1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-08 10:35:03 +00:00

gcloud: Thu Jun 27 09:38:12 UTC 2024

This commit is contained in:
Automated 2024-06-27 09:38:12 +00:00
parent fb3e2aa33b
commit 9cd336cae4
60 changed files with 1726 additions and 122 deletions

View file

@ -0,0 +1,86 @@
NAME
gcloud alpha ai endpoints direct-predict - run Vertex AI online direct
prediction
SYNOPSIS
gcloud alpha ai endpoints direct-predict (ENDPOINT : --region=REGION)
--json-request=JSON_REQUEST [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) gcloud alpha ai endpoints direct-predict sends a direct prediction
request to Vertex AI endpoint for the given instances. The request limit is
10MB.
EXAMPLES
To direct predict against an endpoint 123 under project example in region
us-central1, run:
$ gcloud alpha ai endpoints direct-predict 123 --project=example \
--region=us-central1 --json-request=input.json
POSITIONAL ARGUMENTS
Endpoint resource - The endpoint to do online direct prediction. The
arguments in this group can be used to specify the attributes of this
resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.
To set the project attribute:
◆ provide the argument endpoint on the command line with a fully
specified name;
◆ provide the argument --project on the command line;
◆ set the property core/project.
This must be specified.
ENDPOINT
ID of the endpoint or fully qualified identifier for the endpoint.
To set the name attribute:
▸ provide the argument endpoint on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--region=REGION
Cloud region for the endpoint.
To set the region attribute:
▸ provide the argument endpoint on the command line with a fully
specified name;
▸ provide the argument --region on the command line;
▸ set the property ai/region;
▸ choose one from the prompted list of available regions.
REQUIRED FLAGS
--json-request=JSON_REQUEST
Path to a local file containing the body of a JSON request.
An example of a JSON request:
{
"inputs": [
{"dtype": "STRING", shape: [1], "string_val": ["hello world"]},
{"dtype": "INT32", shape: [1], "int_val": [42]}
]
}
This flag accepts "-" for stdin.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist. These variants are also available:
$ gcloud ai endpoints direct-predict
$ gcloud beta ai endpoints direct-predict

View file

@ -0,0 +1,84 @@
NAME
gcloud alpha ai endpoints direct-raw-predict - run Vertex AI online direct
raw prediction
SYNOPSIS
gcloud alpha ai endpoints direct-raw-predict (ENDPOINT : --region=REGION)
--json-request=JSON_REQUEST [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) gcloud alpha ai endpoints direct-raw-predict sends a direct raw
prediction request to Vertex AI endpoint for the given input. The request
limit is 10MB.
EXAMPLES
To direct raw predict against an endpoint 123 under project example in
region us-central1, run:
$ gcloud alpha ai endpoints direct-raw-predict 123 \
--project=example --region=us-central1 --json-request=input.json
POSITIONAL ARGUMENTS
Endpoint resource - The endpoint to do online direct raw prediction. The
arguments in this group can be used to specify the attributes of this
resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.
To set the project attribute:
◆ provide the argument endpoint on the command line with a fully
specified name;
◆ provide the argument --project on the command line;
◆ set the property core/project.
This must be specified.
ENDPOINT
ID of the endpoint or fully qualified identifier for the endpoint.
To set the name attribute:
▸ provide the argument endpoint on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--region=REGION
Cloud region for the endpoint.
To set the region attribute:
▸ provide the argument endpoint on the command line with a fully
specified name;
▸ provide the argument --region on the command line;
▸ set the property ai/region;
▸ choose one from the prompted list of available regions.
REQUIRED FLAGS
--json-request=JSON_REQUEST
Path to a local file containing the body of a JSON request.
An example of a JSON request:
{
"method_name": "my.method.Predict",
"input": "my request bytes"
}
This flag accepts "-" for stdin.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist. These variants are also available:
$ gcloud ai endpoints direct-raw-predict
$ gcloud beta ai endpoints direct-raw-predict

View file

@ -34,6 +34,12 @@ COMMANDS
describe
(ALPHA) Describe an existing Vertex AI endpoint.
direct-predict
(ALPHA) Run Vertex AI online direct prediction.
direct-raw-predict
(ALPHA) Run Vertex AI online direct raw prediction.
explain
(ALPHA) Request an online explanation from an Vertex AI endpoint.
@ -46,6 +52,12 @@ COMMANDS
raw-predict
(ALPHA) Run Vertex AI online raw prediction.
stream-direct-predict
(ALPHA) Run Vertex AI online stream direct prediction.
stream-direct-raw-predict
(ALPHA) Run Vertex AI online stream direct raw prediction.
stream-raw-predict
(ALPHA) Run Vertex AI online stream raw prediction.

View file

@ -0,0 +1,87 @@
NAME
gcloud alpha ai endpoints stream-direct-predict - run Vertex AI online
stream direct prediction
SYNOPSIS
gcloud alpha ai endpoints stream-direct-predict
(ENDPOINT : --region=REGION) --json-request=JSON_REQUEST
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) gcloud alpha ai endpoints stream-direct-predict sends a stream
direct prediction request to Vertex AI endpoint for the given inputs. The
request limit is 10MB.
EXAMPLES
To stream direct predict against an endpoint 123 under project example in
region us-central1, run:
$ gcloud alpha ai endpoints stream-direct-predict 123 \
--project=example --region=us-central1 --json-request=input.json
POSITIONAL ARGUMENTS
Endpoint resource - The endpoint to do online stream direct prediction.
The arguments in this group can be used to specify the attributes of this
resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.
To set the project attribute:
◆ provide the argument endpoint on the command line with a fully
specified name;
◆ provide the argument --project on the command line;
◆ set the property core/project.
This must be specified.
ENDPOINT
ID of the endpoint or fully qualified identifier for the endpoint.
To set the name attribute:
▸ provide the argument endpoint on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--region=REGION
Cloud region for the endpoint.
To set the region attribute:
▸ provide the argument endpoint on the command line with a fully
specified name;
▸ provide the argument --region on the command line;
▸ set the property ai/region;
▸ choose one from the prompted list of available regions.
REQUIRED FLAGS
--json-request=JSON_REQUEST
Path to a local file containing the body of a JSON request.
An example of a JSON request:
{
"inputs": [
{"dtype": "STRING", shape: [1], "string_val": ["hello world"]},
{"dtype": "INT32", shape: [1], "int_val": [42]}
]
}
This flag accepts "-" for stdin.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist. These variants are also available:
$ gcloud ai endpoints stream-direct-predict
$ gcloud beta ai endpoints stream-direct-predict

View file

@ -0,0 +1,85 @@
NAME
gcloud alpha ai endpoints stream-direct-raw-predict - run Vertex AI online
stream direct raw prediction
SYNOPSIS
gcloud alpha ai endpoints stream-direct-raw-predict
(ENDPOINT : --region=REGION) --json-request=JSON_REQUEST
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) gcloud alpha ai endpoints stream-direct-raw-predict sends a stream
direct raw prediction request to Vertex AI endpoint for the given input.
The request limit is 10MB.
EXAMPLES
To stream direct raw predict against an endpoint 123 under project example
in region us-central1, run:
$ gcloud alpha ai endpoints stream-direct-raw-predict 123 \
--project=example --region=us-central1 --json-request=input.json
POSITIONAL ARGUMENTS
Endpoint resource - The endpoint to do online stream direct raw
prediction. The arguments in this group can be used to specify the
attributes of this resource. (NOTE) Some attributes are not given
arguments in this group but can be set in other ways.
To set the project attribute:
◆ provide the argument endpoint on the command line with a fully
specified name;
◆ provide the argument --project on the command line;
◆ set the property core/project.
This must be specified.
ENDPOINT
ID of the endpoint or fully qualified identifier for the endpoint.
To set the name attribute:
▸ provide the argument endpoint on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--region=REGION
Cloud region for the endpoint.
To set the region attribute:
▸ provide the argument endpoint on the command line with a fully
specified name;
▸ provide the argument --region on the command line;
▸ set the property ai/region;
▸ choose one from the prompted list of available regions.
REQUIRED FLAGS
--json-request=JSON_REQUEST
Path to a local file containing the body of a JSON request.
An example of a JSON request:
{
"method_name": "my.method.Predict",
"input": "my request bytes"
}
This flag accepts "-" for stdin.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist. These variants are also available:
$ gcloud ai endpoints stream-direct-raw-predict
$ gcloud beta ai endpoints stream-direct-raw-predict

View file

@ -7,6 +7,7 @@ SYNOPSIS
--region=REGION [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME]
[--async] [--database-version=DATABASE_VERSION]
[--enable-private-service-connect] [--network=NETWORK]
[--subscription-type=SUBSCRIPTION_TYPE]
[--continuous-backup-recovery-window-days=RECOVERY_PERIOD
--enable-continuous-backup
[--continuous-backup-encryption-key=CONTINUOUS_BACKUP_ENCRYPTION_KEY
@ -71,6 +72,10 @@ OPTIONAL FLAGS
network, 'testsharednetwork', this would be of the
form:--network=projects/testproject/global/networks/testsharednetwork
--subscription-type=SUBSCRIPTION_TYPE
Subscription type of the cluster. SUBSCRIPTION_TYPE must be one of:
STANDARD, TRIAL.
Continuous Backup configuration. If unspecified, continuous backups are
enabled.

View file

@ -4,6 +4,7 @@ NAME
SYNOPSIS
gcloud alpha alloydb clusters update CLUSTER --region=REGION [--async]
[--subscription-type=SUBSCRIPTION_TYPE]
[--clear-automated-backup | --disable-automated-backup
| --automated-backup-days-of-week=[DAYS_OF_WEEK,...]
--automated-backup-start-times=[START_TIMES,...]
@ -43,6 +44,10 @@ OPTIONAL FLAGS
Return immediately, without waiting for the operation in progress to
complete.
--subscription-type=SUBSCRIPTION_TYPE
Subscription type of the cluster. SUBSCRIPTION_TYPE must be one of:
STANDARD, TRIAL.
Automated backup policy.
At most one of these can be specified:

View file

@ -792,15 +792,16 @@ FLAGS
Path to a local json file containing partner metadata.
--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT
The set of performance measurement counters to enable for the instance.
PERFORMANCE_MONITORING_UNIT must be one of:
The type of performance monitoring counters (PMCs) to enable in the
instance. PERFORMANCE_MONITORING_UNIT must be one of:
architectural
Enable architecturally defined non-LLC events.
This enables architecturally defined non-last level cache (LLC)
events.
enhanced
Enable most documented core/L2 and LLC events.
This enables most documented core/L2 and LLC events.
standard
Enable most documented core/L2 events.
This enables most documented core/L2 events.
--post-key-revocation-action-type=POLICY
Specifies the behavior of the instance when the KMS key of one of its

View file

@ -698,15 +698,16 @@ OPTIONAL FLAGS
using zonal DNS.
--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT
The set of performance measurement counters to enable for the instance.
PERFORMANCE_MONITORING_UNIT must be one of:
The type of performance monitoring counters (PMCs) to enable in the
instance. PERFORMANCE_MONITORING_UNIT must be one of:
architectural
Enable architecturally defined non-LLC events.
This enables architecturally defined non-last level cache (LLC)
events.
enhanced
Enable most documented core/L2 and LLC events.
This enables most documented core/L2 and LLC events.
standard
Enable most documented core/L2 events.
This enables most documented core/L2 events.
--post-key-revocation-action-type=POLICY
Specifies the behavior of the instance when the KMS key of one of its

View file

@ -813,15 +813,16 @@ FLAGS
Path to a local json file containing partner metadata.
--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT
The set of performance measurement counters to enable for the instance.
PERFORMANCE_MONITORING_UNIT must be one of:
The type of performance monitoring counters (PMCs) to enable in the
instance. PERFORMANCE_MONITORING_UNIT must be one of:
architectural
Enable architecturally defined non-LLC events.
This enables architecturally defined non-last level cache (LLC)
events.
enhanced
Enable most documented core/L2 and LLC events.
This enables most documented core/L2 and LLC events.
standard
Enable most documented core/L2 events.
This enables most documented core/L2 events.
--post-key-revocation-action-type=POLICY
Specifies the behavior of the instance when the KMS key of one of its

View file

@ -671,15 +671,16 @@ OPTIONAL FLAGS
using zonal DNS.
--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT
The set of performance measurement counters to enable for the instance.
PERFORMANCE_MONITORING_UNIT must be one of:
The type of performance monitoring counters (PMCs) to enable in the
instance. PERFORMANCE_MONITORING_UNIT must be one of:
architectural
Enable architecturally defined non-LLC events.
This enables architecturally defined non-last level cache (LLC)
events.
enhanced
Enable most documented core/L2 and LLC events.
This enables most documented core/L2 and LLC events.
standard
Enable most documented core/L2 events.
This enables most documented core/L2 events.
--post-key-revocation-action-type=POLICY
Specifies the behavior of the instance when the KMS key of one of its

View file

@ -3,8 +3,8 @@ NAME
Fleet Package
SYNOPSIS
gcloud alpha container fleet packages create NAME [--location=LOCATION]
[--source=SOURCE] [GCLOUD_WIDE_FLAG ...]
gcloud alpha container fleet packages create NAME --source=SOURCE
[--location=LOCATION] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Create Package Rollouts Fleet Package.
@ -19,13 +19,14 @@ POSITIONAL ARGUMENTS
NAME
Resource name.
FLAGS
--location=LOCATION
Google Cloud zone or region.
REQUIRED FLAGS
--source=SOURCE
Source file containing Fleet Package configuration.
OPTIONAL FLAGS
--location=LOCATION
Google Cloud zone or region.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -4,7 +4,7 @@ NAME
SYNOPSIS
gcloud alpha container fleet packages update
(FLEET_PACKAGE : --location=LOCATION) [--source=SOURCE]
(FLEET_PACKAGE : --location=LOCATION) --source=SOURCE
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
@ -48,7 +48,7 @@ POSITIONAL ARGUMENTS
▸ provide the argument --location on the command line;
▸ set the property config_delivery/location.
FLAGS
REQUIRED FLAGS
--source=SOURCE
Source file containing Fleet Package configuration.

View file

@ -3,8 +3,8 @@ NAME
Package
SYNOPSIS
gcloud alpha container hub packages create NAME [--location=LOCATION]
[--source=SOURCE] [GCLOUD_WIDE_FLAG ...]
gcloud alpha container hub packages create NAME --source=SOURCE
[--location=LOCATION] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Create Package Rollouts Fleet Package.
@ -19,13 +19,14 @@ POSITIONAL ARGUMENTS
NAME
Resource name.
FLAGS
--location=LOCATION
Google Cloud zone or region.
REQUIRED FLAGS
--source=SOURCE
Source file containing Fleet Package configuration.
OPTIONAL FLAGS
--location=LOCATION
Google Cloud zone or region.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -4,7 +4,7 @@ NAME
SYNOPSIS
gcloud alpha container hub packages update
(FLEET_PACKAGE : --location=LOCATION) [--source=SOURCE]
(FLEET_PACKAGE : --location=LOCATION) --source=SOURCE
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
@ -48,7 +48,7 @@ POSITIONAL ARGUMENTS
▸ provide the argument --location on the command line;
▸ set the property config_delivery/location.
FLAGS
REQUIRED FLAGS
--source=SOURCE
Source file containing Fleet Package configuration.

View file

@ -3,11 +3,10 @@ NAME
SYNOPSIS
gcloud alpha functions deploy (NAME : --region=REGION)
[--[no-]allow-unauthenticated]
[--build-service-account=BUILD_SERVICE_ACCOUNT]
[--buildpack-stack=BUILDPACK_STACK] [--concurrency=CONCURRENCY]
[--docker-registry=DOCKER_REGISTRY] [--egress-settings=EGRESS_SETTINGS]
[--entry-point=ENTRY_POINT] [--gen2] [--ignore-file=IGNORE_FILE]
[--[no-]allow-unauthenticated] [--buildpack-stack=BUILDPACK_STACK]
[--concurrency=CONCURRENCY] [--docker-registry=DOCKER_REGISTRY]
[--egress-settings=EGRESS_SETTINGS] [--entry-point=ENTRY_POINT]
[--gen2] [--ignore-file=IGNORE_FILE]
[--ingress-settings=INGRESS_SETTINGS] [--retry]
[--run-service-account=RUN_SERVICE_ACCOUNT] [--runtime=RUNTIME]
[--runtime-update-policy=RUNTIME_UPDATE_POLICY]
@ -22,6 +21,8 @@ SYNOPSIS
| --set-build-env-vars=[KEY=VALUE,...]
| --remove-build-env-vars=[KEY,...]
--update-build-env-vars=[KEY=VALUE,...]]
[--build-service-account=BUILD_SERVICE_ACCOUNT
| --clear-build-service-account]
[--build-worker-pool=BUILD_WORKER_POOL | --clear-build-worker-pool]
[--clear-docker-repository | --docker-repository=DOCKER_REPOSITORY]
[--clear-env-vars | --env-vars-file=FILE_PATH
@ -104,15 +105,6 @@ FLAGS
without checking authentication. Use --allow-unauthenticated to enable
and --no-allow-unauthenticated to disable.
--build-service-account=BUILD_SERVICE_ACCOUNT
IAM service account whose credentials will be used for the build step.
Must be of the format
projects/${PROJECT_ID}/serviceAccounts/${ACCOUNT_EMAIL_ADDRESS} or
{ACCOUNT_EMAIL_ADDRESS}.
If not provided, the function will use the project's default service
account for Cloud Build.
--buildpack-stack=BUILDPACK_STACK
Specifies one of the Google provided buildpack stacks.
@ -343,6 +335,19 @@ FLAGS
--update-build-env-vars=[KEY=VALUE,...]
List of key-value pairs to set as build environment variables.
At most one of these can be specified:
--build-service-account=BUILD_SERVICE_ACCOUNT
IAM service account whose credentials will be used for the build
step. Must be of the format
projects/${PROJECT_ID}/serviceAccounts/${ACCOUNT_EMAIL_ADDRESS}.
If not provided, the function will use the project's default service
account for Cloud Build.
--clear-build-service-account
Clears the build service account field.
At most one of these can be specified:
--build-worker-pool=BUILD_WORKER_POOL

View file

@ -3,7 +3,9 @@ NAME
SYNOPSIS
gcloud alpha kms keys create (KEY : --keyring=KEYRING --location=LOCATION)
--purpose=PURPOSE [--crypto-key-backend=CRYPTO_KEY_BACKEND]
--purpose=PURPOSE
[--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]]
[--crypto-key-backend=CRYPTO_KEY_BACKEND]
[--default-algorithm=DEFAULT_ALGORITHM]
[--destroy-scheduled-duration=DESTROY_SCHEDULED_DURATION]
[--import-only] [--labels=[KEY=VALUE,...]]
@ -53,6 +55,12 @@ DESCRIPTION
The flag --crypto-key-backend defines the resource name for the backend
where the key resides. Required for external-vpc keys.
The optional flag --allowed-access-reasons defines the Key Access
Justifications Policy for the key, and is specified as a comma separated
list of zero or more justification codes defined in
https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes.
The key must be enrolled in Key Access Justifications to use this flag.
EXAMPLES
The following command creates a key named frodo with protection level
software within the keyring fellowship and location us-east1:
@ -113,6 +121,16 @@ EXAMPLES
--crypto-key-backend="projects/$(gcloud config get project)/
locations/us-central1/ekmConnections/eagles"
The following command creates a key named arwen with protection level
software within the keyring fellowship and location us-east1 with a Key
Access Justifications policy that allows access reasons
customer-initiated-access and google-initiated-system-operation:
$ gcloud alpha kms keys create arwen --location=us-east1 \
--keyring=fellowship --purpose=encryption \
--allowed-access-reasons=customer-initiated-access,\
google-initiated-system-operation
POSITIONAL ARGUMENTS
Key resource - The KMS key resource. The arguments in this group can be
used to specify the attributes of this resource. (NOTE) Some attributes
@ -157,6 +175,21 @@ REQUIRED FLAGS
raw-encryption.
OPTIONAL FLAGS
--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]
The list of allowed Key Access Justifications access reasons on the
key. The key must be enrolled in Key Access Justifications to configure
this field. By default, this field is absent, and all justification
codes are allowed. For more information about justification codes, see
https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes.
ALLOWED_ACCESS_REASONS must be one of:
customer-authorized-workflow-servicing, customer-initiated-access,
customer-initiated-support, google-initiated-review,
google-initiated-service, google-initiated-system-operation,
google-response-to-production-alert,
modified-customer-initiated-access,
modified-google-initiated-system-operation, reason-not-expected,
reason-unspecified, third-party-data-request.
--crypto-key-backend=CRYPTO_KEY_BACKEND
The resource name of the backend environment where the key material for
all CryptoKeyVersions associated with this CryptoKey reside and where

View file

@ -3,10 +3,13 @@ NAME
SYNOPSIS
gcloud alpha kms keys update (KEY : --keyring=KEYRING --location=LOCATION)
[--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]]
[--default-algorithm=DEFAULT_ALGORITHM]
[--next-rotation-time=NEXT_ROTATION_TIME]
[--primary-version=PRIMARY_VERSION] [--remove-rotation-schedule]
[--rotation-period=ROTATION_PERIOD] [--update-labels=[KEY=VALUE,...]]
[--primary-version=PRIMARY_VERSION]
[--remove-key-access-justifications-policy]
[--remove-rotation-schedule] [--rotation-period=ROTATION_PERIOD]
[--update-labels=[KEY=VALUE,...]]
[--clear-labels | --remove-labels=[KEY,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
@ -31,6 +34,20 @@ DESCRIPTION
4. Update the primary version for the given key with primary-version flag.
5. Update the Key Access Justifications policy for the given key with
allowed-access-reasons flag to allow specified reasons. The key must be
enrolled in Key Access Justifications to use this flag.
6. Remove the Key Access Justifications policy for the given key with
remove-key-access-justifications-policy flag. The key must be enrolled in
Key Access Justifications to use this flag.
7. Update the Key Access Justifications policy for the given key with
allowed_access_reasons flag to allow zero access reasons. This effectively
disables the key, because a policy is configured to reject all access
reasons. The key must be enrolled in Key Access Justifications to use this
flag.
EXAMPLES
The following command sets a 30 day rotation period for the key named frodo
within the keyring fellowship and location global starting at the specified
@ -74,6 +91,29 @@ EXAMPLES
--keyring=fellowship \
--default-algorithm=rsa-decrypt-oaep-4096-sha256
The following command updates the Key Access Justifications policy for the
key named frodo within the keyring fellowship and location global to allow
only customer-initiated-access and google-initiated-system-operation:
$ gcloud alpha kms keys update frodo --location=global \
--keyring=fellowship \
--allowed-access-reasons=customer-initiated-access,\
google-initiated-system-operation
The following command removes the Key Access Justifications policy for the
key named frodo within the keyring fellowship and location global, which
results in all access reasons being allowed:
$ gcloud alpha kms keys update frodo --location=global \
--keyring=fellowship --remove-key-access-justifications-policy
The following command updates the Key Access Justifications policy for the
key named frodo within the keyring fellowship and location global to allow
only zero access reasons, effectively disabling the key:
$ gcloud alpha kms keys update frodo --location=global \
--keyring=fellowship --allowed-access-reasons=
POSITIONAL ARGUMENTS
Key resource - The KMS key resource. The arguments in this group can be
used to specify the attributes of this resource. (NOTE) Some attributes
@ -112,6 +152,21 @@ POSITIONAL ARGUMENTS
▸ provide the argument --location on the command line.
FLAGS
--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]
The list of allowed Key Access Justifications access reasons on the
key. The key must be enrolled in Key Access Justifications to configure
this field. By default, this field is absent, and all justification
codes are allowed. For more information about justification codes, see
https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes.
ALLOWED_ACCESS_REASONS must be one of:
customer-authorized-workflow-servicing, customer-initiated-access,
customer-initiated-support, google-initiated-review,
google-initiated-service, google-initiated-system-operation,
google-response-to-production-alert,
modified-customer-initiated-access,
modified-google-initiated-system-operation, reason-not-expected,
reason-unspecified, third-party-data-request.
--default-algorithm=DEFAULT_ALGORITHM
The default algorithm for the crypto key. For more information about
choosing an algorithm, see
@ -138,6 +193,10 @@ FLAGS
--primary-version=PRIMARY_VERSION
Primary version to make primary.
--remove-key-access-justifications-policy
Removes the Key Access Justifications policy on the key, making all
justification codes allowed.
--remove-rotation-schedule
Remove any existing rotation schedule on the key.

View file

@ -566,13 +566,16 @@ FLAGS
volume type is mounted using Cloud Storage FUSE. See
https://cloud.google.com/storage/docs/gcs-fuse for the details and
limitations of this filesystem. Additional keys:
◆ bucket: (required) the name of the bucket to use as the source of
this volume
◆ readonly: (optional) A boolean. If true, this volume will be
read-only from all mounts.
◆ mount-options: (optional) A list of flags to pass to GCSFuse. Flags
should be specified without leading dashes and separated by
semicolons.
◆ bucket: (optional) the name of the bucket to use as the source of
this volume.
◆ dynamic-mounting: (optional) A boolean. If true, the volume will be
mounted dynamically. Note: You will either need to specify a bucket or
set dynamic-mounting to true, but not both.
in-memory: An ephemeral volume that stores data in the instance's memory.
With this type of volume, data is not shared between instances and all

View file

@ -155,13 +155,16 @@ FLAGS
volume type is mounted using Cloud Storage FUSE. See
https://cloud.google.com/storage/docs/gcs-fuse for the details and
limitations of this filesystem. Additional keys:
◆ bucket: (required) the name of the bucket to use as the source of
this volume
◆ readonly: (optional) A boolean. If true, this volume will be
read-only from all mounts.
◆ mount-options: (optional) A list of flags to pass to GCSFuse. Flags
should be specified without leading dashes and separated by
semicolons.
◆ bucket: (optional) the name of the bucket to use as the source of
this volume.
◆ dynamic-mounting: (optional) A boolean. If true, the volume will be
mounted dynamically. Note: You will either need to specify a bucket
or set dynamic-mounting to true, but not both.
in-memory: An ephemeral volume that stores data in the instance's
memory. With this type of volume, data is not shared between instances

View file

@ -160,13 +160,16 @@ FLAGS
volume type is mounted using Cloud Storage FUSE. See
https://cloud.google.com/storage/docs/gcs-fuse for the details and
limitations of this filesystem. Additional keys:
◆ bucket: (required) the name of the bucket to use as the source of
this volume
◆ readonly: (optional) A boolean. If true, this volume will be
read-only from all mounts.
◆ mount-options: (optional) A list of flags to pass to GCSFuse. Flags
should be specified without leading dashes and separated by
semicolons.
◆ bucket: (optional) the name of the bucket to use as the source of
this volume.
◆ dynamic-mounting: (optional) A boolean. If true, the volume will be
mounted dynamically. Note: You will either need to specify a bucket
or set dynamic-mounting to true, but not both.
in-memory: An ephemeral volume that stores data in the instance's
memory. With this type of volume, data is not shared between instances

View file

@ -170,13 +170,16 @@ FLAGS
volume type is mounted using Cloud Storage FUSE. See
https://cloud.google.com/storage/docs/gcs-fuse for the details and
limitations of this filesystem. Additional keys:
◆ bucket: (required) the name of the bucket to use as the source of
this volume
◆ readonly: (optional) A boolean. If true, this volume will be
read-only from all mounts.
◆ mount-options: (optional) A list of flags to pass to GCSFuse. Flags
should be specified without leading dashes and separated by
semicolons.
◆ bucket: (optional) the name of the bucket to use as the source of
this volume.
◆ dynamic-mounting: (optional) A boolean. If true, the volume will be
mounted dynamically. Note: You will either need to specify a bucket
or set dynamic-mounting to true, but not both.
in-memory: An ephemeral volume that stores data in the instance's
memory. With this type of volume, data is not shared between instances

View file

@ -452,13 +452,16 @@ FLAGS
volume type is mounted using Cloud Storage FUSE. See
https://cloud.google.com/storage/docs/gcs-fuse for the details and
limitations of this filesystem. Additional keys:
◆ bucket: (required) the name of the bucket to use as the source of
this volume
◆ readonly: (optional) A boolean. If true, this volume will be
read-only from all mounts.
◆ mount-options: (optional) A list of flags to pass to GCSFuse. Flags
should be specified without leading dashes and separated by
semicolons.
◆ bucket: (optional) the name of the bucket to use as the source of
this volume.
◆ dynamic-mounting: (optional) A boolean. If true, the volume will be
mounted dynamically. Note: You will either need to specify a bucket or
set dynamic-mounting to true, but not both.
in-memory: An ephemeral volume that stores data in the instance's memory.
With this type of volume, data is not shared between instances and all

View file

@ -6,8 +6,8 @@ SYNOPSIS
[--breakglass=JUSTIFICATION] [--description=DESCRIPTION]
[--max-instances=MAX_INSTANCES] [--max-surge=MAX_SURGE]
[--min-instances=MIN_INSTANCES] [--no-promote] [--region=REGION]
[--revision-suffix=REVISION_SUFFIX] [--service-account=SERVICE_ACCOUNT]
[--vpc-egress=VPC_EGRESS]
[--revision-suffix=REVISION_SUFFIX] [--scaling-mode=SCALING_MODE]
[--service-account=SERVICE_ACCOUNT] [--vpc-egress=VPC_EGRESS]
[--add-cloudsql-instances=[CLOUDSQL-INSTANCES,...]
| --clear-cloudsql-instances
| --remove-cloudsql-instances=[CLOUDSQL-INSTANCES,...]
@ -122,6 +122,15 @@ FLAGS
[--revision-suffix=v1] for a service named 'helloworld', would lead to
a revision named 'helloworld-v1'.
--scaling-mode=SCALING_MODE
The scaling mode to use for this resource. SCALING_MODE must be one of:
automatic
The number of instances is scaled automatically based on the usage
metrics.
manual
The number of instances is fixed to a provided config value.
--service-account=SERVICE_ACCOUNT
Service account associated with the revision of the service. The
service account represents the identity of the running revision, and
@ -186,13 +195,16 @@ FLAGS
volume type is mounted using Cloud Storage FUSE. See
https://cloud.google.com/storage/docs/gcs-fuse for the details and
limitations of this filesystem. Additional keys:
◆ bucket: (required) the name of the bucket to use as the source of
this volume
◆ readonly: (optional) A boolean. If true, this volume will be
read-only from all mounts.
◆ mount-options: (optional) A list of flags to pass to GCSFuse. Flags
should be specified without leading dashes and separated by
semicolons.
◆ bucket: (optional) the name of the bucket to use as the source of
this volume.
◆ dynamic-mounting: (optional) A boolean. If true, the volume will be
mounted dynamically. Note: You will either need to specify a bucket
or set dynamic-mounting to true, but not both.
in-memory: An ephemeral volume that stores data in the instance's
memory. With this type of volume, data is not shared between instances

View file

@ -7,8 +7,9 @@ SYNOPSIS
[--breakglass=JUSTIFICATION] [--description=DESCRIPTION]
[--max-instances=MAX_INSTANCES] [--max-surge=MAX_SURGE]
[--min-instances=MIN_INSTANCES] [--no-promote] [--region=REGION]
[--revision-suffix=REVISION_SUFFIX] [--service-account=SERVICE_ACCOUNT]
[--[no-]session-affinity] [--vpc-egress=VPC_EGRESS]
[--revision-suffix=REVISION_SUFFIX] [--scaling-mode=SCALING_MODE]
[--service-account=SERVICE_ACCOUNT] [--[no-]session-affinity]
[--vpc-egress=VPC_EGRESS]
[--add-cloudsql-instances=[CLOUDSQL-INSTANCES,...]
| --clear-cloudsql-instances
| --remove-cloudsql-instances=[CLOUDSQL-INSTANCES,...]
@ -122,6 +123,15 @@ FLAGS
[--revision-suffix=v1] for a service named 'helloworld', would lead to
a revision named 'helloworld-v1'.
--scaling-mode=SCALING_MODE
The scaling mode to use for this resource. SCALING_MODE must be one of:
automatic
The number of instances is scaled automatically based on the usage
metrics.
manual
The number of instances is fixed to a provided config value.
--service-account=SERVICE_ACCOUNT
Service account associated with the revision of the service. The
service account represents the identity of the running revision, and
@ -208,13 +218,16 @@ FLAGS
volume type is mounted using Cloud Storage FUSE. See
https://cloud.google.com/storage/docs/gcs-fuse for the details and
limitations of this filesystem. Additional keys:
◆ bucket: (required) the name of the bucket to use as the source of
this volume
◆ readonly: (optional) A boolean. If true, this volume will be
read-only from all mounts.
◆ mount-options: (optional) A list of flags to pass to GCSFuse. Flags
should be specified without leading dashes and separated by
semicolons.
◆ bucket: (optional) the name of the bucket to use as the source of
this volume.
◆ dynamic-mounting: (optional) A boolean. If true, the volume will be
mounted dynamically. Note: You will either need to specify a bucket
or set dynamic-mounting to true, but not both.
in-memory: An ephemeral volume that stores data in the instance's
memory. With this type of volume, data is not shared between instances