mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-17 14:26:34 +00:00
gcloud: Wed Apr 20 08:58:18 UTC 2022
This commit is contained in:
parent
9dcb91c709
commit
72862dfe28
204 changed files with 3253 additions and 457 deletions
|
|
@ -4,20 +4,35 @@ NAME
|
|||
|
||||
SYNOPSIS
|
||||
gcloud beta container binauthz attestors add-iam-policy-binding ATTESTOR
|
||||
--member=PRINCIPAL --role=ROLE [GCLOUD_WIDE_FLAG ...]
|
||||
--member=PRINCIPAL --role=ROLE
|
||||
[--condition=[KEY=VALUE,...]
|
||||
| --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(BETA) Add an IAM policy binding to a Binary Authorization attestor.
|
||||
(BETA) Add an IAM policy binding to the IAM policy of a Binary
|
||||
Authorization attestor. One binding consists of a member, a role, and an
|
||||
optional condition.
|
||||
|
||||
EXAMPLES
|
||||
To add an IAM policy binding for the role of
|
||||
'roles/binaryauthorization.attestorsEditor' for the user
|
||||
'test-user@gmail.com' on attesttor 'my_attestor', run:
|
||||
roles/binaryauthorization.attestorsEditor for the user test-user@gmail.com
|
||||
on attestor my_attestor, run:
|
||||
|
||||
$ gcloud beta container binauthz attestors add-iam-policy-binding \
|
||||
my_attestor --member='user:test-user@gmail.com' \
|
||||
--role='roles/binaryauthorization.attestorsEditor'
|
||||
|
||||
To add an IAM policy binding which expires at the end of the year 2018 for
|
||||
the role of roles/binaryauthorization.attestorsEditor and the user
|
||||
test-user@gmail.com on attestor my_attestor, run:
|
||||
|
||||
$ gcloud beta container binauthz attestors add-iam-policy-binding \
|
||||
my_attestor --member='user:test-user@gmail.com' \
|
||||
--role='roles/binaryauthorization.attestorsEditor' \
|
||||
--condition='expression=request.time <
|
||||
timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,descrip\
|
||||
tion=Expires at midnight on 2018-12-31'
|
||||
|
||||
See https://cloud.google.com/iam/docs/managing-policies for details of
|
||||
policy role and member types.
|
||||
|
||||
|
|
@ -59,6 +74,44 @@ REQUIRED FLAGS
|
|||
for a custom role, such as
|
||||
organizations/{ORGANIZATION_ID}/roles/logging.viewer.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
At most one of these can be specified:
|
||||
|
||||
--condition=[KEY=VALUE,...]
|
||||
A condition to include in the binding. When the condition is
|
||||
explicitly specified as None (--condition=None), a binding without a
|
||||
condition is added. When the condition is specified and is not None,
|
||||
--role cannot be a basic role. Basic roles are roles/editor,
|
||||
roles/owner, and roles/viewer. For more on conditions, refer to the
|
||||
conditions overview guide:
|
||||
https://cloud.google.com/iam/docs/conditions-overview
|
||||
|
||||
When using the --condition flag, include the following key-value
|
||||
pairs:
|
||||
|
||||
expression
|
||||
(Required) Condition expression that evaluates to True or False.
|
||||
This uses a subset of Common Expression Language syntax.
|
||||
|
||||
If the condition expression includes a comma, use a different
|
||||
delimiter to separate the key-value pairs. Specify the delimiter
|
||||
before listing the key-value pairs. For example, to specify a
|
||||
colon (:) as the delimiter, do the following:
|
||||
--condition=^:^title=TITLE:expression=EXPRESSION. For more
|
||||
information, see
|
||||
https://cloud.google.com/sdk/gcloud/reference/topic/escaping.
|
||||
|
||||
title
|
||||
(Required) A short string describing the purpose of the
|
||||
expression.
|
||||
|
||||
description
|
||||
(Optional) Additional description for the expression.
|
||||
|
||||
--condition-from-file=CONDITION_FROM_FILE
|
||||
Path to a local JSON or YAML file that defines the condition. To see
|
||||
available fields, see the help for --condition.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
|
|
|
|||
|
|
@ -4,21 +4,37 @@ NAME
|
|||
|
||||
SYNOPSIS
|
||||
gcloud beta container binauthz attestors remove-iam-policy-binding ATTESTOR
|
||||
--member=PRINCIPAL --role=ROLE [GCLOUD_WIDE_FLAG ...]
|
||||
--member=PRINCIPAL --role=ROLE
|
||||
[--all | --condition=[KEY=VALUE,...]
|
||||
| --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(BETA) Remove an IAM policy binding of a Binary Authorization attestor.
|
||||
(BETA) Remove an IAM policy binding from the IAM policy of a Binary
|
||||
Authorization attestor. One binding consists of a member, a role, and an
|
||||
optional condition.
|
||||
|
||||
EXAMPLES
|
||||
To Remove an IAM policy binding for the role of
|
||||
'roles/binaryauthorization.attestorsEditor' for the user
|
||||
'test-user@gmail.com' on attesttor 'my_attestor', run:
|
||||
To remove an IAM policy binding for the role of
|
||||
roles/binaryauthorization.attestorsEditor for the user test-user@gmail.com
|
||||
on attestor my_attestor, run:
|
||||
|
||||
$ gcloud beta container binauthz attestors \
|
||||
remove-iam-policy-binding my_attestor \
|
||||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/binaryauthorization.attestorsEditor'
|
||||
|
||||
To remove an IAM policy binding which expires at the end of the year 2018
|
||||
for the role of roles/binaryauthorization.attestorsEditor and the user
|
||||
test-user@gmail.com on attestor my_attestor, run:
|
||||
|
||||
$ gcloud beta container binauthz attestors \
|
||||
remove-iam-policy-binding my_attestor \
|
||||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/binaryauthorization.attestorsEditor' \
|
||||
--condition='expression=request.time <
|
||||
timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,descrip\
|
||||
tion=Expires at midnight on 2018-12-31'
|
||||
|
||||
See https://cloud.google.com/iam/docs/managing-policies for details of
|
||||
policy role and member types.
|
||||
|
||||
|
|
@ -61,6 +77,48 @@ REQUIRED FLAGS
|
|||
--role=ROLE
|
||||
The role to remove the principal from.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
At most one of these can be specified:
|
||||
|
||||
--all
|
||||
Remove all bindings with this role and principal, irrespective of any
|
||||
conditions.
|
||||
|
||||
--condition=[KEY=VALUE,...]
|
||||
The condition of the binding that you want to remove. When the
|
||||
condition is explicitly specified as None (--condition=None), a
|
||||
binding without a condition is removed. Otherwise, only a binding
|
||||
with a condition that exactly matches the specified condition
|
||||
(including the optional description) is removed. For more on
|
||||
conditions, refer to the conditions overview guide:
|
||||
https://cloud.google.com/iam/docs/conditions-overview
|
||||
|
||||
When using the --condition flag, include the following key-value
|
||||
pairs:
|
||||
|
||||
expression
|
||||
(Required) Condition expression that evaluates to True or False.
|
||||
This uses a subset of Common Expression Language syntax.
|
||||
|
||||
If the condition expression includes a comma, use a different
|
||||
delimiter to separate the key-value pairs. Specify the delimiter
|
||||
before listing the key-value pairs. For example, to specify a
|
||||
colon (:) as the delimiter, do the following:
|
||||
--condition=^:^title=TITLE:expression=EXPRESSION. For more
|
||||
information, see
|
||||
https://cloud.google.com/sdk/gcloud/reference/topic/escaping.
|
||||
|
||||
title
|
||||
(Required) A short string describing the purpose of the
|
||||
expression.
|
||||
|
||||
description
|
||||
(Optional) Additional description for the expression.
|
||||
|
||||
--condition-from-file=CONDITION_FROM_FILE
|
||||
Path to a local JSON or YAML file that defines the condition. To see
|
||||
available fields, see the help for --condition.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
|
|
|
|||
|
|
@ -4,10 +4,14 @@ NAME
|
|||
|
||||
SYNOPSIS
|
||||
gcloud beta container binauthz policy add-iam-policy-binding
|
||||
--member=PRINCIPAL --role=ROLE [GCLOUD_WIDE_FLAG ...]
|
||||
--member=PRINCIPAL --role=ROLE
|
||||
[--condition=[KEY=VALUE,...]
|
||||
| --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(BETA) Add an IAM policy binding to a Binary Authorization policy.
|
||||
(BETA) Add an IAM policy binding to the IAM policy of a Binary
|
||||
Authorization policy. One binding consists of a member, a role, and an
|
||||
optional condition.
|
||||
|
||||
EXAMPLES
|
||||
To add an IAM policy binding for the role of
|
||||
|
|
@ -19,6 +23,18 @@ EXAMPLES
|
|||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/binaryauthorization.attestationAuthoritiesEditor'
|
||||
|
||||
To add an IAM policy binding which expires at the end of the year 2018 for
|
||||
the role of 'roles/binaryauthorization.attestationAuthoritiesEditor' and
|
||||
the user 'test-user@gmail.com' on the current project's Binary
|
||||
Authorization policy, run:
|
||||
|
||||
$ gcloud beta container binauthz policy add-iam-policy-binding \
|
||||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/binaryauthorization.attestationAuthoritiesEditor' \
|
||||
--condition='expression=request.time <
|
||||
timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,descrip\
|
||||
tion=Expires at midnight on 2018-12-31'
|
||||
|
||||
See https://cloud.google.com/iam/docs/managing-policies for details of
|
||||
policy role and member types.
|
||||
|
||||
|
|
@ -43,6 +59,44 @@ REQUIRED FLAGS
|
|||
for a custom role, such as
|
||||
organizations/{ORGANIZATION_ID}/roles/logging.viewer.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
At most one of these can be specified:
|
||||
|
||||
--condition=[KEY=VALUE,...]
|
||||
A condition to include in the binding. When the condition is
|
||||
explicitly specified as None (--condition=None), a binding without a
|
||||
condition is added. When the condition is specified and is not None,
|
||||
--role cannot be a basic role. Basic roles are roles/editor,
|
||||
roles/owner, and roles/viewer. For more on conditions, refer to the
|
||||
conditions overview guide:
|
||||
https://cloud.google.com/iam/docs/conditions-overview
|
||||
|
||||
When using the --condition flag, include the following key-value
|
||||
pairs:
|
||||
|
||||
expression
|
||||
(Required) Condition expression that evaluates to True or False.
|
||||
This uses a subset of Common Expression Language syntax.
|
||||
|
||||
If the condition expression includes a comma, use a different
|
||||
delimiter to separate the key-value pairs. Specify the delimiter
|
||||
before listing the key-value pairs. For example, to specify a
|
||||
colon (:) as the delimiter, do the following:
|
||||
--condition=^:^title=TITLE:expression=EXPRESSION. For more
|
||||
information, see
|
||||
https://cloud.google.com/sdk/gcloud/reference/topic/escaping.
|
||||
|
||||
title
|
||||
(Required) A short string describing the purpose of the
|
||||
expression.
|
||||
|
||||
description
|
||||
(Optional) Additional description for the expression.
|
||||
|
||||
--condition-from-file=CONDITION_FROM_FILE
|
||||
Path to a local JSON or YAML file that defines the condition. To see
|
||||
available fields, see the help for --condition.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
|
|
|
|||
|
|
@ -4,13 +4,17 @@ NAME
|
|||
|
||||
SYNOPSIS
|
||||
gcloud beta container binauthz policy remove-iam-policy-binding
|
||||
--member=PRINCIPAL --role=ROLE [GCLOUD_WIDE_FLAG ...]
|
||||
--member=PRINCIPAL --role=ROLE
|
||||
[--all | --condition=[KEY=VALUE,...]
|
||||
| --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(BETA) Remove an IAM policy binding of a Binary Authorization policy.
|
||||
(BETA) Remove an IAM policy binding from the IAM policy of a Binary
|
||||
Authorization policy. One binding consists of a member, a role, and an
|
||||
optional condition.
|
||||
|
||||
EXAMPLES
|
||||
To Remove an IAM policy binding for the role of
|
||||
To remove an IAM policy binding for the role of
|
||||
'roles/binaryauthorization.attestationAuthoritiesEditor' for the user
|
||||
'test-user@gmail.com' on the current project's Binary Authorization policy,
|
||||
run:
|
||||
|
|
@ -19,6 +23,18 @@ EXAMPLES
|
|||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/binaryauthorization.attestationAuthoritiesEditor'
|
||||
|
||||
To remove an IAM policy binding which expires at the end of the year 2018
|
||||
for the role of 'roles/binaryauthorization.attestationAuthoritiesEditor'
|
||||
and the user 'test-user@gmail.com' on the current project's Binary
|
||||
Authorization policy, run:
|
||||
|
||||
$ gcloud beta container binauthz policy remove-iam-policy-binding \
|
||||
--member='user:test-user@gmail.com' \
|
||||
--role='roles/binaryauthorization.attestationAuthoritiesEditor' \
|
||||
--condition='expression=request.time <
|
||||
timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,descrip\
|
||||
tion=Expires at midnight on 2018-12-31'
|
||||
|
||||
See https://cloud.google.com/iam/docs/managing-policies for details of
|
||||
policy role and member types.
|
||||
|
||||
|
|
@ -44,6 +60,48 @@ REQUIRED FLAGS
|
|||
--role=ROLE
|
||||
The role to remove the principal from.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
At most one of these can be specified:
|
||||
|
||||
--all
|
||||
Remove all bindings with this role and principal, irrespective of any
|
||||
conditions.
|
||||
|
||||
--condition=[KEY=VALUE,...]
|
||||
The condition of the binding that you want to remove. When the
|
||||
condition is explicitly specified as None (--condition=None), a
|
||||
binding without a condition is removed. Otherwise, only a binding
|
||||
with a condition that exactly matches the specified condition
|
||||
(including the optional description) is removed. For more on
|
||||
conditions, refer to the conditions overview guide:
|
||||
https://cloud.google.com/iam/docs/conditions-overview
|
||||
|
||||
When using the --condition flag, include the following key-value
|
||||
pairs:
|
||||
|
||||
expression
|
||||
(Required) Condition expression that evaluates to True or False.
|
||||
This uses a subset of Common Expression Language syntax.
|
||||
|
||||
If the condition expression includes a comma, use a different
|
||||
delimiter to separate the key-value pairs. Specify the delimiter
|
||||
before listing the key-value pairs. For example, to specify a
|
||||
colon (:) as the delimiter, do the following:
|
||||
--condition=^:^title=TITLE:expression=EXPRESSION. For more
|
||||
information, see
|
||||
https://cloud.google.com/sdk/gcloud/reference/topic/escaping.
|
||||
|
||||
title
|
||||
(Required) A short string describing the purpose of the
|
||||
expression.
|
||||
|
||||
description
|
||||
(Optional) Additional description for the expression.
|
||||
|
||||
--condition-from-file=CONDITION_FROM_FILE
|
||||
Path to a local JSON or YAML file that defines the condition. To see
|
||||
available fields, see the help for --condition.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
|
|
|
|||
|
|
@ -1212,16 +1212,10 @@ FLAGS
|
|||
Number of extra (surge) nodes to be created on each upgrade of
|
||||
an autoprovisioned node pool.
|
||||
|
||||
This flag must be specified if any of the other arguments in
|
||||
this group are specified.
|
||||
|
||||
--autoprovisioning-max-unavailable-upgrade=AUTOPROVISIONING_MAX_UNAVAILABLE_UPGRADE
|
||||
Number of nodes that can be unavailable at the same time on
|
||||
each upgrade of an autoprovisioned node pool.
|
||||
|
||||
This flag must be specified if any of the other arguments in
|
||||
this group are specified.
|
||||
|
||||
Flags to specify identity for autoprovisioned nodes:
|
||||
|
||||
--autoprovisioning-scopes=[SCOPE,...]
|
||||
|
|
|
|||
|
|
@ -828,16 +828,10 @@ REQUIRED FLAGS
|
|||
Number of extra (surge) nodes to be created on each upgrade
|
||||
of an autoprovisioned node pool.
|
||||
|
||||
This flag must be specified if any of the other arguments in
|
||||
this group are specified.
|
||||
|
||||
--autoprovisioning-max-unavailable-upgrade=AUTOPROVISIONING_MAX_UNAVAILABLE_UPGRADE
|
||||
Number of nodes that can be unavailable at the same time on
|
||||
each upgrade of an autoprovisioned node pool.
|
||||
|
||||
This flag must be specified if any of the other arguments in
|
||||
this group are specified.
|
||||
|
||||
Flags to specify identity for autoprovisioned nodes:
|
||||
|
||||
--autoprovisioning-scopes=[SCOPE,...]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue