1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-08 10:35:03 +00:00

gcloud: Thu Jun 27 09:38:12 UTC 2024

This commit is contained in:
Automated 2024-06-27 09:38:12 +00:00
parent fb3e2aa33b
commit 9cd336cae4
60 changed files with 1726 additions and 122 deletions

View file

@ -0,0 +1,84 @@
NAME
gcloud beta ai endpoints direct-predict - run Vertex AI online direct
prediction
SYNOPSIS
gcloud beta ai endpoints direct-predict (ENDPOINT : --region=REGION)
--json-request=JSON_REQUEST [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) gcloud beta ai endpoints direct-predict sends a direct prediction
request to Vertex AI endpoint for the given instances. The request limit is
10MB.
EXAMPLES
To direct predict against an endpoint 123 under project example in region
us-central1, run:
$ gcloud beta ai endpoints direct-predict 123 --project=example \
--region=us-central1 --json-request=input.json
POSITIONAL ARGUMENTS
Endpoint resource - The endpoint to do online direct prediction. The
arguments in this group can be used to specify the attributes of this
resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.
To set the project attribute:
◆ provide the argument endpoint on the command line with a fully
specified name;
◆ provide the argument --project on the command line;
◆ set the property core/project.
This must be specified.
ENDPOINT
ID of the endpoint or fully qualified identifier for the endpoint.
To set the name attribute:
▸ provide the argument endpoint on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--region=REGION
Cloud region for the endpoint.
To set the region attribute:
▸ provide the argument endpoint on the command line with a fully
specified name;
▸ provide the argument --region on the command line;
▸ set the property ai/region;
▸ choose one from the prompted list of available regions.
REQUIRED FLAGS
--json-request=JSON_REQUEST
Path to a local file containing the body of a JSON request.
An example of a JSON request:
{
"inputs": [
{"dtype": "STRING", shape: [1], "string_val": ["hello world"]},
{"dtype": "INT32", shape: [1], "int_val": [42]}
]
}
This flag accepts "-" for stdin.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in beta and might change without notice. These
variants are also available:
$ gcloud ai endpoints direct-predict
$ gcloud alpha ai endpoints direct-predict

View file

@ -0,0 +1,82 @@
NAME
gcloud beta ai endpoints direct-raw-predict - run Vertex AI online direct
raw prediction
SYNOPSIS
gcloud beta ai endpoints direct-raw-predict (ENDPOINT : --region=REGION)
--json-request=JSON_REQUEST [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) gcloud beta ai endpoints direct-raw-predict sends a direct raw
prediction request to Vertex AI endpoint for the given input. The request
limit is 10MB.
EXAMPLES
To direct raw predict against an endpoint 123 under project example in
region us-central1, run:
$ gcloud beta ai endpoints direct-raw-predict 123 \
--project=example --region=us-central1 --json-request=input.json
POSITIONAL ARGUMENTS
Endpoint resource - The endpoint to do online direct raw prediction. The
arguments in this group can be used to specify the attributes of this
resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.
To set the project attribute:
◆ provide the argument endpoint on the command line with a fully
specified name;
◆ provide the argument --project on the command line;
◆ set the property core/project.
This must be specified.
ENDPOINT
ID of the endpoint or fully qualified identifier for the endpoint.
To set the name attribute:
▸ provide the argument endpoint on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--region=REGION
Cloud region for the endpoint.
To set the region attribute:
▸ provide the argument endpoint on the command line with a fully
specified name;
▸ provide the argument --region on the command line;
▸ set the property ai/region;
▸ choose one from the prompted list of available regions.
REQUIRED FLAGS
--json-request=JSON_REQUEST
Path to a local file containing the body of a JSON request.
An example of a JSON request:
{
"method_name": "my.method.Predict",
"input": "my request bytes"
}
This flag accepts "-" for stdin.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in beta and might change without notice. These
variants are also available:
$ gcloud ai endpoints direct-raw-predict
$ gcloud alpha ai endpoints direct-raw-predict

View file

@ -34,6 +34,12 @@ COMMANDS
describe
(BETA) Describe an existing Vertex AI endpoint.
direct-predict
(BETA) Run Vertex AI online direct prediction.
direct-raw-predict
(BETA) Run Vertex AI online direct raw prediction.
explain
(BETA) Request an online explanation from an Vertex AI endpoint.
@ -46,6 +52,12 @@ COMMANDS
raw-predict
(BETA) Run Vertex AI online raw prediction.
stream-direct-predict
(BETA) Run Vertex AI online stream direct prediction.
stream-direct-raw-predict
(BETA) Run Vertex AI online stream direct raw prediction.
stream-raw-predict
(BETA) Run Vertex AI online stream raw prediction.

View file

@ -0,0 +1,84 @@
NAME
gcloud beta ai endpoints stream-direct-predict - run Vertex AI online
stream direct prediction
SYNOPSIS
gcloud beta ai endpoints stream-direct-predict (ENDPOINT : --region=REGION)
--json-request=JSON_REQUEST [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) gcloud beta ai endpoints stream-direct-predict sends a stream direct
prediction request to Vertex AI endpoint for the given inputs. The request
limit is 10MB.
EXAMPLES
To stream direct predict against an endpoint 123 under project example in
region us-central1, run:
$ gcloud beta ai endpoints stream-direct-predict 123 \
--project=example --region=us-central1 --json-request=input.json
POSITIONAL ARGUMENTS
Endpoint resource - The endpoint to do online stream direct prediction.
The arguments in this group can be used to specify the attributes of this
resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.
To set the project attribute:
◆ provide the argument endpoint on the command line with a fully
specified name;
◆ provide the argument --project on the command line;
◆ set the property core/project.
This must be specified.
ENDPOINT
ID of the endpoint or fully qualified identifier for the endpoint.
To set the name attribute:
▸ provide the argument endpoint on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--region=REGION
Cloud region for the endpoint.
To set the region attribute:
▸ provide the argument endpoint on the command line with a fully
specified name;
▸ provide the argument --region on the command line;
▸ set the property ai/region;
▸ choose one from the prompted list of available regions.
REQUIRED FLAGS
--json-request=JSON_REQUEST
Path to a local file containing the body of a JSON request.
An example of a JSON request:
{
"inputs": [
{"dtype": "STRING", shape: [1], "string_val": ["hello world"]},
{"dtype": "INT32", shape: [1], "int_val": [42]}
]
}
This flag accepts "-" for stdin.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in beta and might change without notice. These
variants are also available:
$ gcloud ai endpoints stream-direct-predict
$ gcloud alpha ai endpoints stream-direct-predict

View file

@ -0,0 +1,83 @@
NAME
gcloud beta ai endpoints stream-direct-raw-predict - run Vertex AI online
stream direct raw prediction
SYNOPSIS
gcloud beta ai endpoints stream-direct-raw-predict
(ENDPOINT : --region=REGION) --json-request=JSON_REQUEST
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) gcloud beta ai endpoints stream-direct-raw-predict sends a stream
direct raw prediction request to Vertex AI endpoint for the given input.
The request limit is 10MB.
EXAMPLES
To stream direct raw predict against an endpoint 123 under project example
in region us-central1, run:
$ gcloud beta ai endpoints stream-direct-raw-predict 123 \
--project=example --region=us-central1 --json-request=input.json
POSITIONAL ARGUMENTS
Endpoint resource - The endpoint to do online stream direct raw
prediction. The arguments in this group can be used to specify the
attributes of this resource. (NOTE) Some attributes are not given
arguments in this group but can be set in other ways.
To set the project attribute:
◆ provide the argument endpoint on the command line with a fully
specified name;
◆ provide the argument --project on the command line;
◆ set the property core/project.
This must be specified.
ENDPOINT
ID of the endpoint or fully qualified identifier for the endpoint.
To set the name attribute:
▸ provide the argument endpoint on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--region=REGION
Cloud region for the endpoint.
To set the region attribute:
▸ provide the argument endpoint on the command line with a fully
specified name;
▸ provide the argument --region on the command line;
▸ set the property ai/region;
▸ choose one from the prompted list of available regions.
REQUIRED FLAGS
--json-request=JSON_REQUEST
Path to a local file containing the body of a JSON request.
An example of a JSON request:
{
"method_name": "my.method.Predict",
"input": "my request bytes"
}
This flag accepts "-" for stdin.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in beta and might change without notice. These
variants are also available:
$ gcloud ai endpoints stream-direct-raw-predict
$ gcloud alpha ai endpoints stream-direct-raw-predict

View file

@ -7,6 +7,7 @@ SYNOPSIS
--region=REGION [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME]
[--async] [--database-version=DATABASE_VERSION]
[--enable-private-service-connect] [--network=NETWORK]
[--subscription-type=SUBSCRIPTION_TYPE]
[--continuous-backup-recovery-window-days=RECOVERY_PERIOD
--enable-continuous-backup
[--continuous-backup-encryption-key=CONTINUOUS_BACKUP_ENCRYPTION_KEY
@ -71,6 +72,10 @@ OPTIONAL FLAGS
network, 'testsharednetwork', this would be of the
form:--network=projects/testproject/global/networks/testsharednetwork
--subscription-type=SUBSCRIPTION_TYPE
Subscription type of the cluster. SUBSCRIPTION_TYPE must be one of:
STANDARD, TRIAL.
Continuous Backup configuration. If unspecified, continuous backups are
enabled.

View file

@ -4,6 +4,7 @@ NAME
SYNOPSIS
gcloud beta alloydb clusters update CLUSTER --region=REGION [--async]
[--subscription-type=SUBSCRIPTION_TYPE]
[--clear-automated-backup | --disable-automated-backup
| --automated-backup-days-of-week=[DAYS_OF_WEEK,...]
--automated-backup-start-times=[START_TIMES,...]
@ -43,6 +44,10 @@ OPTIONAL FLAGS
Return immediately, without waiting for the operation in progress to
complete.
--subscription-type=SUBSCRIPTION_TYPE
Subscription type of the cluster. SUBSCRIPTION_TYPE must be one of:
STANDARD, TRIAL.
Automated backup policy.
At most one of these can be specified:

View file

@ -40,6 +40,7 @@ SYNOPSIS
[--network-tier=NETWORK_TIER]
[--partner-metadata=[NAMESPACE/KEY=VALUE,...]]
[--partner-metadata-from-file=LOCAL_FILE_PATH]
[--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT]
[--post-key-revocation-action-type=POLICY] [--preemptible]
[--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE]
[--private-network-ip=PRIVATE_NETWORK_IP]
@ -755,6 +756,18 @@ FLAGS
--partner-metadata-from-file=LOCAL_FILE_PATH
Path to a local json file containing partner metadata.
--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT
The type of performance monitoring counters (PMCs) to enable in the
instance. PERFORMANCE_MONITORING_UNIT must be one of:
architectural
This enables architecturally defined non-last level cache (LLC)
events.
enhanced
This enables most documented core/L2 and LLC events.
standard
This enables most documented core/L2 events.
--post-key-revocation-action-type=POLICY
Specifies the behavior of the instance when the KMS key of one of its
attached disks is revoked. The default is noop. POLICY must be one of:

View file

@ -36,6 +36,7 @@ SYNOPSIS
[--network-performance-configs=[PROPERTY=VALUE,...]]
[--network-tier=NETWORK_TIER]
[--per-instance-hostnames=[INSTANCE_NAME=INSTANCE_HOSTNAME,...]]
[--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT]
[--post-key-revocation-action-type=POLICY] [--preemptible]
[--provisioning-model=PROVISIONING_MODEL]
[--resource-manager-tags=[KEY=VALUE,...]]
@ -663,6 +664,18 @@ OPTIONAL FLAGS
the global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when
using zonal DNS.
--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT
The type of performance monitoring counters (PMCs) to enable in the
instance. PERFORMANCE_MONITORING_UNIT must be one of:
architectural
This enables architecturally defined non-last level cache (LLC)
events.
enhanced
This enables most documented core/L2 and LLC events.
standard
This enables most documented core/L2 events.
--post-key-revocation-action-type=POLICY
Specifies the behavior of the instance when the KMS key of one of its
attached disks is revoked. The default is noop. POLICY must be one of:

View file

@ -41,6 +41,7 @@ SYNOPSIS
[--network-tier=NETWORK_TIER] [--node-project=NODE_PROJECT]
[--partner-metadata=[NAMESPACE/KEY=VALUE,...]]
[--partner-metadata-from-file=LOCAL_FILE_PATH]
[--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT]
[--post-key-revocation-action-type=POLICY] [--preemptible]
[--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE]
[--private-network-ip=PRIVATE_NETWORK_IP]
@ -816,6 +817,18 @@ FLAGS
--partner-metadata-from-file=LOCAL_FILE_PATH
Path to a local json file containing partner metadata.
--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT
The type of performance monitoring counters (PMCs) to enable in the
instance. PERFORMANCE_MONITORING_UNIT must be one of:
architectural
This enables architecturally defined non-last level cache (LLC)
events.
enhanced
This enables most documented core/L2 and LLC events.
standard
This enables most documented core/L2 events.
--post-key-revocation-action-type=POLICY
Specifies the behavior of the instance when the KMS key of one of its
attached disks is revoked. The default is noop. POLICY must be one of:

View file

@ -5,6 +5,7 @@ SYNOPSIS
gcloud beta dataflow yaml run JOB_NAME
(--yaml-pipeline=YAML_PIPELINE
| --yaml-pipeline-file=YAML_PIPELINE_FILE)
[--jinja-variables=JSON_OBJECT]
[--pipeline-options=[OPTIONS=VALUE;OPTION=VALUE,...]]
[--region=REGION_ID] [GCLOUD_WIDE_FLAG ...]
@ -33,6 +34,9 @@ REQUIRED FLAGS
file or a URL beginning with 'gs://'.)
OPTIONAL FLAGS
--jinja-variables=JSON_OBJECT
Jinja2 variables to be used in reifying the yaml.
--pipeline-options=[OPTIONS=VALUE;OPTION=VALUE,...]
Pipeline options to pass to the job.

View file

@ -227,7 +227,10 @@ REQUIRED FLAGS
Path to a YAML (or JSON) file containing the configuration for
Google BigQuery Destination Config.
The JSON file is formatted as follows:
The YAML (or JSON) file should be formatted as follows:
BigQuery configuration with source hierarchy datasets and merge
mode (merge mode is by default):
{
"sourceHierarchyDatasets": {
@ -237,6 +240,29 @@ REQUIRED FLAGS
"kmsKeyName": "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}"
}
},
"merge": {}
"dataFreshness": "3600s"
}
BigQuery configuration with source hierarchy datasets and append
only mode: {
"sourceHierarchyDatasets": {
"datasetTemplate": {
"location": "us-central1",
"datasetIdPrefix": "my_prefix",
"kmsKeyName": "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}"
}
},
"appendOnly": {}
}
BigQuery configuration with single target dataset and merge mode:
{
"singleTargetDataset": {
"datasetId": "projectId:my_dataset"
},
"merge": {}
"dataFreshness": "3600s"
}

View file

@ -264,7 +264,10 @@ FLAGS
Path to a YAML (or JSON) file containing the configuration for Google
BigQuery Destination Config.
The JSON file is formatted as follows:
The YAML (or JSON) file should be formatted as follows:
BigQuery configuration with source hierarchy datasets and merge mode
(merge mode is by default):
{
"sourceHierarchyDatasets": {
@ -274,6 +277,29 @@ FLAGS
"kmsKeyName": "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}"
}
},
"merge": {}
"dataFreshness": "3600s"
}
BigQuery configuration with source hierarchy datasets and append only
mode: {
"sourceHierarchyDatasets": {
"datasetTemplate": {
"location": "us-central1",
"datasetIdPrefix": "my_prefix",
"kmsKeyName": "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}"
}
},
"appendOnly": {}
}
BigQuery configuration with single target dataset and merge mode:
{
"singleTargetDataset": {
"datasetId": "projectId:my_dataset"
},
"merge": {}
"dataFreshness": "3600s"
}

View file

@ -3,11 +3,9 @@ NAME
SYNOPSIS
gcloud beta functions deploy (NAME : --region=REGION)
[--[no-]allow-unauthenticated]
[--build-service-account=BUILD_SERVICE_ACCOUNT]
[--concurrency=CONCURRENCY] [--docker-registry=DOCKER_REGISTRY]
[--egress-settings=EGRESS_SETTINGS] [--entry-point=ENTRY_POINT]
[--gen2] [--ignore-file=IGNORE_FILE]
[--[no-]allow-unauthenticated] [--concurrency=CONCURRENCY]
[--docker-registry=DOCKER_REGISTRY] [--egress-settings=EGRESS_SETTINGS]
[--entry-point=ENTRY_POINT] [--gen2] [--ignore-file=IGNORE_FILE]
[--ingress-settings=INGRESS_SETTINGS] [--retry]
[--run-service-account=RUN_SERVICE_ACCOUNT] [--runtime=RUNTIME]
[--runtime-update-policy=RUNTIME_UPDATE_POLICY]
@ -22,6 +20,8 @@ SYNOPSIS
| --set-build-env-vars=[KEY=VALUE,...]
| --remove-build-env-vars=[KEY,...]
--update-build-env-vars=[KEY=VALUE,...]]
[--build-service-account=BUILD_SERVICE_ACCOUNT
| --clear-build-service-account]
[--build-worker-pool=BUILD_WORKER_POOL | --clear-build-worker-pool]
[--clear-docker-repository | --docker-repository=DOCKER_REPOSITORY]
[--clear-env-vars | --env-vars-file=FILE_PATH
@ -104,15 +104,6 @@ FLAGS
without checking authentication. Use --allow-unauthenticated to enable
and --no-allow-unauthenticated to disable.
--build-service-account=BUILD_SERVICE_ACCOUNT
IAM service account whose credentials will be used for the build step.
Must be of the format
projects/${PROJECT_ID}/serviceAccounts/${ACCOUNT_EMAIL_ADDRESS} or
{ACCOUNT_EMAIL_ADDRESS}.
If not provided, the function will use the project's default service
account for Cloud Build.
--concurrency=CONCURRENCY
Set the maximum number of concurrent requests allowed per container
instance. Leave concurrency unspecified to receive the server default
@ -340,6 +331,19 @@ FLAGS
--update-build-env-vars=[KEY=VALUE,...]
List of key-value pairs to set as build environment variables.
At most one of these can be specified:
--build-service-account=BUILD_SERVICE_ACCOUNT
IAM service account whose credentials will be used for the build
step. Must be of the format
projects/${PROJECT_ID}/serviceAccounts/${ACCOUNT_EMAIL_ADDRESS}.
If not provided, the function will use the project's default service
account for Cloud Build.
--clear-build-service-account
Clears the build service account field.
At most one of these can be specified:
--build-worker-pool=BUILD_WORKER_POOL

View file

@ -3,7 +3,9 @@ NAME
SYNOPSIS
gcloud beta kms keys create (KEY : --keyring=KEYRING --location=LOCATION)
--purpose=PURPOSE [--crypto-key-backend=CRYPTO_KEY_BACKEND]
--purpose=PURPOSE
[--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]]
[--crypto-key-backend=CRYPTO_KEY_BACKEND]
[--default-algorithm=DEFAULT_ALGORITHM]
[--destroy-scheduled-duration=DESTROY_SCHEDULED_DURATION]
[--import-only] [--labels=[KEY=VALUE,...]]
@ -53,6 +55,12 @@ DESCRIPTION
The flag --crypto-key-backend defines the resource name for the backend
where the key resides. Required for external-vpc keys.
The optional flag --allowed-access-reasons defines the Key Access
Justifications Policy for the key, and is specified as a comma separated
list of zero or more justification codes defined in
https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes.
The key must be enrolled in Key Access Justifications to use this flag.
EXAMPLES
The following command creates a key named frodo with protection level
software within the keyring fellowship and location us-east1:
@ -113,6 +121,16 @@ EXAMPLES
--crypto-key-backend="projects/$(gcloud config get project)/
locations/us-central1/ekmConnections/eagles"
The following command creates a key named arwen with protection level
software within the keyring fellowship and location us-east1 with a Key
Access Justifications policy that allows access reasons
customer-initiated-access and google-initiated-system-operation:
$ gcloud beta kms keys create arwen --location=us-east1 \
--keyring=fellowship --purpose=encryption \
--allowed-access-reasons=customer-initiated-access,\
google-initiated-system-operation
POSITIONAL ARGUMENTS
Key resource - The KMS key resource. The arguments in this group can be
used to specify the attributes of this resource. (NOTE) Some attributes
@ -157,6 +175,21 @@ REQUIRED FLAGS
raw-encryption.
OPTIONAL FLAGS
--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]
The list of allowed Key Access Justifications access reasons on the
key. The key must be enrolled in Key Access Justifications to configure
this field. By default, this field is absent, and all justification
codes are allowed. For more information about justification codes, see
https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes.
ALLOWED_ACCESS_REASONS must be one of:
customer-authorized-workflow-servicing, customer-initiated-access,
customer-initiated-support, google-initiated-review,
google-initiated-service, google-initiated-system-operation,
google-response-to-production-alert,
modified-customer-initiated-access,
modified-google-initiated-system-operation, reason-not-expected,
reason-unspecified, third-party-data-request.
--crypto-key-backend=CRYPTO_KEY_BACKEND
The resource name of the backend environment where the key material for
all CryptoKeyVersions associated with this CryptoKey reside and where

View file

@ -3,10 +3,13 @@ NAME
SYNOPSIS
gcloud beta kms keys update (KEY : --keyring=KEYRING --location=LOCATION)
[--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]]
[--default-algorithm=DEFAULT_ALGORITHM]
[--next-rotation-time=NEXT_ROTATION_TIME]
[--primary-version=PRIMARY_VERSION] [--remove-rotation-schedule]
[--rotation-period=ROTATION_PERIOD] [--update-labels=[KEY=VALUE,...]]
[--primary-version=PRIMARY_VERSION]
[--remove-key-access-justifications-policy]
[--remove-rotation-schedule] [--rotation-period=ROTATION_PERIOD]
[--update-labels=[KEY=VALUE,...]]
[--clear-labels | --remove-labels=[KEY,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
@ -31,6 +34,20 @@ DESCRIPTION
4. Update the primary version for the given key with primary-version flag.
5. Update the Key Access Justifications policy for the given key with
allowed-access-reasons flag to allow specified reasons. The key must be
enrolled in Key Access Justifications to use this flag.
6. Remove the Key Access Justifications policy for the given key with
remove-key-access-justifications-policy flag. The key must be enrolled in
Key Access Justifications to use this flag.
7. Update the Key Access Justifications policy for the given key with
allowed_access_reasons flag to allow zero access reasons. This effectively
disables the key, because a policy is configured to reject all access
reasons. The key must be enrolled in Key Access Justifications to use this
flag.
EXAMPLES
The following command sets a 30 day rotation period for the key named frodo
within the keyring fellowship and location global starting at the specified
@ -74,6 +91,29 @@ EXAMPLES
--keyring=fellowship \
--default-algorithm=rsa-decrypt-oaep-4096-sha256
The following command updates the Key Access Justifications policy for the
key named frodo within the keyring fellowship and location global to allow
only customer-initiated-access and google-initiated-system-operation:
$ gcloud beta kms keys update frodo --location=global \
--keyring=fellowship \
--allowed-access-reasons=customer-initiated-access,\
google-initiated-system-operation
The following command removes the Key Access Justifications policy for the
key named frodo within the keyring fellowship and location global, which
results in all access reasons being allowed:
$ gcloud beta kms keys update frodo --location=global \
--keyring=fellowship --remove-key-access-justifications-policy
The following command updates the Key Access Justifications policy for the
key named frodo within the keyring fellowship and location global to allow
only zero access reasons, effectively disabling the key:
$ gcloud beta kms keys update frodo --location=global \
--keyring=fellowship --allowed-access-reasons=
POSITIONAL ARGUMENTS
Key resource - The KMS key resource. The arguments in this group can be
used to specify the attributes of this resource. (NOTE) Some attributes
@ -112,6 +152,21 @@ POSITIONAL ARGUMENTS
▸ provide the argument --location on the command line.
FLAGS
--allowed-access-reasons=[ALLOWED_ACCESS_REASONS,...]
The list of allowed Key Access Justifications access reasons on the
key. The key must be enrolled in Key Access Justifications to configure
this field. By default, this field is absent, and all justification
codes are allowed. For more information about justification codes, see
https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes.
ALLOWED_ACCESS_REASONS must be one of:
customer-authorized-workflow-servicing, customer-initiated-access,
customer-initiated-support, google-initiated-review,
google-initiated-service, google-initiated-system-operation,
google-response-to-production-alert,
modified-customer-initiated-access,
modified-google-initiated-system-operation, reason-not-expected,
reason-unspecified, third-party-data-request.
--default-algorithm=DEFAULT_ALGORITHM
The default algorithm for the crypto key. For more information about
choosing an algorithm, see
@ -138,6 +193,10 @@ FLAGS
--primary-version=PRIMARY_VERSION
Primary version to make primary.
--remove-key-access-justifications-policy
Removes the Key Access Justifications policy on the key, making all
justification codes allowed.
--remove-rotation-schedule
Remove any existing rotation schedule on the key.