1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-08 10:35:03 +00:00

gcloud: Thu Feb 22 10:25:44 UTC 2024

This commit is contained in:
Automated 2024-02-22 10:25:44 +00:00
parent 5bf6fb3fc0
commit 8778dcbd7e
245 changed files with 9946 additions and 513 deletions

View file

@ -101,7 +101,7 @@ OPTIONAL FLAGS
compute-optimized-c3, compute-optimized-c3d, compute-optimized-h3,
general-purpose, general-purpose-e2, general-purpose-n2,
general-purpose-n2d, general-purpose-t2d, graphics-optimized,
memory-optimized, memory-optimized-m3.
memory-optimized, memory-optimized-m3, storage-optimized-z3.
Manage the reservations to be created with the commitment.

View file

@ -11,13 +11,14 @@ SYNOPSIS
[--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]]
[--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging]
[--layer4-configs=[LAYER4_CONFIG,...]] [--organization=ORGANIZATION]
[--security-profile-group=SECURITY_PROFILE_GROUP]
[--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]]
[--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]]
[--src-region-codes=[SOURCE_REGION_CODES,...]]
[--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]]
[--target-resources=[TARGET_RESOURCES,...]]
[--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
[GCLOUD_WIDE_FLAG ...]
[--[no-]tls-inspect] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
gcloud compute firewall-policies rules create is used to create
@ -38,7 +39,7 @@ POSITIONAL ARGUMENTS
REQUIRED FLAGS
--action=ACTION
Action to take if the request matches the match condition. ACTION must
be one of: allow, deny, goto_next.
be one of: allow, deny, goto_next, apply_security_profile_group.
--firewall-policy=FIREWALL_POLICY
Short name of the firewall policy into which the rule should be
@ -90,6 +91,18 @@ OPTIONAL FLAGS
Organization which the organization firewall policy belongs to. Must be
set if FIREWALL_POLICY is short name.
--security-profile-group=SECURITY_PROFILE_GROUP
An org-based security profile group to be used with
apply_security_profile_group action. Allowed formats are: a)
http(s)://<namespace>/<api>/organizations/<org_id>/locations/global/securityProfileGroups/<profile>
b)
(//)<namespace>/organizations/<org_id>/locations/global/securityProfileGroups/<profile>
c) <profile>. In case "c" gCloud CLI will create a reference matching
format "a", but to make it work
CLOUDSDK_API_ENDPOINT_OVERRIDES_NETWORKSECURITY property must be set.
In order to set this property, please run the command gcloud config set
api_endpoint_overrides/networksecurity https://<namespace>/.
--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]
Source address groups to match for this rule. Can only be specified if
DIRECTION is ingress.
@ -117,6 +130,12 @@ OPTIONAL FLAGS
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
List of target service accounts for the rule.
--[no-]tls-inspect
Use this flag to indicate whether TLS traffic should be inspected using
the TLS inspection policy when the security profile group is applied.
Default: no TLS inspection. Use --tls-inspect to enable and
--no-tls-inspect to disable.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -13,13 +13,14 @@ SYNOPSIS
[--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging]
[--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY]
[--organization=ORGANIZATION]
[--security-profile-group=SECURITY_PROFILE_GROUP]
[--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]]
[--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]]
[--src-region-codes=[SOURCE_REGION_CODES,...]]
[--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]]
[--target-resources=[TARGET_RESOURCES,...]]
[--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
[GCLOUD_WIDE_FLAG ...]
[--[no-]tls-inspect] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
gcloud compute firewall-policies rules update is used to update
@ -46,7 +47,7 @@ REQUIRED FLAGS
OPTIONAL FLAGS
--action=ACTION
Action to take if the request matches the match condition. ACTION must
be one of: allow, deny, goto_next.
be one of: allow, deny, goto_next, apply_security_profile_group.
--description=DESCRIPTION
An optional, textual description for the rule.
@ -96,6 +97,18 @@ OPTIONAL FLAGS
Organization which the organization firewall policy belongs to. Must be
set if FIREWALL_POLICY is short name.
--security-profile-group=SECURITY_PROFILE_GROUP
An org-based security profile group to be used with
apply_security_profile_group action. Allowed formats are: a)
http(s)://<namespace>/<api>/organizations/<org_id>/locations/global/securityProfileGroups/<profile>
b)
(//)<namespace>/organizations/<org_id>/locations/global/securityProfileGroups/<profile>
c) <profile>. In case "c" gCloud CLI will create a reference matching
format "a", but to make it work
CLOUDSDK_API_ENDPOINT_OVERRIDES_NETWORKSECURITY property must be set.
In order to set this property, please run the command gcloud config set
api_endpoint_overrides/networksecurity https://<namespace>/.
--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]
Source address groups to match for this rule. Can only be specified if
DIRECTION is ingress.
@ -123,6 +136,12 @@ OPTIONAL FLAGS
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
List of target service accounts for the rule.
--[no-]tls-inspect
Use this flag to indicate whether TLS traffic should be inspected using
the TLS inspection policy when the security profile group is applied.
Default: no TLS inspection. Use --tls-inspect to enable and
--no-tls-inspect to disable.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -53,22 +53,22 @@ OPTIONAL FLAGS
complete.
--cloudbuild-service-account=CLOUDBUILD_SERVICE_ACCOUNT
Image import amd export tools use Cloud Build to import and export
Image import and export tools use Cloud Build to import and export
images to and from your project. Cloud Build uses a specific service
account to execute builds on your behalf. The Cloud Build service
account generates access token for other service accounts and it is
account generates an access token for other service accounts and it is
also used for authentication when building the artifacts for the image
import tool.
Use this flag to to specify a custom Cloud Build service account for
image import and export. If you don't specify this flag, Cloud Build
runs using your project's default Cloud Build service account. To set
this option, specify the email address corresponding to the required
Cloud Build service account. Note: You must specify the --logs-location
flag when you set the custom Cloud Build service account.
Use this flag to to specify a user-managed service account for image
import and export. If you don't specify this flag, Cloud Build runs
using your project's default Cloud Build service account. To set this
option, specify the email address of the desired user-managed service
account. Note: You must specify the --logs-location flag when you set a
user-managed service account.
At minimum, the specified Cloud Build service account needs to have the
following roles assigned:
At minimum, the specified user-managed service account needs to have
the following roles assigned:
◆ roles/compute.admin
◆ roles/iam.serviceAccountTokenCreator

View file

@ -147,22 +147,22 @@ OPTIONAL FLAGS
complete.
--cloudbuild-service-account=CLOUDBUILD_SERVICE_ACCOUNT
Image import amd export tools use Cloud Build to import and export
Image import and export tools use Cloud Build to import and export
images to and from your project. Cloud Build uses a specific service
account to execute builds on your behalf. The Cloud Build service
account generates access token for other service accounts and it is
account generates an access token for other service accounts and it is
also used for authentication when building the artifacts for the image
import tool.
Use this flag to to specify a custom Cloud Build service account for
image import and export. If you don't specify this flag, Cloud Build
runs using your project's default Cloud Build service account. To set
this option, specify the email address corresponding to the required
Cloud Build service account. Note: You must specify the --logs-location
flag when you set the custom Cloud Build service account.
Use this flag to to specify a user-managed service account for image
import and export. If you don't specify this flag, Cloud Build runs
using your project's default Cloud Build service account. To set this
option, specify the email address of the desired user-managed service
account. Note: You must specify the --logs-location flag when you set a
user-managed service account.
At minimum, the specified Cloud Build service account needs to have the
following roles assigned:
At minimum, the specified user-managed service account needs to have
the following roles assigned:
◆ roles/compute.admin
◆ roles/iam.serviceAccountTokenCreator

View file

@ -91,22 +91,22 @@ OPTIONAL FLAGS
non-matching destination or source IP addresses.
--cloudbuild-service-account=CLOUDBUILD_SERVICE_ACCOUNT
Image import amd export tools use Cloud Build to import and export
Image import and export tools use Cloud Build to import and export
images to and from your project. Cloud Build uses a specific service
account to execute builds on your behalf. The Cloud Build service
account generates access token for other service accounts and it is
account generates an access token for other service accounts and it is
also used for authentication when building the artifacts for the image
import tool.
Use this flag to to specify a custom Cloud Build service account for
image import and export. If you don't specify this flag, Cloud Build
runs using your project's default Cloud Build service account. To set
this option, specify the email address corresponding to the required
Cloud Build service account. Note: You must specify the --logs-location
flag when you set the custom Cloud Build service account.
Use this flag to to specify a user-managed service account for image
import and export. If you don't specify this flag, Cloud Build runs
using your project's default Cloud Build service account. To set this
option, specify the email address of the desired user-managed service
account. Note: You must specify the --logs-location flag when you set a
user-managed service account.
At minimum, the specified Cloud Build service account needs to have the
following roles assigned:
At minimum, the specified user-managed service account needs to have
the following roles assigned:
◆ roles/compute.admin
◆ roles/iam.serviceAccountTokenCreator

View file

@ -90,22 +90,22 @@ OPTIONAL FLAGS
addresses.
--cloudbuild-service-account=CLOUDBUILD_SERVICE_ACCOUNT
Image import amd export tools use Cloud Build to import and export
Image import and export tools use Cloud Build to import and export
images to and from your project. Cloud Build uses a specific service
account to execute builds on your behalf. The Cloud Build service
account generates access token for other service accounts and it is
account generates an access token for other service accounts and it is
also used for authentication when building the artifacts for the image
import tool.
Use this flag to to specify a custom Cloud Build service account for
image import and export. If you don't specify this flag, Cloud Build
runs using your project's default Cloud Build service account. To set
this option, specify the email address corresponding to the required
Cloud Build service account. Note: You must specify the --logs-location
flag when you set the custom Cloud Build service account.
Use this flag to to specify a user-managed service account for image
import and export. If you don't specify this flag, Cloud Build runs
using your project's default Cloud Build service account. To set this
option, specify the email address of the desired user-managed service
account. Note: You must specify the --logs-location flag when you set a
user-managed service account.
At minimum, the specified Cloud Build service account needs to have the
following roles assigned:
At minimum, the specified user-managed service account needs to have
the following roles assigned:
◆ roles/compute.admin
◆ roles/iam.serviceAccountTokenCreator

View file

@ -12,6 +12,7 @@ SYNOPSIS
[--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]]
[--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging]
[--layer4-configs=[LAYER4_CONFIG,...]]
[--security-profile-group=SECURITY_PROFILE_GROUP]
[--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]]
[--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]]
[--src-region-codes=[SOURCE_REGION_CODES,...]]
@ -19,6 +20,7 @@ SYNOPSIS
[--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]]
[--target-secure-tags=[TARGET_SECURE_TAGS,...]]
[--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
[--[no-]tls-inspect]
[--firewall-policy-region=FIREWALL_POLICY_REGION
| --global-firewall-policy] [GCLOUD_WIDE_FLAG ...]
@ -49,7 +51,7 @@ POSITIONAL ARGUMENTS
REQUIRED FLAGS
--action=ACTION
Action to take if the request matches the match condition. ACTION must
be one of: allow, deny, goto_next.
be one of: allow, deny, goto_next, apply_security_profile_group.
--firewall-policy=FIREWALL_POLICY
Firewall policy ID with which to create rule.
@ -96,6 +98,10 @@ OPTIONAL FLAGS
A list of destination protocols and ports to which the firewall rule
will apply.
--security-profile-group=SECURITY_PROFILE_GROUP
A security profile group to be used with apply_security_profile_group
action.
--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]
Source address groups to match for this rule. Can only be specified if
DIRECTION is ingress.
@ -143,6 +149,12 @@ OPTIONAL FLAGS
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
List of target service accounts for the rule.
--[no-]tls-inspect
Use this flag to indicate whether TLS traffic should be inspected using
the TLS inspection policy when the security profile group is applied.
Default: no TLS inspection. Use --tls-inspect to enable and
--no-tls-inspect to disable.
At most one of these can be specified:
--firewall-policy-region=FIREWALL_POLICY_REGION

View file

@ -12,6 +12,7 @@ SYNOPSIS
[--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]]
[--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging]
[--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY]
[--security-profile-group=SECURITY_PROFILE_GROUP]
[--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]]
[--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]]
[--src-region-codes=[SOURCE_REGION_CODES,...]]
@ -19,6 +20,7 @@ SYNOPSIS
[--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]]
[--target-secure-tags=[TARGET_SECURE_TAGS,...]]
[--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
[--[no-]tls-inspect]
[--firewall-policy-region=FIREWALL_POLICY_REGION
| --global-firewall-policy] [GCLOUD_WIDE_FLAG ...]
@ -46,7 +48,7 @@ REQUIRED FLAGS
OPTIONAL FLAGS
--action=ACTION
Action to take if the request matches the match condition. ACTION must
be one of: allow, deny, goto_next.
be one of: allow, deny, goto_next, apply_security_profile_group.
--description=DESCRIPTION
An optional, textual description for the rule.
@ -92,6 +94,10 @@ OPTIONAL FLAGS
--new-priority=NEW_PRIORITY
New priority for the rule to update. Valid in [0, 65535].
--security-profile-group=SECURITY_PROFILE_GROUP
A security profile group to be used with apply_security_profile_group
action.
--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]
Source address groups to match for this rule. Can only be specified if
DIRECTION is ingress.
@ -139,6 +145,12 @@ OPTIONAL FLAGS
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
List of target service accounts for the rule.
--[no-]tls-inspect
Use this flag to indicate whether TLS traffic should be inspected using
the TLS inspection policy when the security profile group is applied.
Default: no TLS inspection. Use --tls-inspect to enable and
--no-tls-inspect to disable.
At most one of these can be specified:
--firewall-policy-region=FIREWALL_POLICY_REGION