMS. Use --skip-integrity-verification to disable + integrity verification. + +EXAMPLES + The following command reads and decrypts the file path/to/input/ciphertext. + The file will be decrypted using the CryptoKey KEYNAME containing a raw + key, from the KeyRing KEYRING in the global location. It uses the + additional authenticated data file path/to/input/aad (only valid with the + AES-GCM algorithms) and the initialization vector file path/to/input/iv. + The resulting plaintext will be written to path/to/output/plaintext. + + $ gcloud beta kms raw-decrypt --key=KEYNAME --keyring=KEYRING \ + --location=global --ciphertext-file=path/to/input/ciphertext \ + --additional-authenticated-data-file=path/to/input/aad \ + --initialization-vector-file=path/to/input/iv \ + --plaintext-file=path/to/output/plaintext + +REQUIRED FLAGS + --ciphertext-file=CIPHERTEXT_FILE + File path of the ciphertext file to decrypt. + + --plaintext-file=PLAINTEXT_FILE + File path of the plaintext file to store the decrypted data. + +OPTIONAL FLAGS + --additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE + File path to the optional file containing the additional authenticated + data. + + --initialization-vector-file=INITIALIZATION_VECTOR_FILE + File path to the optional file containing the initialization vector for + decryption. + + --key=KEY + The (raw) key to use for decryption. + + --keyring=KEYRING + Key ring of the key. + + --location=LOCATION + Location of the keyring. + + --skip-integrity-verification + Skip integrity verification on request and response API fields. + + --version=VERSION + Version to use for decryption. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud kms raw-decrypt + + $ gcloud alpha kms raw-decrypt + diff --git a/gcloud/beta/kms/raw-encrypt b/gcloud/beta/kms/raw-encrypt new file mode 100644 index 000000000..fc803d2cc --- /dev/null +++ b/gcloud/beta/kms/raw-encrypt @@ -0,0 +1,115 @@ +NAME + gcloud beta kms raw-encrypt - encrypt a plaintext file using a raw key + +SYNOPSIS + gcloud beta kms raw-encrypt --ciphertext-file=CIPHERTEXT_FILE + --plaintext-file=PLAINTEXT_FILE + [--additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE] + [--initialization-vector-file=INITIALIZATION_VECTOR_FILE] [--key=KEY] + [--keyring=KEYRING] [--location=LOCATION] + [--skip-integrity-verification] [--version=VERSION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Encrypts the given plaintext file using the given CryptoKey + containing a raw key and writes the result to the named ciphertext file. + The plaintext file must not be larger than 64KiB. For the AES-CBC + algorithms, no server-side padding is being done, so the plaintext must be + a multiple of the block size. + + The supported algorithms are: AES-128-GCM, AES-256-GCM, AES-128-CBC, + AES-256-CBC, AES-128-CTR, and AES-256-CTR. + + AES-GCM provides authentication which means that it accepts additional + authenticated data (AAD). So, the flag --additional-authenticated-data-file + is only valid with AES-128-GCM and AES-256-GCM algorithms. + + The initialization vector (flag --initialization-vector-file) is only + supported for AES-CBC and AES-CTR algorithms, and must be 16B in length. + + Therefore, both additional authenticated data and initialization vector + can't be provided during encryption. If an additional authenticated data + file is provided, its contents must also be provided during decryption. The + file must not be larger than 64KiB. + + The flag --version indicates the version of the key to use for encryption. + + If --plaintext-file or --additional-authenticated-data-file or + --initialization-vector-file is set to '-', that file is read from stdin. + Similarly, if --ciphertext-file is set to '-', the ciphertext is written to + stdout. + + By default, the command performs integrity verification on data sent to and + received from Cloud KMS. Use --skip-integrity-verification to disable + integrity verification. + +EXAMPLES + The following command reads and encrypts the file path/to/input/plaintext. + The file will be encrypted using the AES-GCM CryptoKey KEYNAME from the + KeyRing KEYRING in the global location using the additional authenticated + data file path/to/input/aad. The resulting ciphertext will be written to + path/to/output/ciphertext. + + $ gcloud beta kms raw-encrypt --key=KEYNAME --keyring=KEYRING \ + --location=global --plaintext-file=path/to/input/plaintext \ + --additional-authenticated-data-file=path/to/input/aad \ + --ciphertext-file=path/to/output/ciphertext + + The following command reads and encrypts the file path/to/input/plaintext. + The file will be encrypted using the AES-CBC CryptoKey KEYNAME from the + KeyRing KEYRING in the global location using the initialization vector + stored at path/to/input/aad. The resulting ciphertext will be written to + path/to/output/ciphertext. + + $ gcloud beta kms raw-encrypt --key=KEYNAME --keyring=KEYRING \ + --location=global --plaintext-file=path/to/input/plaintext \ + --initialization-vector-file=path/to/input/iv \ + --ciphertext-file=path/to/output/ciphertext + +REQUIRED FLAGS + --ciphertext-file=CIPHERTEXT_FILE + File path of the ciphertext file to output. + + --plaintext-file=PLAINTEXT_FILE + File path of the plaintext file to encrypt. + +OPTIONAL FLAGS + --additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE + File path to the optional file containing the additional authenticated + data. + + --initialization-vector-file=INITIALIZATION_VECTOR_FILE + File path to the optional file containing the initialization vector for + encryption. + + --key=KEY + The key to use for encryption. + + --keyring=KEYRING + Key ring of the key. + + --location=LOCATION + Location of the keyring. + + --skip-integrity-verification + Skip integrity verification on request and response API fields. + + --version=VERSION + Version to use for encryption. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud kms raw-encrypt + + $ gcloud alpha kms raw-encrypt + diff --git a/gcloud/beta/network-security/security-profile-groups/create b/gcloud/beta/network-security/security-profile-groups/create index 8f81f3c89..41779d18b 100644 --- a/gcloud/beta/network-security/security-profile-groups/create +++ b/gcloud/beta/network-security/security-profile-groups/create @@ -6,70 +6,120 @@ SYNOPSIS gcloud beta network-security security-profile-groups create (SECURITY_PROFILE_GROUP : --location=LOCATION --organization=ORGANIZATION) - --threat-prevention-profile=THREAT_PREVENTION_PROFILE [--async] - [--description=DESCRIPTION] [GCLOUD_WIDE_FLAG ...] + (--threat-prevention-profile=THREAT_PREVENTION_PROFILE + : --security-profile-location=SECURITY_PROFILE_LOCATION + --security-profile-organization=SECURITY_PROFILE_ORGANIZATION) + [--async] [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) Create a new Security Profile Group with the given name. EXAMPLES To create a Security Profile Group with the name my-security-profile-group, - with a fully specified threat prevention profile using - --threat-prevention-profile flag and optional description as optional - description, run: + with a threat prevention profile using --threat-prevention-profile flag and + optional description as optional description, run: $ gcloud beta network-security security-profile-groups create \ - my-security-profile-group --organization=1234 \ - --location=global \ - --threat-prevention-profile=`organizations/1234/locations/\ + my-security-profile-group --organization=1234 \ + --location=global \ + --threat-prevention-profile=`organizations/1234/locations/\ global/securityProfiles/my-security-profile` \ --description='optional description' POSITIONAL ARGUMENTS - Security profile group resource - Name of the security profile group to be - created. The arguments in this group can be used to specify the attributes - of this resource. + Security profile group resource - Security Profile Group Name. The + arguments in this group can be used to specify the attributes of this + resource. This must be specified. SECURITY_PROFILE_GROUP - ID of the security profile group or fully qualified identifier for - the security profile group. + ID of the security_profile_group or fully qualified identifier for + the security_profile_group. To set the security_profile_group attribute: - ▸ provide the argument security_profile_group on the command line. + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line. This positional argument must be specified if any of the other arguments in this group are specified. --location=LOCATION - Location ID of the resource. + location of the security_profile_group - Global. To set the location attribute: - ▸ provide the argument security_profile_group on the command line + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line with a fully specified name; - ▸ provide the argument --location on the command line; - ▸ use default global location . + ▸ provide the argument --location on the command line. --organization=ORGANIZATION - Organization number. + Organization ID of Security Profile Group To set the organization attribute: - ▸ provide the argument security_profile_group on the command line + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line with a fully specified name; ▸ provide the argument --organization on the command line. REQUIRED FLAGS - --threat-prevention-profile=THREAT_PREVENTION_PROFILE - Name of the security profile of type threat prevention. + Security Profile resource - Path to Security Profile resource. The + arguments in this group can be used to specify the attributes of this + resource. + + This must be specified. + + --threat-prevention-profile=THREAT_PREVENTION_PROFILE + ID of the Security Profile or fully qualified identifier for the + Security Profile. + + To set the security_profile attribute: + ▸ provide the argument --threat-prevention-profile on the command + line. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --security-profile-location=SECURITY_PROFILE_LOCATION + Location of the Security Profile. NOTE: Only global security profiles + are supported. + + To set the security-profile-location attribute: + ▸ provide the argument --threat-prevention-profile on the command + line with a fully specified name; + ▸ provide the argument --security-profile-location on the command + line; + ▸ provide the argument --location on the command line; + ▸ provide the argument + networksecurity.organizations.locations.securityProfileGroups on + the command line with a fully specified name. + + --security-profile-organization=SECURITY_PROFILE_ORGANIZATION + Organization ID of the Security Profile. + + To set the security-profile-organization attribute: + ▸ provide the argument --threat-prevention-profile on the command + line with a fully specified name; + ▸ provide the argument --security-profile-organization on the + command line; + ▸ provide the argument --organization on the command line; + ▸ provide the argument + networksecurity.organizations.locations.securityProfileGroups on + the command line with a fully specified name. OPTIONAL FLAGS --async Return immediately, without waiting for the operation in progress to - complete. + complete. The default is False. --description=DESCRIPTION - Description of the security profile group. + Brief description of the security profile group + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, @@ -79,10 +129,6 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. -API REFERENCE - This command uses the networksecurity/v1beta1 API. The full documentation - for this API can be found at: https://cloud.google.com/networking - NOTES This command is currently in beta and might change without notice. This variant is also available: diff --git a/gcloud/beta/network-security/security-profile-groups/delete b/gcloud/beta/network-security/security-profile-groups/delete index 387810f5f..589399d97 100644 --- a/gcloud/beta/network-security/security-profile-groups/delete +++ b/gcloud/beta/network-security/security-profile-groups/delete @@ -25,8 +25,8 @@ POSITIONAL ARGUMENTS This must be specified. SECURITY_PROFILE_GROUP - ID of the security profile group or fully qualified identifier for - the security profile group. + ID of the security_profile_group or fully qualified identifier for + the security_profile_group. To set the security_profile_group attribute: ▸ provide the argument security_profile_group on the command line. diff --git a/gcloud/beta/network-security/security-profile-groups/describe b/gcloud/beta/network-security/security-profile-groups/describe index 73b2aa107..28716483c 100644 --- a/gcloud/beta/network-security/security-profile-groups/describe +++ b/gcloud/beta/network-security/security-profile-groups/describe @@ -26,8 +26,8 @@ POSITIONAL ARGUMENTS This must be specified. SECURITY_PROFILE_GROUP - ID of the security profile group or fully qualified identifier for - the security profile group. + ID of the security_profile_group or fully qualified identifier for + the security_profile_group. To set the security_profile_group attribute: ▸ provide the argument security_profile_group on the command line. diff --git a/gcloud/beta/network-security/security-profile-groups/update b/gcloud/beta/network-security/security-profile-groups/update index 837801789..810afc660 100644 --- a/gcloud/beta/network-security/security-profile-groups/update +++ b/gcloud/beta/network-security/security-profile-groups/update @@ -6,68 +6,139 @@ SYNOPSIS gcloud beta network-security security-profile-groups update (SECURITY_PROFILE_GROUP : --location=LOCATION --organization=ORGANIZATION) [--async] - [--description=DESCRIPTION] - [--threat-prevention-profile=THREAT_PREVENTION_PROFILE] + [--description=DESCRIPTION] [--update-labels=[KEY=VALUE,...]] + [--clear-labels | --remove-labels=[KEY,...]] + [--threat-prevention-profile=THREAT_PREVENTION_PROFILE + : --security-profile-location=SECURITY_PROFILE_LOCATION + --security-profile-organization=SECURITY_PROFILE_ORGANIZATION] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (BETA) Update the details of a Security Profile Group. + (BETA) Update details of a Security Profile Group. EXAMPLES To update a Security Profile Group with new threat prevention profile my-new-security-profile, run: $ gcloud beta network-security security-profile-groups update \ - my-security-profile-group --organization=1234 \ - --location=global \ - --threat-prevention-profile=`organizations/1234/locations/\ + my-security-profile-group --organization=1234 \ + --location=global \ + --threat-prevention-profile=`organizations/1234/locations/\ global/securityProfiles/my-new-security-profile` \ --description='New Security Profile of type threat prevention' POSITIONAL ARGUMENTS - Security profile group resource - Name of the Security Profile Group to be - updated. The arguments in this group can be used to specify the attributes - of this resource. + Security profile group resource - Security Profile Group Name. The + arguments in this group can be used to specify the attributes of this + resource. This must be specified. SECURITY_PROFILE_GROUP - ID of the security profile group or fully qualified identifier for - the security profile group. + ID of the security_profile_group or fully qualified identifier for + the security_profile_group. To set the security_profile_group attribute: - ▸ provide the argument security_profile_group on the command line. + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line. This positional argument must be specified if any of the other arguments in this group are specified. --location=LOCATION - Location ID of the resource. + location of the security_profile_group - Global. To set the location attribute: - ▸ provide the argument security_profile_group on the command line + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line with a fully specified name; - ▸ provide the argument --location on the command line; - ▸ use default global location . + ▸ provide the argument --location on the command line. --organization=ORGANIZATION - Organization number. + Organization ID of Security Profile Group To set the organization attribute: - ▸ provide the argument security_profile_group on the command line + ▸ provide the argument SECURITY_PROFILE_GROUP on the command line with a fully specified name; ▸ provide the argument --organization on the command line. FLAGS --async Return immediately, without waiting for the operation in progress to - complete. + complete. The default is False. --description=DESCRIPTION - New description of the Security Profile Group. + Brief description of the security profile group - --threat-prevention-profile=THREAT_PREVENTION_PROFILE - Name of the security profile of type threat prevention. + --update-labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to update. If a label exists, its value + is modified. Otherwise, a new label is created. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + At most one of these can be specified: + + --clear-labels + Remove all labels. If --update-labels is also specified then + --clear-labels is applied first. + + For example, to remove all labels: + + $ gcloud beta network-security security-profile-groups update \ + --clear-labels + + To remove all existing labels and create two new labels, foo and baz: + + $ gcloud beta network-security security-profile-groups update \ + --clear-labels --update-labels foo=bar,baz=qux + + --remove-labels=[KEY,...] + List of label keys to remove. If a label does not exist it is + silently ignored. If --update-labels is also specified then + --update-labels is applied first. + + Security Profile resource - Path to Security Profile resource. The + arguments in this group can be used to specify the attributes of this + resource. + + --threat-prevention-profile=THREAT_PREVENTION_PROFILE + ID of the Security Profile or fully qualified identifier for the + Security Profile. + + To set the security_profile attribute: + ▸ provide the argument --threat-prevention-profile on the command + line. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --security-profile-location=SECURITY_PROFILE_LOCATION + Location of the Security Profile. NOTE: Only global security profiles + are supported. + + To set the security-profile-location attribute: + ▸ provide the argument --threat-prevention-profile on the command + line with a fully specified name; + ▸ provide the argument --security-profile-location on the command + line; + ▸ provide the argument --location on the command line; + ▸ provide the argument + networksecurity.organizations.locations.securityProfileGroups on + the command line with a fully specified name. + + --security-profile-organization=SECURITY_PROFILE_ORGANIZATION + Organization ID of the Security Profile. + + To set the security-profile-organization attribute: + ▸ provide the argument --threat-prevention-profile on the command + line with a fully specified name; + ▸ provide the argument --security-profile-organization on the + command line; + ▸ provide the argument --organization on the command line; + ▸ provide the argument + networksecurity.organizations.locations.securityProfileGroups on + the command line with a fully specified name. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, @@ -77,10 +148,6 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. -API REFERENCE - This command uses the networksecurity/v1beta1 API. The full documentation - for this API can be found at: https://cloud.google.com/networking - NOTES This command is currently in beta and might change without notice. This variant is also available: diff --git a/gcloud/beta/notebooks/instances/create b/gcloud/beta/notebooks/instances/create index 591c9f670..6ac572315 100644 --- a/gcloud/beta/notebooks/instances/create +++ b/gcloud/beta/notebooks/instances/create @@ -170,8 +170,8 @@ OPTIONAL FLAGS complete. --instance-owners=INSTANCE_OWNERS - The owners of this instance after creation. Format: alias@example.com. - Currently supports one owner only. If not specified, all of the service + The owners of this instance after creation. Format:alias@example.com. + Currently supports one owner only.If not specified, all of the service account users of the VM instance's service account can use the instance. diff --git a/gcloud/beta/pubsub/subscriptions/create b/gcloud/beta/pubsub/subscriptions/create index 20160c2c8..7bbe4fe16 100644 --- a/gcloud/beta/pubsub/subscriptions/create +++ b/gcloud/beta/pubsub/subscriptions/create @@ -174,7 +174,11 @@ OPTIONAL FLAGS --write-metadata Whether or not to write message metadata including message ID, - publish timestamp, ordering key, and attributes to BigQuery. + publish timestamp, ordering key, and attributes to BigQuery. The + subscription name, message_id, and publish_time fields are put in + their own columns while all other message properties other than + data (for example, an ordering_key, if present) are written to a + JSON object in the attributes column. Cloud Storage Config Options. The Cloud Pub/Sub service account associated with the enclosing subscription's parent project (i.e., @@ -216,7 +220,11 @@ OPTIONAL FLAGS --cloud-storage-write-metadata Whether or not to write the subscription name, message_id, publish_time, attributes, and ordering_key as additional fields in - the output. This has an effect only for subscriptions with + the output. The subscription name, message_id, and publish_time + fields are put in their own fields while all other message + properties other than data (for example, an ordering_key, if + present) are added as entries in the attributes map. This has an + effect only for subscriptions with --cloud-storage-output-format=avro. Dead Letter Queue Options. The Cloud Pub/Sub service account associated diff --git a/gcloud/beta/pubsub/subscriptions/update b/gcloud/beta/pubsub/subscriptions/update index dea183d30..c5af9a8c0 100644 --- a/gcloud/beta/pubsub/subscriptions/update +++ b/gcloud/beta/pubsub/subscriptions/update @@ -144,7 +144,11 @@ FLAGS --write-metadata Whether or not to write message metadata including message ID, - publish timestamp, ordering key, and attributes to BigQuery. + publish timestamp, ordering key, and attributes to BigQuery. The + subscription name, message_id, and publish_time fields are put in + their own columns while all other message properties other than + data (for example, an ordering_key, if present) are written to a + JSON object in the attributes column. At most one of these can be specified: @@ -195,7 +199,11 @@ FLAGS --cloud-storage-write-metadata Whether or not to write the subscription name, message_id, publish_time, attributes, and ordering_key as additional fields - in the output. This has an effect only for subscriptions with + in the output. The subscription name, message_id, and + publish_time fields are put in their own fields while all other + message properties other than data (for example, an ordering_key, + if present) are added as entries in the attributes map. This has + an effect only for subscriptions with --cloud-storage-output-format=avro. At most one of these can be specified: diff --git a/gcloud/beta/workstations/configs/create b/gcloud/beta/workstations/configs/create index f9bc7f32d..d572dc14e 100644 --- a/gcloud/beta/workstations/configs/create +++ b/gcloud/beta/workstations/configs/create @@ -12,6 +12,7 @@ SYNOPSIS [--container-run-as-user=CONTAINER_RUN_AS_USER] [--container-working-dir=CONTAINER_WORKING_DIR] [--disable-public-ip-addresses] [--enable-confidential-compute] + [--enable-nested-virtualization] [--idle-timeout=IDLE_TIMEOUT; default=7200] [--labels=[LABELS,...]] [--machine-type=MACHINE_TYPE; default="e2-standard-4"] [--network-tags=[NETWORK_TAGS,...]] @@ -138,6 +139,10 @@ FLAGS Default value is false. If set, instances will have confidential compute enabled. + --enable-nested-virtualization + Default value is false. If set, instances will have nested + virtualization enabled. + --idle-timeout=IDLE_TIMEOUT; default=7200 How long (in seconds) to wait before automatically stopping an instance that hasn't received any user traffic. A value of 0 indicates that this diff --git a/gcloud/beta/workstations/configs/update b/gcloud/beta/workstations/configs/update index 738a8c708..e1653fdfb 100644 --- a/gcloud/beta/workstations/configs/update +++ b/gcloud/beta/workstations/configs/update @@ -12,11 +12,12 @@ SYNOPSIS [--container-run-as-user=CONTAINER_RUN_AS_USER] [--container-working-dir=CONTAINER_WORKING_DIR] [--disable-public-ip-addresses] [--enable-confidential-compute] - [--idle-timeout=IDLE_TIMEOUT] [--labels=[LABELS,...]] - [--machine-type=MACHINE_TYPE] [--network-tags=[NETWORK_TAGS,...]] - [--pool-size=POOL_SIZE] [--running-timeout=RUNNING_TIMEOUT] - [--service-account=SERVICE_ACCOUNT] [--shielded-integrity-monitoring] - [--shielded-secure-boot] [--shielded-vtpm] + [--enable-nested-virtualization] [--idle-timeout=IDLE_TIMEOUT] + [--labels=[LABELS,...]] [--machine-type=MACHINE_TYPE] + [--network-tags=[NETWORK_TAGS,...]] [--pool-size=POOL_SIZE] + [--running-timeout=RUNNING_TIMEOUT] [--service-account=SERVICE_ACCOUNT] + [--shielded-integrity-monitoring] [--shielded-secure-boot] + [--shielded-vtpm] [--accelerator-count=ACCELERATOR_COUNT : --accelerator-type=ACCELERATOR_TYPE] [--container-custom-image=CONTAINER_CUSTOM_IMAGE @@ -126,6 +127,10 @@ FLAGS Default value is false. If set, instances will have confidential compute enabled. + --enable-nested-virtualization + Default value is false. If set, instances will have nested + virtualization enabled. + --idle-timeout=IDLE_TIMEOUT How long (in seconds) to wait before automatically stopping an instance that hasn't received any user traffic. A value of 0 indicates that this diff --git a/gcloud/bigtable/app-profiles/update b/gcloud/bigtable/app-profiles/update index 1f08d5c1b..73d81187d 100644 --- a/gcloud/bigtable/app-profiles/update +++ b/gcloud/bigtable/app-profiles/update @@ -97,10 +97,6 @@ FLAGS --transactional-writes Allow transactional writes with a Single Cluster Routing policy. - If your app profile has single row transactions enabled, you must - specify this flag when updating that app profile. If you do not - specify this flag, then single row transactions are disabled. - GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/certificate-manager/certificates/create b/gcloud/certificate-manager/certificates/create index e4b14560e..07662163e 100644 --- a/gcloud/certificate-manager/certificates/create +++ b/gcloud/certificate-manager/certificates/create @@ -149,6 +149,10 @@ OPTIONAL FLAGS certificate can be attached to/associated with. Defaults to DEFAULT. SCOPE must be one of: + all-regions + Certificates with scope ALL_REGIONS are currently used for + Cross-region Internal Application Load Balancer only. + default Certificates with DEFAULT scope are used for Load Balancing and Cloud CDN. diff --git a/gcloud/compute/backend-services/create b/gcloud/compute/backend-services/create index 412467b28..87f3ac27a 100644 --- a/gcloud/compute/backend-services/create +++ b/gcloud/compute/backend-services/create @@ -175,13 +175,19 @@ FLAGS AUTOMATIC. --connection-drain-on-failover - Connection drain is enabled by default and on failover or failback - connections will be drained. If connection drain is disabled, the - existing connection state will be cleared immediately on a best effort - basis on failover or failback, all connections will then be served by - the active pool of instances. Not compatible with the --global flag, - load balancing scheme must be INTERNAL or EXTERNAL, and the protocol - must be TCP. + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Only applicable when the backend service protocol is TCP. Not + applicable to any other load balancer. Enabled by default, this option + instructs the load balancer to allow established TCP connections to + persist for up to 300 seconds on instances or endpoints in primary + backends during failover, and on instances or endpoints in failover + backends during failback. For details, see: Connection draining on + failover and failback for internal passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#connection_draining) + and Connection draining on failover and failback for external + passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#connection_draining). --connection-draining-timeout=CONNECTION_DRAINING_TIMEOUT Connection draining timeout to be used during removal of VMs from @@ -241,16 +247,18 @@ FLAGS An optional, textual description for the backend service. --drop-traffic-if-unhealthy - Enable dropping of traffic if there are no healthy VMs detected in both - the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based external and - internal passthrough Network Load Balancers as part of a connection - tracking policy. For details, see: Connection persistence on unhealthy - backends for internal passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for external + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Not applicable to any other load balancer. This option + instructs the load balancer to drop packets when all instances or + endpoints in primary and failover backends do not pass their load + balancer health checks. For details, see: Dropping traffic when all + backend VMs are unhealthy for internal passthrough Network Load + Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#drop_traffic) + and Dropping traffic when all backend VMs are unhealthy for external passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#drop_traffic). --[no-]enable-cdn Enable or disable Cloud CDN for the backend service. Only available for @@ -272,9 +280,16 @@ FLAGS and --no-enable-strong-affinity to disable. --failover-ratio=FAILOVER_RATIO - If the ratio of the healthy VMs in the primary backend is at or below - this number, traffic arriving at the load-balanced IP will be directed - to the failover backend(s). Not compatible with the --global flag. + Applicable only to backend service-based external passthrough Network + load balancers and internal passthrough Network load balancers as part + of a failover policy. Not applicable to any other load balancer. This + option defines the ratio used to control when failover and failback + occur. For details, see: Failover ratio for internal passthrough + Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#failover_ratio) + and Failover ratio for external passthrough Network Load Balancer + overview + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#failover_ratio). --health-checks=HEALTH_CHECK,[...] Specifies a list of health check objects for checking the health of the diff --git a/gcloud/compute/backend-services/update b/gcloud/compute/backend-services/update index 992666ef0..dcdfe16bf 100644 --- a/gcloud/compute/backend-services/update +++ b/gcloud/compute/backend-services/update @@ -124,13 +124,19 @@ FLAGS AUTOMATIC. --connection-drain-on-failover - Connection drain is enabled by default and on failover or failback - connections will be drained. If connection drain is disabled, the - existing connection state will be cleared immediately on a best effort - basis on failover or failback, all connections will then be served by - the active pool of instances. Not compatible with the --global flag, - load balancing scheme must be INTERNAL or EXTERNAL, and the protocol - must be TCP. + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Only applicable when the backend service protocol is TCP. Not + applicable to any other load balancer. Enabled by default, this option + instructs the load balancer to allow established TCP connections to + persist for up to 300 seconds on instances or endpoints in primary + backends during failover, and on instances or endpoints in failover + backends during failback. For details, see: Connection draining on + failover and failback for internal passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#connection_draining) + and Connection draining on failover and failback for external + passthrough Network Load Balancers + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#connection_draining). --connection-draining-timeout=CONNECTION_DRAINING_TIMEOUT Connection draining timeout to be used during removal of VMs from @@ -151,16 +157,18 @@ FLAGS An optional, textual description for the backend service. --drop-traffic-if-unhealthy - Enable dropping of traffic if there are no healthy VMs detected in both - the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based external and - internal passthrough Network Load Balancers as part of a connection - tracking policy. For details, see: Connection persistence on unhealthy - backends for internal passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for external + Applicable only for backend service-based external and internal + passthrough Network Load Balancers as part of a connection tracking + policy. Not applicable to any other load balancer. This option + instructs the load balancer to drop packets when all instances or + endpoints in primary and failover backends do not pass their load + balancer health checks. For details, see: Dropping traffic when all + backend VMs are unhealthy for internal passthrough Network Load + Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#drop_traffic) + and Dropping traffic when all backend VMs are unhealthy for external passthrough Network Load Balancers - (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#drop_traffic). --edge-security-policy=EDGE_SECURITY_POLICY The edge security policy that will be set for this backend service. To @@ -187,9 +195,16 @@ FLAGS and --no-enable-strong-affinity to disable. --failover-ratio=FAILOVER_RATIO - If the ratio of the healthy VMs in the primary backend is at or below - this number, traffic arriving at the load-balanced IP will be directed - to the failover backend(s). Not compatible with the --global flag. + Applicable only to backend service-based external passthrough Network + load balancers and internal passthrough Network load balancers as part + of a failover policy. Not applicable to any other load balancer. This + option defines the ratio used to control when failover and failback + occur. For details, see: Failover ratio for internal passthrough + Network Load Balancers + (https://cloud.google.com/load-balancing/docs/internal/failover-overview#failover_ratio) + and Failover ratio for external passthrough Network Load Balancer + overview + (https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview#failover_ratio). --health-checks=HEALTH_CHECK,[...] Specifies a list of health check objects for checking the health of the diff --git a/gcloud/compute/instance-groups/managed/create b/gcloud/compute/instance-groups/managed/create index 5f82fe05b..24d501d66 100644 --- a/gcloud/compute/instance-groups/managed/create +++ b/gcloud/compute/instance-groups/managed/create @@ -153,6 +153,13 @@ OPTIONAL FLAGS requested number of VMs within present resource constraints and to maximize utilization of unused zonal reservations. Recommended for batch workloads that do not require high availability. + any-single-zone + The group schedules all instances within a single zone. The zone is + chosen based on hardware support, current resources availability, + and matching reservations. The group might not be able to create + the requested number of VMs in case of zonal resource availability + constraints. Recommended for workloads requiring extensive + communication between VMs. balanced The group prioritizes acquisition of resources, scheduling VMs in zones where resources are available while distributing VMs as diff --git a/gcloud/compute/instance-groups/managed/update b/gcloud/compute/instance-groups/managed/update index 962c7d15c..6ff4d0324 100644 --- a/gcloud/compute/instance-groups/managed/update +++ b/gcloud/compute/instance-groups/managed/update @@ -138,6 +138,13 @@ FLAGS requested number of VMs within present resource constraints and to maximize utilization of unused zonal reservations. Recommended for batch workloads that do not require high availability. + any-single-zone + The group schedules all instances within a single zone. The zone is + chosen based on hardware support, current resources availability, + and matching reservations. The group might not be able to create + the requested number of VMs in case of zonal resource availability + constraints. Recommended for workloads requiring extensive + communication between VMs. balanced The group prioritizes acquisition of resources, scheduling VMs in zones where resources are available while distributing VMs as diff --git a/gcloud/compute/instance-templates/create b/gcloud/compute/instance-templates/create index 8bbecd716..ca2347c28 100644 --- a/gcloud/compute/instance-templates/create +++ b/gcloud/compute/instance-templates/create @@ -301,6 +301,12 @@ FLAGS https://cloud.google.com/compute/docs/disks/customer-managed-encryption for more details. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description for the instance template. diff --git a/gcloud/compute/instance-templates/create-with-container b/gcloud/compute/instance-templates/create-with-container index e204179d6..7914509e0 100644 --- a/gcloud/compute/instance-templates/create-with-container +++ b/gcloud/compute/instance-templates/create-with-container @@ -329,6 +329,12 @@ FLAGS support. For available processor types on Compute Engine, see https://cloud.google.com/compute/docs/cpu-platforms. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description for the instance template. diff --git a/gcloud/compute/instances/bulk/create b/gcloud/compute/instances/bulk/create index c0e14f53c..3eccac21a 100644 --- a/gcloud/compute/instances/bulk/create +++ b/gcloud/compute/instances/bulk/create @@ -356,6 +356,12 @@ OPTIONAL FLAGS Path to a Customer-Supplied Encryption Key (CSEK) key file for the image. Must be specified with image-csek-required. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description of the instances. diff --git a/gcloud/compute/instances/create b/gcloud/compute/instances/create index 381a349a6..8e60294da 100644 --- a/gcloud/compute/instances/create +++ b/gcloud/compute/instances/create @@ -343,8 +343,7 @@ FLAGS Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must - be the same as the instance zone. You can't use this option with - boot disks. + be the same as the instance zone. --csek-key-file=FILE Path to a Customer-Supplied Encryption Key (CSEK) key file that maps diff --git a/gcloud/compute/instances/create-with-container b/gcloud/compute/instances/create-with-container index b380bcd98..03f4e17ab 100644 --- a/gcloud/compute/instances/create-with-container +++ b/gcloud/compute/instances/create-with-container @@ -351,6 +351,12 @@ FLAGS support. For available processor types on Compute Engine, see https://cloud.google.com/compute/docs/cpu-platforms. + replica-zones + Required for each regional disk associated with the instance. + Specify the URLs of the zones where the disk should be replicated + to. You must provide exactly two replica zones, and one zone must + be the same as the instance zone. + --description=DESCRIPTION Specifies a textual description of the instances. diff --git a/gcloud/compute/network-endpoint-groups/create b/gcloud/compute/network-endpoint-groups/create index fe712c5c5..519d32718 100644 --- a/gcloud/compute/network-endpoint-groups/create +++ b/gcloud/compute/network-endpoint-groups/create @@ -37,8 +37,8 @@ FLAGS If this flag isn't specified for a NEG with endpoint type gce-vm-ip-port or non-gcp-private-ip-port, then every network endpoint - in the network endpoint group must have a port specified. For a NEG - with endpoint type internet-ip-port and internet-fqdn-port. If the + in the network endpoint group must have a port specified. For a global + NEG with endpoint type internet-ip-port and internet-fqdn-port if the default port is not specified, the well-known port for your backend protocol is used (80 for HTTP, 443 for HTTPS). diff --git a/gcloud/compute/ssl-policies/create b/gcloud/compute/ssl-policies/create index 8f36aa00e..1f0fbd19d 100644 --- a/gcloud/compute/ssl-policies/create +++ b/gcloud/compute/ssl-policies/create @@ -13,9 +13,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY diff --git a/gcloud/compute/ssl-policies/delete b/gcloud/compute/ssl-policies/delete index 75d3a0caf..6026b0b12 100644 --- a/gcloud/compute/ssl-policies/delete +++ b/gcloud/compute/ssl-policies/delete @@ -12,9 +12,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY [SSL_POLICY ...] diff --git a/gcloud/compute/ssl-policies/describe b/gcloud/compute/ssl-policies/describe index 9c5e37b4a..8cbbd94c8 100644 --- a/gcloud/compute/ssl-policies/describe +++ b/gcloud/compute/ssl-policies/describe @@ -11,9 +11,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY diff --git a/gcloud/compute/ssl-policies/list-available-features b/gcloud/compute/ssl-policies/list-available-features index 951091554..9aa13043a 100644 --- a/gcloud/compute/ssl-policies/list-available-features +++ b/gcloud/compute/ssl-policies/list-available-features @@ -14,9 +14,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. FLAGS --region=REGION diff --git a/gcloud/compute/ssl-policies/update b/gcloud/compute/ssl-policies/update index 6b2a9242b..aee84fa57 100644 --- a/gcloud/compute/ssl-policies/update +++ b/gcloud/compute/ssl-policies/update @@ -12,9 +12,10 @@ DESCRIPTION An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This - affects connections between clients and the HTTPS or SSL proxy load - balancer. SSL policies do not affect the connection between the load - balancers and the backends. + affects connections between clients and the load balancer. SSL policies do + not affect the connection between the load balancers and the backends. SSL + policies are used by Application Load Balancers and proxy Network Load + Balancers. POSITIONAL ARGUMENTS SSL_POLICY diff --git a/gcloud/compute/target-pools/help b/gcloud/compute/target-pools/help index ae0f08735..ed6b32417 100644 --- a/gcloud/compute/target-pools/help +++ b/gcloud/compute/target-pools/help @@ -6,7 +6,8 @@ SYNOPSIS gcloud compute target-pools COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION - Control Compute Engine target pools for Network Load Balancing. + Control Compute Engine target pools for external passthrough Network Load + Balancers. For more information about target pools, see the target pools documentation (https://cloud.google.com/load-balancing/docs/target-pools). diff --git a/gcloud/config/get b/gcloud/config/get index 4273c0ad2..f5e542595 100644 --- a/gcloud/config/get +++ b/gcloud/config/get @@ -589,6 +589,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/config/help b/gcloud/config/help index c7f4532d0..78599b81f 100644 --- a/gcloud/config/help +++ b/gcloud/config/help @@ -621,6 +621,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/config/list b/gcloud/config/list index 460a8452d..e2ca2c55a 100644 --- a/gcloud/config/list +++ b/gcloud/config/list @@ -633,6 +633,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/config/set b/gcloud/config/set index 0a9fe5c41..40adac15a 100644 --- a/gcloud/config/set +++ b/gcloud/config/set @@ -636,6 +636,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/config/unset b/gcloud/config/unset index 1b4809c09..f7075d9cd 100644 --- a/gcloud/config/unset +++ b/gcloud/config/unset @@ -597,6 +597,10 @@ AVAILABLE PROPERTIES Overrides API endpoint for gcloud workflows command group. Defaults to https://workflows.googleapis.com/ + workstations + Overrides API endpoint for gcloud workstations command group. + Defaults to https://workstations.googleapis.com/ + app cloud_build_timeout Timeout, in seconds, to wait for Docker builds to complete during diff --git a/gcloud/container/clusters/create b/gcloud/container/clusters/create index f636d9649..5aef2f412 100644 --- a/gcloud/container/clusters/create +++ b/gcloud/container/clusters/create @@ -134,7 +134,7 @@ FLAGS Attaches accelerators (e.g. GPUs) to all nodes. type - (Required) The specific type (e.g. nvidia-tesla-k80 for nVidia + (Required) The specific type (e.g. nvidia-tesla-k80 for NVIDIA Tesla K80) of accelerator to attach to the instances. Use gcloud compute accelerator-types list to learn about all available accelerator types. @@ -147,15 +147,15 @@ FLAGS (Optional) The NVIDIA driver version to install. GPU_DRIVER_VERSION must be one of: - `default`: Install the default driver version. If you omit the flag `gpu-driver-version`, - this is the default option. + `default`: Install the default driver version. `latest`: Install the latest available driver version. Available only for nodes that use Container-Optimized OS. `disabled`: Skip automatic driver installation. You must [manually install a driver](https://cloud.google.com/kubernetes-engine/docs/how-to/gpus#installing_drivers) - after you create the cluster. + after you create the cluster. If you omit the flag `gpu-driver-version`, + this is the default option. gpu-partition-size (Optional) The GPU partition size used when running multi-instance @@ -531,9 +531,6 @@ FLAGS endpoint from any Google Cloud region or on-premises environment regardless of the private cluster's region. - Must be used in conjunction with '--enable-ip-alias' and - '--enable-private-nodes'. - --enable-multi-networking Enables multi-networking on the cluster. Multi-networking is disabled by default. diff --git a/gcloud/container/clusters/create-auto b/gcloud/container/clusters/create-auto index 7de966b24..e15f6c280 100644 --- a/gcloud/container/clusters/create-auto +++ b/gcloud/container/clusters/create-auto @@ -205,9 +205,6 @@ FLAGS endpoint from any Google Cloud region or on-premises environment regardless of the private cluster's region. - Must be used in conjunction with '--enable-ip-alias' and - '--enable-private-nodes'. - --logging=[COMPONENT,...] Set the components that have logging enabled. Valid component values are: SYSTEM, WORKLOAD, API_SERVER, CONTROLLER_MANAGER, SCHEDULER, NONE diff --git a/gcloud/container/fleet/memberships/generate-gateway-rbac b/gcloud/container/fleet/memberships/generate-gateway-rbac index b0bb29878..e404cbb75 100644 --- a/gcloud/container/fleet/memberships/generate-gateway-rbac +++ b/gcloud/container/fleet/memberships/generate-gateway-rbac @@ -73,6 +73,17 @@ EXAMPLES test-acct@test-project.iam.gserviceaccount.com \ --role=role/mynamespace/namespace-reader + The users provided can be using a Google identity (only email) or using + external identity providers (starting with + "principal://iam.googleapis.com"): + + $ gcloud container fleet memberships generate-gateway-rbac \ + --membership=my-cluster \ + --users=foo@example.com,principal://iam.googleapis.com/\ + locations/global/workforcePools/pool/subject/user \ + --role=clusterrole/cluster-admin --context=my-cluster-context \ + --kubeconfig=/home/user/custom_kubeconfig --apply + FLAGS --anthos-support If specified, this command will generate RBAC policy file for anthos diff --git a/gcloud/container/hub/memberships/generate-gateway-rbac b/gcloud/container/hub/memberships/generate-gateway-rbac index fe058dac5..005ee312f 100644 --- a/gcloud/container/hub/memberships/generate-gateway-rbac +++ b/gcloud/container/hub/memberships/generate-gateway-rbac @@ -73,6 +73,17 @@ EXAMPLES test-acct@test-project.iam.gserviceaccount.com \ --role=role/mynamespace/namespace-reader + The users provided can be using a Google identity (only email) or using + external identity providers (starting with + "principal://iam.googleapis.com"): + + $ gcloud container hub memberships generate-gateway-rbac \ + --membership=my-cluster \ + --users=foo@example.com,principal://iam.googleapis.com/\ + locations/global/workforcePools/pool/subject/user \ + --role=clusterrole/cluster-admin --context=my-cluster-context \ + --kubeconfig=/home/user/custom_kubeconfig --apply + FLAGS --anthos-support If specified, this command will generate RBAC policy file for anthos diff --git a/gcloud/container/node-pools/create b/gcloud/container/node-pools/create index 5b2c33a2f..1298de057 100644 --- a/gcloud/container/node-pools/create +++ b/gcloud/container/node-pools/create @@ -91,7 +91,7 @@ FLAGS Attaches accelerators (e.g. GPUs) to all nodes. type - (Required) The specific type (e.g. nvidia-tesla-k80 for nVidia + (Required) The specific type (e.g. nvidia-tesla-k80 for NVIDIA Tesla K80) of accelerator to attach to the instances. Use gcloud compute accelerator-types list to learn about all available accelerator types. @@ -104,15 +104,15 @@ FLAGS (Optional) The NVIDIA driver version to install. GPU_DRIVER_VERSION must be one of: - `default`: Install the default driver version. If you omit the flag `gpu-driver-version`, - this is the default option. + `default`: Install the default driver version. `latest`: Install the latest available driver version. Available only for nodes that use Container-Optimized OS. `disabled`: Skip automatic driver installation. You must [manually install a driver](https://cloud.google.com/kubernetes-engine/docs/how-to/gpus#installing_drivers) - after you create the cluster. + after you create the cluster. If you omit the flag `gpu-driver-version`, + this is the default option. gpu-partition-size (Optional) The GPU partition size used when running multi-instance diff --git a/gcloud/database-migration/connection-profiles/create/cloudsql b/gcloud/database-migration/connection-profiles/create/cloudsql index f5378d3af..3ffc23387 100644 --- a/gcloud/database-migration/connection-profiles/create/cloudsql +++ b/gcloud/database-migration/connection-profiles/create/cloudsql @@ -6,7 +6,8 @@ SYNOPSIS gcloud database-migration connection-profiles create cloudsql (CONNECTION_PROFILE : --region=REGION) --database-version=DATABASE_VERSION --source-id=SOURCE_ID --tier=TIER - [--activation-policy=ACTIVATION_POLICY] [--no-async] + [--activation-policy=ACTIVATION_POLICY] + [--allocated-ip-range=ALLOCATED_IP_RANGE] [--no-async] [--authorized-networks=NETWORK,[NETWORK,...]] [--no-auto-storage-increase] [--availability-type=AVAILABILITY_TYPE] [--data-disk-size=DATA_DISK_SIZE] [--data-disk-type=DATA_DISK_TYPE] @@ -122,6 +123,11 @@ OPTIONAL FLAGS ACTIVATION_POLICY must be one of: ALWAYS, NEVER. + --allocated-ip-range=ALLOCATED_IP_RANGE + The name of the allocated IP range for the private IP Cloud SQL + instance. This name refers to an already allocated IP range. If set, + the instance IP will be created in the allocated range. + --no-async Waits for the operation in progress to complete before returning. diff --git a/gcloud/database-migration/conversion-workspaces/describe-ddls b/gcloud/database-migration/conversion-workspaces/describe-ddls new file mode 100644 index 000000000..9b8a4b4bf --- /dev/null +++ b/gcloud/database-migration/conversion-workspaces/describe-ddls @@ -0,0 +1,85 @@ +NAME + gcloud database-migration conversion-workspaces describe-ddls - describe + DDLs in a Database Migration Service conversion workspace + +SYNOPSIS + gcloud database-migration conversion-workspaces describe-ddls + (CONVERSION_WORKSPACE : --region=REGION) [--commit-id=COMMIT_ID] + [--filter=FILTER] [--tree-type=TREE_TYPE; default="DRAFT"] + [--uncommitted] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Describe DDLs in a Database Migration Service conversion workspace. + +EXAMPLES + To describe the DDLs of the draft tree in my-conversion-workspace in a + project and location us-central1, run: + + $ gcloud database-migration conversion-workspaces describe-ddls \ + my-conversion-workspace --region=us-central1 + + To describe the DDLs of the source tree in a conversion workspace in a + project and location us-central1, run: + + $ gcloud database-migration conversion-workspaces describe-ddls \ + my-conversion-workspace --region=us-central1 --tree-type=SOURCE + +POSITIONAL ARGUMENTS + Conversion workspace resource - The conversion workspace to describe DDLs. + The arguments in this group can be used to specify the attributes of this + resource. (NOTE) Some attributes are not given arguments in this group but + can be set in other ways. + + To set the project attribute: + ◆ provide the argument conversion_workspace on the command line with a + fully specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + CONVERSION_WORKSPACE + ID of the conversion_workspace or fully qualified identifier for the + conversion_workspace. + + To set the conversion_workspace attribute: + ▸ provide the argument conversion_workspace on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + The Cloud region for the conversion_workspace. + + To set the region attribute: + ▸ provide the argument conversion_workspace on the command line + with a fully specified name; + ▸ provide the argument --region on the command line. + +FLAGS + --commit-id=COMMIT_ID + Request a specific commit id. If not specified, the entities from the + latest commit are returned. + + --filter=FILTER + Filter the entities based on (AIP-160)[https://google.aip.dev/160] + standard. Example: to filter all tables whose name start with + "Employee" and are present under schema "Company", use filter as + "parent = Company and TABLE=Employee" + + --tree-type=TREE_TYPE; default="DRAFT" + Tree type for database entities. TREE_TYPE must be one of: SOURCE, + DRAFT. + + --uncommitted + Whether to retrieve the latest committed version of the entities or the + latest version. This field is ignored if a specific commit_id is + specified. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/database-migration/conversion-workspaces/describe-issues b/gcloud/database-migration/conversion-workspaces/describe-issues new file mode 100644 index 000000000..9c7d7aedf --- /dev/null +++ b/gcloud/database-migration/conversion-workspaces/describe-issues @@ -0,0 +1,75 @@ +NAME + gcloud database-migration conversion-workspaces describe-issues - describe + issues in a Database Migration Service conversion workspace + +SYNOPSIS + gcloud database-migration conversion-workspaces describe-issues + (CONVERSION_WORKSPACE : --region=REGION) [--commit-id=COMMIT_ID] + [--filter=FILTER] [--uncommitted] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Describe database entity issues in a Database Migration Services conversion + workspace. + +EXAMPLES + To describe the database entity issues in a conversion workspace in a + project and location us-central1, run: + + $ gcloud database-migration conversion-workspaces describe-issues \ + my-conversion-workspace --region=us-central1 + +POSITIONAL ARGUMENTS + Conversion workspace resource - The conversion workspace to describe + issues. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument conversion_workspace on the command line with a + fully specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + CONVERSION_WORKSPACE + ID of the conversion_workspace or fully qualified identifier for the + conversion_workspace. + + To set the conversion_workspace attribute: + ▸ provide the argument conversion_workspace on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --region=REGION + The Cloud region for the conversion_workspace. + + To set the region attribute: + ▸ provide the argument conversion_workspace on the command line + with a fully specified name; + ▸ provide the argument --region on the command line. + +FLAGS + --commit-id=COMMIT_ID + Request a specific commit id. If not specified, the entities from the + latest commit are returned. + + --filter=FILTER + Filter the entities based on (AIP-160)[https://google.aip.dev/160] + standard. Example: to filter all tables whose name start with + "Employee" and are present under schema "Company", use filter as + "parent = Company and TABLE=Employee" + + --uncommitted + Whether to retrieve the latest committed version of the entities or the + latest version. This field is ignored if a specific commit_id is + specified. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/database-migration/conversion-workspaces/help b/gcloud/database-migration/conversion-workspaces/help index 8b97fdc82..8e938bb85 100644 --- a/gcloud/database-migration/conversion-workspaces/help +++ b/gcloud/database-migration/conversion-workspaces/help @@ -35,10 +35,16 @@ COMMANDS describe Show details about a database migration conversion workspace. + describe-ddls + Describe DDLs in a Database Migration Service conversion workspace. + describe-entities Describe database entities in a Database Migration conversion workspace. + describe-issues + Describe issues in a Database Migration Service conversion workspace. + import-rules Import mapping rules in a Database Migration Service conversion workspace. diff --git a/gcloud/database-migration/migration-jobs/create b/gcloud/database-migration/migration-jobs/create index 885aaa710..e66907df5 100644 --- a/gcloud/database-migration/migration-jobs/create +++ b/gcloud/database-migration/migration-jobs/create @@ -7,8 +7,9 @@ SYNOPSIS (MIGRATION_JOB : --region=REGION) --destination=DESTINATION --source=SOURCE --type=TYPE [--no-async] [--commit-id=COMMIT_ID] [--conversion-workspace=CONVERSION_WORKSPACE] - [--display-name=DISPLAY_NAME] [--dump-path=DUMP_PATH] [--filter=FILTER] - [--labels=[KEY=VALUE,...]] + [--display-name=DISPLAY_NAME] + [--dump-parallel-level=DUMP_PARALLEL_LEVEL] [--dump-path=DUMP_PATH] + [--filter=FILTER] [--labels=[KEY=VALUE,...]] [--cmek-key=CMEK_KEY : --cmek-keyring=CMEK_KEYRING --cmek-project=CMEK_PROJECT] [--peer-vpc=PEER_VPC | --static-ip @@ -177,6 +178,11 @@ OPTIONAL FLAGS include letters, numbers, spaces, and hyphens, and must start with a letter. + --dump-parallel-level=DUMP_PARALLEL_LEVEL + Parallelization level during initial dump of the migration job. If not + specified, will be defaulted to OPTIMAL. DUMP_PARALLEL_LEVEL must be + one of: MIN, OPTIMAL, MAX. + --dump-path=DUMP_PATH Path to the dump file in Google Cloud Storage, in the format: gs://[BUCKET_NAME]/[OBJECT_NAME]. diff --git a/gcloud/database-migration/migration-jobs/update b/gcloud/database-migration/migration-jobs/update index 712e6eb25..6cbcc0d70 100644 --- a/gcloud/database-migration/migration-jobs/update +++ b/gcloud/database-migration/migration-jobs/update @@ -6,8 +6,8 @@ SYNOPSIS gcloud database-migration migration-jobs update (MIGRATION_JOB : --region=REGION) [--no-async] [--destination=DESTINATION] [--display-name=DISPLAY_NAME] - [--dump-path=DUMP_PATH] [--source=SOURCE] [--type=TYPE] - [--update-labels=[KEY=VALUE,...]] + [--dump-parallel-level=DUMP_PARALLEL_LEVEL] [--dump-path=DUMP_PATH] + [--source=SOURCE] [--type=TYPE] [--update-labels=[KEY=VALUE,...]] [--clear-labels | --remove-labels=[KEY,...]] [--peer-vpc=PEER_VPC | --static-ip | --vm=VM --vm-ip=VM_IP --vm-port=VM_PORT --vpc=VPC] @@ -95,6 +95,11 @@ FLAGS include letters, numbers, spaces, and hyphens, and must start with a letter. + --dump-parallel-level=DUMP_PARALLEL_LEVEL + Parallelization level during initial dump of the migration job. If not + specified, will be defaulted to OPTIMAL. DUMP_PARALLEL_LEVEL must be + one of: MIN, OPTIMAL, MAX. + --dump-path=DUMP_PATH Path to the dump file in Google Cloud Storage, in the format: gs://[BUCKET_NAME]/[OBJECT_NAME]. diff --git a/gcloud/dataplex/datascans/create/data-profile b/gcloud/dataplex/datascans/create/data-profile new file mode 100644 index 000000000..9500956f0 --- /dev/null +++ b/gcloud/dataplex/datascans/create/data-profile @@ -0,0 +1,169 @@ +NAME + gcloud dataplex datascans create data-profile - create a Dataplex data + profile scan job + +SYNOPSIS + gcloud dataplex datascans create data-profile + (DATASCAN : --location=LOCATION) + (--data-source-entity=DATA_SOURCE_ENTITY + | --data-source-resource=DATA_SOURCE_RESOURCE) + [--description=DESCRIPTION] [--display-name=DISPLAY_NAME] + [--labels=[KEY=VALUE,...]] [--async | --validate-only] + [--data-profile-spec-file=DATA_PROFILE_SPEC_FILE + | --exclude-field-names=EXCLUDE_FIELD_NAMES + --include-field-names=INCLUDE_FIELD_NAMES + --row-filter=ROW_FILTER --sampling-percent=SAMPLING_PERCENT] + [--incremental-field=INCREMENTAL_FIELD --on-demand=ON_DEMAND + | --schedule=SCHEDULE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Represents a user-visible job which provides the insights for the related + data source about the structure, content and relationships (such as null + percent, cardinality, min/max/mean, etc). + +EXAMPLES + To create a data profile scan data-profile-datascan in project test-project + located in us-central1, run: + + $ gcloud dataplex datascans create data-profile data-profile \ + data-profile-datascan --project=test-project \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + you want to create a data profile scan for. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the dataScans attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +REQUIRED FLAGS + Data source for the data profile scan. + + Exactly one of these must be specified: + + --data-source-entity=DATA_SOURCE_ENTITY + Dataplex entity that contains the data for the data profile scan, of + the form: + projects/{project_number}/locations/{location_id}/lakes/{lake_id}/zones/{zone_id}/entities/{entity_id}. + + --data-source-resource=DATA_SOURCE_RESOURCE + Fully-qualified service resource name of the cloud resource that + contains the data for the data profile scan, of the form: + //bigquery.googleapis.com/projects/{project_number}/datasets/{dataset_id}/tables/{table_id}. + +OPTIONAL FLAGS + --description=DESCRIPTION + Description of the data profile scan. + + --display-name=DISPLAY_NAME + Display name of the data profile scan. + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + At most one of --async | --validate-only can be specified. + + At most one of these can be specified: + + --async + Return immediately, without waiting for the operation in progress to + complete. + + --validate-only + Validate the create action, but don't actually perform it. + + Data spec for the data profile scan. + + At most one of these can be specified: + + --data-profile-spec-file=DATA_PROFILE_SPEC_FILE + path to the JSON/YAML file containing the spec for the data profile + scan. The JSON representation reference: + https://cloud.google.com/dataplex/docs/reference/rest/v1/DataProfileSpec + + Command line spec arguments for the data profile scan. + + --exclude-field-names=EXCLUDE_FIELD_NAMES + Names of the fields to exclude from data profile. If specified, the + respective fields will be excluded from data profile, regardless of + the fields specified in the --include-field-names flag. + + --include-field-names=INCLUDE_FIELD_NAMES + Names of the fields to include in data profile. If not specified, + all fields at the time of profile scan job execution are included. + The fields listed in the --exclude-field-names flag are excluded. + + --row-filter=ROW_FILTER + A filter applied to all rows in a single data profile scan job. + + --sampling-percent=SAMPLING_PERCENT + The percentage of the records to be selected from the dataset for + data profile scan. + + Data profile scan execution settings. + + --incremental-field=INCREMENTAL_FIELD + Field that contains values that monotonically increase over time + (e.g. timestamp). + + Data profile scan scheduling and trigger settings. + + At most one of these can be specified: + + --on-demand=ON_DEMAND + If set, the scan runs one-time shortly after data profile scan + creation. + + --schedule=SCHEDULE + Cron schedule (https://en.wikipedia.org/wiki/Cron) for running + scans periodically. To explicitly set a timezone to the cron tab, + apply a prefix in the cron tab: "CRON_TZ=${IANA_TIME_ZONE}" or + "TZ=${IANA_TIME_ZONE}". The ${IANA_TIME_ZONE} may only be a valid + string from IANA time zone database. For example, + CRON_TZ=America/New_York 1 * * * * or TZ=America/New_York 1 * * * + *. This field is required for RECURRING scans. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans create data-profile + diff --git a/gcloud/dataplex/datascans/create/data-quality b/gcloud/dataplex/datascans/create/data-quality new file mode 100644 index 000000000..ef237da9e --- /dev/null +++ b/gcloud/dataplex/datascans/create/data-quality @@ -0,0 +1,144 @@ +NAME + gcloud dataplex datascans create data-quality - create a Dataplex data + quality scan job + +SYNOPSIS + gcloud dataplex datascans create data-quality + (DATASCAN : --location=LOCATION) + --data-quality-spec-file=DATA_QUALITY_SPEC_FILE + (--data-source-entity=DATA_SOURCE_ENTITY + | --data-source-resource=DATA_SOURCE_RESOURCE) + [--description=DESCRIPTION] [--display-name=DISPLAY_NAME] + [--labels=[KEY=VALUE,...]] [--async | --validate-only] + [--incremental-field=INCREMENTAL_FIELD --on-demand=ON_DEMAND + | --schedule=SCHEDULE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Represents a user-visible job which provides the insights for the related + data source and generates queries based on the rules and runs against the + data to get data quality check results. + +EXAMPLES + To create a data quality scan data-quality-datascan in project test-project + located in us-central1 with data spec file data-quality-spec.json, run: + + $ gcloud dataplex datascans create data-quality data-quality \ + data-quality-datascan --project=test-project \ + --location=us-central1 \ + --data-quality-spec-file="data-quality-spec.json" + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + you want to create a data quality scan for. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the dataScans attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +REQUIRED FLAGS + --data-quality-spec-file=DATA_QUALITY_SPEC_FILE + path to the JSON/YAML file containing the spec for the data quality + scan. The json representation reference: + https://cloud.google.com/dataplex/docs/reference/rest/v1/DataQualitySpec + + Data source for the data quality scan. + + Exactly one of these must be specified: + + --data-source-entity=DATA_SOURCE_ENTITY + Dataplex entity that contains the data for the data quality scan, of + the form: + projects/{project_number}/locations/{location_id}/lakes/{lake_id}/zones/{zone_id}/entities/{entity_id}. + + --data-source-resource=DATA_SOURCE_RESOURCE + Fully-qualified service resource name of the cloud resource that + contains the data for the data quality scan, of the form: + //bigquery.googleapis.com/projects/{project_number}/datasets/{dataset_id}/tables/{table_id}. + +OPTIONAL FLAGS + --description=DESCRIPTION + Description of the data quality scan. + + --display-name=DISPLAY_NAME + Display name of the data quality scan. + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + At most one of --async | --validate-only can be specified. + + At most one of these can be specified: + + --async + Return immediately, without waiting for the operation in progress to + complete. + + --validate-only + Validate the create action, but don't actually perform it. + + Data quality scan execution settings. + + --incremental-field=INCREMENTAL_FIELD + Field that contains values that monotonically increase over time + (e.g. timestamp). + + Data quality scan scheduling and trigger settings + + At most one of these can be specified: + + --on-demand=ON_DEMAND + If set, the scan runs one-time shortly after data quality scan + creation. + + --schedule=SCHEDULE + Cron schedule (https://en.wikipedia.org/wiki/Cron) for running + scans periodically. To explicitly set a timezone to the cron tab, + apply a prefix in the cron tab: "CRON_TZ=${IANA_TIME_ZONE}" or + "TZ=${IANA_TIME_ZONE}". The ${IANA_TIME_ZONE} may only be a valid + string from IANA time zone database. For example, + CRON_TZ=America/New_York 1 * * * * or TZ=America/New_York 1 * * * + *. This field is required for RECURRING scans. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans create data-quality + diff --git a/gcloud/dataplex/datascans/create/help b/gcloud/dataplex/datascans/create/help new file mode 100644 index 000000000..d7d70820b --- /dev/null +++ b/gcloud/dataplex/datascans/create/help @@ -0,0 +1,28 @@ +NAME + gcloud dataplex datascans create - manage Dataplex Datascans creation + +SYNOPSIS + gcloud dataplex datascans create COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage Dataplex Datascans creation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + data-profile + Create a Dataplex data profile scan job. + + data-quality + Create a Dataplex data quality scan job. + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans create + diff --git a/gcloud/dataplex/datascans/delete b/gcloud/dataplex/datascans/delete new file mode 100644 index 000000000..a99d44524 --- /dev/null +++ b/gcloud/dataplex/datascans/delete @@ -0,0 +1,70 @@ +NAME + gcloud dataplex datascans delete - delete a Dataplex Datascan resource + +SYNOPSIS + gcloud dataplex datascans delete (DATASCAN : --location=LOCATION) [--async] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Delete a Dataplex Datascan resource. + +EXAMPLES + To delete a Dataplex Datascan test-datascan in location us-central1, run: + + $ gcloud dataplex datascans delete test-datascan \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex Datascan + you want to delete. The arguments in this group can be used to specify the + attributes of this resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the datascan attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans delete + diff --git a/gcloud/dataplex/datascans/describe b/gcloud/dataplex/datascans/describe new file mode 100644 index 000000000..aafa24c1d --- /dev/null +++ b/gcloud/dataplex/datascans/describe @@ -0,0 +1,78 @@ +NAME + gcloud dataplex datascans describe - describe a Dataplex datascan resource + +SYNOPSIS + gcloud dataplex datascans describe (DATASCAN : --location=LOCATION) + [--view=VIEW] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Displays all details of a Dataplex Datascan resource given a valid Datascan + ID. + +EXAMPLES + To describe a Dataplex Datascan test-datascan in project test-project + location us-central1 , run: + + $ gcloud dataplex datascans describe test-datascan \ + --project=test-project --location=us-central1 + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex Datascan + you want to retrieve. The arguments in this group can be used to specify + the attributes of this resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the datascan attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +FLAGS + --view=VIEW + Displays spec data based on the argument value. The default view is + 'basic'. VIEW must be one of: + + basic + Does not include spec data in response. + + full + Includes spec data in response. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans describe + diff --git a/gcloud/dataplex/datascans/get-iam-policy b/gcloud/dataplex/datascans/get-iam-policy new file mode 100644 index 000000000..00add5e47 --- /dev/null +++ b/gcloud/dataplex/datascans/get-iam-policy @@ -0,0 +1,97 @@ +NAME + gcloud dataplex datascans get-iam-policy - get the IAM policy for a + Dataplex datascan resource + +SYNOPSIS + gcloud dataplex datascans get-iam-policy (DATASCAN : --location=LOCATION) + [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] + [--sort-by=[FIELD,...]] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Displays the IAM policy associated with a Dataplex datascan resource. If + formatted as JSON, the output can be edited and used as a policy file for + set-iam-policy. The output includes an "etag" field identifying the version + emitted and allowing detection of concurrent policy updates. + +EXAMPLES + To print the IAM policy for Dataplex datascan test-datascan in location + us-central1, run: + + $ gcloud dataplex datascans get-iam-policy test-datascan \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + IAM policy you want to retrieve. The arguments in this group can be used + to specify the attributes of this resource. (NOTE) Some attributes are not + given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the datascan attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans get-iam-policy + diff --git a/gcloud/dataplex/datascans/help b/gcloud/dataplex/datascans/help new file mode 100644 index 000000000..af7624a81 --- /dev/null +++ b/gcloud/dataplex/datascans/help @@ -0,0 +1,53 @@ +NAME + gcloud dataplex datascans - manage Dataplex Datascan + +SYNOPSIS + gcloud dataplex datascans GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage Dataplex Datascan. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +GROUPS + GROUP is one of the following: + + create + Manage Dataplex Datascans creation. + + jobs + Manage Dataplex Datascan Jobs service. + + update + Manage Dataplex Datascans updation. + +COMMANDS + COMMAND is one of the following: + + delete + Delete a Dataplex Datascan resource. + + describe + Describe a Dataplex datascan resource. + + get-iam-policy + Get the IAM policy for a Dataplex datascan resource. + + list + List Dataplex Datascan resources under a project. + + run + Run a Dataplex DataScan resource. + + set-iam-policy + Set the IAM policy to a Dataplex datascan as defined in a JSON or YAML + file. + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans + diff --git a/gcloud/dataplex/datascans/jobs/describe b/gcloud/dataplex/datascans/jobs/describe new file mode 100644 index 000000000..21eb303a7 --- /dev/null +++ b/gcloud/dataplex/datascans/jobs/describe @@ -0,0 +1,94 @@ +NAME + gcloud dataplex datascans jobs describe - describe a Dataplex datascan job + +SYNOPSIS + gcloud dataplex datascans jobs describe + (JOB : --datascan=DATASCAN --location=LOCATION) [--view=VIEW] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Describe a Dataplex datascan job. + + Displays all details of a Dataplex job given a valid job ID. + +EXAMPLES + To describe a Dataplex job test-job running a datascan test-datascan in + location us-central1, run: + + $ gcloud dataplex datascans jobs describe test-job \ + --location=us-central1 --datascan=test-datascan + + To describe the details of Dataplex job test-job running a datascan + test-datascan in location us-central1, run: + + $ gcloud dataplex datascans jobs describe test-job \ + --location=us-central1 --datascan=test-datascan --view=FULL + +POSITIONAL ARGUMENTS + Job resource - Arguments and flags that define the Dataplex Job running a + particular Datascan you want to retrieve. The arguments in this group can + be used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument job on the command line with a fully specified + name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + JOB + ID of the job or fully qualified identifier for the job. + + To set the job attribute: + ▸ provide the argument job on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --datascan=DATASCAN + Datascan ID of the Dataplex datascan resource. + + To set the datascan attribute: + ▸ provide the argument job on the command line with a fully + specified name; + ▸ provide the argument --datascan on the command line. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument job on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +FLAGS + --view=VIEW + Displays spec and result data based on the argument value. The default + view is 'basic'. VIEW must be one of: + + basic + Does not include spec and result data in response. + + full + Includes spec and result data in response. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans jobs describe + diff --git a/gcloud/dataplex/datascans/jobs/help b/gcloud/dataplex/datascans/jobs/help new file mode 100644 index 000000000..7de02f1ee --- /dev/null +++ b/gcloud/dataplex/datascans/jobs/help @@ -0,0 +1,28 @@ +NAME + gcloud dataplex datascans jobs - manage Dataplex Datascan Jobs service + +SYNOPSIS + gcloud dataplex datascans jobs COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage Dataplex Datascan Jobs service. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + Describe a Dataplex datascan job. + + list + List job runs of a Dataplex datascan resource. + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans jobs + diff --git a/gcloud/dataplex/datascans/jobs/list b/gcloud/dataplex/datascans/jobs/list new file mode 100644 index 000000000..b762ee787 --- /dev/null +++ b/gcloud/dataplex/datascans/jobs/list @@ -0,0 +1,100 @@ +NAME + gcloud dataplex datascans jobs list - list job runs of a Dataplex datascan + resource + +SYNOPSIS + gcloud dataplex datascans jobs list + (--datascan=DATASCAN : --location=LOCATION) [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + List Jobs runs of a Datascan under a specific project, location and task. + +EXAMPLES + To list all the Dataplex job runs for a datascan test-datascan in location + us-central1, run: + + gcloud dataplex datascans jobs list --location=us-central1 --datascan=test-datascan + +REQUIRED FLAGS + Datascan resource - Arguments and flags that define the Dataplex Datascan + to list the Jobs running the Datascan. The arguments in this group can be + used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument --datascan on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + --datascan=DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the datascan attribute: + ▸ provide the argument --datascan on the command line. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument --datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans jobs list + diff --git a/gcloud/dataplex/datascans/list b/gcloud/dataplex/datascans/list new file mode 100644 index 000000000..4cf8cc247 --- /dev/null +++ b/gcloud/dataplex/datascans/list @@ -0,0 +1,91 @@ +NAME + gcloud dataplex datascans list - list Dataplex Datascan resources under a + project + +SYNOPSIS + gcloud dataplex datascans list [--location=LOCATION] [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + List all Dataplex Datascan resource under a specific project and location. + +EXAMPLES + To list all Dataplex Datascan resources in project=test-project in location + us-central, run: + + $ gcloud dataplex datascans list --project=test-project \ + --location=us-central1 + + To list all Dataplex Datascan in all locations, run: + + $ gcloud dataplex datascans list --project=test-project --location=- + +FLAGS + Location resource - Arguments and flags that define the Dataplex Datascan + you want to list. This represents a Cloud resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument --location on the command line with a fully + specified name; + ◆ set the property dataplex/location with a fully specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + --location=LOCATION + ID of the location or fully qualified identifier for the location. + + To set the location attribute: + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans list + diff --git a/gcloud/dataplex/datascans/run b/gcloud/dataplex/datascans/run new file mode 100644 index 000000000..b7a47e9ff --- /dev/null +++ b/gcloud/dataplex/datascans/run @@ -0,0 +1,64 @@ +NAME + gcloud dataplex datascans run - run a Dataplex DataScan resource + +SYNOPSIS + gcloud dataplex datascans run (DATASCAN : --location=LOCATION) + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Run a Dataplex Datascan resource given a valid Datascan ID. + +EXAMPLES + To run a Dataplex Datascan test-datascan in location us-central1 , run: + + $ gcloud dataplex datascans run test-datascan --location=us-central1 + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex Datascan + you want to run. The arguments in this group can be used to specify the + attributes of this resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the datascan attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the dataplex/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/dataplex/docs + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans run + diff --git a/gcloud/dataplex/datascans/set-iam-policy b/gcloud/dataplex/datascans/set-iam-policy new file mode 100644 index 000000000..a6ef5b255 --- /dev/null +++ b/gcloud/dataplex/datascans/set-iam-policy @@ -0,0 +1,72 @@ +NAME + gcloud dataplex datascans set-iam-policy - set the IAM policy to a Dataplex + datascan as defined in a JSON or YAML file + +SYNOPSIS + gcloud dataplex datascans set-iam-policy (DATASCAN : --location=LOCATION) + POLICY_FILE [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + See https://cloud.google.com/iam/docs/managing-policies for details of the + policy file format and contents. + +EXAMPLES + The following command will read an IAM policy defined in a JSON file + policy.son and set it for the Dataplex datascan test-datascan defined in + location us-central1: + + $ gcloud dataplex datascans set-iam-policy --location=us-central1 \ + test-datascan policy.json + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + you want to set IAM policy binding to. The arguments in this group can be + used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the dataScans attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + + POLICY_FILE + Path to a local JSON or YAML formatted file containing a valid policy. + + The output of the get-iam-policy command is a valid file, as is any + JSON or YAML file conforming to the structure of a Policy + (https://cloud.google.com/iam/reference/rest/v1/Policy). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans set-iam-policy + diff --git a/gcloud/dataplex/datascans/update/data-profile b/gcloud/dataplex/datascans/update/data-profile new file mode 100644 index 000000000..9e1419aec --- /dev/null +++ b/gcloud/dataplex/datascans/update/data-profile @@ -0,0 +1,147 @@ +NAME + gcloud dataplex datascans update data-profile - update a Dataplex data + profile scan job + +SYNOPSIS + gcloud dataplex datascans update data-profile + (DATASCAN : --location=LOCATION) [--description=DESCRIPTION] + [--display-name=DISPLAY_NAME] [--labels=[KEY=VALUE,...]] + [--async | --validate-only] + [--data-profile-spec-file=DATA_PROFILE_SPEC_FILE + | --exclude-field-names=EXCLUDE_FIELD_NAMES + --include-field-names=INCLUDE_FIELD_NAMES + --row-filter=ROW_FILTER --sampling-percent=SAMPLING_PERCENT] + [--on-demand=ON_DEMAND | --schedule=SCHEDULE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Represents a user-visible job which provides the insights for the related + data source about the structure, content and relationships (such as null + percent, cardinality, min/max/mean, etc). + +EXAMPLES + To update description of a data profile scan data-profile-datascan in + project test-project located in us-central1, run: + + $ gcloud dataplex datascans update data-profile data-profile \ + data-profile-datascan --project=test-project \ + --location=us-central1 --description="Description is updated." + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + you want to update a data profile scan for. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the dataScans attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +FLAGS + --description=DESCRIPTION + Description of the data profile scan + + --display-name=DISPLAY_NAME + Display name of the data profile scan + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + At most one of --async | --validate-only can be specified. + + At most one of these can be specified: + + --async + Return immediately, without waiting for the operation in progress to + complete. + + --validate-only + Validate the update action, but don't actually perform it. + + Data spec for the data profile scan. + + At most one of these can be specified: + + --data-profile-spec-file=DATA_PROFILE_SPEC_FILE + path to the JSON/YAML file containing the spec for the data profile + scan. The JSON representation reference: + https://cloud.google.com/dataplex/docs/reference/rest/v1/DataProfileSpec + + Command line spec arguments for the data profile scan. + + --exclude-field-names=EXCLUDE_FIELD_NAMES + Names of the fields to exclude from data profile. If specified, the + respective fields will be excluded from data profile, regardless of + the fields specified in the --include-field-names flag. + + --include-field-names=INCLUDE_FIELD_NAMES + Names of the fields to include in data profile. If not specified, + all fields at the time of profile scan job execution are included. + The fields listed in the --exclude-field-names flag are excluded. + + --row-filter=ROW_FILTER + A filter applied to all rows in a single data profile scan job. + + --sampling-percent=SAMPLING_PERCENT + The percentage of the records to be selected from the dataset for + data profile scan. + + Data profile scan execution settings. + + Data profile scan scheduling and trigger settings + + At most one of these can be specified: + + --on-demand=ON_DEMAND + If set, the scan runs one-time shortly after data profile scan + updation. + + --schedule=SCHEDULE + Cron schedule (https://en.wikipedia.org/wiki/Cron) for running + scans periodically. To explicitly set a timezone to the cron tab, + apply a prefix in the cron tab: "CRON_TZ=${IANA_TIME_ZONE}" or + "TZ=${IANA_TIME_ZONE}". The ${IANA_TIME_ZONE} may only be a valid + string from IANA time zone database. For example, + CRON_TZ=America/New_York 1 * * * * or TZ=America/New_York 1 * * * + *. This field is required for RECURRING scans. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans update data-profile + diff --git a/gcloud/dataplex/datascans/update/data-quality b/gcloud/dataplex/datascans/update/data-quality new file mode 100644 index 000000000..cb5363e1f --- /dev/null +++ b/gcloud/dataplex/datascans/update/data-quality @@ -0,0 +1,121 @@ +NAME + gcloud dataplex datascans update data-quality - update a Dataplex data + quality scan job + +SYNOPSIS + gcloud dataplex datascans update data-quality + (DATASCAN : --location=LOCATION) + [--data-quality-spec-file=DATA_QUALITY_SPEC_FILE] + [--description=DESCRIPTION] [--display-name=DISPLAY_NAME] + [--labels=[KEY=VALUE,...]] [--async | --validate-only] + [--on-demand=ON_DEMAND | --schedule=SCHEDULE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Represents a user-visible job which provides the insights for the related + data source and generates queries based on the rules and runs against the + data to get data quality check results. + +EXAMPLES + To update description of a data quality scan data-quality-datascan in + project test-project located in us-central1, run: + + $ gcloud dataplex datascans update data-quality data-quality \ + data-quality-datascan --project=test-project \ + --location=us-central1 --description="Description is updated." + +POSITIONAL ARGUMENTS + Datascan resource - Arguments and flags that define the Dataplex datascan + you want to update a data quality scan for. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument datascan on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + DATASCAN + ID of the datascan or fully qualified identifier for the datascan. + + To set the dataScans attribute: + ▸ provide the argument datascan on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the Dataplex resource. + + To set the location attribute: + ▸ provide the argument datascan on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property dataplex/location. + +FLAGS + --data-quality-spec-file=DATA_QUALITY_SPEC_FILE + path to the JSON/YAML file containing the spec for the data quality + scan. The json representation reference: + https://cloud.google.com/dataplex/docs/reference/rest/v1/DataQualitySpec + + --description=DESCRIPTION + Description of the data quality scan + + --display-name=DISPLAY_NAME + Display name of the data quality scan + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + At most one of --async | --validate-only can be specified. + + At most one of these can be specified: + + --async + Return immediately, without waiting for the operation in progress to + complete. + + --validate-only + Validate the update action, but don't actually perform it. + + Data quality scan execution settings. + + Data quality scan scheduling and trigger settings + + At most one of these can be specified: + + --on-demand=ON_DEMAND + If set, the scan runs one-time shortly after data quality scan + updation. + + --schedule=SCHEDULE + Cron schedule (https://en.wikipedia.org/wiki/Cron) for running + scans periodically. To explicitly set a timezone to the cron tab, + apply a prefix in the cron tab: "CRON_TZ=${IANA_TIME_ZONE}" or + "TZ=${IANA_TIME_ZONE}". The ${IANA_TIME_ZONE} may only be a valid + string from IANA time zone database. For example, + CRON_TZ=America/New_York 1 * * * * or TZ=America/New_York 1 * * * + *. This field is required for RECURRING scans. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans update data-quality + diff --git a/gcloud/dataplex/datascans/update/help b/gcloud/dataplex/datascans/update/help new file mode 100644 index 000000000..50a6a45f9 --- /dev/null +++ b/gcloud/dataplex/datascans/update/help @@ -0,0 +1,28 @@ +NAME + gcloud dataplex datascans update - manage Dataplex Datascans updation + +SYNOPSIS + gcloud dataplex datascans update COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage Dataplex Datascans updation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + data-profile + Update a Dataplex data profile scan job. + + data-quality + Update a Dataplex data quality scan job. + +NOTES + This variant is also available: + + $ gcloud alpha dataplex datascans update + diff --git a/gcloud/dataplex/help b/gcloud/dataplex/help index 7597c04ea..fa53234cf 100644 --- a/gcloud/dataplex/help +++ b/gcloud/dataplex/help @@ -21,6 +21,9 @@ GROUPS content Manage Dataplex Content. + datascans + Manage Dataplex Datascan. + environments Manage Dataplex Environments. diff --git a/gcloud/dataproc/clusters/create b/gcloud/dataproc/clusters/create index 340b43df8..65b8ff2b7 100644 --- a/gcloud/dataproc/clusters/create +++ b/gcloud/dataproc/clusters/create @@ -794,7 +794,7 @@ FLAGS --metric-sources=[METRIC_SOURCE,...] Specifies a list of cluster Metric Sources (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - to collect custom metrics. METRIC_SOURCE must be one of: HDFS, + to collect custom metrics. METRIC_SOURCE must be one of: FLINK, HDFS, HIVEMETASTORE, HIVESERVER2, MONITORING_AGENT_DEFAULTS, SPARK, SPARK_HISTORY_SERVER, YARN. diff --git a/gcloud/dataproc/jobs/submit/flink b/gcloud/dataproc/jobs/submit/flink new file mode 100644 index 000000000..34d3f8e1c --- /dev/null +++ b/gcloud/dataproc/jobs/submit/flink @@ -0,0 +1,148 @@ +NAME + gcloud dataproc jobs submit flink - submit a Flink job to a cluster + +SYNOPSIS + gcloud dataproc jobs submit flink (--class=MAIN_CLASS | --jar=MAIN_JAR) + (--cluster=CLUSTER | --cluster-labels=[KEY=VALUE,...]) [--async] + [--bucket=BUCKET] [--driver-log-levels=[PACKAGE=LEVEL,...]] + [--jars=[JAR,...]] [--labels=[KEY=VALUE,...]] + [--max-failures-per-hour=MAX_FAILURES_PER_HOUR] + [--max-failures-total=MAX_FAILURES_TOTAL] + [--properties=[PROPERTY=VALUE,...]] [--properties-file=PROPERTIES_FILE] + [--region=REGION] [--savepoint=SAVEPOINT] [GCLOUD_WIDE_FLAG ...] + [-- JOB_ARGS ...] + +DESCRIPTION + Submit a Flink job to a cluster. + +EXAMPLES + To submit a Flink job that runs the main class of a jar, run: + + $ gcloud dataproc jobs submit flink --cluster=my-cluster \ + --region=us-central1 --jar=my_jar.jar -- arg1 arg2 + + To submit a Flink job that runs a specific class as an entrypoint: + + $ gcloud dataproc jobs submit flink --cluster=my-cluster \ + --region=us-central1 --class=org.my.main.Class \ + --jars=my_jar.jar -- arg1 arg2 + + To submit a Flink job that runs a jar that is on the cluster, run: + + $ gcloud dataproc jobs submit flink --cluster=my-cluster \ + --region=us-central1 \ + --jar=/usr/lib/flink/examples/streaming/TopSpeedWindowing.jar + +POSITIONAL ARGUMENTS + [-- JOB_ARGS ...] + The job arguments to pass. + + The '--' argument must be specified between gcloud specific args on the + left and JOB_ARGS on the right. + +REQUIRED FLAGS + Exactly one of these must be specified: + + --class=MAIN_CLASS + The class containing the main method of the driver. Must be in a + provided jar or jar that is already on the classpath + + --jar=MAIN_JAR + The HCFS URI of jar file containing the driver jar. + + Exactly one of these must be specified: + + --cluster=CLUSTER + The Dataproc cluster to submit the job to. + + --cluster-labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + Labels of Dataproc cluster on which to place the job. + +OPTIONAL FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --bucket=BUCKET + The Cloud Storage bucket to stage files in. Defaults to the cluster's + configured bucket. + + --driver-log-levels=[PACKAGE=LEVEL,...] + List of package to log4j log level pairs to configure driver logging. + For example: root=FATAL,com.example=INFO. + + --jars=[JAR,...] + Comma-separated list of jar files to provide to the task manager + classpaths. + + --labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + --max-failures-per-hour=MAX_FAILURES_PER_HOUR + Specifies the maximum number of times a job can be restarted per hour + in event of failure. Default is 0 (no retries after job failure). + + --max-failures-total=MAX_FAILURES_TOTAL + Specifies the maximum total number of times a job can be restarted + after the job fails. Default is 0 (no retries after job failure). + + --properties=[PROPERTY=VALUE,...] + List of key=value pairs to configure Flink. For a list of available + properties, see: + https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/config/. + + --properties-file=PROPERTIES_FILE + Path to a local file or a file in a Cloud Storage bucket containing + configuration properties for the job. The client machine running this + command must have read permission to the file. + + Specify properties in the form of property=value in the text file. For + example: + + # Properties to set for the job: + key1=value1 + key2=value2 + # Comment out properties not used. + # key3=value3 + + If a property is set in both --properties and --properties-file, the + value defined in --properties takes precedence. + + --region=REGION + Dataproc region to use. Each Dataproc region constitutes an independent + resource namespace constrained to deploying instances into Compute + Engine zones inside the region. Overrides the default dataproc/region + property value for this command invocation. + + --savepoint=SAVEPOINT + HCFS URI of the savepoint that is used to refer to the state of the + previously stopped job. The new job will resume previous state from + there. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha dataproc jobs submit flink + + $ gcloud beta dataproc jobs submit flink + diff --git a/gcloud/dataproc/jobs/submit/help b/gcloud/dataproc/jobs/submit/help index a668ada4a..58dfb697f 100644 --- a/gcloud/dataproc/jobs/submit/help +++ b/gcloud/dataproc/jobs/submit/help @@ -62,6 +62,9 @@ GCLOUD WIDE FLAGS COMMANDS COMMAND is one of the following: + flink + Submit a Flink job to a cluster. + hadoop Submit a Hadoop job to a cluster. diff --git a/gcloud/dataproc/workflow-templates/set-managed-cluster b/gcloud/dataproc/workflow-templates/set-managed-cluster index 00244fde4..263371140 100644 --- a/gcloud/dataproc/workflow-templates/set-managed-cluster +++ b/gcloud/dataproc/workflow-templates/set-managed-cluster @@ -660,7 +660,7 @@ FLAGS --metric-sources=[METRIC_SOURCE,...] Specifies a list of cluster Metric Sources (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - to collect custom metrics. METRIC_SOURCE must be one of: HDFS, + to collect custom metrics. METRIC_SOURCE must be one of: FLINK, HDFS, HIVEMETASTORE, HIVESERVER2, MONITORING_AGENT_DEFAULTS, SPARK, SPARK_HISTORY_SERVER, YARN. diff --git a/gcloud/filestore/instances/create b/gcloud/filestore/instances/create index 069f6a719..556f8da42 100644 --- a/gcloud/filestore/instances/create +++ b/gcloud/filestore/instances/create @@ -115,9 +115,9 @@ REQUIRED FLAGS A list of IPv4 addresses or CIDR ranges that are allowed to mount the file share. IPv4 addresses format: {octet 1}.{octet 2}.{octet 3}.{octet 4}. CIDR range format: {octet 1}.{octet 2}.{octet - 3}.{octet 4}/{mask size}. Overlapping IP ranges, even across - NfsExportOptions, are not allowed and will return an error. The - limit of IP ranges/addresses for each FileShareConfig among all + 3}.{octet 4}/{mask size}. Overlapping IP ranges are allowed for all + tiers other than BASIC_HDD and BASIC_SSD. The limit of IP + ranges/addresses for each FileShareConfig among all NfsExportOptions is 64 per instance. access-mode diff --git a/gcloud/filestore/instances/update b/gcloud/filestore/instances/update index 1412e3dd6..fcd2ce417 100644 --- a/gcloud/filestore/instances/update +++ b/gcloud/filestore/instances/update @@ -124,9 +124,9 @@ FLAGS A list of IPv4 addresses or CIDR ranges that are allowed to mount the file share. IPv4 addresses format: {octet 1}.{octet 2}.{octet 3}.{octet 4}. CIDR range format: {octet 1}.{octet 2}.{octet - 3}.{octet 4}/{mask size}. Overlapping IP ranges, even across - NfsExportOptions, are not allowed and will return an error. The - limit of IP ranges/addresses for each FileShareConfig among all + 3}.{octet 4}/{mask size}. Overlapping IP ranges are allowed for all + tiers other than BASIC_HDD and BASIC_SSD. The limit of IP + ranges/addresses for each FileShareConfig among all NfsExportOptions is 64 per instance. access-mode diff --git a/gcloud/kms/help b/gcloud/kms/help index 98e68cc09..7c5df771d 100644 --- a/gcloud/kms/help +++ b/gcloud/kms/help @@ -70,6 +70,12 @@ COMMANDS mac-verify Verify a user signature file using a MAC key version. + raw-decrypt + Decrypt a ciphertext file using a raw key. + + raw-encrypt + Encrypt a plaintext file using a raw key. + NOTES These variants are also available: diff --git a/gcloud/kms/inventory/search-protected-resources b/gcloud/kms/inventory/search-protected-resources index 274074fb8..fa04d3019 100644 --- a/gcloud/kms/inventory/search-protected-resources +++ b/gcloud/kms/inventory/search-protected-resources @@ -5,8 +5,9 @@ NAME SYNOPSIS gcloud kms inventory search-protected-resources --scope=ORGANIZATION_ID (--keyname=KEYNAME : --keyring=KEYRING --location=LOCATION) - [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] - [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] + [--resource-types=[RESOURCE_TYPES,...]] [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION gcloud kms inventory search-protected-resources returns a list of the @@ -59,6 +60,23 @@ REQUIRED FLAGS specified name; ▸ provide the argument --location on the command line. +FLAGS + --resource-types=[RESOURCE_TYPES,...] + A list of resource types that this request searches for. If empty, it + will search all the trackable resource types + (https://cloud.google.com/kms/docs/view-key-usage#tracked-resource-types). + + Regular expressions are also supported. For example: + + ◆ compute.googleapis.com.* snapshots resources whose type starts with + compute.googleapis.com. + ◆ .*Image snapshots resources whose type ends with Image. + ◆ .*Image.* snapshots resources whose type contains Image. + + See RE2 (https://github.com/google/re2/wiki/Syntax) for all supported + regular expression syntax. If the regular expression does not match any + supported resource type, an INVALID_ARGUMENT error will be returned. + LIST COMMAND FLAGS --filter=EXPRESSION Apply a Boolean filter EXPRESSION to each resource item to be listed. diff --git a/gcloud/kms/raw-decrypt b/gcloud/kms/raw-decrypt new file mode 100644 index 000000000..2b7da7a8a --- /dev/null +++ b/gcloud/kms/raw-decrypt @@ -0,0 +1,95 @@ +NAME + gcloud kms raw-decrypt - decrypt a ciphertext file using a raw key + +SYNOPSIS + gcloud kms raw-decrypt --ciphertext-file=CIPHERTEXT_FILE + --plaintext-file=PLAINTEXT_FILE + [--additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE] + [--initialization-vector-file=INITIALIZATION_VECTOR_FILE] [--key=KEY] + [--keyring=KEYRING] [--location=LOCATION] + [--skip-integrity-verification] [--version=VERSION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud kms raw-decrypt decrypts the given ciphertext file using the given + CryptoKey containing a raw key and writes the result to the named plaintext + file. The ciphertext file must not be larger than 64KiB. + + The supported algorithms are: AES-128-GCM, AES-256-GCM, AES-128-CBC, + AES-256-CBC, AES-128-CTR, and AES-256-CTR. + + AES-GCM provides authentication which means that it accepts additional + authenticated data (AAD). So, the flag --additional-authenticated-data-file + is only valid with AES-128-GCM and AES-256-GCM algorithms. If AAD is + provided during encryption, it must be provided during decryption too. The + file must not be larger than 64KiB. + + If --plaintext-file or --additional-authenticated-data-file or + --initialization-vector-file is set to '-', that file is read from stdin. + Similarly, if --ciphertext-file is set to '-', the ciphertext is written to + stdout. + + By default, the command performs integrity verification on data sent to and + received from Cloud KMS. Use --skip-integrity-verification to disable + integrity verification. + +EXAMPLES + The following command reads and decrypts the file path/to/input/ciphertext. + The file will be decrypted using the CryptoKey KEYNAME containing a raw + key, from the KeyRing KEYRING in the global location. It uses the + additional authenticated data file path/to/input/aad (only valid with the + AES-GCM algorithms) and the initialization vector file path/to/input/iv. + The resulting plaintext will be written to path/to/output/plaintext. + + $ gcloud kms raw-decrypt --key=KEYNAME --keyring=KEYRING \ + --location=global --ciphertext-file=path/to/input/ciphertext \ + --additional-authenticated-data-file=path/to/input/aad \ + --initialization-vector-file=path/to/input/iv \ + --plaintext-file=path/to/output/plaintext + +REQUIRED FLAGS + --ciphertext-file=CIPHERTEXT_FILE + File path of the ciphertext file to decrypt. + + --plaintext-file=PLAINTEXT_FILE + File path of the plaintext file to store the decrypted data. + +OPTIONAL FLAGS + --additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE + File path to the optional file containing the additional authenticated + data. + + --initialization-vector-file=INITIALIZATION_VECTOR_FILE + File path to the optional file containing the initialization vector for + decryption. + + --key=KEY + The (raw) key to use for decryption. + + --keyring=KEYRING + Key ring of the key. + + --location=LOCATION + Location of the keyring. + + --skip-integrity-verification + Skip integrity verification on request and response API fields. + + --version=VERSION + Version to use for decryption. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha kms raw-decrypt + + $ gcloud beta kms raw-decrypt + diff --git a/gcloud/kms/raw-encrypt b/gcloud/kms/raw-encrypt new file mode 100644 index 000000000..25015a489 --- /dev/null +++ b/gcloud/kms/raw-encrypt @@ -0,0 +1,114 @@ +NAME + gcloud kms raw-encrypt - encrypt a plaintext file using a raw key + +SYNOPSIS + gcloud kms raw-encrypt --ciphertext-file=CIPHERTEXT_FILE + --plaintext-file=PLAINTEXT_FILE + [--additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE] + [--initialization-vector-file=INITIALIZATION_VECTOR_FILE] [--key=KEY] + [--keyring=KEYRING] [--location=LOCATION] + [--skip-integrity-verification] [--version=VERSION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Encrypts the given plaintext file using the given CryptoKey containing a + raw key and writes the result to the named ciphertext file. The plaintext + file must not be larger than 64KiB. For the AES-CBC algorithms, no + server-side padding is being done, so the plaintext must be a multiple of + the block size. + + The supported algorithms are: AES-128-GCM, AES-256-GCM, AES-128-CBC, + AES-256-CBC, AES-128-CTR, and AES-256-CTR. + + AES-GCM provides authentication which means that it accepts additional + authenticated data (AAD). So, the flag --additional-authenticated-data-file + is only valid with AES-128-GCM and AES-256-GCM algorithms. + + The initialization vector (flag --initialization-vector-file) is only + supported for AES-CBC and AES-CTR algorithms, and must be 16B in length. + + Therefore, both additional authenticated data and initialization vector + can't be provided during encryption. If an additional authenticated data + file is provided, its contents must also be provided during decryption. The + file must not be larger than 64KiB. + + The flag --version indicates the version of the key to use for encryption. + + If --plaintext-file or --additional-authenticated-data-file or + --initialization-vector-file is set to '-', that file is read from stdin. + Similarly, if --ciphertext-file is set to '-', the ciphertext is written to + stdout. + + By default, the command performs integrity verification on data sent to and + received from Cloud KMS. Use --skip-integrity-verification to disable + integrity verification. + +EXAMPLES + The following command reads and encrypts the file path/to/input/plaintext. + The file will be encrypted using the AES-GCM CryptoKey KEYNAME from the + KeyRing KEYRING in the global location using the additional authenticated + data file path/to/input/aad. The resulting ciphertext will be written to + path/to/output/ciphertext. + + $ gcloud kms raw-encrypt --key=KEYNAME --keyring=KEYRING \ + --location=global --plaintext-file=path/to/input/plaintext \ + --additional-authenticated-data-file=path/to/input/aad \ + --ciphertext-file=path/to/output/ciphertext + + The following command reads and encrypts the file path/to/input/plaintext. + The file will be encrypted using the AES-CBC CryptoKey KEYNAME from the + KeyRing KEYRING in the global location using the initialization vector + stored at path/to/input/aad. The resulting ciphertext will be written to + path/to/output/ciphertext. + + $ gcloud kms raw-encrypt --key=KEYNAME --keyring=KEYRING \ + --location=global --plaintext-file=path/to/input/plaintext \ + --initialization-vector-file=path/to/input/iv \ + --ciphertext-file=path/to/output/ciphertext + +REQUIRED FLAGS + --ciphertext-file=CIPHERTEXT_FILE + File path of the ciphertext file to output. + + --plaintext-file=PLAINTEXT_FILE + File path of the plaintext file to encrypt. + +OPTIONAL FLAGS + --additional-authenticated-data-file=ADDITIONAL_AUTHENTICATED_DATA_FILE + File path to the optional file containing the additional authenticated + data. + + --initialization-vector-file=INITIALIZATION_VECTOR_FILE + File path to the optional file containing the initialization vector for + encryption. + + --key=KEY + The key to use for encryption. + + --keyring=KEYRING + Key ring of the key. + + --location=LOCATION + Location of the keyring. + + --skip-integrity-verification + Skip integrity verification on request and response API fields. + + --version=VERSION + Version to use for encryption. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha kms raw-encrypt + + $ gcloud beta kms raw-encrypt + diff --git a/gcloud/network-connectivity/internal-ranges/update b/gcloud/network-connectivity/internal-ranges/update index 95604dfcc..63989ec28 100644 --- a/gcloud/network-connectivity/internal-ranges/update +++ b/gcloud/network-connectivity/internal-ranges/update @@ -4,9 +4,10 @@ NAME SYNOPSIS gcloud network-connectivity internal-ranges update - (INTERNAL_RANGE : --region=REGION) - (--ip-cidr-range=IP_CIDR_RANGE | --prefix-length=PREFIX_LENGTH) - [--async] [GCLOUD_WIDE_FLAG ...] + (INTERNAL_RANGE : --region=REGION) [--async] + [--clear-overlaps | --overlaps=[OVERLAPS,...]] + [--ip-cidr-range=IP_CIDR_RANGE | --prefix-length=PREFIX_LENGTH] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION Update the details of an internal range. @@ -55,8 +56,25 @@ POSITIONAL ARGUMENTS ▸ provide the argument --region on the command line; ▸ use default global location . -REQUIRED FLAGS - Exactly one of these must be specified: +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + At most one of these can be specified: + + --clear-overlaps + Clear existing overlap fields for the range. + + --overlaps=[OVERLAPS,...] + Overlap specifications for the range being updated. OVERLAPS must be + (only one value is supported): + + overlap-route-range + Allows for creation or existence of routes that have a more + specific destination than the created range. + + At most one of these can be specified: --ip-cidr-range=IP_CIDR_RANGE IP range that this internal range defines. @@ -65,11 +83,6 @@ REQUIRED FLAGS An alternative to ip-cidr-range. Can be set when trying to create a reservation that automatically finds a free range of the given size. -OPTIONAL FLAGS - --async - Return immediately, without waiting for the operation in progress to - complete. - GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/notebooks/instances/create b/gcloud/notebooks/instances/create index 8f6c349e3..664f6ad25 100644 --- a/gcloud/notebooks/instances/create +++ b/gcloud/notebooks/instances/create @@ -167,8 +167,8 @@ OPTIONAL FLAGS complete. --instance-owners=INSTANCE_OWNERS - The owners of this instance after creation. Format: alias@example.com. - Currently supports one owner only. If not specified, all of the service + The owners of this instance after creation. Format:alias@example.com. + Currently supports one owner only.If not specified, all of the service account users of the VM instance's service account can use the instance. diff --git a/gcloud/pubsub/subscriptions/create b/gcloud/pubsub/subscriptions/create index 470540660..33e03d9d8 100644 --- a/gcloud/pubsub/subscriptions/create +++ b/gcloud/pubsub/subscriptions/create @@ -174,7 +174,11 @@ OPTIONAL FLAGS --write-metadata Whether or not to write message metadata including message ID, - publish timestamp, ordering key, and attributes to BigQuery. + publish timestamp, ordering key, and attributes to BigQuery. The + subscription name, message_id, and publish_time fields are put in + their own columns while all other message properties other than + data (for example, an ordering_key, if present) are written to a + JSON object in the attributes column. Cloud Storage Config Options. The Cloud Pub/Sub service account associated with the enclosing subscription's parent project (i.e., @@ -216,7 +220,11 @@ OPTIONAL FLAGS --cloud-storage-write-metadata Whether or not to write the subscription name, message_id, publish_time, attributes, and ordering_key as additional fields in - the output. This has an effect only for subscriptions with + the output. The subscription name, message_id, and publish_time + fields are put in their own fields while all other message + properties other than data (for example, an ordering_key, if + present) are added as entries in the attributes map. This has an + effect only for subscriptions with --cloud-storage-output-format=avro. Dead Letter Queue Options. The Cloud Pub/Sub service account associated diff --git a/gcloud/pubsub/subscriptions/update b/gcloud/pubsub/subscriptions/update index 8212bfbeb..f88e9c94a 100644 --- a/gcloud/pubsub/subscriptions/update +++ b/gcloud/pubsub/subscriptions/update @@ -144,7 +144,11 @@ FLAGS --write-metadata Whether or not to write message metadata including message ID, - publish timestamp, ordering key, and attributes to BigQuery. + publish timestamp, ordering key, and attributes to BigQuery. The + subscription name, message_id, and publish_time fields are put in + their own columns while all other message properties other than + data (for example, an ordering_key, if present) are written to a + JSON object in the attributes column. At most one of these can be specified: @@ -195,7 +199,11 @@ FLAGS --cloud-storage-write-metadata Whether or not to write the subscription name, message_id, publish_time, attributes, and ordering_key as additional fields - in the output. This has an effect only for subscriptions with + in the output. The subscription name, message_id, and + publish_time fields are put in their own fields while all other + message properties other than data (for example, an ordering_key, + if present) are added as entries in the attributes map. This has + an effect only for subscriptions with --cloud-storage-output-format=avro. At most one of these can be specified: diff --git a/gcloud/storage/cp b/gcloud/storage/cp index c28a552ea..18c42291f 100644 --- a/gcloud/storage/cp +++ b/gcloud/storage/cp @@ -241,8 +241,7 @@ FLAGS At most one of these can be specified: --ignore-symlinks - Ignore file symlinks instead of copying what they point to. Symlinks - pointing to directories will always be ignored. + Ignore file symlinks instead of copying what they point to. --preserve-symlinks Preserve symlinks instead of copying what they point to. With this @@ -252,6 +251,8 @@ FLAGS downloaded while this feature is enabled, as described at https://cloud.google.com/storage-transfer/docs/metadata-preservation#posix_to. + Directory symlinks are only followed if this flag is specified. + CAUTION: No validation is applied to the symlink target paths. Once downloaded, preserved symlinks will point to whatever path was specified by the placeholder, regardless of the location or diff --git a/gcloud/storage/mv b/gcloud/storage/mv index 9fbf30934..8ecd1779c 100644 --- a/gcloud/storage/mv +++ b/gcloud/storage/mv @@ -246,8 +246,7 @@ FLAGS At most one of these can be specified: --ignore-symlinks - Ignore file symlinks instead of copying what they point to. Symlinks - pointing to directories will always be ignored. + Ignore file symlinks instead of copying what they point to. --preserve-symlinks Preserve symlinks instead of copying what they point to. With this @@ -257,6 +256,8 @@ FLAGS downloaded while this feature is enabled, as described at https://cloud.google.com/storage-transfer/docs/metadata-preservation#posix_to. + Directory symlinks are only followed if this flag is specified. + CAUTION: No validation is applied to the symlink target paths. Once downloaded, preserved symlinks will point to whatever path was specified by the placeholder, regardless of the location or diff --git a/gcloud/storage/rm b/gcloud/storage/rm index 8efff218a..b407c49b2 100644 --- a/gcloud/storage/rm +++ b/gcloud/storage/rm @@ -69,7 +69,7 @@ FLAGS thread count are set to 1). Parallelism is default. --read-paths-from-stdin, -I - Read the list of resources to remove from stdin. + Read the list of URLs from stdin. --recursive, -R, -r Recursively delete the contents of buckets or directories that match diff --git a/gcloud/storage/rsync b/gcloud/storage/rsync index 0320b5205..12de411f6 100644 --- a/gcloud/storage/rsync +++ b/gcloud/storage/rsync @@ -171,9 +171,8 @@ FLAGS binary data, using this option may result in longer uploads. --ignore-symlinks - Ignore file symlinks instead of copying what they point to. Symlinks - pointing to directories will always be ignored. Enabled by default, use - --no-ignore-symlinks to disable. + Ignore file symlinks instead of copying what they point to. Enabled by + default, use --no-ignore-symlinks to disable. --preserve-posix, -P Causes POSIX attributes to be preserved when objects are copied. With diff --git a/gcloud/workbench/instances/add-iam-policy-binding b/gcloud/workbench/instances/add-iam-policy-binding new file mode 100644 index 000000000..a8ada3e87 --- /dev/null +++ b/gcloud/workbench/instances/add-iam-policy-binding @@ -0,0 +1,89 @@ +NAME + gcloud workbench instances add-iam-policy-binding - add IAM policy binding + for an instance + +SYNOPSIS + gcloud workbench instances add-iam-policy-binding + (INSTANCE : --location=LOCATION) --member=PRINCIPAL --role=ROLE + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Adds a policy binding to the IAM policy of an instance, given an instance + ID and the binding. + +EXAMPLES + To add an IAM policy binding for the role of roles/notebooks.admin for the + user 'test-user@gmail.com' on the instance 'instance-id', run: + + $ gcloud workbench instances add-iam-policy-binding \ + --member='user:test-user@gmail.com' \ + --role='roles/notebooks.admin' example-instance \ + --location=us-central1-a + + See https://cloud.google.com/iam/docs/managing-policies for details of + policy role and member types. + +POSITIONAL ARGUMENTS + Instance resource - The ID of the instance to add the IAM binding. The + arguments in this group can be used to specify the attributes of this + resource. (NOTE) Some attributes are not given arguments in this group but + can be set in other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the workbench instance. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +REQUIRED FLAGS + --member=PRINCIPAL + The principal to add the binding for. Should be of the form + user|group|serviceAccount:email or domain:domain. + + Examples: user:test-user@gmail.com, group:admins@example.com, + serviceAccount:test123@example.domain.com, or + domain:example.domain.com. + + Some resources also accept the following special values: + ◆ allUsers - Special identifier that represents anyone who is on the + internet, with or without a Google account. + ◆ allAuthenticatedUsers - Special identifier that represents anyone + who is authenticated with a Google account or a service account. + + --role=ROLE + Role name to assign to the principal. The role name is the complete + path of a predefined role, such as roles/logging.viewer, or the role ID + for a custom role, such as + organizations/{ORGANIZATION_ID}/roles/logging.viewer. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the notebooks/v2 API. The full documentation for this API + can be found at: https://cloud.google.com/notebooks/docs/ diff --git a/gcloud/workbench/instances/check-instance-upgradability b/gcloud/workbench/instances/check-instance-upgradability new file mode 100644 index 000000000..32f8d32a2 --- /dev/null +++ b/gcloud/workbench/instances/check-instance-upgradability @@ -0,0 +1,60 @@ +NAME + gcloud workbench instances check-instance-upgradability - request for + checking if an instance is upgradeable + +SYNOPSIS + gcloud workbench instances check-instance-upgradability + (INSTANCE : --location=LOCATION) [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Request for checking if an instance is upgradeable. + +EXAMPLES + To check if an instance can be upgraded, run: + + $ gcloud workbench instances check-instance-upgradability \ + example-instance --location=us-central1-a + +POSITIONAL ARGUMENTS + Instance resource - User-defined unique name of this instance. The + instance name must be 1 to 63 characters long and contain only lowercase + letters, numeric characters, and dashes. The first character must be a + lowercase letter and the last character cannot be a dash. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Google Cloud location of this environment + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/workbench/instances/create b/gcloud/workbench/instances/create new file mode 100644 index 000000000..67c5cf2c1 --- /dev/null +++ b/gcloud/workbench/instances/create @@ -0,0 +1,393 @@ +NAME + gcloud workbench instances create - request for creating an instance + +SYNOPSIS + gcloud workbench instances create (INSTANCE : --location=LOCATION) + [--async] [--disable-proxy-access] [--instance-owners=INSTANCE_OWNERS] + [--labels=[KEY=VALUE,...]] + [--disable-public-ip --enable-ip-forwarding + --machine-type=MACHINE_TYPE; default="n1-standard-4" + --metadata=[KEY=VALUE,...] + --service-account-email=SERVICE_ACCOUNT_EMAIL --tags=[TAGS,...] + --accelerator-core-count=ACCELERATOR_CORE_COUNT + --accelerator-type=ACCELERATOR_TYPE + --boot-disk-encryption=BOOT_DISK_ENCRYPTION + --boot-disk-size=BOOT_DISK_SIZE --boot-disk-type=BOOT_DISK_TYPE + [--boot-disk-kms-key=BOOT_DISK_KMS_KEY + : --boot-disk-encryption-key-keyring=BOOT_DISK_ENCRYPTION_KEY_KEYRING + --boot-disk-encryption-key-location=BOOT_DISK_ENCRYPTION_KEY_LOCATION + --boot-disk-encryption-key-project=BOOT_DISK_ENCRYPTION_KEY_PROJECT] + [--container-repository=CONTAINER_REPOSITORY + : --container-tag=CONTAINER_TAG] + | [(--vm-image-family=VM_IMAGE_FAMILY + | --vm-image-name=VM_IMAGE_NAME) + : --vm-image-project=VM_IMAGE_PROJECT; + default="deeplearning-platform-release"] + --custom-gpu-driver-path=CUSTOM_GPU_DRIVER_PATH --install-gpu-driver + --data-disk-encryption=DATA_DISK_ENCRYPTION + --data-disk-size=DATA_DISK_SIZE --data-disk-type=DATA_DISK_TYPE + [--data-disk-kms-key=DATA_DISK_KMS_KEY + : --data-disk-encryption-key-keyring=DATA_DISK_ENCRYPTION_KEY_KEYRING + --data-disk-encryption-key-location=DATA_DISK_ENCRYPTION_KEY_LOCATION + --data-disk-encryption-key-project=DATA_DISK_ENCRYPTION_KEY_PROJECT] + --network=NETWORK --nic-type=NIC_TYPE [--subnet=SUBNET + : --subnet-region=SUBNET_REGION] + --shielded-integrity-monitoring=SHIELDED_INTEGRITY_MONITORING + --shielded-secure-boot=SHIELDED_SECURE_BOOT + --shielded-vtpm=SHIELDED_VTPM] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Request for creating an instance. + +EXAMPLES + To create an instance from a VmImage family, run: + + $ gcloud workbench instances create example-instance \ + --vm-image-project=deeplearning-platform-release \ + --vm-image-family=workbench-image-family \ + --machine-type=n1-standard-4 --location=us-central1-b + + To create an instance from a VmImage name, run: + + $ gcloud workbench instances create example-instance \ + --vm-image-project=deeplearning-platform-release \ + --vm-image-name=workbench-image-name \ + --machine-type=n1-standard-4 --location=us-central1-b + + To create an instance from a Container Repository, run: + + $ gcloud workbench instances create example-instance \ + --container-repository=gcr.io/deeplearning-platform-release/\ + base-cpu --container-tag=test-tag --machine-type=n1-standard-4 \ + --location=us-central1-b + +POSITIONAL ARGUMENTS + Instance resource - User-defined unique name of this instance. The + instance name must be 1 to 63 characters long and contain only lowercase + letters, numeric characters, and dashes. The first character must be a + lowercase letter and the last character cannot be a dash. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Google Cloud location of this environment + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --disable-proxy-access + If true, the notebook instance will not register with the proxy. + + --instance-owners=INSTANCE_OWNERS + The owners of this instance after creation. Format: alias@example.com. + Currently supports one owner only. If not specified, all of the service + account users of the VM instance's service account can use the + instance. + + --labels=[KEY=VALUE,...] + Labels to apply to this instance. These can be later modified by the + setLabels method. + + Gce Setup for the instance + + --disable-public-ip + If specified, no public IP will be assigned to this instance. + + --enable-ip-forwarding + If specified, IP forwarding will be enabled for this instance. + + --machine-type=MACHINE_TYPE; default="n1-standard-4" + The Compute Engine machine type + (https://cloud.google.com/sdk/gcloud/reference/compute/machine-types) + of this instance. + + --metadata=[KEY=VALUE,...] + Custom metadata to apply to this instance. + + The service account on this instance, giving access to other Google + Cloud services. You can use any service account within the same project, + but you must grant the service account user permission to use the + instance. If not specified, the Compute Engine default service account + is used. + + --service-account-email=SERVICE_ACCOUNT_EMAIL + The service account on this instance, giving access to other Google + Cloud services. You can use any service account within the same + project, but you must grant the service account user permission to + use the instance. If not specified, the Compute Engine default + service account is used. + + --tags=[TAGS,...] + Tags to apply to this instance. + + The hardware accelerator used on this instance. If you use accelerators, + make sure that your configuration has enough vCPUs and memory to support + the `machine_type` you have selected. + + --accelerator-core-count=ACCELERATOR_CORE_COUNT + Count of cores of this accelerator. + + --accelerator-type=ACCELERATOR_TYPE + Type of this accelerator. ACCELERATOR_TYPE must be one of: + NVIDIA_TESLA_K80, NVIDIA_TESLA_P100, NVIDIA_TESLA_V100, + NVIDIA_TESLA_P4, NVIDIA_TESLA_T4, NVIDIA_TESLA_A100, + NVIDIA_TESLA_A100_80GB, NVIDIA_TESLA_T4_VWS, NVIDIA_TESLA_P100_VWS, + NVIDIA_TESLA_P4_VWS. + + Boot disk configurations. + + --boot-disk-encryption=BOOT_DISK_ENCRYPTION + Disk encryption method used on the boot disk, defaults to GMEK. + BOOT_DISK_ENCRYPTION must be one of: GMEK, CMEK. + + --boot-disk-size=BOOT_DISK_SIZE + Size of boot disk in GB attached to this instance, up to a maximum + of 64000 GB (64 TB). The minimum recommended value is 100 GB. If + not specified, this defaults to 100. + + --boot-disk-type=BOOT_DISK_TYPE + Type of boot disk attached to this instance, defaults to standard + persistent disk (PD_STANDARD). BOOT_DISK_TYPE must be one of: + PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME. + + Key resource - The Cloud KMS (Key Management Service) cryptokey that + will be used to protect the boot_disk. The 'Compute Engine Service + Agent' service account must hold permission 'Cloud KMS CryptoKey + Encrypter/Decrypter'. The arguments in this group can be used to + specify the attributes of this resource. + + --boot-disk-kms-key=BOOT_DISK_KMS_KEY + ID of the key or fully qualified identifier for the key. + + To set the kms-key attribute: + ◇ provide the argument --boot-disk-kms-key on the command line. + + This flag argument must be specified if any of the other + arguments in this group are specified. + + --boot-disk-encryption-key-keyring=BOOT_DISK_ENCRYPTION_KEY_KEYRING + The KMS keyring of the key. + + To set the kms-keyring attribute: + ◇ provide the argument --boot-disk-kms-key on the command line + with a fully specified name; + ◇ provide the argument --boot-disk-encryption-key-keyring on + the command line. + + --boot-disk-encryption-key-location=BOOT_DISK_ENCRYPTION_KEY_LOCATION + The Google Cloud location for the key. + + To set the kms-location attribute: + ◇ provide the argument --boot-disk-kms-key on the command line + with a fully specified name; + ◇ provide the argument --boot-disk-encryption-key-location on + the command line. + + --boot-disk-encryption-key-project=BOOT_DISK_ENCRYPTION_KEY_PROJECT + The Google Cloud project for the key. + + To set the kms-project attribute: + ◇ provide the argument --boot-disk-kms-key on the command line + with a fully specified name; + ◇ provide the argument --boot-disk-encryption-key-project on + the command line; + ◇ set the property core/project. + + At most one of these can be specified: + + --container-repository=CONTAINER_REPOSITORY + The path to the container image repository. For example: + gcr.io/{project_id}/{image_name}. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --container-tag=CONTAINER_TAG + The tag of the container image. If not specified, this defaults to + the latest tag. + + --vm-image-project=VM_IMAGE_PROJECT; default="deeplearning-platform-release" + The ID of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id}. + + Exactly one of these must be specified: + + --vm-image-family=VM_IMAGE_FAMILY + Use this VM image family to find the image; the newest image in + this family will be used. + + --vm-image-name=VM_IMAGE_NAME + Use this VM image name to find the image. + + GPU driver configurations. + + --custom-gpu-driver-path=CUSTOM_GPU_DRIVER_PATH + Specify a custom Cloud Storage path where the GPU driver is stored. + If not specified, we'll automatically choose from official GPU + drivers. + + --install-gpu-driver + Whether the end user authorizes Google Cloud to install a GPU + driver on this instance. If this field is empty or set to false, + the GPU driver won't be installed. Only applicable to instances + with GPUs. + + Data disk configurations. + + --data-disk-encryption=DATA_DISK_ENCRYPTION + Disk encryption method used on the data disk, defaults to GMEK. + DATA_DISK_ENCRYPTION must be one of: GMEK, CMEK. + + --data-disk-size=DATA_DISK_SIZE + Size of data disk in GB attached to this instance, up to a maximum + of 64000 GB (64 TB). The minimum recommended value is 100 GB. If + not specified, this defaults to 100. + + --data-disk-type=DATA_DISK_TYPE + Type of data disk attached to this instance, defaults to standard + persistent disk (PD_STANDARD). DATA_DISK_TYPE must be one of: + PD_STANDARD, PD_SSD, PD_BALANCED, PD_EXTREME. + + Key resource - The Cloud KMS (Key Management Service) cryptokey that + will be used to protect the data_disk. The 'Compute Engine Service + Agent' service account must hold permission 'Cloud KMS CryptoKey + Encrypter/Decrypter'. The arguments in this group can be used to + specify the attributes of this resource. + + --data-disk-kms-key=DATA_DISK_KMS_KEY + ID of the key or fully qualified identifier for the key. + + To set the kms-key attribute: + ◇ provide the argument --data-disk-kms-key on the command line. + + This flag argument must be specified if any of the other + arguments in this group are specified. + + --data-disk-encryption-key-keyring=DATA_DISK_ENCRYPTION_KEY_KEYRING + The KMS keyring of the key. + + To set the kms-keyring attribute: + ◇ provide the argument --data-disk-kms-key on the command line + with a fully specified name; + ◇ provide the argument --data-disk-encryption-key-keyring on + the command line. + + --data-disk-encryption-key-location=DATA_DISK_ENCRYPTION_KEY_LOCATION + The Google Cloud location for the key. + + To set the kms-location attribute: + ◇ provide the argument --data-disk-kms-key on the command line + with a fully specified name; + ◇ provide the argument --data-disk-encryption-key-location on + the command line. + + --data-disk-encryption-key-project=DATA_DISK_ENCRYPTION_KEY_PROJECT + The Google Cloud project for the key. + + To set the kms-project attribute: + ◇ provide the argument --data-disk-kms-key on the command line + with a fully specified name; + ◇ provide the argument --data-disk-encryption-key-project on + the command line; + ◇ set the property core/project. + + Network configs. + + Network resource - The name of the VPC that this instance is in. + Format: projects/{project_id}/global/networks/{network_id}. This + represents a Cloud resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ▫ provide the argument --network on the command line with a fully + specified name; + ▫ provide the argument --project on the command line; + ▫ set the property core/project. + + --network=NETWORK + ID of the network or fully qualified identifier for the network. + + To set the network attribute: + ◇ provide the argument --network on the command line. + + --nic-type=NIC_TYPE + Type of the network interface card. NIC_TYPE must be one of: + VIRTIGO_NET, GVNIC. + + Subnetwork resource - The name of the subnet that this instance is in. + Format: + projects/{project_id}/regions/{region}/subnetworks/{subnetwork_id}. + The arguments in this group can be used to specify the attributes of + this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ▫ provide the argument --subnet on the command line with a fully + specified name; + ▫ provide the argument --project on the command line; + ▫ set the property core/project. + + --subnet=SUBNET + ID of the subnetwork or fully qualified identifier for the + subnetwork. + + To set the subnet attribute: + ◇ provide the argument --subnet on the command line. + + This flag argument must be specified if any of the other + arguments in this group are specified. + + --subnet-region=SUBNET_REGION + Google Cloud region of this subnetwork + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the subnet-region attribute: + ◇ provide the argument --subnet on the command line with a + fully specified name; + ◇ provide the argument --subnet-region on the command line. + + Shielded VM configurations. + + --shielded-integrity-monitoring=SHIELDED_INTEGRITY_MONITORING + Enable monitoring of the boot integrity of the instance + + --shielded-secure-boot=SHIELDED_SECURE_BOOT + Boot instance with secure boot enabled + + --shielded-vtpm=SHIELDED_VTPM + Boot instance with TPM (Trusted Platform Module) enabled + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/workbench/instances/delete b/gcloud/workbench/instances/delete new file mode 100644 index 000000000..dadacd9e7 --- /dev/null +++ b/gcloud/workbench/instances/delete @@ -0,0 +1,64 @@ +NAME + gcloud workbench instances delete - request for deleting instances + +SYNOPSIS + gcloud workbench instances delete (INSTANCE : --location=LOCATION) + [--async] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Request for deleting workbench instances. + +EXAMPLES + To delete an instance, run: + + $ gcloud workbench instances delete example-instance \ + --location=us-central1-b + +POSITIONAL ARGUMENTS + Instance resource - User-defined unique name of this instance. The + instance name must be 1 to 63 characters long and contain only lowercase + letters, numeric characters, and dashes. The first character must be a + lowercase letter and the last character cannot be a dash. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Google Cloud location of this environment + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/workbench/instances/describe b/gcloud/workbench/instances/describe new file mode 100644 index 000000000..627b5f9aa --- /dev/null +++ b/gcloud/workbench/instances/describe @@ -0,0 +1,59 @@ +NAME + gcloud workbench instances describe - request for describing instances + +SYNOPSIS + gcloud workbench instances describe (INSTANCE : --location=LOCATION) + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Request for describing workbench instances. + +EXAMPLES + To describe an instance, run: + + $ gcloud workbench instances describe example-instance \ + --location=us-central1-b + +POSITIONAL ARGUMENTS + Instance resource - User-defined unique name of this instance. The + instance name must be 1 to 63 characters long and contain only lowercase + letters, numeric characters, and dashes. The first character must be a + lowercase letter and the last character cannot be a dash. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Google Cloud location of this environment + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/workbench/instances/diagnose b/gcloud/workbench/instances/diagnose new file mode 100644 index 000000000..6975c6c84 --- /dev/null +++ b/gcloud/workbench/instances/diagnose @@ -0,0 +1,100 @@ +NAME + gcloud workbench instances diagnose - request for diagnosing instances + +SYNOPSIS + gcloud workbench instances diagnose (INSTANCE : --location=LOCATION) + --gcs-bucket=GCS_BUCKET [--async] [--enable-copy-home-files] + [--enable-packet-capture] [--enable-repair] + [--relative-path=RELATIVE_PATH] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Request for diagnosing workbench instances. + +EXAMPLES + To diagnose an instance, run: + + $ gcloud workbench instances diagnose example-instance \ + --location=us-west1-b --gcs-bucket=gs://example-bucket + + To diagnose an instance with a relative path: + + $ gcloud workbench instances diagnose example-instance \ + --location=us-west1-b --gcs-bucket=gs://example-bucket \ + --relative-path=logs + + To diagnose an instance, with packet capture: + + $ gcloud workbench instances diagnose example-instance \ + --location=us-west1-b --gcs-bucket=gs://example-bucket \ + --enable-packet-capture + +POSITIONAL ARGUMENTS + Instance resource - User-defined unique name of this instance. The + instance name must be 1 to 63 characters long and contain only lowercase + letters, numeric characters, and dashes. The first character must be a + lowercase letter and the last character cannot be a dash. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Google Cloud location of this environment + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +REQUIRED FLAGS + --gcs-bucket=GCS_BUCKET + The Cloud Storage bucket where the log files generated from the + diagnose command will be stored. storage.buckets.writer permissions + must be given to project's service account or user credential. Format: + gs://{gcs_bucket} + +OPTIONAL FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --enable-copy-home-files + Enables flag to copy all /home/jupyter folder contents + + --enable-packet-capture + Enables flag to capture packets from the instance for 30 seconds + + --enable-repair + Enables flag to repair service for instance + + --relative-path=RELATIVE_PATH + Defines the relative storage path in the Cloud Storage bucket where the + diagnostic logs will be written. Default path will be the root + directory of the Cloud Storage bucketFormat of full path: + gs://{gcs_bucket}/{relative_path}/ + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/workbench/instances/get-iam-policy b/gcloud/workbench/instances/get-iam-policy new file mode 100644 index 000000000..590aa55cc --- /dev/null +++ b/gcloud/workbench/instances/get-iam-policy @@ -0,0 +1,90 @@ +NAME + gcloud workbench instances get-iam-policy - get IAM policy for an instance + +SYNOPSIS + gcloud workbench instances get-iam-policy (INSTANCE : --location=LOCATION) + [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] + [--sort-by=[FIELD,...]] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud workbench instances get-iam-policy displays the IAM policy + associated with an instance. If formatted as JSON, the output can be edited + and used as a policy file for set-iam-policy. The output includes an "etag" + field identifying the version emitted and allowing detection of concurrent + policy updates; see $ {parent} set-iam-policy for additional details. + +EXAMPLES + To print the IAM policy for a given instance, run: + + $ gcloud workbench instances get-iam-policy my-instance \ + --location=us-central1-a + +POSITIONAL ARGUMENTS + Instance resource - The ID of the instance for which to display the IAM + policy. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the workbench instance. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the notebooks/v2 API. The full documentation for this API + can be found at: https://cloud.google.com/notebooks/docs/ diff --git a/gcloud/workbench/instances/help b/gcloud/workbench/instances/help index d6fc8b7b7..5e0011623 100644 --- a/gcloud/workbench/instances/help +++ b/gcloud/workbench/instances/help @@ -15,5 +15,47 @@ GCLOUD WIDE FLAGS COMMANDS COMMAND is one of the following: + add-iam-policy-binding + Add IAM policy binding for an instance. + + check-instance-upgradability + Request for checking if an instance is upgradeable. + + create + Request for creating an instance. + + delete + Request for deleting instances. + + describe + Request for describing instances. + + diagnose + Request for diagnosing instances. + + get-iam-policy + Get IAM policy for an instance. + list Request for listing instances. + + remove-iam-policy-binding + Remove IAM policy binding for an instance. + + reset + Request for resetting instances. + + set-iam-policy + Set the IAM policy for an Instance. + + start + Request for starting instances. + + stop + Request for stopping instances. + + update + Request for updating instances. + + upgrade + Request for upgrading instances. diff --git a/gcloud/workbench/instances/remove-iam-policy-binding b/gcloud/workbench/instances/remove-iam-policy-binding new file mode 100644 index 000000000..570f69cfb --- /dev/null +++ b/gcloud/workbench/instances/remove-iam-policy-binding @@ -0,0 +1,89 @@ +NAME + gcloud workbench instances remove-iam-policy-binding - remove IAM policy + binding for an instance + +SYNOPSIS + gcloud workbench instances remove-iam-policy-binding + (INSTANCE : --location=LOCATION) --member=PRINCIPAL --role=ROLE + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Removes a policy binding to the IAM policy of an instance, given an + instance ID and the binding. + +EXAMPLES + To remove an IAM policy binding for the role of roles/editor for the user + 'test-user@gmail.com' on the instance 'instance-id', run: + + $ gcloud workbench instances remove-iam-policy-binding \ + example-instance --member='user:test-user@gmail.com' \ + --role='roles/editor' --location=us-central1-a + + See https://cloud.google.com/iam/docs/managing-policies for details of + policy role and member types. + +POSITIONAL ARGUMENTS + Instance resource - The ID of the instance to remove the IAM binding. The + arguments in this group can be used to specify the attributes of this + resource. (NOTE) Some attributes are not given arguments in this group but + can be set in other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the workbench instance. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +REQUIRED FLAGS + --member=PRINCIPAL + The principal to remove the binding for. Should be of the form + user|group|serviceAccount:email or domain:domain. + + Examples: user:test-user@gmail.com, group:admins@example.com, + serviceAccount:test123@example.domain.com, or + domain:example.domain.com. + + Deleted principals have an additional deleted: prefix and a ?uid=UID + suffix, where UID is a unique identifier for the principal. Example: + deleted:user:test-user@gmail.com?uid=123456789012345678901. + + Some resources also accept the following special values: + ◆ allUsers - Special identifier that represents anyone who is on the + internet, with or without a Google account. + ◆ allAuthenticatedUsers - Special identifier that represents anyone + who is authenticated with a Google account or a service account. + + --role=ROLE + The role to remove the principal from. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the notebooks/v2 API. The full documentation for this API + can be found at: https://cloud.google.com/notebooks/docs/ diff --git a/gcloud/workbench/instances/reset b/gcloud/workbench/instances/reset new file mode 100644 index 000000000..15be7cb47 --- /dev/null +++ b/gcloud/workbench/instances/reset @@ -0,0 +1,64 @@ +NAME + gcloud workbench instances reset - request for resetting instances + +SYNOPSIS + gcloud workbench instances reset (INSTANCE : --location=LOCATION) [--async] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Request for resetting workbench instances. + +EXAMPLES + To reset an instance, run: + + $ gcloud workbench instances reset example-instance \ + --location=us-central1-a + +POSITIONAL ARGUMENTS + Instance resource - User-defined unique name of this instance. The + instance name must be 1 to 63 characters long and contain only lowercase + letters, numeric characters, and dashes. The first character must be a + lowercase letter and the last character cannot be a dash. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Google Cloud location of this environment + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/workbench/instances/set-iam-policy b/gcloud/workbench/instances/set-iam-policy new file mode 100644 index 000000000..0cd960783 --- /dev/null +++ b/gcloud/workbench/instances/set-iam-policy @@ -0,0 +1,77 @@ +NAME + gcloud workbench instances set-iam-policy - set the IAM policy for an + Instance + +SYNOPSIS + gcloud workbench instances set-iam-policy (INSTANCE : --location=LOCATION) + POLICY_FILE [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud workbench instances set-iam-policy sets the IAM policy for a + Notebook instance given an instance ID and a JSON or YAML file that + describes the IAM policy. + + Note: Setting the IAM policy for an Instance replaces existing IAM bindings + for that account. + +EXAMPLES + The following command reads an IAM policy defined in the JSON file + policy.json and sets it for Instance ID my_instance at the specified + location: + + $ gcloud workbench instances set-iam-policy my_instance \ + --location=us-central1-a policy.json + + See https://cloud.google.com/iam/docs/managing-policies for policy file + format and content details. + +POSITIONAL ARGUMENTS + Instance resource - The ID of the instance for which to set the IAM + policy. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location of the workbench instance. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + + POLICY_FILE + Path to a local JSON or YAML formatted file containing a valid policy. + + The output of the get-iam-policy command is a valid file, as is any + JSON or YAML file conforming to the structure of a Policy + (https://cloud.google.com/iam/reference/rest/v1/Policy). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the notebooks/v2 API. The full documentation for this API + can be found at: https://cloud.google.com/notebooks/docs/ diff --git a/gcloud/workbench/instances/start b/gcloud/workbench/instances/start new file mode 100644 index 000000000..6c25d0143 --- /dev/null +++ b/gcloud/workbench/instances/start @@ -0,0 +1,64 @@ +NAME + gcloud workbench instances start - request for starting instances + +SYNOPSIS + gcloud workbench instances start (INSTANCE : --location=LOCATION) [--async] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Request for starting workbench instances. + +EXAMPLES + To start an instance, run: + + $ gcloud workbench instances start example-instance \ + --location=us-central1-a + +POSITIONAL ARGUMENTS + Instance resource - User-defined unique name of this instance. The + instance name must be 1 to 63 characters long and contain only lowercase + letters, numeric characters, and dashes. The first character must be a + lowercase letter and the last character cannot be a dash. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Google Cloud location of this environment + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/workbench/instances/stop b/gcloud/workbench/instances/stop new file mode 100644 index 000000000..eb181b99a --- /dev/null +++ b/gcloud/workbench/instances/stop @@ -0,0 +1,64 @@ +NAME + gcloud workbench instances stop - request for stopping instances + +SYNOPSIS + gcloud workbench instances stop (INSTANCE : --location=LOCATION) [--async] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Request for stopping workbench instances. + +EXAMPLES + To stop an instance, run: + + $ gcloud workbench instances stop example-instance \ + --location=us-central1-a + +POSITIONAL ARGUMENTS + Instance resource - User-defined unique name of this instance. The + instance name must be 1 to 63 characters long and contain only lowercase + letters, numeric characters, and dashes. The first character must be a + lowercase letter and the last character cannot be a dash. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Google Cloud location of this environment + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/workbench/instances/update b/gcloud/workbench/instances/update new file mode 100644 index 000000000..77545583a --- /dev/null +++ b/gcloud/workbench/instances/update @@ -0,0 +1,122 @@ +NAME + gcloud workbench instances update - request for updating instances + +SYNOPSIS + gcloud workbench instances update (INSTANCE : --location=LOCATION) + [--async] [--labels=[KEY=VALUE,...]] + [--machine-type=MACHINE_TYPE --metadata=[KEY=VALUE,...] + --accelerator-core-count=ACCELERATOR_CORE_COUNT + --accelerator-type=ACCELERATOR_TYPE + --custom-gpu-driver-path=CUSTOM_GPU_DRIVER_PATH + --install-gpu-driver=INSTALL_GPU_DRIVER + --shielded-integrity-monitoring=SHIELDED_INTEGRITY_MONITORING + --shielded-secure-boot=SHIELDED_SECURE_BOOT + --shielded-vtpm=SHIELDED_VTPM] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Request for updating workbench instances. + +EXAMPLES + To update machine type for an instance, run: + + $ gcloud workbench instances update example-instance \ + --machine-type=n1-standard-8 --location=us-central1-a + + To update labels for an instance, run: + + $ gcloud workbench instances update example-instance \ + --labels=k1=v1,k2=v2 --location=us-central1-a + +POSITIONAL ARGUMENTS + Instance resource - User-defined unique name of this instance. The + instance name must be 1 to 63 characters long and contain only lowercase + letters, numeric characters, and dashes. The first character must be a + lowercase letter and the last character cannot be a dash. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Google Cloud location of this environment + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --labels=[KEY=VALUE,...] + Labels to apply to this instance. These can be later modified by the + setLabels method. + + Gce Setup for the instance + + --machine-type=MACHINE_TYPE + The Compute Engine machine type + (https://cloud.google.com/sdk/gcloud/reference/compute/machine-types) + of this instance. + + --metadata=[KEY=VALUE,...] + Custom metadata to apply to this instance. + + Accelerator configurations. + + --accelerator-core-count=ACCELERATOR_CORE_COUNT + Count of cores of this accelerator. + + --accelerator-type=ACCELERATOR_TYPE + Type of this accelerator. ACCELERATOR_TYPE must be one of: + NVIDIA_TESLA_K80, NVIDIA_TESLA_P100, NVIDIA_TESLA_V100, + NVIDIA_TESLA_P4, NVIDIA_TESLA_T4, NVIDIA_TESLA_A100, + NVIDIA_TESLA_A100_80GB, NVIDIA_TESLA_T4_VWS, NVIDIA_TESLA_P100_VWS, + NVIDIA_TESLA_P4_VWS. + + GPU driver configurations. + + --custom-gpu-driver-path=CUSTOM_GPU_DRIVER_PATH + custom gpu driver path + + --install-gpu-driver=INSTALL_GPU_DRIVER + Install gpu driver + + Shielded VM configurations. + + --shielded-integrity-monitoring=SHIELDED_INTEGRITY_MONITORING + Enable monitoring of the boot integrity of the instance + + --shielded-secure-boot=SHIELDED_SECURE_BOOT + Boot instance with secure boot enabled + + --shielded-vtpm=SHIELDED_VTPM + Boot instance with TPM (Trusted Platform Module) enabled + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/workbench/instances/upgrade b/gcloud/workbench/instances/upgrade new file mode 100644 index 000000000..58f3d2ae7 --- /dev/null +++ b/gcloud/workbench/instances/upgrade @@ -0,0 +1,64 @@ +NAME + gcloud workbench instances upgrade - request for upgrading instances + +SYNOPSIS + gcloud workbench instances upgrade (INSTANCE : --location=LOCATION) + [--async] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Request for upgrading workbench instances. + +EXAMPLES + To upgrade an instance, run: + + $ gcloud workbench instances upgrade example-instance \ + --location=us-central1-a + +POSITIONAL ARGUMENTS + Instance resource - User-defined unique name of this instance. The + instance name must be 1 to 63 characters long and contain only lowercase + letters, numeric characters, and dashes. The first character must be a + lowercase letter and the last character cannot be a dash. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument instance on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + INSTANCE + ID of the instance or fully qualified identifier for the instance. + + To set the instance attribute: + ▸ provide the argument instance on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Google Cloud location of this environment + https://cloud.google.com/compute/docs/regions-zones/#locations. + + To set the location attribute: + ▸ provide the argument instance on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property notebooks/location. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/workstations/configs/create b/gcloud/workstations/configs/create index 1f9f7f924..fd645900a 100644 --- a/gcloud/workstations/configs/create +++ b/gcloud/workstations/configs/create @@ -11,6 +11,7 @@ SYNOPSIS [--container-run-as-user=CONTAINER_RUN_AS_USER] [--container-working-dir=CONTAINER_WORKING_DIR] [--disable-public-ip-addresses] [--enable-confidential-compute] + [--enable-nested-virtualization] [--idle-timeout=IDLE_TIMEOUT; default=7200] [--labels=[LABELS,...]] [--machine-type=MACHINE_TYPE; default="e2-standard-4"] [--network-tags=[NETWORK_TAGS,...]] @@ -134,6 +135,10 @@ FLAGS Default value is false. If set, instances will have confidential compute enabled. + --enable-nested-virtualization + Default value is false. If set, instances will have nested + virtualization enabled. + --idle-timeout=IDLE_TIMEOUT; default=7200 How long (in seconds) to wait before automatically stopping an instance that hasn't received any user traffic. A value of 0 indicates that this diff --git a/gcloud/workstations/configs/update b/gcloud/workstations/configs/update index 051e1df46..a88918fe2 100644 --- a/gcloud/workstations/configs/update +++ b/gcloud/workstations/configs/update @@ -11,11 +11,12 @@ SYNOPSIS [--container-run-as-user=CONTAINER_RUN_AS_USER] [--container-working-dir=CONTAINER_WORKING_DIR] [--disable-public-ip-addresses] [--enable-confidential-compute] - [--idle-timeout=IDLE_TIMEOUT] [--labels=[LABELS,...]] - [--machine-type=MACHINE_TYPE] [--network-tags=[NETWORK_TAGS,...]] - [--pool-size=POOL_SIZE] [--running-timeout=RUNNING_TIMEOUT] - [--service-account=SERVICE_ACCOUNT] [--shielded-integrity-monitoring] - [--shielded-secure-boot] [--shielded-vtpm] + [--enable-nested-virtualization] [--idle-timeout=IDLE_TIMEOUT] + [--labels=[LABELS,...]] [--machine-type=MACHINE_TYPE] + [--network-tags=[NETWORK_TAGS,...]] [--pool-size=POOL_SIZE] + [--running-timeout=RUNNING_TIMEOUT] [--service-account=SERVICE_ACCOUNT] + [--shielded-integrity-monitoring] [--shielded-secure-boot] + [--shielded-vtpm] [--container-custom-image=CONTAINER_CUSTOM_IMAGE | --container-predefined-image=CONTAINER_PREDEFINED_IMAGE] [GCLOUD_WIDE_FLAG ...] @@ -122,6 +123,10 @@ FLAGS Default value is false. If set, instances will have confidential compute enabled. + --enable-nested-virtualization + Default value is false. If set, instances will have nested + virtualization enabled. + --idle-timeout=IDLE_TIMEOUT How long (in seconds) to wait before automatically stopping an instance that hasn't received any user traffic. A value of 0 indicates that this