1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-18 14:56:05 +00:00

gcloud: Wed Nov 13 10:04:10 UTC 2024

This commit is contained in:
Automated 2024-11-13 10:04:10 +00:00
parent 7da5872e5c
commit a63704a3af
252 changed files with 4821 additions and 807 deletions

View file

@ -10,24 +10,36 @@ SYNOPSIS
[--restricted-client-application-client-ids=[RESTRICTED_CLIENT_APPLICATION_CLIENT_IDS,
...]]
[--restricted-client-application-names=[RESTRICTED_CLIENT_APPLICATION_NAMES,
...]] [GCLOUD_WIDE_FLAG ...]
...]] [--session-length=SESSION_LENGTH]
[--session-reauth-method=SESSION_REAUTH_METHOD; default="login"]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Create a new access binding. The access level will be bound with
(ALPHA) Create a new access binding. The access level (if any) will be
bound with
▪ a group and the restricted client application
▪ a specific service account or all service accounts in a specified
project.
If a group key is specified, the access level is globally enforced for all
context-aware access group members, as specified in the binding. If a
restricted client application is also specified, then the enforcement
applies only to the specified application, and not to the entire
organization. If the restricted client application is specified, then
--binding-file cannot be set. If a service account is specified, then the
enforcement applies only to the specified service account. If a service
account project is specified, then the enforcement applies to all the
service accounts belongs to the specified project.
The session settings (if any) will be bound with
▪ a group
If you want to bind session settings to a particular application, use
scoped access settings.
If a group key is specified, the access level and/or session settings are
globally enforced for all context-aware access group members, as specified
in the binding. If a restricted client application is also specified, then
the enforcement applies only to the specified application, and not to the
entire organization. Session settings are incompatible with the top level
--restricted-client-application flags; please use --binding-file to specify
scoped access settings. If the restricted client application is specified,
then --binding-file cannot be set. If a service account is specified, then
the enforcement applies only to the specified service account. If a service
account project is specified, the enforcement applies to all of the service
accounts belonging to the specified project.
EXAMPLES
To create a new global cloud access binding, run:
@ -98,6 +110,37 @@ EXAMPLES
--level=accessPolicies/123/accessLevels/abc \
--organization='1234567890' \
To create a new cloud access binding with global session settings, specify
your session length using an ISO duration string and the session-length
flag. For example:
$ gcloud alpha access-context-manager cloud-bindings create \
--group-key=my-group-key --organization='1234567890' \
--session-length=2h
To set a particular session reauth method for these session settings, run:
$ gcloud alpha access-context-manager cloud-bindings create \
--group-key=my-group-key --organization='1234567890' \
--session-length=2h --session-reauth-method=LOGIN
To create session settings for specific applications, supply a YAML file
and run:
$ gcloud alpha access-context-manager cloud-bindings create \
--group-key=my-group-key --organization='1234567890' \
--binding-file='binding.yaml'
Global and per-app session settings can be set on the same group, along
with access levels. For example:
$ gcloud alpha access-context-manager cloud-bindings create \
--group-key=my-group-key --organization='1234567890' \
--session-length=2h --session-reauth-method=LOGIN \
--level=accessPolicies/123/accessLevels/abc \
--dry-run-level=accessPolicies/123/accessLevels/def \
--binding-file='binding.yaml'
FLAGS
--binding-file=YAML_FILE
Path to the file that contains a Google Cloud Platform user access
@ -118,7 +161,7 @@ FLAGS
is applied to the entire organization.
--group-key=GROUP_KEY
Google Group id whose members are subject to the restrictions of this
Google Group ID whose members are subject to the restrictions of this
binding.
--level=[LEVEL,...]
@ -138,6 +181,47 @@ FLAGS
--restricted-client-application-names=[RESTRICTED_CLIENT_APPLICATION_NAMES,...]
Application names to which the access level is applied.
--session-length=SESSION_LENGTH
The maximum lifetime of a user session provided as an ISO 8601 duration
string. Must be at least one hour or zero seconds, and no more than
twenty-four hours. Granularity is limited to seconds.
When --session-length=0 then users in the group attached to this
binding will have infinite session length, effectively disabling
session.
A session begins when a user signs-in successfully. If a user signs out
before the end of the session lifetime, a new login creates a new
session with a fresh lifetime. When a session expires, the user is
asked to re-authenticate in accordance with session-method.
Setting --session-reauth-method when --session-length is empty raises
an error. Cannot set --session-length with
--restricted-client-application-client-ids or
--restricted-client-application-names; please use scoped access
settings.
--session-reauth-method=SESSION_REAUTH_METHOD; default="login"
Specifies the type of re-authentication challenge given to the user
when their session expires. Defaults to --session-reauth-method=login
if unspecified and --session-length is set. Cannot be used when
--session-length is empty or 0.
SESSION_REAUTH_METHOD must be one of:
login
The user must complete a regular login.
password
The user will only be required to enter their password.
security-key
The user must re-autheticate using their security key. Before
enabling this session reauth method, ensure a security key is
properly configured for the user. For help configuring your
security key, see
https://support.google.com/a/answer/2537800?hl=en#zippy=%2Cview-add-or-remove-security-keys
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,