mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 10:35:03 +00:00
gcloud: Thu Feb 22 10:25:44 UTC 2024
This commit is contained in:
parent
5bf6fb3fc0
commit
8778dcbd7e
245 changed files with 9946 additions and 513 deletions
|
|
@ -101,7 +101,7 @@ OPTIONAL FLAGS
|
|||
compute-optimized-c3, compute-optimized-c3d, compute-optimized-h3,
|
||||
general-purpose, general-purpose-e2, general-purpose-n2,
|
||||
general-purpose-n2d, general-purpose-t2d, graphics-optimized,
|
||||
memory-optimized, memory-optimized-m3.
|
||||
memory-optimized, memory-optimized-m3, storage-optimized-z3.
|
||||
|
||||
Manage the reservations to be created with the commitment.
|
||||
|
||||
|
|
|
|||
|
|
@ -11,13 +11,14 @@ SYNOPSIS
|
|||
[--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]]
|
||||
[--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging]
|
||||
[--layer4-configs=[LAYER4_CONFIG,...]] [--organization=ORGANIZATION]
|
||||
[--security-profile-group=SECURITY_PROFILE_GROUP]
|
||||
[--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]]
|
||||
[--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]]
|
||||
[--src-region-codes=[SOURCE_REGION_CODES,...]]
|
||||
[--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]]
|
||||
[--target-resources=[TARGET_RESOURCES,...]]
|
||||
[--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
[--[no-]tls-inspect] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
gcloud compute firewall-policies rules create is used to create
|
||||
|
|
@ -38,7 +39,7 @@ POSITIONAL ARGUMENTS
|
|||
REQUIRED FLAGS
|
||||
--action=ACTION
|
||||
Action to take if the request matches the match condition. ACTION must
|
||||
be one of: allow, deny, goto_next.
|
||||
be one of: allow, deny, goto_next, apply_security_profile_group.
|
||||
|
||||
--firewall-policy=FIREWALL_POLICY
|
||||
Short name of the firewall policy into which the rule should be
|
||||
|
|
@ -90,6 +91,18 @@ OPTIONAL FLAGS
|
|||
Organization which the organization firewall policy belongs to. Must be
|
||||
set if FIREWALL_POLICY is short name.
|
||||
|
||||
--security-profile-group=SECURITY_PROFILE_GROUP
|
||||
An org-based security profile group to be used with
|
||||
apply_security_profile_group action. Allowed formats are: a)
|
||||
http(s)://<namespace>/<api>/organizations/<org_id>/locations/global/securityProfileGroups/<profile>
|
||||
b)
|
||||
(//)<namespace>/organizations/<org_id>/locations/global/securityProfileGroups/<profile>
|
||||
c) <profile>. In case "c" gCloud CLI will create a reference matching
|
||||
format "a", but to make it work
|
||||
CLOUDSDK_API_ENDPOINT_OVERRIDES_NETWORKSECURITY property must be set.
|
||||
In order to set this property, please run the command gcloud config set
|
||||
api_endpoint_overrides/networksecurity https://<namespace>/.
|
||||
|
||||
--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]
|
||||
Source address groups to match for this rule. Can only be specified if
|
||||
DIRECTION is ingress.
|
||||
|
|
@ -117,6 +130,12 @@ OPTIONAL FLAGS
|
|||
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
|
||||
List of target service accounts for the rule.
|
||||
|
||||
--[no-]tls-inspect
|
||||
Use this flag to indicate whether TLS traffic should be inspected using
|
||||
the TLS inspection policy when the security profile group is applied.
|
||||
Default: no TLS inspection. Use --tls-inspect to enable and
|
||||
--no-tls-inspect to disable.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
|
|
|
|||
|
|
@ -13,13 +13,14 @@ SYNOPSIS
|
|||
[--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging]
|
||||
[--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY]
|
||||
[--organization=ORGANIZATION]
|
||||
[--security-profile-group=SECURITY_PROFILE_GROUP]
|
||||
[--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]]
|
||||
[--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]]
|
||||
[--src-region-codes=[SOURCE_REGION_CODES,...]]
|
||||
[--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]]
|
||||
[--target-resources=[TARGET_RESOURCES,...]]
|
||||
[--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
[--[no-]tls-inspect] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
gcloud compute firewall-policies rules update is used to update
|
||||
|
|
@ -46,7 +47,7 @@ REQUIRED FLAGS
|
|||
OPTIONAL FLAGS
|
||||
--action=ACTION
|
||||
Action to take if the request matches the match condition. ACTION must
|
||||
be one of: allow, deny, goto_next.
|
||||
be one of: allow, deny, goto_next, apply_security_profile_group.
|
||||
|
||||
--description=DESCRIPTION
|
||||
An optional, textual description for the rule.
|
||||
|
|
@ -96,6 +97,18 @@ OPTIONAL FLAGS
|
|||
Organization which the organization firewall policy belongs to. Must be
|
||||
set if FIREWALL_POLICY is short name.
|
||||
|
||||
--security-profile-group=SECURITY_PROFILE_GROUP
|
||||
An org-based security profile group to be used with
|
||||
apply_security_profile_group action. Allowed formats are: a)
|
||||
http(s)://<namespace>/<api>/organizations/<org_id>/locations/global/securityProfileGroups/<profile>
|
||||
b)
|
||||
(//)<namespace>/organizations/<org_id>/locations/global/securityProfileGroups/<profile>
|
||||
c) <profile>. In case "c" gCloud CLI will create a reference matching
|
||||
format "a", but to make it work
|
||||
CLOUDSDK_API_ENDPOINT_OVERRIDES_NETWORKSECURITY property must be set.
|
||||
In order to set this property, please run the command gcloud config set
|
||||
api_endpoint_overrides/networksecurity https://<namespace>/.
|
||||
|
||||
--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]
|
||||
Source address groups to match for this rule. Can only be specified if
|
||||
DIRECTION is ingress.
|
||||
|
|
@ -123,6 +136,12 @@ OPTIONAL FLAGS
|
|||
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
|
||||
List of target service accounts for the rule.
|
||||
|
||||
--[no-]tls-inspect
|
||||
Use this flag to indicate whether TLS traffic should be inspected using
|
||||
the TLS inspection policy when the security profile group is applied.
|
||||
Default: no TLS inspection. Use --tls-inspect to enable and
|
||||
--no-tls-inspect to disable.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
|
|
|
|||
|
|
@ -53,22 +53,22 @@ OPTIONAL FLAGS
|
|||
complete.
|
||||
|
||||
--cloudbuild-service-account=CLOUDBUILD_SERVICE_ACCOUNT
|
||||
Image import amd export tools use Cloud Build to import and export
|
||||
Image import and export tools use Cloud Build to import and export
|
||||
images to and from your project. Cloud Build uses a specific service
|
||||
account to execute builds on your behalf. The Cloud Build service
|
||||
account generates access token for other service accounts and it is
|
||||
account generates an access token for other service accounts and it is
|
||||
also used for authentication when building the artifacts for the image
|
||||
import tool.
|
||||
|
||||
Use this flag to to specify a custom Cloud Build service account for
|
||||
image import and export. If you don't specify this flag, Cloud Build
|
||||
runs using your project's default Cloud Build service account. To set
|
||||
this option, specify the email address corresponding to the required
|
||||
Cloud Build service account. Note: You must specify the --logs-location
|
||||
flag when you set the custom Cloud Build service account.
|
||||
Use this flag to to specify a user-managed service account for image
|
||||
import and export. If you don't specify this flag, Cloud Build runs
|
||||
using your project's default Cloud Build service account. To set this
|
||||
option, specify the email address of the desired user-managed service
|
||||
account. Note: You must specify the --logs-location flag when you set a
|
||||
user-managed service account.
|
||||
|
||||
At minimum, the specified Cloud Build service account needs to have the
|
||||
following roles assigned:
|
||||
At minimum, the specified user-managed service account needs to have
|
||||
the following roles assigned:
|
||||
|
||||
◆ roles/compute.admin
|
||||
◆ roles/iam.serviceAccountTokenCreator
|
||||
|
|
|
|||
|
|
@ -147,22 +147,22 @@ OPTIONAL FLAGS
|
|||
complete.
|
||||
|
||||
--cloudbuild-service-account=CLOUDBUILD_SERVICE_ACCOUNT
|
||||
Image import amd export tools use Cloud Build to import and export
|
||||
Image import and export tools use Cloud Build to import and export
|
||||
images to and from your project. Cloud Build uses a specific service
|
||||
account to execute builds on your behalf. The Cloud Build service
|
||||
account generates access token for other service accounts and it is
|
||||
account generates an access token for other service accounts and it is
|
||||
also used for authentication when building the artifacts for the image
|
||||
import tool.
|
||||
|
||||
Use this flag to to specify a custom Cloud Build service account for
|
||||
image import and export. If you don't specify this flag, Cloud Build
|
||||
runs using your project's default Cloud Build service account. To set
|
||||
this option, specify the email address corresponding to the required
|
||||
Cloud Build service account. Note: You must specify the --logs-location
|
||||
flag when you set the custom Cloud Build service account.
|
||||
Use this flag to to specify a user-managed service account for image
|
||||
import and export. If you don't specify this flag, Cloud Build runs
|
||||
using your project's default Cloud Build service account. To set this
|
||||
option, specify the email address of the desired user-managed service
|
||||
account. Note: You must specify the --logs-location flag when you set a
|
||||
user-managed service account.
|
||||
|
||||
At minimum, the specified Cloud Build service account needs to have the
|
||||
following roles assigned:
|
||||
At minimum, the specified user-managed service account needs to have
|
||||
the following roles assigned:
|
||||
|
||||
◆ roles/compute.admin
|
||||
◆ roles/iam.serviceAccountTokenCreator
|
||||
|
|
|
|||
|
|
@ -91,22 +91,22 @@ OPTIONAL FLAGS
|
|||
non-matching destination or source IP addresses.
|
||||
|
||||
--cloudbuild-service-account=CLOUDBUILD_SERVICE_ACCOUNT
|
||||
Image import amd export tools use Cloud Build to import and export
|
||||
Image import and export tools use Cloud Build to import and export
|
||||
images to and from your project. Cloud Build uses a specific service
|
||||
account to execute builds on your behalf. The Cloud Build service
|
||||
account generates access token for other service accounts and it is
|
||||
account generates an access token for other service accounts and it is
|
||||
also used for authentication when building the artifacts for the image
|
||||
import tool.
|
||||
|
||||
Use this flag to to specify a custom Cloud Build service account for
|
||||
image import and export. If you don't specify this flag, Cloud Build
|
||||
runs using your project's default Cloud Build service account. To set
|
||||
this option, specify the email address corresponding to the required
|
||||
Cloud Build service account. Note: You must specify the --logs-location
|
||||
flag when you set the custom Cloud Build service account.
|
||||
Use this flag to to specify a user-managed service account for image
|
||||
import and export. If you don't specify this flag, Cloud Build runs
|
||||
using your project's default Cloud Build service account. To set this
|
||||
option, specify the email address of the desired user-managed service
|
||||
account. Note: You must specify the --logs-location flag when you set a
|
||||
user-managed service account.
|
||||
|
||||
At minimum, the specified Cloud Build service account needs to have the
|
||||
following roles assigned:
|
||||
At minimum, the specified user-managed service account needs to have
|
||||
the following roles assigned:
|
||||
|
||||
◆ roles/compute.admin
|
||||
◆ roles/iam.serviceAccountTokenCreator
|
||||
|
|
|
|||
|
|
@ -90,22 +90,22 @@ OPTIONAL FLAGS
|
|||
addresses.
|
||||
|
||||
--cloudbuild-service-account=CLOUDBUILD_SERVICE_ACCOUNT
|
||||
Image import amd export tools use Cloud Build to import and export
|
||||
Image import and export tools use Cloud Build to import and export
|
||||
images to and from your project. Cloud Build uses a specific service
|
||||
account to execute builds on your behalf. The Cloud Build service
|
||||
account generates access token for other service accounts and it is
|
||||
account generates an access token for other service accounts and it is
|
||||
also used for authentication when building the artifacts for the image
|
||||
import tool.
|
||||
|
||||
Use this flag to to specify a custom Cloud Build service account for
|
||||
image import and export. If you don't specify this flag, Cloud Build
|
||||
runs using your project's default Cloud Build service account. To set
|
||||
this option, specify the email address corresponding to the required
|
||||
Cloud Build service account. Note: You must specify the --logs-location
|
||||
flag when you set the custom Cloud Build service account.
|
||||
Use this flag to to specify a user-managed service account for image
|
||||
import and export. If you don't specify this flag, Cloud Build runs
|
||||
using your project's default Cloud Build service account. To set this
|
||||
option, specify the email address of the desired user-managed service
|
||||
account. Note: You must specify the --logs-location flag when you set a
|
||||
user-managed service account.
|
||||
|
||||
At minimum, the specified Cloud Build service account needs to have the
|
||||
following roles assigned:
|
||||
At minimum, the specified user-managed service account needs to have
|
||||
the following roles assigned:
|
||||
|
||||
◆ roles/compute.admin
|
||||
◆ roles/iam.serviceAccountTokenCreator
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ SYNOPSIS
|
|||
[--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]]
|
||||
[--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging]
|
||||
[--layer4-configs=[LAYER4_CONFIG,...]]
|
||||
[--security-profile-group=SECURITY_PROFILE_GROUP]
|
||||
[--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]]
|
||||
[--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]]
|
||||
[--src-region-codes=[SOURCE_REGION_CODES,...]]
|
||||
|
|
@ -19,6 +20,7 @@ SYNOPSIS
|
|||
[--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]]
|
||||
[--target-secure-tags=[TARGET_SECURE_TAGS,...]]
|
||||
[--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
|
||||
[--[no-]tls-inspect]
|
||||
[--firewall-policy-region=FIREWALL_POLICY_REGION
|
||||
| --global-firewall-policy] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
|
|
@ -49,7 +51,7 @@ POSITIONAL ARGUMENTS
|
|||
REQUIRED FLAGS
|
||||
--action=ACTION
|
||||
Action to take if the request matches the match condition. ACTION must
|
||||
be one of: allow, deny, goto_next.
|
||||
be one of: allow, deny, goto_next, apply_security_profile_group.
|
||||
|
||||
--firewall-policy=FIREWALL_POLICY
|
||||
Firewall policy ID with which to create rule.
|
||||
|
|
@ -96,6 +98,10 @@ OPTIONAL FLAGS
|
|||
A list of destination protocols and ports to which the firewall rule
|
||||
will apply.
|
||||
|
||||
--security-profile-group=SECURITY_PROFILE_GROUP
|
||||
A security profile group to be used with apply_security_profile_group
|
||||
action.
|
||||
|
||||
--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]
|
||||
Source address groups to match for this rule. Can only be specified if
|
||||
DIRECTION is ingress.
|
||||
|
|
@ -143,6 +149,12 @@ OPTIONAL FLAGS
|
|||
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
|
||||
List of target service accounts for the rule.
|
||||
|
||||
--[no-]tls-inspect
|
||||
Use this flag to indicate whether TLS traffic should be inspected using
|
||||
the TLS inspection policy when the security profile group is applied.
|
||||
Default: no TLS inspection. Use --tls-inspect to enable and
|
||||
--no-tls-inspect to disable.
|
||||
|
||||
At most one of these can be specified:
|
||||
|
||||
--firewall-policy-region=FIREWALL_POLICY_REGION
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ SYNOPSIS
|
|||
[--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]]
|
||||
[--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging]
|
||||
[--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY]
|
||||
[--security-profile-group=SECURITY_PROFILE_GROUP]
|
||||
[--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]]
|
||||
[--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]]
|
||||
[--src-region-codes=[SOURCE_REGION_CODES,...]]
|
||||
|
|
@ -19,6 +20,7 @@ SYNOPSIS
|
|||
[--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]]
|
||||
[--target-secure-tags=[TARGET_SECURE_TAGS,...]]
|
||||
[--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
|
||||
[--[no-]tls-inspect]
|
||||
[--firewall-policy-region=FIREWALL_POLICY_REGION
|
||||
| --global-firewall-policy] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
|
|
@ -46,7 +48,7 @@ REQUIRED FLAGS
|
|||
OPTIONAL FLAGS
|
||||
--action=ACTION
|
||||
Action to take if the request matches the match condition. ACTION must
|
||||
be one of: allow, deny, goto_next.
|
||||
be one of: allow, deny, goto_next, apply_security_profile_group.
|
||||
|
||||
--description=DESCRIPTION
|
||||
An optional, textual description for the rule.
|
||||
|
|
@ -92,6 +94,10 @@ OPTIONAL FLAGS
|
|||
--new-priority=NEW_PRIORITY
|
||||
New priority for the rule to update. Valid in [0, 65535].
|
||||
|
||||
--security-profile-group=SECURITY_PROFILE_GROUP
|
||||
A security profile group to be used with apply_security_profile_group
|
||||
action.
|
||||
|
||||
--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]
|
||||
Source address groups to match for this rule. Can only be specified if
|
||||
DIRECTION is ingress.
|
||||
|
|
@ -139,6 +145,12 @@ OPTIONAL FLAGS
|
|||
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
|
||||
List of target service accounts for the rule.
|
||||
|
||||
--[no-]tls-inspect
|
||||
Use this flag to indicate whether TLS traffic should be inspected using
|
||||
the TLS inspection policy when the security profile group is applied.
|
||||
Default: no TLS inspection. Use --tls-inspect to enable and
|
||||
--no-tls-inspect to disable.
|
||||
|
||||
At most one of these can be specified:
|
||||
|
||||
--firewall-policy-region=FIREWALL_POLICY_REGION
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue