diff --git a/gcloud/_version b/gcloud/_version index de4405754..302ec281d 100644 --- a/gcloud/_version +++ b/gcloud/_version @@ -1,6 +1,6 @@ -Google Cloud SDK 387.0.0 -alpha 2022.05.20 -beta 2022.05.20 +Google Cloud SDK 388.0.0 +alpha 2022.05.27 +beta 2022.05.27 bq 2.0.74 -core 2022.05.20 +core 2022.05.27 gsutil 5.10 diff --git a/gcloud/alpha/alloydb/backups/list b/gcloud/alpha/alloydb/backups/list index 8e2a6460d..0350493a3 100644 --- a/gcloud/alpha/alloydb/backups/list +++ b/gcloud/alpha/alloydb/backups/list @@ -16,6 +16,12 @@ EXAMPLES $ gcloud alpha alloydb backups list --region=us-central1 + Use the --format flag to customize the fields that are outputted. For + example, to list backups with their names and sizes, run: + + $ gcloud alpha alloydb backups list --region=us-central1 \ + --format="table(name, size_bytes)" + FLAGS --region=REGION; default="-" Regional location (e.g. asia-east1, us-east1). See the full list of diff --git a/gcloud/alpha/anthos/config/controller/create b/gcloud/alpha/anthos/config/controller/create index a7b68fa92..15288f65e 100644 --- a/gcloud/alpha/anthos/config/controller/create +++ b/gcloud/alpha/anthos/config/controller/create @@ -43,8 +43,9 @@ POSITIONAL ARGUMENTS --location=LOCATION The name of the Config Controller instance location. Currently, only - us-central1, us-east1, northamerica-northeast1, europe-north1, - australia-southeast1, and asia-northeast1 are supported. To set the + us-central1, us-east1, northamerica-northeast1, + northamerica-northeast2, europe-north1, australia-southeast1, + asia-northeast1, and asia-northeast2 are supported. To set the location attribute: ▸ provide the argument name on the command line with a fully specified name; diff --git a/gcloud/alpha/anthos/config/controller/delete b/gcloud/alpha/anthos/config/controller/delete index e03b8f283..cf887d1c4 100644 --- a/gcloud/alpha/anthos/config/controller/delete +++ b/gcloud/alpha/anthos/config/controller/delete @@ -39,8 +39,9 @@ POSITIONAL ARGUMENTS --location=LOCATION The name of the Anthos Config Controller instance location. Currently, only us-central1, us-east1, northamerica-northeast1, - europe-north1, australia-southeast1 and asia-northeast1 are - supported. To set the location attribute: + northamerica-northeast2, europe-north1, australia-southeast1, + asia-northeast1 and asia-northeast2 are supported. To set the + location attribute: ▸ provide the argument name on the command line with a fully specified name; ▸ provide the argument --location on the command line. diff --git a/gcloud/alpha/anthos/config/controller/describe b/gcloud/alpha/anthos/config/controller/describe index b80b15e25..0f873b37e 100644 --- a/gcloud/alpha/anthos/config/controller/describe +++ b/gcloud/alpha/anthos/config/controller/describe @@ -40,8 +40,9 @@ POSITIONAL ARGUMENTS --location=LOCATION The name of the Anthos Config Controller instance location. Currently, only us-central1, us-east1, northamerica-northeast1, - europe-north1, australia-southeast1 and asia-northeast1 are - supported. To set the location attribute: + northamerica-northeast2, europe-north1, australia-southeast1, + asia-northeast1 and asia-northeast2 are supported. To set the + location attribute: ▸ provide the argument name on the command line with a fully specified name; ▸ provide the argument --location on the command line. diff --git a/gcloud/alpha/anthos/config/operations/describe b/gcloud/alpha/anthos/config/operations/describe index 957f1fca4..5a1f28948 100644 --- a/gcloud/alpha/anthos/config/operations/describe +++ b/gcloud/alpha/anthos/config/operations/describe @@ -40,8 +40,9 @@ POSITIONAL ARGUMENTS --location=LOCATION The name of the Anthos Config Controller instance location. Currently, only us-central1, us-east1, northamerica-northeast1, - europe-north1, australia-southeast1 and asia-northeast1 are - supported. To set the location attribute: + northamerica-northeast2, europe-north1, australia-southeast1, + asia-northeast1 and asia-northeast2 are supported. To set the + location attribute: ▸ provide the argument operation on the command line with a fully specified name; ▸ provide the argument --location on the command line. diff --git a/gcloud/alpha/apigee/operations/describe b/gcloud/alpha/apigee/operations/describe index 54f2fa098..ac7528c6c 100644 --- a/gcloud/alpha/apigee/operations/describe +++ b/gcloud/alpha/apigee/operations/describe @@ -62,5 +62,7 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. This variant is also available: + + $ gcloud beta apigee operations describe diff --git a/gcloud/alpha/apigee/operations/help b/gcloud/alpha/apigee/operations/help index 5a049e7e1..3e898a540 100644 --- a/gcloud/alpha/apigee/operations/help +++ b/gcloud/alpha/apigee/operations/help @@ -25,5 +25,7 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. This variant is also available: + + $ gcloud beta apigee operations diff --git a/gcloud/alpha/apigee/operations/list b/gcloud/alpha/apigee/operations/list index f30850f62..491a9476b 100644 --- a/gcloud/alpha/apigee/operations/list +++ b/gcloud/alpha/apigee/operations/list @@ -77,5 +77,7 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. This variant is also available: + + $ gcloud beta apigee operations list diff --git a/gcloud/alpha/assured/workloads/help b/gcloud/alpha/assured/workloads/help index 4ac32b97b..554e60084 100644 --- a/gcloud/alpha/assured/workloads/help +++ b/gcloud/alpha/assured/workloads/help @@ -3,7 +3,7 @@ NAME resources SYNOPSIS - gcloud alpha assured workloads COMMAND [GCLOUD_WIDE_FLAG ...] + gcloud alpha assured workloads GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Create, read, update, list and delete Assured Workloads resources. @@ -13,6 +13,12 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +GROUPS + GROUP is one of the following: + + violations + (ALPHA) Read and list Assured Workloads Violations. + COMMANDS COMMAND is one of the following: diff --git a/gcloud/alpha/assured/workloads/violations/help b/gcloud/alpha/assured/workloads/violations/help new file mode 100644 index 000000000..31617bfe0 --- /dev/null +++ b/gcloud/alpha/assured/workloads/violations/help @@ -0,0 +1,28 @@ +NAME + gcloud alpha assured workloads violations - read and list Assured Workloads + Violations + +SYNOPSIS + gcloud alpha assured workloads violations COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Read and list Assured Workloads Violations. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + list + (ALPHA) List all Assured Workloads violations that belong to a assured + workloads environment. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/assured/workloads/violations/list b/gcloud/alpha/assured/workloads/violations/list new file mode 100644 index 000000000..add5a2f56 --- /dev/null +++ b/gcloud/alpha/assured/workloads/violations/list @@ -0,0 +1,87 @@ +NAME + gcloud alpha assured workloads violations list - list all Assured Workloads + violations that belong to a assured workloads environment + +SYNOPSIS + gcloud alpha assured workloads violations list --location=LOCATION + --organization=ORGANIZATION --workload=WORKLOAD [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) List all Violations that belong to the given Assured Workloads + environment. + +EXAMPLES + The following example command lists all violations with these properties: + + ▪ belonging to an organization with ID 123 + ▪ belonging to the assured workload with ID w123 + ▪ located in the us-central1 region + ▪ returning no more than 30 results + ▪ requesting 10 results at a time from the backend + + $ gcloud alpha assured workloads violations list \ + --organization=123 --location=us-central1 --workload=w123 \ + --limit=30 --page-size=10 + +REQUIRED FLAGS + --location=LOCATION + The location of the Assured Workloads environments. For a current list + of supported LOCATION values, see Assured Workloads locations + (http://cloud/assured-workloads/docs/locations). + + --organization=ORGANIZATION + The parent organization of the Assured Workloads environments, provided + as an organization ID. + + --workload=WORKLOAD + The parent workload of the Assured Workloads violations, provided as + workload ID. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/auth/revoke b/gcloud/alpha/auth/revoke index f8663381c..838aa83bb 100644 --- a/gcloud/alpha/auth/revoke +++ b/gcloud/alpha/auth/revoke @@ -15,7 +15,10 @@ DESCRIPTION When given a service account, this command does not revoke the service account token on the server because service account tokens are not revocable. Instead, it will print a warning and remove the credential from - the local machine. + the local machine. When used with a service account, this command has only + a local effect and the key associated with the service account is not + deleted. This can be done by executing gcloud iam service-accounts keys + delete after revoke. When given an external account (workload identity pool), whether impersonated or not, the command does not revoke the corresponding token on diff --git a/gcloud/alpha/bigtable/instances/tables/undelete b/gcloud/alpha/bigtable/instances/tables/undelete index 2c2cd0b18..8f0850d3e 100644 --- a/gcloud/alpha/bigtable/instances/tables/undelete +++ b/gcloud/alpha/bigtable/instances/tables/undelete @@ -4,7 +4,7 @@ NAME SYNOPSIS gcloud alpha bigtable instances tables undelete - (TABLE : --instance=INSTANCE) [GCLOUD_WIDE_FLAG ...] + (TABLE : --instance=INSTANCE) [--async] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Undeletes a previously deleted Cloud Bigtable table. @@ -42,6 +42,11 @@ POSITIONAL ARGUMENTS specified name; ▸ provide the argument --instance on the command line. +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/alpha/bms/instances/update b/gcloud/alpha/bms/instances/update index 901bae671..1c4e45ee6 100644 --- a/gcloud/alpha/bms/instances/update +++ b/gcloud/alpha/bms/instances/update @@ -3,6 +3,7 @@ NAME SYNOPSIS gcloud alpha bms instances update (INSTANCE : --region=REGION) [--async] + [--[no-]enable-hyperthreading] [--os-image=OS_IMAGE] [--update-labels=[KEY=VALUE,...]] [--clear-labels | --remove-labels=[KEY,...]] [GCLOUD_WIDE_FLAG ...] @@ -56,6 +57,13 @@ FLAGS Return immediately, without waiting for the operation in progress to complete. + --[no-]enable-hyperthreading + Enable hyperthreading for the server. Use --enable-hyperthreading to + enable and --no-enable-hyperthreading to disable. + + --os-image=OS_IMAGE + OS image to install on the server. + --update-labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created. diff --git a/gcloud/alpha/bms/networks/help b/gcloud/alpha/bms/networks/help index 6d2e0ffaa..aa6910518 100644 --- a/gcloud/alpha/bms/networks/help +++ b/gcloud/alpha/bms/networks/help @@ -21,6 +21,10 @@ COMMANDS list (ALPHA) List Bare Metal Solution networks in a project. + list-ip-reservations + (ALPHA) List IP range reservations for Bare Metal Solution networks in + a project. + update (ALPHA) Update a Bare Metal Solution network. diff --git a/gcloud/alpha/bms/networks/list-ip-reservations b/gcloud/alpha/bms/networks/list-ip-reservations new file mode 100644 index 000000000..908a7c195 --- /dev/null +++ b/gcloud/alpha/bms/networks/list-ip-reservations @@ -0,0 +1,64 @@ +NAME + gcloud alpha bms networks list-ip-reservations - list IP range reservations + for Bare Metal Solution networks in a project + +SYNOPSIS + gcloud alpha bms networks list-ip-reservations --region=REGION + [--filter=EXPRESSION] [--limit=LIMIT] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) List IP range reservations for Bare Metal Solution networks in a + project. + +EXAMPLES + To list IP range reservations for networks in the region us-central1, run: + + $ gcloud alpha bms networks list-ip-reservations --region=us-central1 + + Or: + + To list all IP range reservations in the project, run: + + $ gcloud alpha bms networks list-ip-reservations + +FLAGS + Region resource - region. This represents a Cloud resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. To set the project attribute: + ◆ provide the argument --region on the command line with a fully + specified name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + --region=REGION + ID of the region or fully qualified identifier for the region. To set + the region attribute: + ▸ provide the argument --region on the command line. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/bms/networks/update b/gcloud/alpha/bms/networks/update index 2b3f17de0..d48d7db6d 100644 --- a/gcloud/alpha/bms/networks/update +++ b/gcloud/alpha/bms/networks/update @@ -4,6 +4,9 @@ NAME SYNOPSIS gcloud alpha bms networks update (NETWORK : --region=REGION) [--async] [--update-labels=[KEY=VALUE,...]] + [--add-ip-range-reservation=[PROPERTY=VALUE,...] + | --clear-ip-range-reservations + | --remove-ip-range-reservation=[PROPERTY=VALUE,...]] [--clear-labels | --remove-labels=[KEY,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -65,6 +68,36 @@ FLAGS contain only hyphens (-), underscores (_), lowercase characters, and numbers. + At most one of these can be specified: + + --add-ip-range-reservation=[PROPERTY=VALUE,...] + Add a reservation of a range of IP addresses in the network. + + start_address + The first address of this reservation block. Must be specified as + a single IPv4 address, e.g. 10.1.2.2. + + end_address + The last address of this reservation block, inclusive. I.e., for + cases when reservations are only single addresses, end_address + and start_address will be the same. Must be specified as a single + IPv4 address, e.g. 10.1.2.2. + + note + A note about this reservation, intended for human consumption. + + --clear-ip-range-reservations + Removes all IP range reservations in the network. + + --remove-ip-range-reservation=[PROPERTY=VALUE,...] + Remove a reservation of a range of IP addresses in the network. + + start_address + The first address of the reservation block to remove. + + end_address + The last address of the reservation block to remove. + At most one of these can be specified: --clear-labels diff --git a/gcloud/alpha/compute/images/export b/gcloud/alpha/compute/images/export index e873ced77..6090e0785 100644 --- a/gcloud/alpha/compute/images/export +++ b/gcloud/alpha/compute/images/export @@ -19,6 +19,11 @@ DESCRIPTION The --export-format flag exports the image to a format supported by QEMU using qemu-img. Valid formats include vmdk, vhdx, vpc, vdi, and qcow2. + Before exporting an image, set up access to Cloud Storage and grant + required roles to the user accounts and service accounts. For more + information, see + https://cloud.google.com/compute/docs/import/requirements-export-import-images. + EXAMPLES To export a VMDK file my-image from a project my-project to a Cloud Storage bucket my-bucket, run: diff --git a/gcloud/alpha/compute/network-firewall-policies/associations/create b/gcloud/alpha/compute/network-firewall-policies/associations/create index 677fa0e8f..08e3a3fce 100644 --- a/gcloud/alpha/compute/network-firewall-policies/associations/create +++ b/gcloud/alpha/compute/network-firewall-policies/associations/create @@ -68,5 +68,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies associations create + + $ gcloud beta compute network-firewall-policies associations create diff --git a/gcloud/alpha/compute/network-firewall-policies/associations/delete b/gcloud/alpha/compute/network-firewall-policies/associations/delete index 9c214375e..77a6e9be5 100644 --- a/gcloud/alpha/compute/network-firewall-policies/associations/delete +++ b/gcloud/alpha/compute/network-firewall-policies/associations/delete @@ -58,5 +58,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies associations delete + + $ gcloud beta compute network-firewall-policies associations delete diff --git a/gcloud/alpha/compute/network-firewall-policies/associations/help b/gcloud/alpha/compute/network-firewall-policies/associations/help index 999108d6c..65eff0d5f 100644 --- a/gcloud/alpha/compute/network-firewall-policies/associations/help +++ b/gcloud/alpha/compute/network-firewall-policies/associations/help @@ -30,5 +30,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies associations + + $ gcloud beta compute network-firewall-policies associations diff --git a/gcloud/alpha/compute/network-firewall-policies/clone-rules b/gcloud/alpha/compute/network-firewall-policies/clone-rules index c89ba7da8..af8e661f6 100644 --- a/gcloud/alpha/compute/network-firewall-policies/clone-rules +++ b/gcloud/alpha/compute/network-firewall-policies/clone-rules @@ -58,5 +58,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies clone-rules + + $ gcloud beta compute network-firewall-policies clone-rules diff --git a/gcloud/alpha/compute/network-firewall-policies/create b/gcloud/alpha/compute/network-firewall-policies/create index 0571ebe94..348e732f8 100644 --- a/gcloud/alpha/compute/network-firewall-policies/create +++ b/gcloud/alpha/compute/network-firewall-policies/create @@ -13,14 +13,14 @@ DESCRIPTION rules that controls access to various resources. EXAMPLES - To create a global network firewall policy named ``my-policy" under project + To create a global network firewall policy named my-policy under project with ID test-project, run: $ gcloud alpha compute network-firewall-policies create my-policy \ --project=test-project --global - To create a regional network firewall policy named ``my-region-policy" - under project with ID test-project, in region my-region, run: + To create a regional network firewall policy named my-region-policy under + project with ID test-project, in region my-region, run: $ gcloud alpha compute network-firewall-policies create \ my-region-policy --project=test-project --region=my-region @@ -54,5 +54,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies create + + $ gcloud beta compute network-firewall-policies create diff --git a/gcloud/alpha/compute/network-firewall-policies/delete b/gcloud/alpha/compute/network-firewall-policies/delete index 3cba61cdd..8f86fea3f 100644 --- a/gcloud/alpha/compute/network-firewall-policies/delete +++ b/gcloud/alpha/compute/network-firewall-policies/delete @@ -49,5 +49,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies delete + + $ gcloud beta compute network-firewall-policies delete diff --git a/gcloud/alpha/compute/network-firewall-policies/describe b/gcloud/alpha/compute/network-firewall-policies/describe index 101673bf7..ceb752f0d 100644 --- a/gcloud/alpha/compute/network-firewall-policies/describe +++ b/gcloud/alpha/compute/network-firewall-policies/describe @@ -49,5 +49,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies describe + + $ gcloud beta compute network-firewall-policies describe diff --git a/gcloud/alpha/compute/network-firewall-policies/get-effective-firewalls b/gcloud/alpha/compute/network-firewall-policies/get-effective-firewalls index 8839e6c44..f11635bb7 100644 --- a/gcloud/alpha/compute/network-firewall-policies/get-effective-firewalls +++ b/gcloud/alpha/compute/network-firewall-policies/get-effective-firewalls @@ -100,5 +100,10 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies get-effective-firewalls + + $ gcloud beta compute network-firewall-policies \ + get-effective-firewalls diff --git a/gcloud/alpha/compute/network-firewall-policies/help b/gcloud/alpha/compute/network-firewall-policies/help index 2f0a0a81c..dfd460049 100644 --- a/gcloud/alpha/compute/network-firewall-policies/help +++ b/gcloud/alpha/compute/network-firewall-policies/help @@ -55,5 +55,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies + + $ gcloud beta compute network-firewall-policies diff --git a/gcloud/alpha/compute/network-firewall-policies/list b/gcloud/alpha/compute/network-firewall-policies/list index 415f68e4f..7f2e10511 100644 --- a/gcloud/alpha/compute/network-firewall-policies/list +++ b/gcloud/alpha/compute/network-firewall-policies/list @@ -100,5 +100,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies list + + $ gcloud beta compute network-firewall-policies list diff --git a/gcloud/alpha/compute/network-firewall-policies/rules/create b/gcloud/alpha/compute/network-firewall-policies/rules/create index dc3363e8a..909638033 100644 --- a/gcloud/alpha/compute/network-firewall-policies/rules/create +++ b/gcloud/alpha/compute/network-firewall-policies/rules/create @@ -122,5 +122,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies rules create + + $ gcloud beta compute network-firewall-policies rules create diff --git a/gcloud/alpha/compute/network-firewall-policies/rules/delete b/gcloud/alpha/compute/network-firewall-policies/rules/delete index 4c3362dea..356a6a67e 100644 --- a/gcloud/alpha/compute/network-firewall-policies/rules/delete +++ b/gcloud/alpha/compute/network-firewall-policies/rules/delete @@ -13,13 +13,13 @@ DESCRIPTION to delete network firewall policy rules. EXAMPLES - To delete a rule with priority ``10" in a global network firewall policy - with name my-policy, run: + To delete a rule with priority 10 in a global network firewall policy with + name my-policy, run: $ gcloud alpha compute network-firewall-policies rules delete 10 \ --firewall-policy=my-policy --global-firewall-policy - To delete a rule with priority ``10" in a regional network firewall policy + To delete a rule with priority 10 in a regional network firewall policy with name my-policy, in region region-a, run: $ gcloud alpha compute network-firewall-policies rules delete 10 \ @@ -55,5 +55,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies rules delete + + $ gcloud beta compute network-firewall-policies rules delete diff --git a/gcloud/alpha/compute/network-firewall-policies/rules/describe b/gcloud/alpha/compute/network-firewall-policies/rules/describe index 0cbd6c27d..6bb17448f 100644 --- a/gcloud/alpha/compute/network-firewall-policies/rules/describe +++ b/gcloud/alpha/compute/network-firewall-policies/rules/describe @@ -55,5 +55,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies rules describe + + $ gcloud beta compute network-firewall-policies rules describe diff --git a/gcloud/alpha/compute/network-firewall-policies/rules/help b/gcloud/alpha/compute/network-firewall-policies/rules/help index 527c867c1..06198660a 100644 --- a/gcloud/alpha/compute/network-firewall-policies/rules/help +++ b/gcloud/alpha/compute/network-firewall-policies/rules/help @@ -27,11 +27,15 @@ COMMANDS (ALPHA) Describes a Compute Engine network firewall policy rule. update - (ALPHA) Updates a Compute Engine network firewall policy rule. + (ALPHA) Creates a Compute Engine network firewall policy rule. NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies rules + + $ gcloud beta compute network-firewall-policies rules diff --git a/gcloud/alpha/compute/network-firewall-policies/rules/update b/gcloud/alpha/compute/network-firewall-policies/rules/update index a2a95da70..a0c30d24c 100644 --- a/gcloud/alpha/compute/network-firewall-policies/rules/update +++ b/gcloud/alpha/compute/network-firewall-policies/rules/update @@ -1,5 +1,5 @@ NAME - gcloud alpha compute network-firewall-policies rules update - updates a + gcloud alpha compute network-firewall-policies rules update - creates a Compute Engine network firewall policy rule SYNOPSIS @@ -17,7 +17,7 @@ SYNOPSIS DESCRIPTION (ALPHA) gcloud alpha compute network-firewall-policies rules update is used - to update network firewall policy rules. + to create network firewall policy rules. EXAMPLES To update a rule with priority 10 in a global network firewall policy with @@ -118,5 +118,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies rules update + + $ gcloud beta compute network-firewall-policies rules update diff --git a/gcloud/alpha/compute/network-firewall-policies/update b/gcloud/alpha/compute/network-firewall-policies/update index 7437c0d1c..b0ed5d6a5 100644 --- a/gcloud/alpha/compute/network-firewall-policies/update +++ b/gcloud/alpha/compute/network-firewall-policies/update @@ -54,5 +54,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. These variants are also available: + + $ gcloud compute network-firewall-policies update + + $ gcloud beta compute network-firewall-policies update diff --git a/gcloud/alpha/compute/networks/create b/gcloud/alpha/compute/networks/create index cb9c0ee1c..e42253136 100644 --- a/gcloud/alpha/compute/networks/create +++ b/gcloud/alpha/compute/networks/create @@ -5,8 +5,9 @@ SYNOPSIS gcloud alpha compute networks create NAME [--bgp-routing-mode=MODE; default="regional"] [--description=DESCRIPTION] [--[no-]enable-ula-internal-ipv6] - [--internal-ipv6-range=INTERNAL_IPV6_RANGE] [--mtu=MTU] [--range=RANGE] - [--subnet-mode=MODE] [GCLOUD_WIDE_FLAG ...] + [--internal-ipv6-range=INTERNAL_IPV6_RANGE] [--mtu=MTU] + [--network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER] + [--range=RANGE] [--subnet-mode=MODE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) gcloud alpha compute networks create is used to create virtual @@ -59,6 +60,17 @@ FLAGS and the maximum is 1500 bytes. The MTU advertised via DHCP to all instances attached to this network. + --network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER + The Network Firewall Policy enforcement order of this network. If not + specified, defaults to AFTER_CLASSIC_FIREWALL. + + NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER must be one of: + + AFTER_CLASSIC_FIREWALL + Network Firewall Policy is enforced after classic firewall. + BEFORE_CLASSIC_FIREWALL + Network Firewall Policy is enforced before classic firewall. + --range=RANGE Specifies the IPv4 address range of legacy mode networks. The range must be specified in CIDR format: diff --git a/gcloud/alpha/compute/networks/update b/gcloud/alpha/compute/networks/update index 3c7739500..b2f4ad012 100644 --- a/gcloud/alpha/compute/networks/update +++ b/gcloud/alpha/compute/networks/update @@ -5,6 +5,7 @@ SYNOPSIS gcloud alpha compute networks update NAME [--async] [--[no-]enable-ula-internal-ipv6] [--internal-ipv6-range=INTERNAL_IPV6_RANGE] [--mtu=MTU] + [--network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER] [--bgp-routing-mode=MODE | --switch-to-custom-subnet-mode] [GCLOUD_WIDE_FLAG ...] @@ -42,6 +43,17 @@ FLAGS and the maximum is 1500 bytes. The MTU advertised via DHCP to all instances attached to this network. + --network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER + The Network Firewall Policy enforcement order of this network. If not + specified, defaults to AFTER_CLASSIC_FIREWALL. + + NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER must be one of: + + AFTER_CLASSIC_FIREWALL + Network Firewall Policy is enforced after classic firewall. + BEFORE_CLASSIC_FIREWALL + Network Firewall Policy is enforced before classic firewall. + At most one of these can be specified: --bgp-routing-mode=MODE diff --git a/gcloud/alpha/container/aws/clusters/create b/gcloud/alpha/container/aws/clusters/create index d4aeb78f7..930ab9268 100644 --- a/gcloud/alpha/container/aws/clusters/create +++ b/gcloud/alpha/container/aws/clusters/create @@ -93,7 +93,7 @@ REQUIRED FLAGS ID or number of the Fleet host project where the cluster is registered. --iam-instance-profile=IAM_INSTANCE_PROFILE - Name of the IAM instance profile associated with the cluster. + Name or ARN of the IAM instance profile associated with the cluster. --pod-address-cidr-blocks=POD_ADDRESS_CIDR_BLOCKS IP address range for the pods in this cluster in CIDR notation (e.g. @@ -127,7 +127,7 @@ OPTIONAL FLAGS default, host. --instance-type=INSTANCE_TYPE - AWS EC2 instance type. + AWS EC2 instance type for the control plane's nodes. --logging=COMPONENT,[COMPONENT,...] Set the components that have logging enabled. @@ -176,10 +176,10 @@ OPTIONAL FLAGS Type of the root volume. ROOT_VOLUME_TYPE must be one of: gp2, gp3. --security-group-ids=[SECURITY_GROUP_ID,...] - IDs of additional security groups to add to control plane replicas. + IDs of additional security groups to add to the control plane's nodes. --ssh-ec2-key-pair=SSH_EC2_KEY_PAIR - Name of the EC2 key pair authorized to login to the control plane + Name of the EC2 key pair authorized to login to the control plane's nodes. --tags=TAG,[TAG,...] diff --git a/gcloud/alpha/container/aws/clusters/update b/gcloud/alpha/container/aws/clusters/update index 1c459b0b4..4d50c2c93 100644 --- a/gcloud/alpha/container/aws/clusters/update +++ b/gcloud/alpha/container/aws/clusters/update @@ -72,7 +72,7 @@ FLAGS Amazon Resource Name (ARN) of the AWS KMS key to encrypt the user data. --instance-type=INSTANCE_TYPE - AWS EC2 instance type. + AWS EC2 instance type for the control plane's nodes. --role-arn=ROLE_ARN Amazon Resource Name (ARN) of the IAM role to assume when managing AWS @@ -105,7 +105,7 @@ FLAGS At most one of these can be specified: --clear-proxy-config - Clear the proxy configuration, if any, associated with the cluster. + Clear the proxy configuration associated with the control plane. Update existing proxy config parameters @@ -123,20 +123,22 @@ FLAGS --clear-security-group-ids Clear any additional security groups associated with the control - plane replicas. This does not remove the default security groups. + plane's nodes. This does not remove the default security groups. --security-group-ids=[SECURITY_GROUP_ID,...] - IDs of additional security groups to add to control plane replicas. + IDs of additional security groups to add to the control plane's + nodes. SSH config At most one of these can be specified: --clear-ssh-ec2-key-pair - Clear the EC2 key pair to log in into the control plane nodes. + Clear the EC2 key pair authorized to login to the control plane's + nodes. --ssh-ec2-key-pair=SSH_EC2_KEY_PAIR - Name of the EC2 key pair authorized to login to the control plane + Name of the EC2 key pair authorized to login to the control plane's nodes. GCLOUD WIDE FLAGS diff --git a/gcloud/alpha/container/aws/node-pools/create b/gcloud/alpha/container/aws/node-pools/create index df8940cf3..d4e29ab6b 100644 --- a/gcloud/alpha/container/aws/node-pools/create +++ b/gcloud/alpha/container/aws/node-pools/create @@ -75,7 +75,7 @@ REQUIRED FLAGS Amazon Resource Name (ARN) of the AWS KMS key to encrypt the user data. --iam-instance-profile=IAM_INSTANCE_PROFILE - Name of the IAM instance profile associated with the cluster. + Name or ARN of the IAM instance profile associated with the node pool. --node-version=NODE_VERSION Kubernetes version to use for the node pool. @@ -101,7 +101,7 @@ OPTIONAL FLAGS default, host. --instance-type=INSTANCE_TYPE - AWS EC2 instance type. + AWS EC2 instance type for the node pool's nodes. --max-pods-per-node=MAX_PODS_PER_NODE Maximum number of pods per node. @@ -131,10 +131,10 @@ OPTIONAL FLAGS Type of the root volume. ROOT_VOLUME_TYPE must be one of: gp2, gp3. --security-group-ids=[SECURITY_GROUP_ID,...] - IDs of additional security groups to add to nodes. + IDs of additional security groups to add to the node pool's nodes. --ssh-ec2-key-pair=SSH_EC2_KEY_PAIR - Name of the EC2 key pair authorized to login to the node pool nodes. + Name of the EC2 key pair authorized to login to the node pool's nodes. --tags=TAG,[TAG,...] Applies the given tags (comma separated) on the node pool. Example: diff --git a/gcloud/alpha/container/aws/node-pools/update b/gcloud/alpha/container/aws/node-pools/update index a906a0b63..ba208b213 100644 --- a/gcloud/alpha/container/aws/node-pools/update +++ b/gcloud/alpha/container/aws/node-pools/update @@ -98,7 +98,7 @@ FLAGS At most one of these can be specified: --clear-proxy-config - Clear the proxy configuration, if any, associated with the node pool. + Clear the proxy configuration associated with the node pool. Update existing proxy config parameters @@ -115,21 +115,22 @@ FLAGS At most one of these can be specified: --clear-security-group-ids - Clear any additional security groups associated with the nodes. This - does not remove the default security groups. + Clear any additional security groups associated with the node pool's + nodes. This does not remove the default security groups. --security-group-ids=[SECURITY_GROUP_ID,...] - IDs of additional security groups to add to nodes. + IDs of additional security groups to add to the node pool's nodes. SSH config At most one of these can be specified: --clear-ssh-ec2-key-pair - Clear the EC2 key pair to log in into the node pool nodes. + Clear the EC2 key pair authorized to login to the node pool's nodes. --ssh-ec2-key-pair=SSH_EC2_KEY_PAIR - Name of the EC2 key pair authorized to login to the node pool nodes. + Name of the EC2 key pair authorized to login to the node pool's + nodes. Node pool autoscaling diff --git a/gcloud/alpha/container/binauthz/attestors/add-iam-policy-binding b/gcloud/alpha/container/binauthz/attestors/add-iam-policy-binding index 68da7fd0a..c20412217 100644 --- a/gcloud/alpha/container/binauthz/attestors/add-iam-policy-binding +++ b/gcloud/alpha/container/binauthz/attestors/add-iam-policy-binding @@ -37,10 +37,10 @@ EXAMPLES policy role and member types. POSITIONAL ARGUMENTS - Attestor resource - The Binary Authorization attestor for which to add IAM - policy binding to. This represents a Cloud resource. (NOTE) Some - attributes are not given arguments in this group but can be set in other - ways. To set the project attribute: + Attestor resource - The Binary Authorization attestor whose IAM policy to + add an IAM policy binding to. This represents a Cloud resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. To set the project attribute: ◆ provide the argument attestor on the command line with a fully specified name; ◆ set the property core/project; diff --git a/gcloud/alpha/container/binauthz/attestors/remove-iam-policy-binding b/gcloud/alpha/container/binauthz/attestors/remove-iam-policy-binding index a2c7b4596..8ae87bac6 100644 --- a/gcloud/alpha/container/binauthz/attestors/remove-iam-policy-binding +++ b/gcloud/alpha/container/binauthz/attestors/remove-iam-policy-binding @@ -39,10 +39,10 @@ EXAMPLES policy role and member types. POSITIONAL ARGUMENTS - Attestor resource - The Binary Authorization attestor for which to add IAM - policy binding to. This represents a Cloud resource. (NOTE) Some - attributes are not given arguments in this group but can be set in other - ways. To set the project attribute: + Attestor resource - The Binary Authorization attestor whose IAM policy to + remove an IAM policy binding from. This represents a Cloud resource. + (NOTE) Some attributes are not given arguments in this group but can be + set in other ways. To set the project attribute: ◆ provide the argument attestor on the command line with a fully specified name; ◆ set the property core/project; diff --git a/gcloud/alpha/container/clusters/create b/gcloud/alpha/container/clusters/create index e4eb001df..6a7437550 100644 --- a/gcloud/alpha/container/clusters/create +++ b/gcloud/alpha/container/clusters/create @@ -956,6 +956,8 @@ FLAGS cpuManagerPolicy either 'static' or 'none' cpuCFSQuota true or false (enabled by default) cpuCFSQuotaPeriod interval (e.g., '100ms') + podPidsLimit integer (The value must be greater than or equal to + 1024 and less than 4194304.) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/alpha/container/fleet/memberships/delete b/gcloud/alpha/container/fleet/memberships/delete index 43cc8d021..2e3033a48 100644 --- a/gcloud/alpha/container/fleet/memberships/delete +++ b/gcloud/alpha/container/fleet/memberships/delete @@ -16,9 +16,15 @@ DESCRIPTION alpha container fleet memberships unregister. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud alpha container fleet memberships list + Delete a membership from Fleet: - $ gcloud alpha container fleet memberships delete a-membership + $ gcloud alpha container fleet memberships delete MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to delete. The arguments in diff --git a/gcloud/alpha/container/fleet/memberships/describe b/gcloud/alpha/container/fleet/memberships/describe index a1e4f832b..d48c78c6d 100644 --- a/gcloud/alpha/container/fleet/memberships/describe +++ b/gcloud/alpha/container/fleet/memberships/describe @@ -9,9 +9,15 @@ DESCRIPTION (ALPHA) Describe a membership in Fleet. EXAMPLES - Describe a membership in Fleet: + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: - $ gcloud alpha container fleet memberships describe a-membership + $ gcloud alpha container fleet memberships list + + Then describe it: + + $ gcloud alpha container fleet memberships describe MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to describe. The arguments in diff --git a/gcloud/alpha/container/fleet/memberships/generate-gateway-rbac b/gcloud/alpha/container/fleet/memberships/generate-gateway-rbac index b97e7446f..77102717e 100644 --- a/gcloud/alpha/container/fleet/memberships/generate-gateway-rbac +++ b/gcloud/alpha/container/fleet/memberships/generate-gateway-rbac @@ -62,7 +62,7 @@ EXAMPLES --users=foo@example.com,\ test-acct@test-project.iam.gserviceaccount.com \ --role=clusterrole/cluster-admin --context=my-cluster-contex \ - --kubeconfig=/home/user/custom_kubeconfig --apply + --kubeconfig=/home/user/custom_kubeconfig --revoke FLAGS --anthos-support diff --git a/gcloud/alpha/container/fleet/memberships/update b/gcloud/alpha/container/fleet/memberships/update index b7b0c7c12..d21255faa 100644 --- a/gcloud/alpha/container/fleet/memberships/update +++ b/gcloud/alpha/container/fleet/memberships/update @@ -11,9 +11,15 @@ DESCRIPTION (ALPHA) Update an existing membership in Fleet. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud alpha container fleet memberships list + Update a membership for a cluster: - $ gcloud alpha container fleet memberships update a-membership + $ gcloud alpha container fleet memberships update MEMBERSHIP_ID POSITIONAL ARGUMENTS Membership resource - membership resource representing a cluster in Fleet. diff --git a/gcloud/alpha/container/hub/memberships/delete b/gcloud/alpha/container/hub/memberships/delete index 0a2e5d072..4a92f96d9 100644 --- a/gcloud/alpha/container/hub/memberships/delete +++ b/gcloud/alpha/container/hub/memberships/delete @@ -16,9 +16,15 @@ DESCRIPTION alpha container hub memberships unregister. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud alpha container hub memberships list + Delete a membership from Fleet: - $ gcloud alpha container hub memberships delete a-membership + $ gcloud alpha container hub memberships delete MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to delete. The arguments in diff --git a/gcloud/alpha/container/hub/memberships/describe b/gcloud/alpha/container/hub/memberships/describe index e236057b4..6bbf834d6 100644 --- a/gcloud/alpha/container/hub/memberships/describe +++ b/gcloud/alpha/container/hub/memberships/describe @@ -9,9 +9,15 @@ DESCRIPTION (ALPHA) Describe a membership in Fleet. EXAMPLES - Describe a membership in Fleet: + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: - $ gcloud alpha container hub memberships describe a-membership + $ gcloud alpha container hub memberships list + + Then describe it: + + $ gcloud alpha container hub memberships describe MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to describe. The arguments in diff --git a/gcloud/alpha/container/hub/memberships/generate-gateway-rbac b/gcloud/alpha/container/hub/memberships/generate-gateway-rbac index b5bb44b6d..da6f8cec9 100644 --- a/gcloud/alpha/container/hub/memberships/generate-gateway-rbac +++ b/gcloud/alpha/container/hub/memberships/generate-gateway-rbac @@ -62,7 +62,7 @@ EXAMPLES --users=foo@example.com,\ test-acct@test-project.iam.gserviceaccount.com \ --role=clusterrole/cluster-admin --context=my-cluster-contex \ - --kubeconfig=/home/user/custom_kubeconfig --apply + --kubeconfig=/home/user/custom_kubeconfig --revoke FLAGS --anthos-support diff --git a/gcloud/alpha/container/hub/memberships/update b/gcloud/alpha/container/hub/memberships/update index a882beb19..eaf24ac2e 100644 --- a/gcloud/alpha/container/hub/memberships/update +++ b/gcloud/alpha/container/hub/memberships/update @@ -11,9 +11,15 @@ DESCRIPTION (ALPHA) Update an existing membership in Fleet. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud alpha container hub memberships list + Update a membership for a cluster: - $ gcloud alpha container hub memberships update a-membership + $ gcloud alpha container hub memberships update MEMBERSHIP_ID POSITIONAL ARGUMENTS Membership resource - membership resource representing a cluster in Fleet. diff --git a/gcloud/alpha/container/node-pools/create b/gcloud/alpha/container/node-pools/create index adab4153b..ffb811d69 100644 --- a/gcloud/alpha/container/node-pools/create +++ b/gcloud/alpha/container/node-pools/create @@ -434,6 +434,8 @@ FLAGS cpuManagerPolicy either 'static' or 'none' cpuCFSQuota true or false (enabled by default) cpuCFSQuotaPeriod interval (e.g., '100ms') + podPidsLimit integer (The value must be greater than or equal to + 1024 and less than 4194304.) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/alpha/container/node-pools/update b/gcloud/alpha/container/node-pools/update index 1d050f0c3..81aedae56 100644 --- a/gcloud/alpha/container/node-pools/update +++ b/gcloud/alpha/container/node-pools/update @@ -125,6 +125,8 @@ REQUIRED FLAGS cpuManagerPolicy either 'static' or 'none' cpuCFSQuota true or false (enabled by default) cpuCFSQuotaPeriod interval (e.g., '100ms') + podPidsLimit integer (The value must be greater than or equal + to 1024 and less than 4194304.) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/alpha/database-migration/migration-jobs/create b/gcloud/alpha/database-migration/migration-jobs/create index cfd761a2f..a59f9e2cf 100644 --- a/gcloud/alpha/database-migration/migration-jobs/create +++ b/gcloud/alpha/database-migration/migration-jobs/create @@ -6,7 +6,7 @@ SYNOPSIS gcloud alpha database-migration migration-jobs create (MIGRATION_JOB : --region=REGION) --destination=DESTINATION --source=SOURCE --type=TYPE [--display-name=DISPLAY_NAME] - [--dump-path=DUMP_PATH] [--labels=[KEY=VALUE,...]] + [--dump-path=DUMP_PATH] [--labels=[KEY=VALUE,...]] [--sync] [--peer-vpc=PEER_VPC | --static-ip | [--vm-ip=VM_IP --vm-port=VM_PORT --vpc=VPC : --vm=VM]] [GCLOUD_WIDE_FLAG ...] @@ -106,6 +106,9 @@ OPTIONAL FLAGS contain only hyphens (-), underscores (_), lowercase characters, and numbers. + --sync + Waits for the operation in progress to complete before returning. + The connectivity method used by the migration job. If a connectivity method isn't specified, then it isn't added to the migration job. diff --git a/gcloud/alpha/edge-cloud/networking/routers/add-interface b/gcloud/alpha/edge-cloud/networking/routers/add-interface index 8b793fe87..e583b723e 100644 --- a/gcloud/alpha/edge-cloud/networking/routers/add-interface +++ b/gcloud/alpha/edge-cloud/networking/routers/add-interface @@ -6,7 +6,8 @@ SYNOPSIS gcloud alpha edge-cloud networking routers add-interface (ROUTER : --location=LOCATION --zone=ZONE) --interface-name=INTERFACE_NAME - (--subnetwork=SUBNETWORK + (--loopback-ip-addresses=[LOOPBACK_IP_ADDRESSES,...] + | --subnetwork=SUBNETWORK | --interconnect-attachment=INTERCONNECT_ATTACHMENT --ip-address=IP_ADDRESS --ip-mask-length=IP_MASK_LENGTH) [--async] [GCLOUD_WIDE_FLAG ...] @@ -71,6 +72,11 @@ REQUIRED FLAGS Exactly one of these must be specified: + The argument group for adding loopback interfaces to edge router. + + --loopback-ip-addresses=[LOOPBACK_IP_ADDRESSES,...] + The list of ip ranges for the loopback interface. + The argument group for adding southbound interfaces to edge router. --subnetwork=SUBNETWORK diff --git a/gcloud/alpha/functions/deploy b/gcloud/alpha/functions/deploy index 3399451e6..ff7d86466 100644 --- a/gcloud/alpha/functions/deploy +++ b/gcloud/alpha/functions/deploy @@ -138,8 +138,9 @@ FLAGS Allowed values for v1 are: 128MB, 256MB, 512MB, 1024MB, 2048MB, 4096MB, and 8192MB. - Allowed values for v2 are in the format: with allowed - units of "k", "M", "G", "Ki", "Mi", "Gi". Ending 'b' or 'B' is allowed. + Allowed values for GCF 2nd gen are in the format: with + allowed units of "k", "M", "G", "Ki", "Mi", "Gi". Ending 'b' or 'B' is + allowed. Examples: 100000k, 128M, 10Mb, 1024Mi, 750K, 4Gi. @@ -288,9 +289,9 @@ FLAGS The function execution timeout, e.g. 30s for 30 seconds. Defaults to original value for existing function or 60 seconds for new functions. - For GCF first generation functions, cannot be more than 540s. + For GCF 1st gen functions, cannot be more than 540s. - For GCF second generation functions, cannot be more than 3600s. + For GCF 2nd gen functions, cannot be more than 3600s. See $ gcloud topic datetimes for information on duration formats. diff --git a/gcloud/alpha/iap/tcp/dest-groups/create b/gcloud/alpha/iap/tcp/dest-groups/create index 53cc7e487..09e4397ec 100644 --- a/gcloud/alpha/iap/tcp/dest-groups/create +++ b/gcloud/alpha/iap/tcp/dest-groups/create @@ -14,28 +14,29 @@ EXAMPLES To create a DestGroup with name GROUP_NAME, in region REGION in the current project run: - $ gcloud alpha iap tcp dest-groups create DEST_GROUP_NAME \ - --region=REGION + $ gcloud alpha iap tcp dest-groups create GROUP_NAME --region=REGION To create a DestGroup with name GROUP_NAME, in region REGION with ip ranges CIDR1, CIDR2 in the current project run: - $ gcloud alpha iap tcp dest-groups create DEST_GROUP_NAME \ + $ gcloud alpha iap tcp dest-groups create GROUP_NAME \ --region=REGION --ip-range-list=CIDR1,CIDR2 To create a DestGroup with name GROUP_NAME, in region REGION with fqdns FQDN1, FQDN2 in the current project run: - $ gcloud alpha iap tcp dest-groups create DEST_GROUP_NAME \ + $ gcloud alpha iap tcp dest-groups create GROUP_NAME \ --region=REGION --fqdn-list=FQDN1,FQDN2 To create a DestGroup with name GROUP_NAME, in region REGION with fqdns FQDN1, FQDN2 and ip ranges CIDR1,CIDR2 in the project PROJECT_ID run: - $ gcloud alpha iap tcp dest-groups create DEST_GROUP_NAME \ + $ gcloud alpha iap tcp dest-groups create GROUP_NAME \ --region=REGION --fqdn-list=FQDN1,FQDN2 \ --ip-range-list=CIDR1,CIDR2 --project=PROJECT_ID + GROUP_NAME can only contain lower-case letters (a-z) and dashes (-). + POSITIONAL ARGUMENTS GROUP_NAME Name of the Destination Group. diff --git a/gcloud/alpha/network-connectivity/spokes/list b/gcloud/alpha/network-connectivity/spokes/list index 6438c8638..1c3b26970 100644 --- a/gcloud/alpha/network-connectivity/spokes/list +++ b/gcloud/alpha/network-connectivity/spokes/list @@ -15,9 +15,11 @@ EXAMPLES $ gcloud alpha network-connectivity spokes list --region=us-central1 REQUIRED FLAGS - Region resource - The project of the spokes to display. This represents a - Cloud resource. (NOTE) Some attributes are not given arguments in this - group but can be set in other ways. To set the project attribute: + Region resource - A Google Cloud region. Use this flag to filter the list + of spokes to a specific region or to all regions. Use ``-`` to specify all + regions. This represents a Cloud resource. (NOTE) Some attributes are not + given arguments in this group but can be set in other ways. To set the + project attribute: ◆ provide the argument --region on the command line with a fully specified name; ◆ set the property core/project; diff --git a/gcloud/alpha/policy-troubleshoot/iam b/gcloud/alpha/policy-troubleshoot/iam index 95e076b00..03cb8dcb3 100644 --- a/gcloud/alpha/policy-troubleshoot/iam +++ b/gcloud/alpha/policy-troubleshoot/iam @@ -21,8 +21,8 @@ EXAMPLES --principal-email=my-iam-account@somedomain.com \ --permission=resourcemanager.projects.get - See https://cloud.google.com/iam/docs/policies for more information about - IAM policies. + See https://cloud.google.com/iam/help/allow-policies/overview for more + information about IAM policies. To troubleshoot a permission of a principal on a resource with conditional binding, run: @@ -38,8 +38,8 @@ EXAMPLES --destination-ip='192.2.2.2'--destination-port=8080 \ --request-time='2021-01-01T00:00:00Z' - See https://cloud.google.com/iam/docs/policies for more information about - IAM policies. + See https://cloud.google.com/iam/help/allow-policies/overview for more + information about IAM policies. POSITIONAL ARGUMENTS RESOURCE diff --git a/gcloud/alpha/storage/cp b/gcloud/alpha/storage/cp index 5a99378de..06b85e400 100644 --- a/gcloud/alpha/storage/cp +++ b/gcloud/alpha/storage/cp @@ -3,9 +3,8 @@ NAME SYNOPSIS gcloud alpha storage cp SOURCE [SOURCE ...] DESTINATION - [--all-versions, -A] [--cache-control=CACHE_CONTROL] - [--canned-acl=CANNED_ACL, --predefined-acl=CANNED_ACL, -a CANNED_ACL] - [--no-clobber, -n] [--content-disposition=CONTENT_DISPOSITION] + [--all-versions, -A] [--cache-control=CACHE_CONTROL] [--no-clobber, -n] + [--content-disposition=CONTENT_DISPOSITION] [--content-encoding=CONTENT_ENCODING] [--content-language=CONTENT_LANGUAGE] [--content-md5=MD5_DIGEST] [--content-type=CONTENT_TYPE] [--continue-on-error, -c] @@ -16,6 +15,9 @@ SYNOPSIS [--preserve-posix, -P] [--print-created-message, -v] [--recursive, -R, -r] [--skip-unsupported, -U] [--storage-class=STORAGE_CLASS, -s STORAGE_CLASS] + [--canned-acl=PREDEFINED_ACL, + --predefined-acl=PREDEFINED_ACL, -a PREDEFINED_ACL + | --preserve-acl, -p] [--gzip-in-flight=[FILE_EXTENSIONS,...], -j [FILE_EXTENSIONS,...] | --gzip-in-flight-all, -J | --gzip-local=[FILE_EXTENSIONS,...], -z [FILE_EXTENSIONS,...] @@ -66,11 +68,6 @@ FLAGS --cache-control=CACHE_CONTROL How caches should handle requests and responses. - --canned-acl=CANNED_ACL, --predefined-acl=CANNED_ACL, -a CANNED_ACL - Applies predefined, or "canned," ACLs to a copied object. See docs for - a list of predefined ACL constants: - https://cloud.google.com/storage/docs/access-control/lists#predefined-acl - --no-clobber, -n Do not overwrite existing files or objects at the destination. Skipped items will be printed. This option performs an additional GET request @@ -173,6 +170,20 @@ FLAGS the default storage class of the destination bucket is used. This option is not valid for copying to non-cloud destinations. + At most one of these can be specified: + + --canned-acl=PREDEFINED_ACL, --predefined-acl=PREDEFINED_ACL, -a PREDEFINED_ACL + Applies predefined, or "canned," ACLs to a copied object. See docs + for a list of predefined ACL constants: + https://cloud.google.com/storage/docs/access-control/lists#predefined-acl + + --preserve-acl, -p + Preserves ACLs when copying in the cloud. This option is Google Cloud + Storage-only, and you need OWNER access to all copied objects. If all + objects in the destination bucket should have the same ACL, you can + also set a default object ACL on that bucket instead of using this + flag. + At most one of these can be specified: --gzip-in-flight=[FILE_EXTENSIONS,...], -j [FILE_EXTENSIONS,...] diff --git a/gcloud/anthos/config/controller/create b/gcloud/anthos/config/controller/create index 06148eb8a..87ec9ec95 100644 --- a/gcloud/anthos/config/controller/create +++ b/gcloud/anthos/config/controller/create @@ -43,8 +43,9 @@ POSITIONAL ARGUMENTS --location=LOCATION The name of the Config Controller instance location. Currently, only - us-central1, us-east1, northamerica-northeast1, europe-north1, - australia-southeast1, and asia-northeast1 are supported. To set the + us-central1, us-east1, northamerica-northeast1, + northamerica-northeast2, europe-north1, australia-southeast1, + asia-northeast1, and asia-northeast2 are supported. To set the location attribute: ▸ provide the argument name on the command line with a fully specified name; diff --git a/gcloud/anthos/config/controller/delete b/gcloud/anthos/config/controller/delete index 2914bd061..9d9d6bd47 100644 --- a/gcloud/anthos/config/controller/delete +++ b/gcloud/anthos/config/controller/delete @@ -38,8 +38,9 @@ POSITIONAL ARGUMENTS --location=LOCATION The name of the Anthos Config Controller instance location. Currently, only us-central1, us-east1, northamerica-northeast1, - europe-north1, australia-southeast1 and asia-northeast1 are - supported. To set the location attribute: + northamerica-northeast2, europe-north1, australia-southeast1, + asia-northeast1 and asia-northeast2 are supported. To set the + location attribute: ▸ provide the argument name on the command line with a fully specified name; ▸ provide the argument --location on the command line. diff --git a/gcloud/anthos/config/controller/describe b/gcloud/anthos/config/controller/describe index fd7302a67..dda0d7b50 100644 --- a/gcloud/anthos/config/controller/describe +++ b/gcloud/anthos/config/controller/describe @@ -40,8 +40,9 @@ POSITIONAL ARGUMENTS --location=LOCATION The name of the Anthos Config Controller instance location. Currently, only us-central1, us-east1, northamerica-northeast1, - europe-north1, australia-southeast1 and asia-northeast1 are - supported. To set the location attribute: + northamerica-northeast2, europe-north1, australia-southeast1, + asia-northeast1 and asia-northeast2 are supported. To set the + location attribute: ▸ provide the argument name on the command line with a fully specified name; ▸ provide the argument --location on the command line. diff --git a/gcloud/anthos/config/operations/describe b/gcloud/anthos/config/operations/describe index 4e22a493f..65e1003c9 100644 --- a/gcloud/anthos/config/operations/describe +++ b/gcloud/anthos/config/operations/describe @@ -40,8 +40,9 @@ POSITIONAL ARGUMENTS --location=LOCATION The name of the Anthos Config Controller instance location. Currently, only us-central1, us-east1, northamerica-northeast1, - europe-north1, australia-southeast1 and asia-northeast1 are - supported. To set the location attribute: + northamerica-northeast2, europe-north1, australia-southeast1, + asia-northeast1 and asia-northeast2 are supported. To set the + location attribute: ▸ provide the argument operation on the command line with a fully specified name; ▸ provide the argument --location on the command line. diff --git a/gcloud/asset/search-all-iam-policies b/gcloud/asset/search-all-iam-policies index 55f95b8db..9f8b89b25 100644 --- a/gcloud/asset/search-all-iam-policies +++ b/gcloud/asset/search-all-iam-policies @@ -16,8 +16,8 @@ DESCRIPTION Note: The query is compared against each IAM policy binding, including its principals, roles and conditions. The returned IAM policies, will only contain the bindings that match your query. To learn more about the IAM - policy structure, see IAM policy doc - (https://cloud.google.com/iam/docs/policies#structure). + policy structure, see the IAM policy documentation + (https://cloud.google.com/iam/help/allow-policies/structure). EXAMPLES To search all the IAM policies that specify amy@mycompany.com within @@ -79,8 +79,8 @@ FLAGS compared against each Cloud IAM policy binding, including its principals, roles, and Cloud IAM conditions. The returned Cloud IAM policies will only contain the bindings that match your query. To learn - more about the IAM policy structure, see IAM policy doc - (https://cloud.google.com/iam/docs/policies#structure). + more about the IAM policy structure, see the IAM policy documentation + (https://cloud.google.com/iam/help/allow-policies/structure). Examples: diff --git a/gcloud/auth/application-default/login b/gcloud/auth/application-default/login index 56a7b021f..02a6ccb6c 100644 --- a/gcloud/auth/application-default/login +++ b/gcloud/auth/application-default/login @@ -104,7 +104,8 @@ FLAGS --scopes=SCOPES,[SCOPES,...] The names of the scopes to authorize for. By default openid, https://www.googleapis.com/auth/userinfo.email, - https://www.googleapis.com/auth/cloud-platform scopes are used. The + https://www.googleapis.com/auth/cloud-platform, + https://www.googleapis.com/auth/sqlservice.login scopes are used. The list of possible scopes can be found at: https://developers.google.com/identity/protocols/googlescopes. diff --git a/gcloud/auth/application-default/print-access-token b/gcloud/auth/application-default/print-access-token index 46f27cc5c..1f50c7ebf 100644 --- a/gcloud/auth/application-default/print-access-token +++ b/gcloud/auth/application-default/print-access-token @@ -49,7 +49,8 @@ FLAGS For end-user accounts, the provided scopes must be from [openid, https://www.googleapis.com/auth/userinfo.email, - https://www.googleapis.com/auth/cloud-platform], or the scopes + https://www.googleapis.com/auth/cloud-platform, + https://www.googleapis.com/auth/sqlservice.login], or the scopes previously specified through gcloud auth application-default login --scopes. diff --git a/gcloud/auth/revoke b/gcloud/auth/revoke index ed57b9e81..0ecfbfb1c 100644 --- a/gcloud/auth/revoke +++ b/gcloud/auth/revoke @@ -15,7 +15,10 @@ DESCRIPTION When given a service account, this command does not revoke the service account token on the server because service account tokens are not revocable. Instead, it will print a warning and remove the credential from - the local machine. + the local machine. When used with a service account, this command has only + a local effect and the key associated with the service account is not + deleted. This can be done by executing gcloud iam service-accounts keys + delete after revoke. When given an external account (workload identity pool), whether impersonated or not, the command does not revoke the corresponding token on diff --git a/gcloud/beta/alloydb/backups/list b/gcloud/beta/alloydb/backups/list index 6650ccbf7..97eb5af4e 100644 --- a/gcloud/beta/alloydb/backups/list +++ b/gcloud/beta/alloydb/backups/list @@ -15,6 +15,12 @@ EXAMPLES $ gcloud beta alloydb backups list --region=us-central1 + Use the --format flag to customize the fields that are outputted. For + example, to list backups with their names and sizes, run: + + $ gcloud beta alloydb backups list --region=us-central1 \ + --format="table(name, size_bytes)" + FLAGS --region=REGION; default="-" Regional location (e.g. asia-east1, us-east1). See the full list of diff --git a/gcloud/beta/apigee/help b/gcloud/beta/apigee/help index a79c56646..72e5a4c37 100644 --- a/gcloud/beta/apigee/help +++ b/gcloud/beta/apigee/help @@ -53,6 +53,9 @@ GROUPS environments (BETA) Manage Apigee environments. + operations + (BETA) Manage Apigee long running operations. + organizations (BETA) Manage Apigee organizations. diff --git a/gcloud/beta/apigee/operations/describe b/gcloud/beta/apigee/operations/describe new file mode 100644 index 000000000..67b70777a --- /dev/null +++ b/gcloud/beta/apigee/operations/describe @@ -0,0 +1,66 @@ +NAME + gcloud beta apigee operations describe - describe an Apigee long running + operation + +SYNOPSIS + gcloud beta apigee operations describe + (OPERATION : --organization=ORGANIZATION) [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Describe an Apigee long running operation. + +EXAMPLES + To describe an operation with UUID e267d2c8-04f4-0000-b890-a241de823b0e + given that its matching Cloud Platform project has been set in gcloud + settings, run: + + $ gcloud beta apigee operations describe \ + e267d2c8-04f4-0000-b890-a241de823b0e + + To describe an operation with UUID e267d2c8-04f4-0000-b890-a241de823b0e + within an organization named my-org, formatted as JSON, run: + + $ gcloud beta apigee operations describe \ + e267d2c8-04f4-0000-b890-a241de823b0e --organization=my-org \ + --format=json + +POSITIONAL ARGUMENTS + Operation resource - Operation to be described. To get a list of available + operations, run {parent_command} list. The arguments in this group can be + used to specify the attributes of this resource. + + This must be specified. + + OPERATION + ID of the operation or fully qualified identifier for the operation. + To set the operation attribute: + ▸ provide the argument OPERATION on the command line. + + This positional must be specified if any of the other arguments in + this group are specified. + + --organization=ORGANIZATION + Apigee organization containing the operation. If unspecified, the + Cloud Platform project's associated organization will be used. To set + the organization attribute: + ▸ provide the argument OPERATION on the command line with a fully + specified name; + ▸ provide the argument --organization on the command line; + ▸ set the property [project] or provide the argument [--project] on + the command line, using a Cloud Platform project with an associated + Apigee organization. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. This + variant is also available: + + $ gcloud alpha apigee operations describe + diff --git a/gcloud/beta/apigee/operations/help b/gcloud/beta/apigee/operations/help new file mode 100644 index 000000000..24211c3c9 --- /dev/null +++ b/gcloud/beta/apigee/operations/help @@ -0,0 +1,29 @@ +NAME + gcloud beta apigee operations - manage Apigee long running operations + +SYNOPSIS + gcloud beta apigee operations COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Manage Apigee long running operations. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + (BETA) Describe an Apigee long running operation. + + list + (BETA) List Apigee long running operations. + +NOTES + This command is currently in beta and might change without notice. This + variant is also available: + + $ gcloud alpha apigee operations + diff --git a/gcloud/beta/apigee/operations/list b/gcloud/beta/apigee/operations/list new file mode 100644 index 000000000..afb8d48e9 --- /dev/null +++ b/gcloud/beta/apigee/operations/list @@ -0,0 +1,81 @@ +NAME + gcloud beta apigee operations list - list Apigee long running operations + +SYNOPSIS + gcloud beta apigee operations list [--organization=ORGANIZATION] + [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] + [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) List Apigee long running operations. + +EXAMPLES + To list all operations for the active Cloud Platform project, run: + + $ gcloud beta apigee operations list + + To list all in-progress operations in an Apigee organization called my-org, + formatted as a JSON array, run: + + $ gcloud beta apigee operations list --organization=my-org \ + --filter="metadata.state=IN_PROGRESS" --format=json + +FLAGS + Organization resource - Organization whose operations should be listed. If + unspecified, the Cloud Platform project's associated organization will be + used. This represents a Cloud resource. + + --organization=ORGANIZATION + ID of the organization or fully qualified identifier for the + organization. To set the organization attribute: + ▸ provide the argument --organization on the command line; + ▸ set the property [project] or provide the argument [--project] on + the command line, using a Cloud Platform project with an associated + Apigee organization. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. This + variant is also available: + + $ gcloud alpha apigee operations list + diff --git a/gcloud/beta/asset/search-all-iam-policies b/gcloud/beta/asset/search-all-iam-policies index f97671f9e..d8b7f23f4 100644 --- a/gcloud/beta/asset/search-all-iam-policies +++ b/gcloud/beta/asset/search-all-iam-policies @@ -16,8 +16,8 @@ DESCRIPTION Note: The query is compared against each IAM policy binding, including its principals, roles and conditions. The returned IAM policies, will only contain the bindings that match your query. To learn more about the IAM - policy structure, see IAM policy doc - (https://cloud.google.com/iam/docs/policies#structure). + policy structure, see the IAM policy documentation + (https://cloud.google.com/iam/help/allow-policies/structure). EXAMPLES To search all the IAM policies that specify amy@mycompany.com within @@ -38,8 +38,8 @@ FLAGS compared against each Cloud IAM policy binding, including its principals, roles, and Cloud IAM conditions. The returned Cloud IAM policies will only contain the bindings that match your query. To learn - more about the IAM policy structure, see IAM policy doc - (https://cloud.google.com/iam/docs/policies#structure). + more about the IAM policy structure, see the IAM policy documentation + (https://cloud.google.com/iam/help/allow-policies/structure). Examples: diff --git a/gcloud/beta/auth/application-default/login b/gcloud/beta/auth/application-default/login index 4e4eb89f6..8c8468759 100644 --- a/gcloud/beta/auth/application-default/login +++ b/gcloud/beta/auth/application-default/login @@ -104,7 +104,8 @@ FLAGS --scopes=SCOPES,[SCOPES,...] The names of the scopes to authorize for. By default openid, https://www.googleapis.com/auth/userinfo.email, - https://www.googleapis.com/auth/cloud-platform scopes are used. The + https://www.googleapis.com/auth/cloud-platform, + https://www.googleapis.com/auth/sqlservice.login scopes are used. The list of possible scopes can be found at: https://developers.google.com/identity/protocols/googlescopes. diff --git a/gcloud/beta/auth/application-default/print-access-token b/gcloud/beta/auth/application-default/print-access-token index 106cdb853..ff7d88353 100644 --- a/gcloud/beta/auth/application-default/print-access-token +++ b/gcloud/beta/auth/application-default/print-access-token @@ -49,7 +49,8 @@ FLAGS For end-user accounts, the provided scopes must be from [openid, https://www.googleapis.com/auth/userinfo.email, - https://www.googleapis.com/auth/cloud-platform], or the scopes + https://www.googleapis.com/auth/cloud-platform, + https://www.googleapis.com/auth/sqlservice.login], or the scopes previously specified through gcloud auth application-default login --scopes. diff --git a/gcloud/beta/auth/revoke b/gcloud/beta/auth/revoke index 84aece7fa..b89462192 100644 --- a/gcloud/beta/auth/revoke +++ b/gcloud/beta/auth/revoke @@ -15,7 +15,10 @@ DESCRIPTION When given a service account, this command does not revoke the service account token on the server because service account tokens are not revocable. Instead, it will print a warning and remove the credential from - the local machine. + the local machine. When used with a service account, this command has only + a local effect and the key associated with the service account is not + deleted. This can be done by executing gcloud iam service-accounts keys + delete after revoke. When given an external account (workload identity pool), whether impersonated or not, the command does not revoke the corresponding token on diff --git a/gcloud/beta/compute/help b/gcloud/beta/compute/help index 798bbfff4..16390ee89 100644 --- a/gcloud/beta/compute/help +++ b/gcloud/beta/compute/help @@ -96,6 +96,9 @@ GROUPS network-endpoint-groups (BETA) Read and manipulate Compute Engine network endpoint groups. + network-firewall-policies + (BETA) Manage Compute Engine network firewall policies. + networks (BETA) List, create, and delete Compute Engine networks. diff --git a/gcloud/beta/compute/images/export b/gcloud/beta/compute/images/export index 9613c8e7e..605a3c380 100644 --- a/gcloud/beta/compute/images/export +++ b/gcloud/beta/compute/images/export @@ -19,6 +19,11 @@ DESCRIPTION The --export-format flag exports the image to a format supported by QEMU using qemu-img. Valid formats include vmdk, vhdx, vpc, vdi, and qcow2. + Before exporting an image, set up access to Cloud Storage and grant + required roles to the user accounts and service accounts. For more + information, see + https://cloud.google.com/compute/docs/import/requirements-export-import-images. + EXAMPLES To export a VMDK file my-image from a project my-project to a Cloud Storage bucket my-bucket, run: diff --git a/gcloud/beta/compute/network-firewall-policies/associations/create b/gcloud/beta/compute/network-firewall-policies/associations/create new file mode 100644 index 000000000..d9eee9461 --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/associations/create @@ -0,0 +1,74 @@ +NAME + gcloud beta compute network-firewall-policies associations create - create + a new association between a firewall policy and a network + +SYNOPSIS + gcloud beta compute network-firewall-policies associations create + --firewall-policy=FIREWALL_POLICY --network=NETWORK [--name=NAME] + [--replace-association-on-target] + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies associations create is + used to create network firewall policy associations. A network firewall + policy is a set of rules that controls access to various resources. + +EXAMPLES + To associate a global network firewall policy with name my-policy to + network my-network with an association named my-association, run: + + $ gcloud beta compute network-firewall-policies associations \ + create --firewall-policy=my-policy --network=my-network \ + --name=my-association --global-firewall-policy + + To associate a network firewall policy with name my-region-policy in region + region-a to network my-network with an association named my-association, + run: + + $ gcloud beta compute network-firewall-policies associations \ + create --firewall-policy=my-policy --network=my-network \ + --name=my-association --firewall-policy-region=region-a + +REQUIRED FLAGS + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to create association. + + --network=NETWORK + Name of the network with which the association is created. + +OPTIONAL FLAGS + --name=NAME + Name of the association. + + --replace-association-on-target + By default, if you attempt to insert an association to a network that + is already associated with a firewall policy the method will fail. If + this is set, the existing association will be deleted at the same time + that the new association is created. + + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to create. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies associations create + + $ gcloud alpha compute network-firewall-policies associations create + diff --git a/gcloud/beta/compute/network-firewall-policies/associations/delete b/gcloud/beta/compute/network-firewall-policies/associations/delete new file mode 100644 index 000000000..83325a393 --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/associations/delete @@ -0,0 +1,64 @@ +NAME + gcloud beta compute network-firewall-policies associations delete - delete + a new association between a firewall policy and an network or folder + resource + +SYNOPSIS + gcloud beta compute network-firewall-policies associations delete + --firewall-policy=FIREWALL_POLICY --name=NAME + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies associations delete is + used to delete network firewall policy associations. An network firewall + policy is a set of rules that controls access to various resources. + +EXAMPLES + To delete an association from a global network firewall policy with NAME + my-policy and association name my-association, run: + + $ gcloud beta compute network-firewall-policies associations \ + delete --firewall-policy=my-policy --name=my-association \ + --global-firewall-policy + + To delete an association from a regional network firewall policy with NAME + my-policy in region region-a and association name my-association, run: + + $ gcloud beta compute network-firewall-policies associations \ + delete --firewall-policy=my-policy --name=my-association \ + --firewall-policy-region=region-a + +REQUIRED FLAGS + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to delete association. + + --name=NAME + Name of the association to delete. + +OPTIONAL FLAGS + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to delete. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies associations delete + + $ gcloud alpha compute network-firewall-policies associations delete + diff --git a/gcloud/beta/compute/network-firewall-policies/associations/help b/gcloud/beta/compute/network-firewall-policies/associations/help new file mode 100644 index 000000000..0bfff043e --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/associations/help @@ -0,0 +1,36 @@ +NAME + gcloud beta compute network-firewall-policies associations - read and + manipulate Compute Engine network firewall policy associations + +SYNOPSIS + gcloud beta compute network-firewall-policies associations COMMAND + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Read and manipulate Compute Engine network firewall policy + associations. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + create + (BETA) Create a new association between a firewall policy and a + network. + + delete + (BETA) Delete a new association between a firewall policy and an + network or folder resource. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies associations + + $ gcloud alpha compute network-firewall-policies associations + diff --git a/gcloud/beta/compute/network-firewall-policies/clone-rules b/gcloud/beta/compute/network-firewall-policies/clone-rules new file mode 100644 index 000000000..c7c4d408c --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/clone-rules @@ -0,0 +1,64 @@ +NAME + gcloud beta compute network-firewall-policies clone-rules - replace the + rules of a Compute Engine network firewall policy with rules from + another policy + +SYNOPSIS + gcloud beta compute network-firewall-policies clone-rules FIREWALL_POLICY + --source-firewall-policy=SOURCE_FIREWALL_POLICY + [--global | --region=REGION] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies clone-rules is used to + replace the rules of network firewall policies. A network firewall policy + is a set of rules that controls access to various resources. + +EXAMPLES + To clone the rules of a global network firewall policy with NAME my-policy, + from another network firewall policy with NAME source-policy, run: + + $ gcloud beta compute network-firewall-policies clone-rules \ + my-policy --source-firewall-policy=source-policy --global + + To clone the rules of a region network firewall policy with NAME + my-region-policy, in region region-a, from another network firewall policy + with NAME source-policy, run: + + $ gcloud beta compute network-firewall-policies clone-rules \ + my-region-policy --source-firewall-policy=source-policy \ + --region=region-a + +POSITIONAL ARGUMENTS + FIREWALL_POLICY + name of the network firewall policy to clone the rules to. + +REQUIRED FLAGS + --source-firewall-policy=SOURCE_FIREWALL_POLICY + Name of the source network firewall policy to copy the rules from. + +OPTIONAL FLAGS + At most one of these can be specified: + + --global + If set, the firewall policy is global. + + --region=REGION + Region of the firewall policy to clone-rules. Overrides the default + compute/region property value for this command invocation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies clone-rules + + $ gcloud alpha compute network-firewall-policies clone-rules + diff --git a/gcloud/beta/compute/network-firewall-policies/create b/gcloud/beta/compute/network-firewall-policies/create new file mode 100644 index 000000000..a0552a4ad --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/create @@ -0,0 +1,60 @@ +NAME + gcloud beta compute network-firewall-policies create - create a Compute + Engine Network firewall policy + +SYNOPSIS + gcloud beta compute network-firewall-policies create FIREWALL_POLICY + [--description=DESCRIPTION] [--global | --region=REGION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies create is used to + create network firewall policies. A network firewall policy is a set of + rules that controls access to various resources. + +EXAMPLES + To create a global network firewall policy named my-policy under project + with ID test-project, run: + + $ gcloud beta compute network-firewall-policies create my-policy \ + --project=test-project --global + + To create a regional network firewall policy named my-region-policy under + project with ID test-project, in region my-region, run: + + $ gcloud beta compute network-firewall-policies create \ + my-region-policy --project=test-project --region=my-region + +POSITIONAL ARGUMENTS + FIREWALL_POLICY + name of the network firewall policy to create. + +FLAGS + --description=DESCRIPTION + An optional, textual description for the network firewall policy. + + At most one of these can be specified: + + --global + If set, the firewall policy is global. + + --region=REGION + Region of the firewall policy to create. Overrides the default + compute/region property value for this command invocation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies create + + $ gcloud alpha compute network-firewall-policies create + diff --git a/gcloud/beta/compute/network-firewall-policies/delete b/gcloud/beta/compute/network-firewall-policies/delete new file mode 100644 index 000000000..b5de98212 --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/delete @@ -0,0 +1,55 @@ +NAME + gcloud beta compute network-firewall-policies delete - delete a Compute + Engine network firewall policy + +SYNOPSIS + gcloud beta compute network-firewall-policies delete FIREWALL_POLICY + [--global | --region=REGION] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies delete is used to + delete network firewall policies. A network firewall policy is a set of + rules that controls access to various resources. + +EXAMPLES + To delete a global network firewall policy with name my-policy, run: + + $ gcloud beta compute network-firewall-policies delete my-policy \ + --global + + To delete a regional network firewall policy with name my-policy, in region + my-region, run: + + $ gcloud beta compute network-firewall-policies delete my-policy \ + --region=my-region + +POSITIONAL ARGUMENTS + FIREWALL_POLICY + name of the network firewall policy to delete. + +FLAGS + At most one of these can be specified: + + --global + If set, the firewall policy is global. + + --region=REGION + Region of the firewall policy to delete. Overrides the default + compute/region property value for this command invocation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies delete + + $ gcloud alpha compute network-firewall-policies delete + diff --git a/gcloud/beta/compute/network-firewall-policies/describe b/gcloud/beta/compute/network-firewall-policies/describe new file mode 100644 index 000000000..bcacb29da --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/describe @@ -0,0 +1,55 @@ +NAME + gcloud beta compute network-firewall-policies describe - describe a Compute + Engine network firewall policy + +SYNOPSIS + gcloud beta compute network-firewall-policies describe FIREWALL_POLICY + [--global | --region=REGION] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies describe is used to + describe network firewall policies. A network firewall policy is a set of + rules that controls access to various resources. + +EXAMPLES + To describe a global network firewall policy with name my-policy, run: + + $ gcloud beta compute network-firewall-policies describe my-policy \ + --global + + To describe a regional network firewall policy with name my-policy, in + region my-region, run: + + $ gcloud beta compute network-firewall-policies describe my-policy \ + --region=my-region + +POSITIONAL ARGUMENTS + FIREWALL_POLICY + name of the network firewall policy to get. + +FLAGS + At most one of these can be specified: + + --global + If set, the firewall policy is global. + + --region=REGION + Region of the firewall policy to get. Overrides the default + compute/region property value for this command invocation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies describe + + $ gcloud alpha compute network-firewall-policies describe + diff --git a/gcloud/beta/compute/network-firewall-policies/get-effective-firewalls b/gcloud/beta/compute/network-firewall-policies/get-effective-firewalls new file mode 100644 index 000000000..fad7dd0a3 --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/get-effective-firewalls @@ -0,0 +1,107 @@ +NAME + gcloud beta compute network-firewall-policies get-effective-firewalls - get + the effective firewalls for a network + +SYNOPSIS + gcloud beta compute network-firewall-policies get-effective-firewalls + --network=NETWORK [--region=REGION] [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies + get-effective-firewalls is used to get the effective firewalls applied to + the network, including regional firewalls in a specified region. + +EXAMPLES + To get the effective firewalls of network with name example-network, + including effective regional firewalls for that network, in region + region-a, run: + + $ gcloud beta compute network-firewall-policies \ + get-effective-firewalls --network=example-network \ + --region=region-a + + To show all fields of the firewall rules, please show in JSON format with + option --format=json + + To list more the fields of the rules of network example-network in table + format, run: + + $ gcloud beta compute network-firewall-policies \ + get-effective-firewalls --network=example-network \ + --region=region-a --format="table( + type, + firewall_policy_name, + priority, + action, + direction, + ip_ranges.list():label=IP_RANGES, + target_svc_acct, + enableLogging, + description, + name, + disabled, + target_tags, + src_svc_acct, + src_tags, + ruleTupleCount, + targetResources:label=TARGET_RESOURCES)" + +REQUIRED FLAGS + --network=NETWORK + The network to get the effective firewalls for. + +FLAGS + --region=REGION + The region to get the effective regional firewalls. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies get-effective-firewalls + + $ gcloud alpha compute network-firewall-policies \ + get-effective-firewalls + diff --git a/gcloud/beta/compute/network-firewall-policies/help b/gcloud/beta/compute/network-firewall-policies/help new file mode 100644 index 000000000..330c9557a --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/help @@ -0,0 +1,61 @@ +NAME + gcloud beta compute network-firewall-policies - manage Compute Engine + network firewall policies + +SYNOPSIS + gcloud beta compute network-firewall-policies GROUP | COMMAND + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Manage Compute Engine network firewall policies. Network firewall + policies are used to control incoming/outgoing traffic. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +GROUPS + GROUP is one of the following: + + associations + (BETA) Read and manipulate Compute Engine network firewall policy + associations. + + rules + (BETA) Read and manipulate Compute Engine network firewall policy + rules. + +COMMANDS + COMMAND is one of the following: + + clone-rules + (BETA) Replace the rules of a Compute Engine network firewall policy + with rules from another policy. + + create + (BETA) Create a Compute Engine Network firewall policy. + + delete + (BETA) Delete a Compute Engine network firewall policy. + + describe + (BETA) Describe a Compute Engine network firewall policy. + + get-effective-firewalls + (BETA) Get the effective firewalls for a network. + + list + (BETA) List Compute Engine network firewall policies. + + update + (BETA) Update a Compute Engine network firewall policy. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies + + $ gcloud alpha compute network-firewall-policies + diff --git a/gcloud/beta/compute/network-firewall-policies/list b/gcloud/beta/compute/network-firewall-policies/list new file mode 100644 index 000000000..d6f28a3ba --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/list @@ -0,0 +1,106 @@ +NAME + gcloud beta compute network-firewall-policies list - list Compute Engine + network firewall policies + +SYNOPSIS + gcloud beta compute network-firewall-policies list [NAME ...] + [--regexp=REGEXP, -r REGEXP] [--global | --regions=[REGION,...]] + [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] + [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies list is used to list + network firewall policies. A network firewall policy is a set of rules that + controls access to various resources. + +EXAMPLES + To list global network firewall policies under project my-project, run: + + $ gcloud beta compute network-firewall-policies list \ + --project=my-project --global + + To list regional network firewall policies under project my-project, + specify a list of regions with --regions: + + $ gcloud beta compute network-firewall-policies list \ + --project=my-project --regions="region-a, region-b" + + To list all global and regional network firewall policies under project + my-project, omit --global and --regions: + + $ gcloud beta compute network-firewall-policies list \ + --project=my-project + +POSITIONAL ARGUMENTS + [NAME ...] + (DEPRECATED) If provided, show details for the specified names and/or + URIs of resources. + + Argument NAME is deprecated. Use --filter="name=( 'NAME' ... )" + instead. + +FLAGS + --regexp=REGEXP, -r REGEXP + (DEPRECATED) Regular expression to filter the names of the results on. + Any names that do not match the entire regular expression will be + filtered out. + + Flag --regexp is deprecated. Use --filter="name~'REGEXP'" instead. + + At most one of these can be specified: + + --global + If provided, only global resources are shown. + + --regions=[REGION,...] + If provided, only regional resources are shown. If arguments are + provided, only resources from the given regions are shown. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies list + + $ gcloud alpha compute network-firewall-policies list + diff --git a/gcloud/beta/compute/network-firewall-policies/rules/create b/gcloud/beta/compute/network-firewall-policies/rules/create new file mode 100644 index 000000000..e2ec5575f --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/rules/create @@ -0,0 +1,128 @@ +NAME + gcloud beta compute network-firewall-policies rules create - creates a + Compute Engine network firewall policy rule + +SYNOPSIS + gcloud beta compute network-firewall-policies rules create PRIORITY + --action=ACTION --firewall-policy=FIREWALL_POLICY + [--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,...]] + [--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging] + [--layer4-configs=[LAYER4_CONFIG,...]] + [--src-ip-ranges=[SRC_IP_RANGE,...]] + [--src-secure-tags=[SOURCE_SECURE_TAGS,...]] + [--target-secure-tags=[TARGET_SECURE_TAGS,...]] + [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies rules create is used + to create network firewall policy rules. + +EXAMPLES + To create a rule with priority 10 in a global network firewall policy with + name my-policy and description example rule, run: + + $ gcloud beta compute network-firewall-policies rules create 10 \ + --firewall-policy=my-policy --action=allow \ + --description="example rule" --global-firewall-policy + + To create a rule with priority 10 in a regional network firewall policy + with name my-region-policy and description example rule, in region + region-a, run: + + $ gcloud beta compute network-firewall-policies rules create 10 \ + --firewall-policy=my-policy --action=allow \ + --description="example rule" + +POSITIONAL ARGUMENTS + PRIORITY + Priority of the rule to be inserted. Valid in [0, 65535]. + +REQUIRED FLAGS + --action=ACTION + Action to take if the request matches the match condition. ACTION must + be one of: allow, deny, goto_next. + + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to create rule. + +OPTIONAL FLAGS + --description=DESCRIPTION + An optional, textual description for the rule. + + --dest-ip-ranges=[DEST_IP_RANGE,...] + Destination IP ranges to match for this rule. Can only be specified if + DIRECTION is egress. + + --direction=DIRECTION + Direction of the traffic the rule is applied. The default is to apply + on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS. + + --[no-]disabled + Use this flag to disable the rule. Disabled rules will not affect + traffic. Use --disabled to enable and --no-disabled to disable. + + --[no-]enable-logging + Use this flag to enable logging of connections that allowed or denied + by this rule. Use --enable-logging to enable and --no-enable-logging to + disable. + + --layer4-configs=[LAYER4_CONFIG,...] + A list of destination protocols and ports to which the firewall rule + will apply. + + --src-ip-ranges=[SRC_IP_RANGE,...] + A list of IP address blocks that are allowed to make inbound + connections that match the firewall rule to the instances on the + network. The IP address blocks must be specified in CIDR format: + http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing.Either + --src-ip-ranges or --src-secure-tags must be specified for INGRESS + traffic. If both --src-ip-ranges and --src-secure-tags are specified, + the rule matches if either the range of the source matches + --src-ip-ranges or the secure tag of the source matches + --src-secure-tags.Multiple IP address blocks can be specified if they + are separated by commas. + + --src-secure-tags=[SOURCE_SECURE_TAGS,...] + A list of instance secure tags indicating the set of instances on the + network to which the rule applies if all other fields match. Either + --src-ip-ranges or --src-secure-tags must be specified for ingress + traffic. If both --src-ip-ranges and --src-secure-tags are specified, + an inbound connection is allowed if either the range of the source + matches --src-ip-ranges or the tag of the source matches + --src-secure-tags. Secure Tags can be assigned to instances during + instance creation. + + --target-secure-tags=[TARGET_SECURE_TAGS,...] + An optional, list of target secure tags with a name of the format + tagValues/ or full namespaced name + + --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...] + List of target service accounts for the rule. + + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to create. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies rules create + + $ gcloud alpha compute network-firewall-policies rules create + diff --git a/gcloud/beta/compute/network-firewall-policies/rules/delete b/gcloud/beta/compute/network-firewall-policies/rules/delete new file mode 100644 index 000000000..fe6dbb05f --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/rules/delete @@ -0,0 +1,61 @@ +NAME + gcloud beta compute network-firewall-policies rules delete - deletes a + Compute Engine network firewall policy rule + +SYNOPSIS + gcloud beta compute network-firewall-policies rules delete PRIORITY + --firewall-policy=FIREWALL_POLICY + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies rules delete is used + to delete network firewall policy rules. + +EXAMPLES + To delete a rule with priority 10 in a global network firewall policy with + name my-policy, run: + + $ gcloud beta compute network-firewall-policies rules delete 10 \ + --firewall-policy=my-policy --global-firewall-policy + + To delete a rule with priority 10 in a regional network firewall policy + with name my-policy, in region region-a, run: + + $ gcloud beta compute network-firewall-policies rules delete 10 \ + --firewall-policy=my-policy --firewall-policy-region=region-a + +POSITIONAL ARGUMENTS + PRIORITY + Priority of the rule to be deleted. Valid in [0, 65535]. + +REQUIRED FLAGS + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to delete rule. + +OPTIONAL FLAGS + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to delete. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies rules delete + + $ gcloud alpha compute network-firewall-policies rules delete + diff --git a/gcloud/beta/compute/network-firewall-policies/rules/describe b/gcloud/beta/compute/network-firewall-policies/rules/describe new file mode 100644 index 000000000..3c10d8122 --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/rules/describe @@ -0,0 +1,61 @@ +NAME + gcloud beta compute network-firewall-policies rules describe - describes a + Compute Engine network firewall policy rule + +SYNOPSIS + gcloud beta compute network-firewall-policies rules describe PRIORITY + --firewall-policy=FIREWALL_POLICY + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies rules describe is used + to describe network firewall policy rules. + +EXAMPLES + To describe a rule with priority 10 in a global network firewall policy + with name my-policy, run: + + $ gcloud beta compute network-firewall-policies rules describe 10 \ + --firewall-policy=my-policy --global-firewall-policy + + To describe a rule with priority 10 in a regional network firewall policy + with name my-policy, in region region-a, run: + + $ gcloud beta compute network-firewall-policies rules describe 10 \ + --firewall-policy=my-policy --firewall-policy-region=region-a + +POSITIONAL ARGUMENTS + PRIORITY + Priority of the rule to be described. Valid in [0, 65535]. + +REQUIRED FLAGS + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to describe rule. + +OPTIONAL FLAGS + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to operate on. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies rules describe + + $ gcloud alpha compute network-firewall-policies rules describe + diff --git a/gcloud/beta/compute/network-firewall-policies/rules/help b/gcloud/beta/compute/network-firewall-policies/rules/help new file mode 100644 index 000000000..6c160ad2c --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/rules/help @@ -0,0 +1,39 @@ +NAME + gcloud beta compute network-firewall-policies rules - read and manipulate + Compute Engine network firewall policy rules + +SYNOPSIS + gcloud beta compute network-firewall-policies rules COMMAND + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Read and manipulate Compute Engine network firewall policy rules. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + create + (BETA) Creates a Compute Engine network firewall policy rule. + + delete + (BETA) Deletes a Compute Engine network firewall policy rule. + + describe + (BETA) Describes a Compute Engine network firewall policy rule. + + update + (BETA) Updates a Compute Engine network firewall policy rule. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies rules + + $ gcloud alpha compute network-firewall-policies rules + diff --git a/gcloud/beta/compute/network-firewall-policies/rules/update b/gcloud/beta/compute/network-firewall-policies/rules/update new file mode 100644 index 000000000..7ab51601c --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/rules/update @@ -0,0 +1,124 @@ +NAME + gcloud beta compute network-firewall-policies rules update - updates a + Compute Engine network firewall policy rule + +SYNOPSIS + gcloud beta compute network-firewall-policies rules update PRIORITY + --firewall-policy=FIREWALL_POLICY [--action=ACTION] + [--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,...]] + [--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging] + [--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY] + [--src-ip-ranges=[SRC_IP_RANGE,...]] + [--src-secure-tags=[SOURCE_SECURE_TAGS,...]] + [--target-secure-tags=[TARGET_SECURE_TAGS,...]] + [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies rules update is used + to update network firewall policy rules. + +EXAMPLES + To update a rule with priority 10 in a global network firewall policy with + name my-policy to change the action to allow and description to new example + rule, run: + + $ gcloud beta compute network-firewall-policies rules update 10 \ + --firewall-policy=my-policy --action=allow \ + --description="new example rule" + +POSITIONAL ARGUMENTS + PRIORITY + Priority of the rule to be updated. Valid in [0, 65535]. + +REQUIRED FLAGS + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to update rule. + +OPTIONAL FLAGS + --action=ACTION + Action to take if the request matches the match condition. ACTION must + be one of: allow, deny, goto_next. + + --description=DESCRIPTION + An optional, textual description for the rule. + + --dest-ip-ranges=[DEST_IP_RANGE,...] + Destination IP ranges to match for this rule. Can only be specified if + DIRECTION is egress. + + --direction=DIRECTION + Direction of the traffic the rule is applied. The default is to apply + on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS. + + --[no-]disabled + Use this flag to disable the rule. Disabled rules will not affect + traffic. Use --disabled to enable and --no-disabled to disable. + + --[no-]enable-logging + Use this flag to enable logging of connections that allowed or denied + by this rule. Use --enable-logging to enable and --no-enable-logging to + disable. + + --layer4-configs=[LAYER4_CONFIG,...] + A list of destination protocols and ports to which the firewall rule + will apply. + + --new-priority=NEW_PRIORITY + New priority for the rule to update. Valid in [0, 65535]. + + --src-ip-ranges=[SRC_IP_RANGE,...] + A list of IP address blocks that are allowed to make inbound + connections that match the firewall rule to the instances on the + network. The IP address blocks must be specified in CIDR format: + http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing.Either + --src-ip-ranges or --src-secure-tags must be specified for INGRESS + traffic. If both --src-ip-ranges and --src-secure-tags are specified, + the rule matches if either the range of the source matches + --src-ip-ranges or the secure tag of the source matches + --src-secure-tags.Multiple IP address blocks can be specified if they + are separated by commas. + + --src-secure-tags=[SOURCE_SECURE_TAGS,...] + A list of instance secure tags indicating the set of instances on the + network to which the rule applies if all other fields match. Either + --src-ip-ranges or --src-secure-tags must be specified for ingress + traffic. If both --src-ip-ranges and --src-secure-tags are specified, + an inbound connection is allowed if either the range of the source + matches --src-ip-ranges or the tag of the source matches + --src-secure-tags. Secure Tags can be assigned to instances during + instance creation. + + --target-secure-tags=[TARGET_SECURE_TAGS,...] + An optional, list of target secure tags with a name of the format + tagValues/ or full namespaced name + + --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...] + List of target service accounts for the rule. + + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to operate on. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies rules update + + $ gcloud alpha compute network-firewall-policies rules update + diff --git a/gcloud/beta/compute/network-firewall-policies/update b/gcloud/beta/compute/network-firewall-policies/update new file mode 100644 index 000000000..1ffba1c52 --- /dev/null +++ b/gcloud/beta/compute/network-firewall-policies/update @@ -0,0 +1,60 @@ +NAME + gcloud beta compute network-firewall-policies update - update a Compute + Engine network firewall policy + +SYNOPSIS + gcloud beta compute network-firewall-policies update FIREWALL_POLICY + [--description=DESCRIPTION] [--global | --region=REGION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) gcloud beta compute network-firewall-policies update is used to + update network firewall policies. A network firewall policy is a set of + rules that controls access to various resources. + +EXAMPLES + To update a global network firewall policy with name my-policy, to change + the description to New description, run: + + $ gcloud beta compute network-firewall-policies update my-policy \ + --description='New description' --global + + To update a regional network firewall policy with name my-policy, in region + my-region, to change the description to New description, run: + + $ gcloud beta compute network-firewall-policies update my-policy \ + --description='New description' --region=my-region + +POSITIONAL ARGUMENTS + FIREWALL_POLICY + name of the network firewall policy to update. + +FLAGS + --description=DESCRIPTION + An optional, textual description for the network firewall policy. + + At most one of these can be specified: + + --global + If set, the firewall policy is global. + + --region=REGION + Region of the firewall policy to update. Overrides the default + compute/region property value for this command invocation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute network-firewall-policies update + + $ gcloud alpha compute network-firewall-policies update + diff --git a/gcloud/beta/compute/networks/create b/gcloud/beta/compute/networks/create index 00ee22fbb..8274f3197 100644 --- a/gcloud/beta/compute/networks/create +++ b/gcloud/beta/compute/networks/create @@ -5,8 +5,9 @@ SYNOPSIS gcloud beta compute networks create NAME [--bgp-routing-mode=MODE; default="regional"] [--description=DESCRIPTION] [--[no-]enable-ula-internal-ipv6] - [--internal-ipv6-range=INTERNAL_IPV6_RANGE] [--mtu=MTU] [--range=RANGE] - [--subnet-mode=MODE] [GCLOUD_WIDE_FLAG ...] + [--internal-ipv6-range=INTERNAL_IPV6_RANGE] [--mtu=MTU] + [--network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER] + [--range=RANGE] [--subnet-mode=MODE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) gcloud beta compute networks create is used to create virtual @@ -71,6 +72,17 @@ FLAGS and the maximum is 1500 bytes. The MTU advertised via DHCP to all instances attached to this network. + --network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER + The Network Firewall Policy enforcement order of this network. If not + specified, defaults to AFTER_CLASSIC_FIREWALL. + + NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER must be one of: + + AFTER_CLASSIC_FIREWALL + Network Firewall Policy is enforced after classic firewall. + BEFORE_CLASSIC_FIREWALL + Network Firewall Policy is enforced before classic firewall. + --range=RANGE Specifies the IPv4 address range of legacy mode networks. The range must be specified in CIDR format: diff --git a/gcloud/beta/compute/networks/update b/gcloud/beta/compute/networks/update index d66198c20..81fc7bb56 100644 --- a/gcloud/beta/compute/networks/update +++ b/gcloud/beta/compute/networks/update @@ -5,6 +5,7 @@ SYNOPSIS gcloud beta compute networks update NAME [--async] [--[no-]enable-ula-internal-ipv6] [--internal-ipv6-range=INTERNAL_IPV6_RANGE] [--mtu=MTU] + [--network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER] [--bgp-routing-mode=MODE | --switch-to-custom-subnet-mode] [GCLOUD_WIDE_FLAG ...] @@ -54,6 +55,17 @@ FLAGS and the maximum is 1500 bytes. The MTU advertised via DHCP to all instances attached to this network. + --network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER + The Network Firewall Policy enforcement order of this network. If not + specified, defaults to AFTER_CLASSIC_FIREWALL. + + NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER must be one of: + + AFTER_CLASSIC_FIREWALL + Network Firewall Policy is enforced after classic firewall. + BEFORE_CLASSIC_FIREWALL + Network Firewall Policy is enforced before classic firewall. + At most one of these can be specified: --bgp-routing-mode=MODE diff --git a/gcloud/beta/container/binauthz/attestors/add-iam-policy-binding b/gcloud/beta/container/binauthz/attestors/add-iam-policy-binding index 0cf25a561..be79e6f1c 100644 --- a/gcloud/beta/container/binauthz/attestors/add-iam-policy-binding +++ b/gcloud/beta/container/binauthz/attestors/add-iam-policy-binding @@ -37,10 +37,10 @@ EXAMPLES policy role and member types. POSITIONAL ARGUMENTS - Attestor resource - The Binary Authorization attestor for which to add IAM - policy binding to. This represents a Cloud resource. (NOTE) Some - attributes are not given arguments in this group but can be set in other - ways. To set the project attribute: + Attestor resource - The Binary Authorization attestor whose IAM policy to + add an IAM policy binding to. This represents a Cloud resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. To set the project attribute: ◆ provide the argument attestor on the command line with a fully specified name; ◆ set the property core/project; diff --git a/gcloud/beta/container/binauthz/attestors/remove-iam-policy-binding b/gcloud/beta/container/binauthz/attestors/remove-iam-policy-binding index 579719849..4121cf4d2 100644 --- a/gcloud/beta/container/binauthz/attestors/remove-iam-policy-binding +++ b/gcloud/beta/container/binauthz/attestors/remove-iam-policy-binding @@ -39,10 +39,10 @@ EXAMPLES policy role and member types. POSITIONAL ARGUMENTS - Attestor resource - The Binary Authorization attestor for which to add IAM - policy binding to. This represents a Cloud resource. (NOTE) Some - attributes are not given arguments in this group but can be set in other - ways. To set the project attribute: + Attestor resource - The Binary Authorization attestor whose IAM policy to + remove an IAM policy binding from. This represents a Cloud resource. + (NOTE) Some attributes are not given arguments in this group but can be + set in other ways. To set the project attribute: ◆ provide the argument attestor on the command line with a fully specified name; ◆ set the property core/project; diff --git a/gcloud/beta/container/clusters/create b/gcloud/beta/container/clusters/create index edb446d98..3798a6f7e 100644 --- a/gcloud/beta/container/clusters/create +++ b/gcloud/beta/container/clusters/create @@ -919,6 +919,8 @@ FLAGS cpuManagerPolicy either 'static' or 'none' cpuCFSQuota true or false (enabled by default) cpuCFSQuotaPeriod interval (e.g., '100ms') + podPidsLimit integer (The value must be greater than or equal to + 1024 and less than 4194304.) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/beta/container/fleet/memberships/delete b/gcloud/beta/container/fleet/memberships/delete index 13af6fbb9..292f85b7f 100644 --- a/gcloud/beta/container/fleet/memberships/delete +++ b/gcloud/beta/container/fleet/memberships/delete @@ -16,9 +16,15 @@ DESCRIPTION beta container fleet memberships unregister. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud beta container fleet memberships list + Delete a membership from Fleet: - $ gcloud beta container fleet memberships delete a-membership + $ gcloud beta container fleet memberships delete MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to delete. The arguments in diff --git a/gcloud/beta/container/fleet/memberships/describe b/gcloud/beta/container/fleet/memberships/describe index a45382586..7488d91dc 100644 --- a/gcloud/beta/container/fleet/memberships/describe +++ b/gcloud/beta/container/fleet/memberships/describe @@ -9,9 +9,15 @@ DESCRIPTION (BETA) Describe a membership in Fleet. EXAMPLES - Describe a membership in Fleet: + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: - $ gcloud beta container fleet memberships describe a-membership + $ gcloud beta container fleet memberships list + + Then describe it: + + $ gcloud beta container fleet memberships describe MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to describe. The arguments in diff --git a/gcloud/beta/container/fleet/memberships/generate-gateway-rbac b/gcloud/beta/container/fleet/memberships/generate-gateway-rbac index fda11a81d..35748a848 100644 --- a/gcloud/beta/container/fleet/memberships/generate-gateway-rbac +++ b/gcloud/beta/container/fleet/memberships/generate-gateway-rbac @@ -62,7 +62,7 @@ EXAMPLES --users=foo@example.com,\ test-acct@test-project.iam.gserviceaccount.com \ --role=clusterrole/cluster-admin --context=my-cluster-contex \ - --kubeconfig=/home/user/custom_kubeconfig --apply + --kubeconfig=/home/user/custom_kubeconfig --revoke FLAGS --anthos-support diff --git a/gcloud/beta/container/fleet/memberships/update b/gcloud/beta/container/fleet/memberships/update index 550b3b0d5..f6f31c822 100644 --- a/gcloud/beta/container/fleet/memberships/update +++ b/gcloud/beta/container/fleet/memberships/update @@ -11,9 +11,15 @@ DESCRIPTION (BETA) Update an existing membership in Fleet. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud beta container fleet memberships list + Update a membership for a cluster: - $ gcloud beta container fleet memberships update a-membership + $ gcloud beta container fleet memberships update MEMBERSHIP_ID POSITIONAL ARGUMENTS Membership resource - membership resource representing a cluster in Fleet. diff --git a/gcloud/beta/container/hub/memberships/delete b/gcloud/beta/container/hub/memberships/delete index 753657b58..2156488bb 100644 --- a/gcloud/beta/container/hub/memberships/delete +++ b/gcloud/beta/container/hub/memberships/delete @@ -16,9 +16,15 @@ DESCRIPTION beta container hub memberships unregister. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud beta container hub memberships list + Delete a membership from Fleet: - $ gcloud beta container hub memberships delete a-membership + $ gcloud beta container hub memberships delete MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to delete. The arguments in diff --git a/gcloud/beta/container/hub/memberships/describe b/gcloud/beta/container/hub/memberships/describe index 419f25e32..c428d5ddd 100644 --- a/gcloud/beta/container/hub/memberships/describe +++ b/gcloud/beta/container/hub/memberships/describe @@ -9,9 +9,15 @@ DESCRIPTION (BETA) Describe a membership in Fleet. EXAMPLES - Describe a membership in Fleet: + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: - $ gcloud beta container hub memberships describe a-membership + $ gcloud beta container hub memberships list + + Then describe it: + + $ gcloud beta container hub memberships describe MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to describe. The arguments in diff --git a/gcloud/beta/container/hub/memberships/generate-gateway-rbac b/gcloud/beta/container/hub/memberships/generate-gateway-rbac index ab210335a..ce73b36a7 100644 --- a/gcloud/beta/container/hub/memberships/generate-gateway-rbac +++ b/gcloud/beta/container/hub/memberships/generate-gateway-rbac @@ -62,7 +62,7 @@ EXAMPLES --users=foo@example.com,\ test-acct@test-project.iam.gserviceaccount.com \ --role=clusterrole/cluster-admin --context=my-cluster-contex \ - --kubeconfig=/home/user/custom_kubeconfig --apply + --kubeconfig=/home/user/custom_kubeconfig --revoke FLAGS --anthos-support diff --git a/gcloud/beta/container/hub/memberships/update b/gcloud/beta/container/hub/memberships/update index a5c42ceb3..ba344807c 100644 --- a/gcloud/beta/container/hub/memberships/update +++ b/gcloud/beta/container/hub/memberships/update @@ -11,9 +11,15 @@ DESCRIPTION (BETA) Update an existing membership in Fleet. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud beta container hub memberships list + Update a membership for a cluster: - $ gcloud beta container hub memberships update a-membership + $ gcloud beta container hub memberships update MEMBERSHIP_ID POSITIONAL ARGUMENTS Membership resource - membership resource representing a cluster in Fleet. diff --git a/gcloud/beta/container/node-pools/create b/gcloud/beta/container/node-pools/create index dfb4508a7..d7f433473 100644 --- a/gcloud/beta/container/node-pools/create +++ b/gcloud/beta/container/node-pools/create @@ -421,6 +421,8 @@ FLAGS cpuManagerPolicy either 'static' or 'none' cpuCFSQuota true or false (enabled by default) cpuCFSQuotaPeriod interval (e.g., '100ms') + podPidsLimit integer (The value must be greater than or equal to + 1024 and less than 4194304.) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/beta/container/node-pools/update b/gcloud/beta/container/node-pools/update index c6bb0d15f..d6598ea6e 100644 --- a/gcloud/beta/container/node-pools/update +++ b/gcloud/beta/container/node-pools/update @@ -125,6 +125,8 @@ REQUIRED FLAGS cpuManagerPolicy either 'static' or 'none' cpuCFSQuota true or false (enabled by default) cpuCFSQuotaPeriod interval (e.g., '100ms') + podPidsLimit integer (The value must be greater than or equal + to 1024 and less than 4194304.) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/beta/functions/deploy b/gcloud/beta/functions/deploy index 727f02b55..2e7954267 100644 --- a/gcloud/beta/functions/deploy +++ b/gcloud/beta/functions/deploy @@ -135,8 +135,16 @@ FLAGS --memory=MEMORY Limit on the amount of memory the function can use. - Allowed values are: 128MB, 256MB, 512MB, 1024MB, 2048MB, 4096MB, and - 8192MB. By default, a new function is limited to 256MB of memory. When + Allowed values for v1 are: 128MB, 256MB, 512MB, 1024MB, 2048MB, 4096MB, + and 8192MB. + + Allowed values for GCF 2nd gen are in the format: with + allowed units of "k", "M", "G", "Ki", "Mi", "Gi". Ending 'b' or 'B' is + allowed. + + Examples: 100000k, 128M, 10Mb, 1024Mi, 750K, 4Gi. + + By default, a new function is limited to 256MB of memory. When deploying an update to an existing function, the function keeps its old memory limit unless you specify this flag. @@ -280,8 +288,12 @@ FLAGS --timeout=TIMEOUT The function execution timeout, e.g. 30s for 30 seconds. Defaults to original value for existing function or 60 seconds for new functions. - Cannot be more than 540s. See $ gcloud topic datetimes for information - on duration formats. + + For GCF 1st gen functions, cannot be more than 540s. + + For GCF 2nd gen functions, cannot be more than 3600s. + + See $ gcloud topic datetimes for information on duration formats. --trigger-location=TRIGGER_LOCATION The location of the trigger, which must be a region or multi-region diff --git a/gcloud/beta/policy-troubleshoot/iam b/gcloud/beta/policy-troubleshoot/iam index 7142d729a..76a4fd3a9 100644 --- a/gcloud/beta/policy-troubleshoot/iam +++ b/gcloud/beta/policy-troubleshoot/iam @@ -18,8 +18,8 @@ EXAMPLES --principal-email=my-iam-account@somedomain.com \ --permission=resourcemanager.projects.get - See https://cloud.google.com/iam/docs/policies for more information about - IAM policies. + See https://cloud.google.com/iam/help/allow-policies/overview for more + information about IAM policies. POSITIONAL ARGUMENTS RESOURCE diff --git a/gcloud/compute/help b/gcloud/compute/help index f936f4fbd..a40a5b6ff 100644 --- a/gcloud/compute/help +++ b/gcloud/compute/help @@ -93,6 +93,9 @@ GROUPS network-endpoint-groups Read and manipulate Compute Engine network endpoint groups. + network-firewall-policies + Manage Compute Engine network firewall policies. + networks List, create, and delete Compute Engine networks. diff --git a/gcloud/compute/images/export b/gcloud/compute/images/export index e5f0d370e..6f23d6557 100644 --- a/gcloud/compute/images/export +++ b/gcloud/compute/images/export @@ -19,6 +19,11 @@ DESCRIPTION The --export-format flag exports the image to a format supported by QEMU using qemu-img. Valid formats include vmdk, vhdx, vpc, vdi, and qcow2. + Before exporting an image, set up access to Cloud Storage and grant + required roles to the user accounts and service accounts. For more + information, see + https://cloud.google.com/compute/docs/import/requirements-export-import-images. + EXAMPLES To export a VMDK file my-image from a project my-project to a Cloud Storage bucket my-bucket, run: diff --git a/gcloud/compute/network-firewall-policies/associations/create b/gcloud/compute/network-firewall-policies/associations/create new file mode 100644 index 000000000..8edd33d7b --- /dev/null +++ b/gcloud/compute/network-firewall-policies/associations/create @@ -0,0 +1,73 @@ +NAME + gcloud compute network-firewall-policies associations create - create a new + association between a firewall policy and a network + +SYNOPSIS + gcloud compute network-firewall-policies associations create + --firewall-policy=FIREWALL_POLICY --network=NETWORK [--name=NAME] + [--replace-association-on-target] + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies associations create is used to + create network firewall policy associations. A network firewall policy is a + set of rules that controls access to various resources. + +EXAMPLES + To associate a global network firewall policy with name my-policy to + network my-network with an association named my-association, run: + + $ gcloud compute network-firewall-policies associations create \ + --firewall-policy=my-policy --network=my-network \ + --name=my-association --global-firewall-policy + + To associate a network firewall policy with name my-region-policy in region + region-a to network my-network with an association named my-association, + run: + + $ gcloud compute network-firewall-policies associations create \ + --firewall-policy=my-policy --network=my-network \ + --name=my-association --firewall-policy-region=region-a + +REQUIRED FLAGS + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to create association. + + --network=NETWORK + Name of the network with which the association is created. + +OPTIONAL FLAGS + --name=NAME + Name of the association. + + --replace-association-on-target + By default, if you attempt to insert an association to a network that + is already associated with a firewall policy the method will fail. If + this is set, the existing association will be deleted at the same time + that the new association is created. + + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to create. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies associations create + + $ gcloud beta compute network-firewall-policies associations create + diff --git a/gcloud/compute/network-firewall-policies/associations/delete b/gcloud/compute/network-firewall-policies/associations/delete new file mode 100644 index 000000000..cec3cf19d --- /dev/null +++ b/gcloud/compute/network-firewall-policies/associations/delete @@ -0,0 +1,62 @@ +NAME + gcloud compute network-firewall-policies associations delete - delete a new + association between a firewall policy and an network or folder resource + +SYNOPSIS + gcloud compute network-firewall-policies associations delete + --firewall-policy=FIREWALL_POLICY --name=NAME + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies associations delete is used to + delete network firewall policy associations. An network firewall policy is + a set of rules that controls access to various resources. + +EXAMPLES + To delete an association from a global network firewall policy with NAME + my-policy and association name my-association, run: + + $ gcloud compute network-firewall-policies associations delete \ + --firewall-policy=my-policy --name=my-association \ + --global-firewall-policy + + To delete an association from a regional network firewall policy with NAME + my-policy in region region-a and association name my-association, run: + + $ gcloud compute network-firewall-policies associations delete \ + --firewall-policy=my-policy --name=my-association \ + --firewall-policy-region=region-a + +REQUIRED FLAGS + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to delete association. + + --name=NAME + Name of the association to delete. + +OPTIONAL FLAGS + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to delete. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies associations delete + + $ gcloud beta compute network-firewall-policies associations delete + diff --git a/gcloud/compute/network-firewall-policies/associations/help b/gcloud/compute/network-firewall-policies/associations/help new file mode 100644 index 000000000..ccb18223f --- /dev/null +++ b/gcloud/compute/network-firewall-policies/associations/help @@ -0,0 +1,33 @@ +NAME + gcloud compute network-firewall-policies associations - read and manipulate + Compute Engine network firewall policy associations + +SYNOPSIS + gcloud compute network-firewall-policies associations COMMAND + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Read and manipulate Compute Engine network firewall policy associations. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + create + Create a new association between a firewall policy and a network. + + delete + Delete a new association between a firewall policy and an network or + folder resource. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies associations + + $ gcloud beta compute network-firewall-policies associations + diff --git a/gcloud/compute/network-firewall-policies/clone-rules b/gcloud/compute/network-firewall-policies/clone-rules new file mode 100644 index 000000000..4d70a92d5 --- /dev/null +++ b/gcloud/compute/network-firewall-policies/clone-rules @@ -0,0 +1,62 @@ +NAME + gcloud compute network-firewall-policies clone-rules - replace the rules of + a Compute Engine network firewall policy with rules from another policy + +SYNOPSIS + gcloud compute network-firewall-policies clone-rules FIREWALL_POLICY + --source-firewall-policy=SOURCE_FIREWALL_POLICY + [--global | --region=REGION] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies clone-rules is used to replace the + rules of network firewall policies. A network firewall policy is a set of + rules that controls access to various resources. + +EXAMPLES + To clone the rules of a global network firewall policy with NAME my-policy, + from another network firewall policy with NAME source-policy, run: + + $ gcloud compute network-firewall-policies clone-rules my-policy \ + --source-firewall-policy=source-policy --global + + To clone the rules of a region network firewall policy with NAME + my-region-policy, in region region-a, from another network firewall policy + with NAME source-policy, run: + + $ gcloud compute network-firewall-policies clone-rules \ + my-region-policy --source-firewall-policy=source-policy \ + --region=region-a + +POSITIONAL ARGUMENTS + FIREWALL_POLICY + name of the network firewall policy to clone the rules to. + +REQUIRED FLAGS + --source-firewall-policy=SOURCE_FIREWALL_POLICY + Name of the source network firewall policy to copy the rules from. + +OPTIONAL FLAGS + At most one of these can be specified: + + --global + If set, the firewall policy is global. + + --region=REGION + Region of the firewall policy to clone-rules. Overrides the default + compute/region property value for this command invocation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies clone-rules + + $ gcloud beta compute network-firewall-policies clone-rules + diff --git a/gcloud/compute/network-firewall-policies/create b/gcloud/compute/network-firewall-policies/create new file mode 100644 index 000000000..054d2cbd0 --- /dev/null +++ b/gcloud/compute/network-firewall-policies/create @@ -0,0 +1,59 @@ +NAME + gcloud compute network-firewall-policies create - create a Compute Engine + Network firewall policy + +SYNOPSIS + gcloud compute network-firewall-policies create FIREWALL_POLICY + [--description=DESCRIPTION] [--global | --region=REGION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies create is used to create network + firewall policies. A network firewall policy is a set of rules that + controls access to various resources. + +EXAMPLES + To create a global network firewall policy named my-policy under project + with ID test-project, run: + + $ gcloud compute network-firewall-policies create my-policy \ + --project=test-project --global + + To create a regional network firewall policy named my-region-policy under + project with ID test-project, in region my-region, run: + + $ gcloud compute network-firewall-policies create my-region-policy \ + --project=test-project --region=my-region + +POSITIONAL ARGUMENTS + FIREWALL_POLICY + name of the network firewall policy to create. + +FLAGS + --description=DESCRIPTION + An optional, textual description for the network firewall policy. + + At most one of these can be specified: + + --global + If set, the firewall policy is global. + + --region=REGION + Region of the firewall policy to create. Overrides the default + compute/region property value for this command invocation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies create + + $ gcloud beta compute network-firewall-policies create + diff --git a/gcloud/compute/network-firewall-policies/delete b/gcloud/compute/network-firewall-policies/delete new file mode 100644 index 000000000..42c81760e --- /dev/null +++ b/gcloud/compute/network-firewall-policies/delete @@ -0,0 +1,53 @@ +NAME + gcloud compute network-firewall-policies delete - delete a Compute Engine + network firewall policy + +SYNOPSIS + gcloud compute network-firewall-policies delete FIREWALL_POLICY + [--global | --region=REGION] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies delete is used to delete network + firewall policies. A network firewall policy is a set of rules that + controls access to various resources. + +EXAMPLES + To delete a global network firewall policy with name my-policy, run: + + $ gcloud compute network-firewall-policies delete my-policy --global + + To delete a regional network firewall policy with name my-policy, in region + my-region, run: + + $ gcloud compute network-firewall-policies delete my-policy \ + --region=my-region + +POSITIONAL ARGUMENTS + FIREWALL_POLICY + name of the network firewall policy to delete. + +FLAGS + At most one of these can be specified: + + --global + If set, the firewall policy is global. + + --region=REGION + Region of the firewall policy to delete. Overrides the default + compute/region property value for this command invocation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies delete + + $ gcloud beta compute network-firewall-policies delete + diff --git a/gcloud/compute/network-firewall-policies/describe b/gcloud/compute/network-firewall-policies/describe new file mode 100644 index 000000000..1c77f15a7 --- /dev/null +++ b/gcloud/compute/network-firewall-policies/describe @@ -0,0 +1,54 @@ +NAME + gcloud compute network-firewall-policies describe - describe a Compute + Engine network firewall policy + +SYNOPSIS + gcloud compute network-firewall-policies describe FIREWALL_POLICY + [--global | --region=REGION] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies describe is used to describe + network firewall policies. A network firewall policy is a set of rules that + controls access to various resources. + +EXAMPLES + To describe a global network firewall policy with name my-policy, run: + + $ gcloud compute network-firewall-policies describe my-policy \ + --global + + To describe a regional network firewall policy with name my-policy, in + region my-region, run: + + $ gcloud compute network-firewall-policies describe my-policy \ + --region=my-region + +POSITIONAL ARGUMENTS + FIREWALL_POLICY + name of the network firewall policy to get. + +FLAGS + At most one of these can be specified: + + --global + If set, the firewall policy is global. + + --region=REGION + Region of the firewall policy to get. Overrides the default + compute/region property value for this command invocation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies describe + + $ gcloud beta compute network-firewall-policies describe + diff --git a/gcloud/compute/network-firewall-policies/get-effective-firewalls b/gcloud/compute/network-firewall-policies/get-effective-firewalls new file mode 100644 index 000000000..baba18d8f --- /dev/null +++ b/gcloud/compute/network-firewall-policies/get-effective-firewalls @@ -0,0 +1,105 @@ +NAME + gcloud compute network-firewall-policies get-effective-firewalls - get the + effective firewalls for a network + +SYNOPSIS + gcloud compute network-firewall-policies get-effective-firewalls + --network=NETWORK [--region=REGION] [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies get-effective-firewalls is used to + get the effective firewalls applied to the network, including regional + firewalls in a specified region. + +EXAMPLES + To get the effective firewalls of network with name example-network, + including effective regional firewalls for that network, in region + region-a, run: + + $ gcloud compute network-firewall-policies get-effective-firewalls \ + --network=example-network --region=region-a + + To show all fields of the firewall rules, please show in JSON format with + option --format=json + + To list more the fields of the rules of network example-network in table + format, run: + + $ gcloud compute network-firewall-policies get-effective-firewalls \ + --network=example-network --region=region-a --format="table( + type, + firewall_policy_name, + priority, + action, + direction, + ip_ranges.list():label=IP_RANGES, + target_svc_acct, + enableLogging, + description, + name, + disabled, + target_tags, + src_svc_acct, + src_tags, + ruleTupleCount, + targetResources:label=TARGET_RESOURCES)" + +REQUIRED FLAGS + --network=NETWORK + The network to get the effective firewalls for. + +FLAGS + --region=REGION + The region to get the effective regional firewalls. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies \ + get-effective-firewalls + + $ gcloud beta compute network-firewall-policies \ + get-effective-firewalls + diff --git a/gcloud/compute/network-firewall-policies/help b/gcloud/compute/network-firewall-policies/help new file mode 100644 index 000000000..20caad0c3 --- /dev/null +++ b/gcloud/compute/network-firewall-policies/help @@ -0,0 +1,59 @@ +NAME + gcloud compute network-firewall-policies - manage Compute Engine network + firewall policies + +SYNOPSIS + gcloud compute network-firewall-policies GROUP | COMMAND + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage Compute Engine network firewall policies. Network firewall policies + are used to control incoming/outgoing traffic. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +GROUPS + GROUP is one of the following: + + associations + Read and manipulate Compute Engine network firewall policy + associations. + + rules + Read and manipulate Compute Engine network firewall policy rules. + +COMMANDS + COMMAND is one of the following: + + clone-rules + Replace the rules of a Compute Engine network firewall policy with + rules from another policy. + + create + Create a Compute Engine Network firewall policy. + + delete + Delete a Compute Engine network firewall policy. + + describe + Describe a Compute Engine network firewall policy. + + get-effective-firewalls + Get the effective firewalls for a network. + + list + List Compute Engine network firewall policies. + + update + Update a Compute Engine network firewall policy. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies + + $ gcloud beta compute network-firewall-policies + diff --git a/gcloud/compute/network-firewall-policies/list b/gcloud/compute/network-firewall-policies/list new file mode 100644 index 000000000..2f2c2450b --- /dev/null +++ b/gcloud/compute/network-firewall-policies/list @@ -0,0 +1,104 @@ +NAME + gcloud compute network-firewall-policies list - list Compute Engine network + firewall policies + +SYNOPSIS + gcloud compute network-firewall-policies list [NAME ...] + [--regexp=REGEXP, -r REGEXP] [--global | --regions=[REGION,...]] + [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] + [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies list is used to list network + firewall policies. A network firewall policy is a set of rules that + controls access to various resources. + +EXAMPLES + To list global network firewall policies under project my-project, run: + + $ gcloud compute network-firewall-policies list \ + --project=my-project --global + + To list regional network firewall policies under project my-project, + specify a list of regions with --regions: + + $ gcloud compute network-firewall-policies list \ + --project=my-project --regions="region-a, region-b" + + To list all global and regional network firewall policies under project + my-project, omit --global and --regions: + + $ gcloud compute network-firewall-policies list --project=my-project + +POSITIONAL ARGUMENTS + [NAME ...] + (DEPRECATED) If provided, show details for the specified names and/or + URIs of resources. + + Argument NAME is deprecated. Use --filter="name=( 'NAME' ... )" + instead. + +FLAGS + --regexp=REGEXP, -r REGEXP + (DEPRECATED) Regular expression to filter the names of the results on. + Any names that do not match the entire regular expression will be + filtered out. + + Flag --regexp is deprecated. Use --filter="name~'REGEXP'" instead. + + At most one of these can be specified: + + --global + If provided, only global resources are shown. + + --regions=[REGION,...] + If provided, only regional resources are shown. If arguments are + provided, only resources from the given regions are shown. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies list + + $ gcloud beta compute network-firewall-policies list + diff --git a/gcloud/compute/network-firewall-policies/rules/create b/gcloud/compute/network-firewall-policies/rules/create new file mode 100644 index 000000000..d5128277e --- /dev/null +++ b/gcloud/compute/network-firewall-policies/rules/create @@ -0,0 +1,127 @@ +NAME + gcloud compute network-firewall-policies rules create - creates a Compute + Engine network firewall policy rule + +SYNOPSIS + gcloud compute network-firewall-policies rules create PRIORITY + --action=ACTION --firewall-policy=FIREWALL_POLICY + [--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,...]] + [--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging] + [--layer4-configs=[LAYER4_CONFIG,...]] + [--src-ip-ranges=[SRC_IP_RANGE,...]] + [--src-secure-tags=[SOURCE_SECURE_TAGS,...]] + [--target-secure-tags=[TARGET_SECURE_TAGS,...]] + [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies rules create is used to create + network firewall policy rules. + +EXAMPLES + To create a rule with priority 10 in a global network firewall policy with + name my-policy and description example rule, run: + + $ gcloud compute network-firewall-policies rules create 10 \ + --firewall-policy=my-policy --action=allow \ + --description="example rule" --global-firewall-policy + + To create a rule with priority 10 in a regional network firewall policy + with name my-region-policy and description example rule, in region + region-a, run: + + $ gcloud compute network-firewall-policies rules create 10 \ + --firewall-policy=my-policy --action=allow \ + --description="example rule" + +POSITIONAL ARGUMENTS + PRIORITY + Priority of the rule to be inserted. Valid in [0, 65535]. + +REQUIRED FLAGS + --action=ACTION + Action to take if the request matches the match condition. ACTION must + be one of: allow, deny, goto_next. + + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to create rule. + +OPTIONAL FLAGS + --description=DESCRIPTION + An optional, textual description for the rule. + + --dest-ip-ranges=[DEST_IP_RANGE,...] + Destination IP ranges to match for this rule. Can only be specified if + DIRECTION is egress. + + --direction=DIRECTION + Direction of the traffic the rule is applied. The default is to apply + on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS. + + --[no-]disabled + Use this flag to disable the rule. Disabled rules will not affect + traffic. Use --disabled to enable and --no-disabled to disable. + + --[no-]enable-logging + Use this flag to enable logging of connections that allowed or denied + by this rule. Use --enable-logging to enable and --no-enable-logging to + disable. + + --layer4-configs=[LAYER4_CONFIG,...] + A list of destination protocols and ports to which the firewall rule + will apply. + + --src-ip-ranges=[SRC_IP_RANGE,...] + A list of IP address blocks that are allowed to make inbound + connections that match the firewall rule to the instances on the + network. The IP address blocks must be specified in CIDR format: + http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing.Either + --src-ip-ranges or --src-secure-tags must be specified for INGRESS + traffic. If both --src-ip-ranges and --src-secure-tags are specified, + the rule matches if either the range of the source matches + --src-ip-ranges or the secure tag of the source matches + --src-secure-tags.Multiple IP address blocks can be specified if they + are separated by commas. + + --src-secure-tags=[SOURCE_SECURE_TAGS,...] + A list of instance secure tags indicating the set of instances on the + network to which the rule applies if all other fields match. Either + --src-ip-ranges or --src-secure-tags must be specified for ingress + traffic. If both --src-ip-ranges and --src-secure-tags are specified, + an inbound connection is allowed if either the range of the source + matches --src-ip-ranges or the tag of the source matches + --src-secure-tags. Secure Tags can be assigned to instances during + instance creation. + + --target-secure-tags=[TARGET_SECURE_TAGS,...] + An optional, list of target secure tags with a name of the format + tagValues/ or full namespaced name + + --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...] + List of target service accounts for the rule. + + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to create. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies rules create + + $ gcloud beta compute network-firewall-policies rules create + diff --git a/gcloud/compute/network-firewall-policies/rules/delete b/gcloud/compute/network-firewall-policies/rules/delete new file mode 100644 index 000000000..c7dbaf17f --- /dev/null +++ b/gcloud/compute/network-firewall-policies/rules/delete @@ -0,0 +1,60 @@ +NAME + gcloud compute network-firewall-policies rules delete - deletes a Compute + Engine network firewall policy rule + +SYNOPSIS + gcloud compute network-firewall-policies rules delete PRIORITY + --firewall-policy=FIREWALL_POLICY + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies rules delete is used to delete + network firewall policy rules. + +EXAMPLES + To delete a rule with priority 10 in a global network firewall policy with + name my-policy, run: + + $ gcloud compute network-firewall-policies rules delete 10 \ + --firewall-policy=my-policy --global-firewall-policy + + To delete a rule with priority 10 in a regional network firewall policy + with name my-policy, in region region-a, run: + + $ gcloud compute network-firewall-policies rules delete 10 \ + --firewall-policy=my-policy --firewall-policy-region=region-a + +POSITIONAL ARGUMENTS + PRIORITY + Priority of the rule to be deleted. Valid in [0, 65535]. + +REQUIRED FLAGS + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to delete rule. + +OPTIONAL FLAGS + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to delete. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies rules delete + + $ gcloud beta compute network-firewall-policies rules delete + diff --git a/gcloud/compute/network-firewall-policies/rules/describe b/gcloud/compute/network-firewall-policies/rules/describe new file mode 100644 index 000000000..53fb5c07e --- /dev/null +++ b/gcloud/compute/network-firewall-policies/rules/describe @@ -0,0 +1,60 @@ +NAME + gcloud compute network-firewall-policies rules describe - describes a + Compute Engine network firewall policy rule + +SYNOPSIS + gcloud compute network-firewall-policies rules describe PRIORITY + --firewall-policy=FIREWALL_POLICY + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies rules describe is used to describe + network firewall policy rules. + +EXAMPLES + To describe a rule with priority 10 in a global network firewall policy + with name my-policy, run: + + $ gcloud compute network-firewall-policies rules describe 10 \ + --firewall-policy=my-policy --global-firewall-policy + + To describe a rule with priority 10 in a regional network firewall policy + with name my-policy, in region region-a, run: + + $ gcloud compute network-firewall-policies rules describe 10 \ + --firewall-policy=my-policy --firewall-policy-region=region-a + +POSITIONAL ARGUMENTS + PRIORITY + Priority of the rule to be described. Valid in [0, 65535]. + +REQUIRED FLAGS + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to describe rule. + +OPTIONAL FLAGS + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to operate on. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies rules describe + + $ gcloud beta compute network-firewall-policies rules describe + diff --git a/gcloud/compute/network-firewall-policies/rules/help b/gcloud/compute/network-firewall-policies/rules/help new file mode 100644 index 000000000..ca90c7353 --- /dev/null +++ b/gcloud/compute/network-firewall-policies/rules/help @@ -0,0 +1,38 @@ +NAME + gcloud compute network-firewall-policies rules - read and manipulate + Compute Engine network firewall policy rules + +SYNOPSIS + gcloud compute network-firewall-policies rules COMMAND + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Read and manipulate Compute Engine network firewall policy rules. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + create + Creates a Compute Engine network firewall policy rule. + + delete + Deletes a Compute Engine network firewall policy rule. + + describe + Describes a Compute Engine network firewall policy rule. + + update + Updates a Compute Engine network firewall policy rule. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies rules + + $ gcloud beta compute network-firewall-policies rules + diff --git a/gcloud/compute/network-firewall-policies/rules/update b/gcloud/compute/network-firewall-policies/rules/update new file mode 100644 index 000000000..9fe3a2583 --- /dev/null +++ b/gcloud/compute/network-firewall-policies/rules/update @@ -0,0 +1,123 @@ +NAME + gcloud compute network-firewall-policies rules update - updates a Compute + Engine network firewall policy rule + +SYNOPSIS + gcloud compute network-firewall-policies rules update PRIORITY + --firewall-policy=FIREWALL_POLICY [--action=ACTION] + [--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,...]] + [--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging] + [--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY] + [--src-ip-ranges=[SRC_IP_RANGE,...]] + [--src-secure-tags=[SOURCE_SECURE_TAGS,...]] + [--target-secure-tags=[TARGET_SECURE_TAGS,...]] + [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] + [--firewall-policy-region=FIREWALL_POLICY_REGION + | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies rules update is used to update + network firewall policy rules. + +EXAMPLES + To update a rule with priority 10 in a global network firewall policy with + name my-policy to change the action to allow and description to new example + rule, run: + + $ gcloud compute network-firewall-policies rules update 10 \ + --firewall-policy=my-policy --action=allow \ + --description="new example rule" + +POSITIONAL ARGUMENTS + PRIORITY + Priority of the rule to be updated. Valid in [0, 65535]. + +REQUIRED FLAGS + --firewall-policy=FIREWALL_POLICY + Firewall policy ID with which to update rule. + +OPTIONAL FLAGS + --action=ACTION + Action to take if the request matches the match condition. ACTION must + be one of: allow, deny, goto_next. + + --description=DESCRIPTION + An optional, textual description for the rule. + + --dest-ip-ranges=[DEST_IP_RANGE,...] + Destination IP ranges to match for this rule. Can only be specified if + DIRECTION is egress. + + --direction=DIRECTION + Direction of the traffic the rule is applied. The default is to apply + on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS. + + --[no-]disabled + Use this flag to disable the rule. Disabled rules will not affect + traffic. Use --disabled to enable and --no-disabled to disable. + + --[no-]enable-logging + Use this flag to enable logging of connections that allowed or denied + by this rule. Use --enable-logging to enable and --no-enable-logging to + disable. + + --layer4-configs=[LAYER4_CONFIG,...] + A list of destination protocols and ports to which the firewall rule + will apply. + + --new-priority=NEW_PRIORITY + New priority for the rule to update. Valid in [0, 65535]. + + --src-ip-ranges=[SRC_IP_RANGE,...] + A list of IP address blocks that are allowed to make inbound + connections that match the firewall rule to the instances on the + network. The IP address blocks must be specified in CIDR format: + http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing.Either + --src-ip-ranges or --src-secure-tags must be specified for INGRESS + traffic. If both --src-ip-ranges and --src-secure-tags are specified, + the rule matches if either the range of the source matches + --src-ip-ranges or the secure tag of the source matches + --src-secure-tags.Multiple IP address blocks can be specified if they + are separated by commas. + + --src-secure-tags=[SOURCE_SECURE_TAGS,...] + A list of instance secure tags indicating the set of instances on the + network to which the rule applies if all other fields match. Either + --src-ip-ranges or --src-secure-tags must be specified for ingress + traffic. If both --src-ip-ranges and --src-secure-tags are specified, + an inbound connection is allowed if either the range of the source + matches --src-ip-ranges or the tag of the source matches + --src-secure-tags. Secure Tags can be assigned to instances during + instance creation. + + --target-secure-tags=[TARGET_SECURE_TAGS,...] + An optional, list of target secure tags with a name of the format + tagValues/ or full namespaced name + + --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...] + List of target service accounts for the rule. + + At most one of these can be specified: + + --firewall-policy-region=FIREWALL_POLICY_REGION + Region of the firewall policy to operate on. Overrides the default + compute/region property value for this command invocation. + + --global-firewall-policy + If set, the firewall policy is global. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies rules update + + $ gcloud beta compute network-firewall-policies rules update + diff --git a/gcloud/compute/network-firewall-policies/update b/gcloud/compute/network-firewall-policies/update new file mode 100644 index 000000000..4980615eb --- /dev/null +++ b/gcloud/compute/network-firewall-policies/update @@ -0,0 +1,59 @@ +NAME + gcloud compute network-firewall-policies update - update a Compute Engine + network firewall policy + +SYNOPSIS + gcloud compute network-firewall-policies update FIREWALL_POLICY + [--description=DESCRIPTION] [--global | --region=REGION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + gcloud compute network-firewall-policies update is used to update network + firewall policies. A network firewall policy is a set of rules that + controls access to various resources. + +EXAMPLES + To update a global network firewall policy with name my-policy, to change + the description to New description, run: + + $ gcloud compute network-firewall-policies update my-policy \ + --description='New description' --global + + To update a regional network firewall policy with name my-policy, in region + my-region, to change the description to New description, run: + + $ gcloud compute network-firewall-policies update my-policy \ + --description='New description' --region=my-region + +POSITIONAL ARGUMENTS + FIREWALL_POLICY + name of the network firewall policy to update. + +FLAGS + --description=DESCRIPTION + An optional, textual description for the network firewall policy. + + At most one of these can be specified: + + --global + If set, the firewall policy is global. + + --region=REGION + Region of the firewall policy to update. Overrides the default + compute/region property value for this command invocation. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute network-firewall-policies update + + $ gcloud beta compute network-firewall-policies update + diff --git a/gcloud/compute/networks/create b/gcloud/compute/networks/create index b59b76143..2a798b322 100644 --- a/gcloud/compute/networks/create +++ b/gcloud/compute/networks/create @@ -5,8 +5,9 @@ SYNOPSIS gcloud compute networks create NAME [--bgp-routing-mode=MODE; default="regional"] [--description=DESCRIPTION] [--[no-]enable-ula-internal-ipv6] - [--internal-ipv6-range=INTERNAL_IPV6_RANGE] [--mtu=MTU] [--range=RANGE] - [--subnet-mode=MODE] [GCLOUD_WIDE_FLAG ...] + [--internal-ipv6-range=INTERNAL_IPV6_RANGE] [--mtu=MTU] + [--network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER] + [--range=RANGE] [--subnet-mode=MODE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION gcloud compute networks create is used to create virtual networks. A @@ -71,6 +72,17 @@ FLAGS and the maximum is 1500 bytes. The MTU advertised via DHCP to all instances attached to this network. + --network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER + The Network Firewall Policy enforcement order of this network. If not + specified, defaults to AFTER_CLASSIC_FIREWALL. + + NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER must be one of: + + AFTER_CLASSIC_FIREWALL + Network Firewall Policy is enforced after classic firewall. + BEFORE_CLASSIC_FIREWALL + Network Firewall Policy is enforced before classic firewall. + --range=RANGE Specifies the IPv4 address range of legacy mode networks. The range must be specified in CIDR format: diff --git a/gcloud/compute/networks/update b/gcloud/compute/networks/update index d5a9fbb61..1d556e702 100644 --- a/gcloud/compute/networks/update +++ b/gcloud/compute/networks/update @@ -5,6 +5,7 @@ SYNOPSIS gcloud compute networks update NAME [--async] [--[no-]enable-ula-internal-ipv6] [--internal-ipv6-range=INTERNAL_IPV6_RANGE] [--mtu=MTU] + [--network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER] [--bgp-routing-mode=MODE | --switch-to-custom-subnet-mode] [GCLOUD_WIDE_FLAG ...] @@ -53,6 +54,17 @@ FLAGS and the maximum is 1500 bytes. The MTU advertised via DHCP to all instances attached to this network. + --network-firewall-policy-enforcement-order=NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER + The Network Firewall Policy enforcement order of this network. If not + specified, defaults to AFTER_CLASSIC_FIREWALL. + + NETWORK_FIREWALL_POLICY_ENFORCEMENT_ORDER must be one of: + + AFTER_CLASSIC_FIREWALL + Network Firewall Policy is enforced after classic firewall. + BEFORE_CLASSIC_FIREWALL + Network Firewall Policy is enforced before classic firewall. + At most one of these can be specified: --bgp-routing-mode=MODE diff --git a/gcloud/container/aws/clusters/create b/gcloud/container/aws/clusters/create index 9d60b6df6..d89a6781c 100644 --- a/gcloud/container/aws/clusters/create +++ b/gcloud/container/aws/clusters/create @@ -90,7 +90,7 @@ REQUIRED FLAGS ID or number of the Fleet host project where the cluster is registered. --iam-instance-profile=IAM_INSTANCE_PROFILE - Name of the IAM instance profile associated with the cluster. + Name or ARN of the IAM instance profile associated with the cluster. --pod-address-cidr-blocks=POD_ADDRESS_CIDR_BLOCKS IP address range for the pods in this cluster in CIDR notation (e.g. @@ -120,7 +120,7 @@ OPTIONAL FLAGS complete. --instance-type=INSTANCE_TYPE - AWS EC2 instance type. + AWS EC2 instance type for the control plane's nodes. --main-volume-iops=MAIN_VOLUME_IOPS Number of I/O operations per second (IOPS) to provision for the main @@ -158,10 +158,10 @@ OPTIONAL FLAGS Type of the root volume. ROOT_VOLUME_TYPE must be one of: gp2, gp3. --security-group-ids=[SECURITY_GROUP_ID,...] - IDs of additional security groups to add to control plane replicas. + IDs of additional security groups to add to the control plane's nodes. --ssh-ec2-key-pair=SSH_EC2_KEY_PAIR - Name of the EC2 key pair authorized to login to the control plane + Name of the EC2 key pair authorized to login to the control plane's nodes. --tags=TAG,[TAG,...] diff --git a/gcloud/container/aws/clusters/update b/gcloud/container/aws/clusters/update index 7cfa1c1e9..b568bd22c 100644 --- a/gcloud/container/aws/clusters/update +++ b/gcloud/container/aws/clusters/update @@ -71,7 +71,7 @@ FLAGS Amazon Resource Name (ARN) of the AWS KMS key to encrypt the user data. --instance-type=INSTANCE_TYPE - AWS EC2 instance type. + AWS EC2 instance type for the control plane's nodes. --role-arn=ROLE_ARN Amazon Resource Name (ARN) of the IAM role to assume when managing AWS @@ -104,7 +104,7 @@ FLAGS At most one of these can be specified: --clear-proxy-config - Clear the proxy configuration, if any, associated with the cluster. + Clear the proxy configuration associated with the control plane. Update existing proxy config parameters @@ -122,20 +122,22 @@ FLAGS --clear-security-group-ids Clear any additional security groups associated with the control - plane replicas. This does not remove the default security groups. + plane's nodes. This does not remove the default security groups. --security-group-ids=[SECURITY_GROUP_ID,...] - IDs of additional security groups to add to control plane replicas. + IDs of additional security groups to add to the control plane's + nodes. SSH config At most one of these can be specified: --clear-ssh-ec2-key-pair - Clear the EC2 key pair to log in into the control plane nodes. + Clear the EC2 key pair authorized to login to the control plane's + nodes. --ssh-ec2-key-pair=SSH_EC2_KEY_PAIR - Name of the EC2 key pair authorized to login to the control plane + Name of the EC2 key pair authorized to login to the control plane's nodes. GCLOUD WIDE FLAGS diff --git a/gcloud/container/aws/node-pools/create b/gcloud/container/aws/node-pools/create index 444c18714..048cd5778 100644 --- a/gcloud/container/aws/node-pools/create +++ b/gcloud/container/aws/node-pools/create @@ -74,7 +74,7 @@ REQUIRED FLAGS Amazon Resource Name (ARN) of the AWS KMS key to encrypt the user data. --iam-instance-profile=IAM_INSTANCE_PROFILE - Name of the IAM instance profile associated with the cluster. + Name or ARN of the IAM instance profile associated with the node pool. --node-version=NODE_VERSION Kubernetes version to use for the node pool. @@ -88,7 +88,7 @@ OPTIONAL FLAGS complete. --instance-type=INSTANCE_TYPE - AWS EC2 instance type. + AWS EC2 instance type for the node pool's nodes. --max-pods-per-node=MAX_PODS_PER_NODE Maximum number of pods per node. @@ -118,10 +118,10 @@ OPTIONAL FLAGS Type of the root volume. ROOT_VOLUME_TYPE must be one of: gp2, gp3. --security-group-ids=[SECURITY_GROUP_ID,...] - IDs of additional security groups to add to nodes. + IDs of additional security groups to add to the node pool's nodes. --ssh-ec2-key-pair=SSH_EC2_KEY_PAIR - Name of the EC2 key pair authorized to login to the node pool nodes. + Name of the EC2 key pair authorized to login to the node pool's nodes. --tags=TAG,[TAG,...] Applies the given tags (comma separated) on the node pool. Example: diff --git a/gcloud/container/aws/node-pools/update b/gcloud/container/aws/node-pools/update index c5cef059f..2e49f9c13 100644 --- a/gcloud/container/aws/node-pools/update +++ b/gcloud/container/aws/node-pools/update @@ -98,7 +98,7 @@ FLAGS At most one of these can be specified: --clear-proxy-config - Clear the proxy configuration, if any, associated with the node pool. + Clear the proxy configuration associated with the node pool. Update existing proxy config parameters @@ -115,21 +115,22 @@ FLAGS At most one of these can be specified: --clear-security-group-ids - Clear any additional security groups associated with the nodes. This - does not remove the default security groups. + Clear any additional security groups associated with the node pool's + nodes. This does not remove the default security groups. --security-group-ids=[SECURITY_GROUP_ID,...] - IDs of additional security groups to add to nodes. + IDs of additional security groups to add to the node pool's nodes. SSH config At most one of these can be specified: --clear-ssh-ec2-key-pair - Clear the EC2 key pair to log in into the node pool nodes. + Clear the EC2 key pair authorized to login to the node pool's nodes. --ssh-ec2-key-pair=SSH_EC2_KEY_PAIR - Name of the EC2 key pair authorized to login to the node pool nodes. + Name of the EC2 key pair authorized to login to the node pool's + nodes. Node pool autoscaling diff --git a/gcloud/container/binauthz/attestors/add-iam-policy-binding b/gcloud/container/binauthz/attestors/add-iam-policy-binding index 184665e87..e1dc9f8ef 100644 --- a/gcloud/container/binauthz/attestors/add-iam-policy-binding +++ b/gcloud/container/binauthz/attestors/add-iam-policy-binding @@ -4,10 +4,14 @@ NAME SYNOPSIS gcloud container binauthz attestors add-iam-policy-binding ATTESTOR - --member=PRINCIPAL --role=ROLE [GCLOUD_WIDE_FLAG ...] + --member=PRINCIPAL --role=ROLE + [--condition=[KEY=VALUE,...] + | --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - Add an IAM policy binding to a Binary Authorization attestor. + Add an IAM policy binding to the IAM policy of a Binary Authorization + attestor. One binding consists of a member, a role, and an optional + condition. EXAMPLES To add an IAM policy binding for the role of @@ -18,14 +22,25 @@ EXAMPLES my_attestor --member='user:test-user@gmail.com' \ --role='roles/binaryauthorization.attestorsEditor' + To add an IAM policy binding which expires at the end of the year 2018 for + the role of roles/binaryauthorization.attestorsEditor and the user + test-user@gmail.com on attestor my_attestor, run: + + $ gcloud container binauthz attestors add-iam-policy-binding \ + my_attestor --member='user:test-user@gmail.com' \ + --role='roles/binaryauthorization.attestorsEditor' \ + --condition='expression=request.time < + timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,descrip\ + tion=Expires at midnight on 2018-12-31' + See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types. POSITIONAL ARGUMENTS - Attestor resource - The Binary Authorization attestor for which to add IAM - policy binding to. This represents a Cloud resource. (NOTE) Some - attributes are not given arguments in this group but can be set in other - ways. To set the project attribute: + Attestor resource - The Binary Authorization attestor whose IAM policy to + add an IAM policy binding to. This represents a Cloud resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. To set the project attribute: ◆ provide the argument attestor on the command line with a fully specified name; ◆ set the property core/project; @@ -59,6 +74,44 @@ REQUIRED FLAGS for a custom role, such as organizations/{ORGANIZATION_ID}/roles/logging.viewer. +OPTIONAL FLAGS + At most one of these can be specified: + + --condition=[KEY=VALUE,...] + A condition to include in the binding. When the condition is + explicitly specified as None (--condition=None), a binding without a + condition is added. When the condition is specified and is not None, + --role cannot be a basic role. Basic roles are roles/editor, + roles/owner, and roles/viewer. For more on conditions, refer to the + conditions overview guide: + https://cloud.google.com/iam/docs/conditions-overview + + When using the --condition flag, include the following key-value + pairs: + + expression + (Required) Condition expression that evaluates to True or False. + This uses a subset of Common Expression Language syntax. + + If the condition expression includes a comma, use a different + delimiter to separate the key-value pairs. Specify the delimiter + before listing the key-value pairs. For example, to specify a + colon (:) as the delimiter, do the following: + --condition=^:^title=TITLE:expression=EXPRESSION. For more + information, see + https://cloud.google.com/sdk/gcloud/reference/topic/escaping. + + title + (Required) A short string describing the purpose of the + expression. + + description + (Optional) Additional description for the expression. + + --condition-from-file=CONDITION_FROM_FILE + Path to a local JSON or YAML file that defines the condition. To see + available fields, see the help for --condition. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/container/binauthz/attestors/remove-iam-policy-binding b/gcloud/container/binauthz/attestors/remove-iam-policy-binding index 8f9699c2e..152b1c27d 100644 --- a/gcloud/container/binauthz/attestors/remove-iam-policy-binding +++ b/gcloud/container/binauthz/attestors/remove-iam-policy-binding @@ -4,13 +4,17 @@ NAME SYNOPSIS gcloud container binauthz attestors remove-iam-policy-binding ATTESTOR - --member=PRINCIPAL --role=ROLE [GCLOUD_WIDE_FLAG ...] + --member=PRINCIPAL --role=ROLE + [--all | --condition=[KEY=VALUE,...] + | --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - Remove an IAM policy binding of a Binary Authorization attestor. + Remove an IAM policy binding from the IAM policy of a Binary Authorization + attestor. One binding consists of a member, a role, and an optional + condition. EXAMPLES - To Remove an IAM policy binding for the role of + To remove an IAM policy binding for the role of roles/binaryauthorization.attestorsEditor for the user test-user@gmail.com on attestor my_attestor, run: @@ -18,14 +22,25 @@ EXAMPLES my_attestor --member='user:test-user@gmail.com' \ --role='roles/binaryauthorization.attestorsEditor' + To remove an IAM policy binding which expires at the end of the year 2018 + for the role of roles/binaryauthorization.attestorsEditor and the user + test-user@gmail.com on attestor my_attestor, run: + + $ gcloud container binauthz attestors remove-iam-policy-binding \ + my_attestor --member='user:test-user@gmail.com' \ + --role='roles/binaryauthorization.attestorsEditor' \ + --condition='expression=request.time < + timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,descrip\ + tion=Expires at midnight on 2018-12-31' + See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types. POSITIONAL ARGUMENTS - Attestor resource - The Binary Authorization attestor for which to add IAM - policy binding to. This represents a Cloud resource. (NOTE) Some - attributes are not given arguments in this group but can be set in other - ways. To set the project attribute: + Attestor resource - The Binary Authorization attestor whose IAM policy to + remove an IAM policy binding from. This represents a Cloud resource. + (NOTE) Some attributes are not given arguments in this group but can be + set in other ways. To set the project attribute: ◆ provide the argument attestor on the command line with a fully specified name; ◆ set the property core/project; @@ -60,6 +75,48 @@ REQUIRED FLAGS --role=ROLE The role to remove the principal from. +OPTIONAL FLAGS + At most one of these can be specified: + + --all + Remove all bindings with this role and principal, irrespective of any + conditions. + + --condition=[KEY=VALUE,...] + The condition of the binding that you want to remove. When the + condition is explicitly specified as None (--condition=None), a + binding without a condition is removed. Otherwise, only a binding + with a condition that exactly matches the specified condition + (including the optional description) is removed. For more on + conditions, refer to the conditions overview guide: + https://cloud.google.com/iam/docs/conditions-overview + + When using the --condition flag, include the following key-value + pairs: + + expression + (Required) Condition expression that evaluates to True or False. + This uses a subset of Common Expression Language syntax. + + If the condition expression includes a comma, use a different + delimiter to separate the key-value pairs. Specify the delimiter + before listing the key-value pairs. For example, to specify a + colon (:) as the delimiter, do the following: + --condition=^:^title=TITLE:expression=EXPRESSION. For more + information, see + https://cloud.google.com/sdk/gcloud/reference/topic/escaping. + + title + (Required) A short string describing the purpose of the + expression. + + description + (Optional) Additional description for the expression. + + --condition-from-file=CONDITION_FROM_FILE + Path to a local JSON or YAML file that defines the condition. To see + available fields, see the help for --condition. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/container/binauthz/policy/add-iam-policy-binding b/gcloud/container/binauthz/policy/add-iam-policy-binding index 2ffc8f5f9..91c7c2503 100644 --- a/gcloud/container/binauthz/policy/add-iam-policy-binding +++ b/gcloud/container/binauthz/policy/add-iam-policy-binding @@ -4,10 +4,14 @@ NAME SYNOPSIS gcloud container binauthz policy add-iam-policy-binding --member=PRINCIPAL - --role=ROLE [GCLOUD_WIDE_FLAG ...] + --role=ROLE + [--condition=[KEY=VALUE,...] + | --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - Add an IAM policy binding to a Binary Authorization policy. + Add an IAM policy binding to the IAM policy of a Binary Authorization + policy. One binding consists of a member, a role, and an optional + condition. EXAMPLES To add an IAM policy binding for the role of @@ -19,6 +23,18 @@ EXAMPLES --member='user:test-user@gmail.com' \ --role='roles/binaryauthorization.attestationAuthoritiesEditor' + To add an IAM policy binding which expires at the end of the year 2018 for + the role of 'roles/binaryauthorization.attestationAuthoritiesEditor' and + the user 'test-user@gmail.com' on the current project's Binary + Authorization policy, run: + + $ gcloud container binauthz policy add-iam-policy-binding \ + --member='user:test-user@gmail.com' \ + --role='roles/binaryauthorization.attestationAuthoritiesEditor' \ + --condition='expression=request.time < + timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,descrip\ + tion=Expires at midnight on 2018-12-31' + See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types. @@ -43,6 +59,44 @@ REQUIRED FLAGS for a custom role, such as organizations/{ORGANIZATION_ID}/roles/logging.viewer. +OPTIONAL FLAGS + At most one of these can be specified: + + --condition=[KEY=VALUE,...] + A condition to include in the binding. When the condition is + explicitly specified as None (--condition=None), a binding without a + condition is added. When the condition is specified and is not None, + --role cannot be a basic role. Basic roles are roles/editor, + roles/owner, and roles/viewer. For more on conditions, refer to the + conditions overview guide: + https://cloud.google.com/iam/docs/conditions-overview + + When using the --condition flag, include the following key-value + pairs: + + expression + (Required) Condition expression that evaluates to True or False. + This uses a subset of Common Expression Language syntax. + + If the condition expression includes a comma, use a different + delimiter to separate the key-value pairs. Specify the delimiter + before listing the key-value pairs. For example, to specify a + colon (:) as the delimiter, do the following: + --condition=^:^title=TITLE:expression=EXPRESSION. For more + information, see + https://cloud.google.com/sdk/gcloud/reference/topic/escaping. + + title + (Required) A short string describing the purpose of the + expression. + + description + (Optional) Additional description for the expression. + + --condition-from-file=CONDITION_FROM_FILE + Path to a local JSON or YAML file that defines the condition. To see + available fields, see the help for --condition. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/container/binauthz/policy/remove-iam-policy-binding b/gcloud/container/binauthz/policy/remove-iam-policy-binding index 4af7c7fe9..1c58a78a7 100644 --- a/gcloud/container/binauthz/policy/remove-iam-policy-binding +++ b/gcloud/container/binauthz/policy/remove-iam-policy-binding @@ -4,13 +4,17 @@ NAME SYNOPSIS gcloud container binauthz policy remove-iam-policy-binding - --member=PRINCIPAL --role=ROLE [GCLOUD_WIDE_FLAG ...] + --member=PRINCIPAL --role=ROLE + [--all | --condition=[KEY=VALUE,...] + | --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - Remove an IAM policy binding of a Binary Authorization policy. + Remove an IAM policy binding from the IAM policy of a Binary Authorization + policy. One binding consists of a member, a role, and an optional + condition. EXAMPLES - To Remove an IAM policy binding for the role of + To remove an IAM policy binding for the role of 'roles/binaryauthorization.attestationAuthoritiesEditor' for the user 'test-user@gmail.com' on the current project's Binary Authorization policy, run: @@ -19,6 +23,18 @@ EXAMPLES --member='user:test-user@gmail.com' \ --role='roles/binaryauthorization.attestationAuthoritiesEditor' + To remove an IAM policy binding which expires at the end of the year 2018 + for the role of 'roles/binaryauthorization.attestationAuthoritiesEditor' + and the user 'test-user@gmail.com' on the current project's Binary + Authorization policy, run: + + $ gcloud container binauthz policy remove-iam-policy-binding \ + --member='user:test-user@gmail.com' \ + --role='roles/binaryauthorization.attestationAuthoritiesEditor' \ + --condition='expression=request.time < + timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,descrip\ + tion=Expires at midnight on 2018-12-31' + See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types. @@ -44,6 +60,48 @@ REQUIRED FLAGS --role=ROLE The role to remove the principal from. +OPTIONAL FLAGS + At most one of these can be specified: + + --all + Remove all bindings with this role and principal, irrespective of any + conditions. + + --condition=[KEY=VALUE,...] + The condition of the binding that you want to remove. When the + condition is explicitly specified as None (--condition=None), a + binding without a condition is removed. Otherwise, only a binding + with a condition that exactly matches the specified condition + (including the optional description) is removed. For more on + conditions, refer to the conditions overview guide: + https://cloud.google.com/iam/docs/conditions-overview + + When using the --condition flag, include the following key-value + pairs: + + expression + (Required) Condition expression that evaluates to True or False. + This uses a subset of Common Expression Language syntax. + + If the condition expression includes a comma, use a different + delimiter to separate the key-value pairs. Specify the delimiter + before listing the key-value pairs. For example, to specify a + colon (:) as the delimiter, do the following: + --condition=^:^title=TITLE:expression=EXPRESSION. For more + information, see + https://cloud.google.com/sdk/gcloud/reference/topic/escaping. + + title + (Required) A short string describing the purpose of the + expression. + + description + (Optional) Additional description for the expression. + + --condition-from-file=CONDITION_FROM_FILE + Path to a local JSON or YAML file that defines the condition. To see + available fields, see the help for --condition. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/container/clusters/create b/gcloud/container/clusters/create index afbeaf441..023e57378 100644 --- a/gcloud/container/clusters/create +++ b/gcloud/container/clusters/create @@ -866,6 +866,8 @@ FLAGS cpuManagerPolicy either 'static' or 'none' cpuCFSQuota true or false (enabled by default) cpuCFSQuotaPeriod interval (e.g., '100ms') + podPidsLimit integer (The value must be greater than or equal to + 1024 and less than 4194304.) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/container/fleet/memberships/delete b/gcloud/container/fleet/memberships/delete index 4a37e0a27..55be6ed26 100644 --- a/gcloud/container/fleet/memberships/delete +++ b/gcloud/container/fleet/memberships/delete @@ -16,9 +16,15 @@ DESCRIPTION container fleet memberships unregister. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud container fleet memberships list + Delete a membership from Fleet: - $ gcloud container fleet memberships delete a-membership + $ gcloud container fleet memberships delete MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to delete. The arguments in diff --git a/gcloud/container/fleet/memberships/describe b/gcloud/container/fleet/memberships/describe index 59a9f10fd..2e88d86ac 100644 --- a/gcloud/container/fleet/memberships/describe +++ b/gcloud/container/fleet/memberships/describe @@ -9,9 +9,15 @@ DESCRIPTION Describe a membership in Fleet. EXAMPLES - Describe a membership in Fleet: + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: - $ gcloud container fleet memberships describe a-membership + $ gcloud container fleet memberships list + + Then describe it: + + $ gcloud container fleet memberships describe MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to describe. The arguments in diff --git a/gcloud/container/fleet/memberships/update b/gcloud/container/fleet/memberships/update index 36652cc38..4fd3efa99 100644 --- a/gcloud/container/fleet/memberships/update +++ b/gcloud/container/fleet/memberships/update @@ -11,9 +11,15 @@ DESCRIPTION Update an existing membership in Fleet. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud container fleet memberships list + Update a membership for a cluster: - $ gcloud container fleet memberships update a-membership + $ gcloud container fleet memberships update MEMBERSHIP_ID POSITIONAL ARGUMENTS Membership resource - membership resource representing a cluster in Fleet. diff --git a/gcloud/container/hub/memberships/delete b/gcloud/container/hub/memberships/delete index 8c13b7747..0977f19a0 100644 --- a/gcloud/container/hub/memberships/delete +++ b/gcloud/container/hub/memberships/delete @@ -16,9 +16,15 @@ DESCRIPTION container hub memberships unregister. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud container hub memberships list + Delete a membership from Fleet: - $ gcloud container hub memberships delete a-membership + $ gcloud container hub memberships delete MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to delete. The arguments in diff --git a/gcloud/container/hub/memberships/describe b/gcloud/container/hub/memberships/describe index e4bb1f68d..52a7d69e0 100644 --- a/gcloud/container/hub/memberships/describe +++ b/gcloud/container/hub/memberships/describe @@ -9,9 +9,15 @@ DESCRIPTION Describe a membership in Fleet. EXAMPLES - Describe a membership in Fleet: + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: - $ gcloud container hub memberships describe a-membership + $ gcloud container hub memberships list + + Then describe it: + + $ gcloud container hub memberships describe MEMBERSHIP_NAME POSITIONAL ARGUMENTS Membership resource - The cluster membership to describe. The arguments in diff --git a/gcloud/container/hub/memberships/update b/gcloud/container/hub/memberships/update index 92bdbd968..4327b84f6 100644 --- a/gcloud/container/hub/memberships/update +++ b/gcloud/container/hub/memberships/update @@ -10,9 +10,15 @@ DESCRIPTION Update an existing membership in Fleet. EXAMPLES + First retrieve the ID of the membership using the command below. The output + of this command lists all the fleet's members, with their unique IDs in the + Names column: + + $ gcloud container hub memberships list + Update a membership for a cluster: - $ gcloud container hub memberships update a-membership + $ gcloud container hub memberships update MEMBERSHIP_ID POSITIONAL ARGUMENTS Membership resource - membership resource representing a cluster in Fleet. diff --git a/gcloud/container/node-pools/create b/gcloud/container/node-pools/create index fad3c5346..a98bdc0c6 100644 --- a/gcloud/container/node-pools/create +++ b/gcloud/container/node-pools/create @@ -402,6 +402,8 @@ FLAGS cpuManagerPolicy either 'static' or 'none' cpuCFSQuota true or false (enabled by default) cpuCFSQuotaPeriod interval (e.g., '100ms') + podPidsLimit integer (The value must be greater than or equal to + 1024 and less than 4194304.) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/container/node-pools/update b/gcloud/container/node-pools/update index 22adaabe0..8d59722f8 100644 --- a/gcloud/container/node-pools/update +++ b/gcloud/container/node-pools/update @@ -120,6 +120,8 @@ REQUIRED FLAGS cpuManagerPolicy either 'static' or 'none' cpuCFSQuota true or false (enabled by default) cpuCFSQuotaPeriod interval (e.g., '100ms') + podPidsLimit integer (The value must be greater than or equal + to 1024 and less than 4194304.) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/database-migration/migration-jobs/create b/gcloud/database-migration/migration-jobs/create index 8f11d2309..34110db56 100644 --- a/gcloud/database-migration/migration-jobs/create +++ b/gcloud/database-migration/migration-jobs/create @@ -6,7 +6,7 @@ SYNOPSIS gcloud database-migration migration-jobs create (MIGRATION_JOB : --region=REGION) --destination=DESTINATION --source=SOURCE --type=TYPE [--display-name=DISPLAY_NAME] - [--dump-path=DUMP_PATH] [--labels=[KEY=VALUE,...]] + [--dump-path=DUMP_PATH] [--labels=[KEY=VALUE,...]] [--sync] [--peer-vpc=PEER_VPC | --static-ip | [--vm-ip=VM_IP --vm-port=VM_PORT --vpc=VPC : --vm=VM]] [GCLOUD_WIDE_FLAG ...] @@ -106,6 +106,9 @@ OPTIONAL FLAGS contain only hyphens (-), underscores (_), lowercase characters, and numbers. + --sync + Waits for the operation in progress to complete before returning. + The connectivity method used by the migration job. If a connectivity method isn't specified, then it isn't added to the migration job. diff --git a/gcloud/network-connectivity/spokes/list b/gcloud/network-connectivity/spokes/list index cd115c0c4..9e93901f0 100644 --- a/gcloud/network-connectivity/spokes/list +++ b/gcloud/network-connectivity/spokes/list @@ -2,7 +2,7 @@ NAME gcloud network-connectivity spokes list - list spokes SYNOPSIS - gcloud network-connectivity spokes list --region=REGION + gcloud network-connectivity spokes list [--region=REGION] [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [GCLOUD_WIDE_FLAG ...] @@ -10,25 +10,20 @@ DESCRIPTION Retrieve and display a list of all spokes in the specified project. EXAMPLES - To list all spokes in region us-central1, run: + To list all spokes in the us-central1 region, run: $ gcloud network-connectivity spokes list --region=us-central1 -REQUIRED FLAGS - Region resource - The project of the spokes to display. This represents a - Cloud resource. (NOTE) Some attributes are not given arguments in this - group but can be set in other ways. To set the project attribute: - ◆ provide the argument --region on the command line with a fully - specified name; - ◆ set the property core/project; - ◆ provide the argument --project on the command line. + To list all spokes in all regions, run: - This must be specified. + $ gcloud network-connectivity spokes list - --region=REGION - ID of the region or fully qualified identifier for the region. To set - the region attribute: - ▸ provide the argument --region on the command line. +FLAGS + --region=REGION + A Google Cloud region. To see the names of regions, see Viewing a list + of available regions + (https://cloud.google.com/compute/docs/regions-zones/viewing-regions-zones#viewing_a_list_of_available_regions). + Use ``-`` to specify all regions. LIST COMMAND FLAGS --filter=EXPRESSION diff --git a/gcloud/policy-troubleshoot/iam b/gcloud/policy-troubleshoot/iam index 5e2d95f91..b0c2c2be0 100644 --- a/gcloud/policy-troubleshoot/iam +++ b/gcloud/policy-troubleshoot/iam @@ -18,8 +18,8 @@ EXAMPLES --principal-email=my-iam-account@somedomain.com \ --permission=resourcemanager.projects.get - See https://cloud.google.com/iam/docs/policies for more information about - IAM policies. + See https://cloud.google.com/iam/help/allow-policies/overview for more + information about IAM policies. POSITIONAL ARGUMENTS RESOURCE