diff --git a/gcloud/_version b/gcloud/_version index d3ba667d4..92a4e6805 100644 --- a/gcloud/_version +++ b/gcloud/_version @@ -1,8 +1,8 @@ -Google Cloud SDK 543.0.0 -alpha 2025.10.10 -beta 2025.10.10 +Google Cloud SDK 544.0.0 +alpha 2025.10.17 +beta 2025.10.17 bq 2.1.24 bundled-python3-unix 3.12.9 -core 2025.10.10 +core 2025.10.17 gcloud-crc32c 1.0.0 gsutil 5.35 diff --git a/gcloud/ai/model-garden/models/list b/gcloud/ai/model-garden/models/list index c94e36148..33fdd594a 100644 --- a/gcloud/ai/model-garden/models/list +++ b/gcloud/ai/model-garden/models/list @@ -12,6 +12,19 @@ DESCRIPTION This command lists either all models in Model Garden or all Hugging Face models supported by Model Garden. +EXAMPLES + To list all models in Model Garden, run: + + $ gcloud ai model-garden models list + + To list Hugging Face models that can be deployed in Model Garden, run: + + $ gcloud ai model-garden models list --can-deploy-hugging-face-models + + To list models with gemma in their names, run: + + $ gcloud ai model-garden models list --model-filter=gemma + Note: Since the number of Hugging Face models is large, the default limit is set to 500 with a page size of 100 when listing supported Hugging Face models. To override the limit or page size, specify the --limit or diff --git a/gcloud/alloydb/instances/create b/gcloud/alloydb/instances/create index 547ecc3ce..735b98ef9 100644 --- a/gcloud/alloydb/instances/create +++ b/gcloud/alloydb/instances/create @@ -218,7 +218,10 @@ OPTIONAL FLAGS n2-highmem-64, n2-highmem-96, n2-highmem-128, c4a-highmem-1, c4a-highmem-4-lssd, c4a-highmem-8-lssd, c4a-highmem-16-lssd, c4a-highmem-32-lssd, c4a-highmem-48-lssd, c4a-highmem-64-lssd, - c4a-highmem-72-lssd, z3-highmem-14-standardlssd, + c4a-highmem-72-lssd, c4-highmem-4-lssd, c4-highmem-8-lssd, + c4-highmem-16-lssd, c4-highmem-24-lssd, c4-highmem-32-lssd, + c4-highmem-48-lssd, c4-highmem-96-lssd, c4-highmem-144-lssd, + c4-highmem-192-lssd, c4-highmem-288-lssd, z3-highmem-14-standardlssd, z3-highmem-22-standardlssd, z3-highmem-44-standardlssd, z3-highmem-88-standardlssd. diff --git a/gcloud/alloydb/instances/update b/gcloud/alloydb/instances/update index f5b884a61..20e3f8997 100644 --- a/gcloud/alloydb/instances/update +++ b/gcloud/alloydb/instances/update @@ -204,7 +204,10 @@ OPTIONAL FLAGS n2-highmem-64, n2-highmem-96, n2-highmem-128, c4a-highmem-1, c4a-highmem-4-lssd, c4a-highmem-8-lssd, c4a-highmem-16-lssd, c4a-highmem-32-lssd, c4a-highmem-48-lssd, c4a-highmem-64-lssd, - c4a-highmem-72-lssd, z3-highmem-14-standardlssd, + c4a-highmem-72-lssd, c4-highmem-4-lssd, c4-highmem-8-lssd, + c4-highmem-16-lssd, c4-highmem-24-lssd, c4-highmem-32-lssd, + c4-highmem-48-lssd, c4-highmem-96-lssd, c4-highmem-144-lssd, + c4-highmem-192-lssd, c4-highmem-288-lssd, z3-highmem-14-standardlssd, z3-highmem-22-standardlssd, z3-highmem-44-standardlssd, z3-highmem-88-standardlssd. diff --git a/gcloud/alpha/ai/model-garden/models/list b/gcloud/alpha/ai/model-garden/models/list index 5120fc7d2..7ae4bb707 100644 --- a/gcloud/alpha/ai/model-garden/models/list +++ b/gcloud/alpha/ai/model-garden/models/list @@ -12,6 +12,19 @@ DESCRIPTION (ALPHA) This command lists either all models in Model Garden or all Hugging Face models supported by Model Garden. +EXAMPLES + To list all models in Model Garden, run: + + $ gcloud ai model-garden models list + + To list Hugging Face models that can be deployed in Model Garden, run: + + $ gcloud ai model-garden models list --can-deploy-hugging-face-models + + To list models with gemma in their names, run: + + $ gcloud ai model-garden models list --model-filter=gemma + Note: Since the number of Hugging Face models is large, the default limit is set to 500 with a page size of 100 when listing supported Hugging Face models. To override the limit or page size, specify the --limit or diff --git a/gcloud/alpha/alloydb/clusters/create b/gcloud/alpha/alloydb/clusters/create index ca0b815f2..8df7e9a8d 100644 --- a/gcloud/alpha/alloydb/clusters/create +++ b/gcloud/alpha/alloydb/clusters/create @@ -62,7 +62,7 @@ OPTIONAL FLAGS --database-version=DATABASE_VERSION Database version of the cluster. DATABASE_VERSION must be one of: - POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17. + POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, POSTGRES_18. --enable-private-service-connect Enable Private Service Connect (PSC) connectivity for the cluster. diff --git a/gcloud/alpha/alloydb/clusters/migrate-cloud-sql b/gcloud/alpha/alloydb/clusters/migrate-cloud-sql index 78907e582..a4c672766 100644 --- a/gcloud/alpha/alloydb/clusters/migrate-cloud-sql +++ b/gcloud/alpha/alloydb/clusters/migrate-cloud-sql @@ -88,7 +88,7 @@ OPTIONAL FLAGS --database-version=DATABASE_VERSION Database version of the cluster. DATABASE_VERSION must be one of: - POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17. + POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, POSTGRES_18. --enable-private-service-connect Enable Private Service Connect (PSC) connectivity for the cluster. diff --git a/gcloud/alpha/alloydb/instances/create b/gcloud/alpha/alloydb/instances/create index f57bf4bb8..375812dcc 100644 --- a/gcloud/alpha/alloydb/instances/create +++ b/gcloud/alpha/alloydb/instances/create @@ -225,7 +225,10 @@ OPTIONAL FLAGS n2-highmem-64, n2-highmem-96, n2-highmem-128, c4a-highmem-1, c4a-highmem-4-lssd, c4a-highmem-8-lssd, c4a-highmem-16-lssd, c4a-highmem-32-lssd, c4a-highmem-48-lssd, c4a-highmem-64-lssd, - c4a-highmem-72-lssd, z3-highmem-14-standardlssd, + c4a-highmem-72-lssd, c4-highmem-4-lssd, c4-highmem-8-lssd, + c4-highmem-16-lssd, c4-highmem-24-lssd, c4-highmem-32-lssd, + c4-highmem-48-lssd, c4-highmem-96-lssd, c4-highmem-144-lssd, + c4-highmem-192-lssd, c4-highmem-288-lssd, z3-highmem-14-standardlssd, z3-highmem-22-standardlssd, z3-highmem-44-standardlssd, z3-highmem-88-standardlssd. diff --git a/gcloud/alpha/alloydb/instances/update b/gcloud/alpha/alloydb/instances/update index f6c5ebd04..440db0c50 100644 --- a/gcloud/alpha/alloydb/instances/update +++ b/gcloud/alpha/alloydb/instances/update @@ -211,7 +211,10 @@ OPTIONAL FLAGS n2-highmem-64, n2-highmem-96, n2-highmem-128, c4a-highmem-1, c4a-highmem-4-lssd, c4a-highmem-8-lssd, c4a-highmem-16-lssd, c4a-highmem-32-lssd, c4a-highmem-48-lssd, c4a-highmem-64-lssd, - c4a-highmem-72-lssd, z3-highmem-14-standardlssd, + c4a-highmem-72-lssd, c4-highmem-4-lssd, c4-highmem-8-lssd, + c4-highmem-16-lssd, c4-highmem-24-lssd, c4-highmem-32-lssd, + c4-highmem-48-lssd, c4-highmem-96-lssd, c4-highmem-144-lssd, + c4-highmem-192-lssd, c4-highmem-288-lssd, z3-highmem-14-standardlssd, z3-highmem-22-standardlssd, z3-highmem-44-standardlssd, z3-highmem-88-standardlssd. diff --git a/gcloud/alpha/cluster-director/clusters/update b/gcloud/alpha/cluster-director/clusters/update index b5309727f..a5d056e9d 100644 --- a/gcloud/alpha/cluster-director/clusters/update +++ b/gcloud/alpha/cluster-director/clusters/update @@ -27,6 +27,7 @@ SYNOPSIS --remove-slurm-partitions=[REMOVE_SLURM_PARTITIONS,...] --remove-spot-instances=[REMOVE_SPOT_INSTANCES,...] --slurm-default-partition=SLURM_DEFAULT_PARTITION + --update-slurm-login-node=[count=COUNT],[startupScript=STARTUPSCRIPT] --update-slurm-node-sets=[id=ID], [maxDynamicNodeCount=MAXDYNAMICNODECOUNT], [staticNodeCount=STATICNODECOUNT] @@ -449,6 +450,33 @@ REQUIRED FLAGS For e.g. --slurm-default-partition {partitionId} + --update-slurm-login-node=[count=COUNT],[startupScript=STARTUPSCRIPT] + Parameters to update slurm cluster login node. Only count and + startupScript can be updated. + + For e.g. --update-slurm-login-node count=2,startupScript="echo + hello". + + Sets update_slurm_login_node value. + + count + Sets count value. + + startupScript + Sets startupScript value. + + Shorthand Example: + + --update-slurm-login-node=count=int,startupScript=string + + JSON Example: + + --update-slurm-login-node='{"count": int, "startupScript": "string"}' + + File Example: + + --update-slurm-login-node=path_to_file.(yaml|json) + --update-slurm-node-sets=[id=ID],[maxDynamicNodeCount=MAXDYNAMICNODECOUNT],[staticNodeCount=STATICNODECOUNT] Parameters to define and update slurm cluster nodeset config. diff --git a/gcloud/alpha/composer/environments/run b/gcloud/alpha/composer/environments/run index dfaa1c6b7..62e955524 100644 --- a/gcloud/alpha/composer/environments/run +++ b/gcloud/alpha/composer/environments/run @@ -81,17 +81,17 @@ POSITIONAL ARGUMENTS SUBCOMMAND The Airflow CLI subcommand to run. Available subcommands include (listed with Airflow versions that support): backfill [**, 2.0.0), - clear [**, 2.0.0), connections [**, 3.1.0), dag_state [**, 2.0.0), dags - [1.10.14, 3.1.0), db [2.3.0, 3.0.0), delete_dag [1.10.1, 2.0.0), - kerberos [**, 3.1.0), kubernetes [2.1.4, 3.1.0), list-import-errors + clear [**, 2.0.0), connections [**, 3.2.0), dag_state [**, 2.0.0), dags + [1.10.14, 3.2.0), db [2.3.0, 3.0.0), delete_dag [1.10.1, 2.0.0), + kerberos [**, 3.2.0), kubernetes [2.1.4, 3.2.0), list-import-errors [**, 3.0.0), list_dag_runs [1.10.2, 2.0.0), list_dags [**, 2.0.0), list_tasks [**, 2.0.0), next_execution [1.10.2, 2.0.0), pause [**, - 2.0.0), pool [**, 2.0.0), pools [1.10.14, 3.1.0), render [**, 2.0.0), - roles [2.0.0, 3.1.0), run [**, 2.0.0), sync-perm [1.10.14, 3.1.0), + 2.0.0), pool [**, 2.0.0), pools [1.10.14, 3.2.0), render [**, 2.0.0), + roles [2.0.0, 3.2.0), run [**, 2.0.0), sync-perm [1.10.14, 3.2.0), sync_perm [1.10.2, 2.0.0), task_failed_deps [**, 2.0.0), task_state - [**, 2.0.0), tasks [1.10.14, 3.1.0), test [**, 2.0.0), trigger_dag [**, + [**, 2.0.0), tasks [1.10.14, 3.2.0), test [**, 2.0.0), trigger_dag [**, 2.0.0), unpause [**, 2.0.0), upgrade_check [1.10.15, 2.0.0), users - [1.10.14, 3.1.0), variables [**, 3.1.0), version [**, 3.1.0) (see + [1.10.14, 3.2.0), variables [**, 3.2.0), version [**, 3.2.0) (see https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html for more info). diff --git a/gcloud/alpha/compute/future-reservations/cancel b/gcloud/alpha/compute/future-reservations/cancel index c631008db..a85766ada 100644 --- a/gcloud/alpha/compute/future-reservations/cancel +++ b/gcloud/alpha/compute/future-reservations/cancel @@ -69,7 +69,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. This variant is also available: + access allowlist. These variants are also available: + + $ gcloud compute future-reservations cancel $ gcloud beta compute future-reservations cancel diff --git a/gcloud/alpha/compute/future-reservations/create b/gcloud/alpha/compute/future-reservations/create index e32b1cbe3..390a9ea82 100644 --- a/gcloud/alpha/compute/future-reservations/create +++ b/gcloud/alpha/compute/future-reservations/create @@ -356,7 +356,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. This variant is also available: + access allowlist. These variants are also available: + + $ gcloud compute future-reservations create $ gcloud beta compute future-reservations create diff --git a/gcloud/alpha/compute/future-reservations/delete b/gcloud/alpha/compute/future-reservations/delete index 3487cf6cd..7ec81eb1f 100644 --- a/gcloud/alpha/compute/future-reservations/delete +++ b/gcloud/alpha/compute/future-reservations/delete @@ -69,7 +69,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. This variant is also available: + access allowlist. These variants are also available: + + $ gcloud compute future-reservations delete $ gcloud beta compute future-reservations delete diff --git a/gcloud/alpha/compute/future-reservations/describe b/gcloud/alpha/compute/future-reservations/describe index c0a965348..beb281217 100644 --- a/gcloud/alpha/compute/future-reservations/describe +++ b/gcloud/alpha/compute/future-reservations/describe @@ -64,7 +64,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. This variant is also available: + access allowlist. These variants are also available: + + $ gcloud compute future-reservations describe $ gcloud beta compute future-reservations describe diff --git a/gcloud/alpha/compute/future-reservations/help b/gcloud/alpha/compute/future-reservations/help index 072f719be..63bb74f9e 100644 --- a/gcloud/alpha/compute/future-reservations/help +++ b/gcloud/alpha/compute/future-reservations/help @@ -38,7 +38,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. This variant is also available: + access allowlist. These variants are also available: + + $ gcloud compute future-reservations $ gcloud beta compute future-reservations diff --git a/gcloud/alpha/compute/future-reservations/list b/gcloud/alpha/compute/future-reservations/list index 53e4cf08e..9afc0b715 100644 --- a/gcloud/alpha/compute/future-reservations/list +++ b/gcloud/alpha/compute/future-reservations/list @@ -59,7 +59,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. This variant is also available: + access allowlist. These variants are also available: + + $ gcloud compute future-reservations list $ gcloud beta compute future-reservations list diff --git a/gcloud/alpha/compute/future-reservations/update b/gcloud/alpha/compute/future-reservations/update index 994b965b6..c337a11be 100644 --- a/gcloud/alpha/compute/future-reservations/update +++ b/gcloud/alpha/compute/future-reservations/update @@ -309,7 +309,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. This variant is also available: + access allowlist. These variants are also available: + + $ gcloud compute future-reservations update $ gcloud beta compute future-reservations update diff --git a/gcloud/alpha/compute/instance-groups/managed/create b/gcloud/alpha/compute/instance-groups/managed/create index 79a91491c..9a3ae29ae 100644 --- a/gcloud/alpha/compute/instance-groups/managed/create +++ b/gcloud/alpha/compute/instance-groups/managed/create @@ -14,6 +14,7 @@ SYNOPSIS machine-type=MACHINE_TYPE[,machine-type=MACHINE_TYPE...][,rank=RANK]] [--instance-selection-machine-types=[MACHINE_TYPE,...]] [--list-managed-instances-results=MODE] + [--on-repair-allow-changing-zone=ON_REPAIR_ALLOW_CHANGING_ZONE] [--resource-manager-tags=[KEY=VALUE,...]] [--standby-policy-initial-delay=STANDBY_POLICY_INITIAL_DELAY] [--standby-policy-mode=STANDBY_POLICY_MODE] @@ -177,6 +178,15 @@ OPTIONAL FLAGS Pagination is enabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are respected. + --on-repair-allow-changing-zone=ON_REPAIR_ALLOW_CHANGING_ZONE + Specifies whether the MIG can change a VM's zone during a repair. + ON_REPAIR_ALLOW_CHANGING_ZONE must be one of: + + no + (Default) MIG cannot change a VM's zone during a repair. + yes + MIG can select a different zone for the VM during a repair. + --resource-manager-tags=[KEY=VALUE,...] Specifies a list of resource manager tags to apply to the managed instance group. A resource manager tag is a key-value pair. You can diff --git a/gcloud/alpha/compute/instance-groups/managed/update b/gcloud/alpha/compute/instance-groups/managed/update index c52ed4d37..3096c084e 100644 --- a/gcloud/alpha/compute/instance-groups/managed/update +++ b/gcloud/alpha/compute/instance-groups/managed/update @@ -12,6 +12,7 @@ SYNOPSIS machine-type=MACHINE_TYPE[,machine-type=MACHINE_TYPE...][,rank=RANK]] [--instance-selection-machine-types=[MACHINE_TYPE,...]] [--list-managed-instances-results=MODE] + [--on-repair-allow-changing-zone=ON_REPAIR_ALLOW_CHANGING_ZONE] [--remove-instance-selections=[INSTANCE_SELECTION_NAME,...]] [--remove-instance-selections-all] [--remove-stateful-disks=DEVICE_NAME,[DEVICE_NAME,...]] @@ -156,6 +157,15 @@ FLAGS Pagination is enabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are respected. + --on-repair-allow-changing-zone=ON_REPAIR_ALLOW_CHANGING_ZONE + Specifies whether the MIG can change a VM's zone during a repair. + ON_REPAIR_ALLOW_CHANGING_ZONE must be one of: + + no + (Default) MIG cannot change a VM's zone during a repair. + yes + MIG can select a different zone for the VM during a repair. + --remove-instance-selections=[INSTANCE_SELECTION_NAME,...] Remove specific instance selections from the instance flexibility policy. diff --git a/gcloud/alpha/compute/interconnects/attachments/dedicated/create b/gcloud/alpha/compute/interconnects/attachments/dedicated/create index 12fa412c2..97459f438 100644 --- a/gcloud/alpha/compute/interconnects/attachments/dedicated/create +++ b/gcloud/alpha/compute/interconnects/attachments/dedicated/create @@ -16,8 +16,8 @@ SYNOPSIS [--description=DESCRIPTION] [--dry-run] [--enable-admin] [--enable-multicast] [--encryption=ENCRYPTION] [--ipsec-internal-addresses=[ADDRESSES]] [--mtu=MTU] [--region=REGION] - [--stack-type=STACK_TYPE] [--subnet-length=SUBNET_LENGTH] [--vlan=VLAN] - [GCLOUD_WIDE_FLAG ...] + [--resource-manager-tags=[KEY=VALUE,...]] [--stack-type=STACK_TYPE] + [--subnet-length=SUBNET_LENGTH] [--vlan=VLAN] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) gcloud alpha compute interconnects attachments dedicated create is @@ -182,6 +182,10 @@ OPTIONAL FLAGS Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION. + --resource-manager-tags=[KEY=VALUE,...] + A comma-separated list of Resource Manager tags to apply to the + interconnect. + --stack-type=STACK_TYPE Stack type of the protocol(s) enabled on this interconnect attachment. STACK_TYPE must be one of: diff --git a/gcloud/alpha/compute/interconnects/attachments/l2-forwarding/create b/gcloud/alpha/compute/interconnects/attachments/l2-forwarding/create index 95f02a94f..05a47faf9 100644 --- a/gcloud/alpha/compute/interconnects/attachments/l2-forwarding/create +++ b/gcloud/alpha/compute/interconnects/attachments/l2-forwarding/create @@ -10,7 +10,8 @@ SYNOPSIS [--bandwidth=BANDWIDTH] [--default-appliance-ip-address=DEFAULT_APPLIANCE_IP_ADDRESS] [--description=DESCRIPTION] [--dry-run] [--enable-admin] [--mtu=MTU] - [--region=REGION] [GCLOUD_WIDE_FLAG ...] + [--region=REGION] [--resource-manager-tags=[KEY=VALUE,...]] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) gcloud alpha compute interconnects attachments l2-forwarding create @@ -112,6 +113,10 @@ OPTIONAL FLAGS Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION. + --resource-manager-tags=[KEY=VALUE,...] + A comma-separated list of Resource Manager tags to apply to the + interconnect. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/alpha/compute/interconnects/attachments/partner/create b/gcloud/alpha/compute/interconnects/attachments/partner/create index f3cba84b3..fc50f1c46 100644 --- a/gcloud/alpha/compute/interconnects/attachments/partner/create +++ b/gcloud/alpha/compute/interconnects/attachments/partner/create @@ -11,8 +11,8 @@ SYNOPSIS [--candidate-customer-router-ipv6-address=CANDIDATE_CUSTOMER_ROUTER_IPV6_ADDRESS] [--description=DESCRIPTION] [--dry-run] [--enable-admin] [--encryption=ENCRYPTION] [--ipsec-internal-addresses=[ADDRESSES]] - [--mtu=MTU] [--region=REGION] [--stack-type=STACK_TYPE] - [GCLOUD_WIDE_FLAG ...] + [--mtu=MTU] [--region=REGION] [--resource-manager-tags=[KEY=VALUE,...]] + [--stack-type=STACK_TYPE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) gcloud alpha compute interconnects attachments partner create is @@ -139,6 +139,10 @@ OPTIONAL FLAGS Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION. + --resource-manager-tags=[KEY=VALUE,...] + A comma-separated list of Resource Manager tags to apply to the + interconnect. + --stack-type=STACK_TYPE Stack type of the protocol(s) enabled on this interconnect attachment. STACK_TYPE must be one of: diff --git a/gcloud/alpha/compute/interconnects/create b/gcloud/alpha/compute/interconnects/create index 388367f3a..7537e6039 100644 --- a/gcloud/alpha/compute/interconnects/create +++ b/gcloud/alpha/compute/interconnects/create @@ -9,7 +9,8 @@ SYNOPSIS [--admin-enabled] [--customer-name=CUSTOMER_NAME] [--description=DESCRIPTION] [--noc-contact-email=NOC_CONTACT_EMAIL] [--remote-location=REMOTE_LOCATION] - [--requested-features=[FEATURES,...]] [--subzone=SUBZONE] + [--requested-features=[FEATURES,...]] + [--resource-manager-tags=[KEY=VALUE,...]] [--subzone=SUBZONE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -119,6 +120,10 @@ OPTIONAL FLAGS only be provided during interconnect INSERT and cannot be changed using interconnect PATCH. + --resource-manager-tags=[KEY=VALUE,...] + A comma-separated list of Resource Manager tags to apply to the + interconnect. + --subzone=SUBZONE Subzone in the LOCATION specified by the --location flag. SUBZONE must be one of: diff --git a/gcloud/alpha/compute/network-firewall-policies/create b/gcloud/alpha/compute/network-firewall-policies/create index 2a0d1c490..2fff15590 100644 --- a/gcloud/alpha/compute/network-firewall-policies/create +++ b/gcloud/alpha/compute/network-firewall-policies/create @@ -35,7 +35,7 @@ FLAGS --policy-type=POLICY_TYPE Network firewall policy type. POLICY_TYPE must be one of: VPC_POLICY, - RDMA_ROCE_POLICY, ULL_POLICY. + RDMA_ROCE_POLICY, ULL_POLICY, RDMA_FALCON_POLICY. At most one of these can be specified: diff --git a/gcloud/alpha/compute/network-policies/traffic-classification-rules/create b/gcloud/alpha/compute/network-policies/traffic-classification-rules/create index f7f80cc95..884d2f501 100644 --- a/gcloud/alpha/compute/network-policies/traffic-classification-rules/create +++ b/gcloud/alpha/compute/network-policies/traffic-classification-rules/create @@ -53,7 +53,7 @@ REQUIRED FLAGS Network policy ID with which to create rule. --priority=PRIORITY - Priority of the rule to be added. Valid in [1, 2147482547]. + Priority of the rule to be added. Valid in [1, 2147482647]. --traffic-class=TRAFFIC_CLASS The traffic class that be applied to matching packet. TRAFFIC_CLASS diff --git a/gcloud/alpha/compute/network-policies/traffic-classification-rules/delete b/gcloud/alpha/compute/network-policies/traffic-classification-rules/delete index 6082de99a..7b5f57eea 100644 --- a/gcloud/alpha/compute/network-policies/traffic-classification-rules/delete +++ b/gcloud/alpha/compute/network-policies/traffic-classification-rules/delete @@ -24,7 +24,7 @@ REQUIRED FLAGS Network policy ID with which to delete rule. --priority=PRIORITY - Priority of the rule to be removed. Valid in [1, 2147483547]. + Priority of the rule to be removed. Valid in [1, 2147482647]. OPTIONAL FLAGS --network-policy-region=NETWORK_POLICY_REGION diff --git a/gcloud/alpha/compute/network-policies/traffic-classification-rules/describe b/gcloud/alpha/compute/network-policies/traffic-classification-rules/describe index 495deffec..a1e9aa92a 100644 --- a/gcloud/alpha/compute/network-policies/traffic-classification-rules/describe +++ b/gcloud/alpha/compute/network-policies/traffic-classification-rules/describe @@ -24,7 +24,7 @@ REQUIRED FLAGS Network policy ID with which to describe rule. --priority=PRIORITY - Priority of the rule to be described. Valid in [1, 2147483547]. + Priority of the rule to be described. Valid in [1, 2147483647]. OPTIONAL FLAGS --network-policy-region=NETWORK_POLICY_REGION diff --git a/gcloud/alpha/compute/network-policies/traffic-classification-rules/update b/gcloud/alpha/compute/network-policies/traffic-classification-rules/update index 46d888c8a..8694bf08e 100644 --- a/gcloud/alpha/compute/network-policies/traffic-classification-rules/update +++ b/gcloud/alpha/compute/network-policies/traffic-classification-rules/update @@ -31,7 +31,7 @@ REQUIRED FLAGS Network policy ID with which to update rule. --priority=PRIORITY - Priority of the rule to be updated. Valid in [1, 2147482547]. + Priority of the rule to be updated. Valid in [1, 2147482647]. OPTIONAL FLAGS --action=ACTION @@ -66,7 +66,7 @@ OPTIONAL FLAGS --new-priority=NEW_PRIORITY New priority for the rule to update. Valid priority range: [1, - 2147482547]. + 2147482647]. --src-ip-ranges=[SRC_IP_RANGE,...] CIDR IP address range. diff --git a/gcloud/alpha/compute/tpus/help b/gcloud/alpha/compute/tpus/help index e747bb519..bd2009c0c 100644 --- a/gcloud/alpha/compute/tpus/help +++ b/gcloud/alpha/compute/tpus/help @@ -2,7 +2,7 @@ NAME gcloud alpha compute tpus - list, create, and delete Cloud TPUs SYNOPSIS - gcloud alpha compute tpus GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] + gcloud alpha compute tpus GROUP [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) List, create, and delete Cloud TPUs. diff --git a/gcloud/alpha/container/clusters/create b/gcloud/alpha/container/clusters/create index 450929ef9..dbfe0c74c 100644 --- a/gcloud/alpha/container/clusters/create +++ b/gcloud/alpha/container/clusters/create @@ -13,6 +13,7 @@ SYNOPSIS [--alpha-cluster-feature-gates=[FEATURE=true|false,...]] [--anonymous-authentication-config=ANONYMOUS_AUTHENTICATION_CONFIG] [--async] [--auto-monitoring-scope=AUTO_MONITORING_SCOPE] + [--autopilot-workload-policies=WORKLOAD_POLICIES] [--autoprovisioning-enable-insecure-kubelet-readonly-port] [--autoprovisioning-network-tags=TAGS,[TAGS,...]] [--autoprovisioning-resource-manager-tags=[KEY=VALUE,...]] @@ -143,6 +144,8 @@ SYNOPSIS --master-ipv4-cidr=MASTER_IPV4_CIDR --private-cluster] [--enable-secret-manager --enable-secret-manager-rotation --secret-manager-rotation-interval=SECRET_MANAGER_ROTATION_INTERVAL] + [--enable-secret-sync --enable-secret-sync-rotation + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL] [--ephemeral-storage[=[local-ssd-count=LOCAL-SSD-COUNT]] | --ephemeral-storage-local-ssd[=[count=COUNT]] | --local-nvme-ssd-block[=[count=COUNT]] @@ -276,6 +279,16 @@ FLAGS NONE: Disables Auto-Monitoring. AUTO_MONITORING_SCOPE must be one of: ALL, NONE. + --autopilot-workload-policies=WORKLOAD_POLICIES + Add Autopilot workload policies to the cluster. + + Examples: + + $ gcloud alpha container clusters create example-cluster \ + --autopilot-workload-policies=allow-net-admin + + The only supported workload policy is 'allow-net-admin'. + --autoprovisioning-enable-insecure-kubelet-readonly-port Enables the Kubelet's insecure read only port for Autoprovisioned Node Pools. @@ -2492,6 +2505,19 @@ FLAGS provider component. If you don't specify a time interval for the rotation, it will default to a rotation period of two minutes. + Flags for Secret Sync configuration: + + --enable-secret-sync + Enables the Secret Sync component. See + https://cloud.google.com/secret-manager/docs/sync-k8-secrets + + --enable-secret-sync-rotation + Enables the rotation of secrets in the Secret Sync component. + provider component. + + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL + Set the rotation period for secrets in the Secret Sync component. + At most one of these can be specified: --ephemeral-storage[=[local-ssd-count=LOCAL-SSD-COUNT]] diff --git a/gcloud/alpha/container/clusters/create-auto b/gcloud/alpha/container/clusters/create-auto index 2cb3ac1f7..634bec458 100644 --- a/gcloud/alpha/container/clusters/create-auto +++ b/gcloud/alpha/container/clusters/create-auto @@ -58,6 +58,8 @@ SYNOPSIS --enable-private-nodes --master-ipv4-cidr=MASTER_IPV4_CIDR] [--enable-secret-manager --enable-secret-manager-rotation --secret-manager-rotation-interval=SECRET_MANAGER_ROTATION_INTERVAL] + [--enable-secret-sync --enable-secret-sync-rotation + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL] [--location=LOCATION | --region=REGION | --zone=ZONE, -z ZONE] [--scopes=[SCOPE,...]; default="gke-default" --service-account=SERVICE_ACCOUNT] @@ -729,6 +731,19 @@ FLAGS provider component. If you don't specify a time interval for the rotation, it will default to a rotation period of two minutes. + Flags for Secret Sync configuration: + + --enable-secret-sync + Enables the Secret Sync component. See + https://cloud.google.com/secret-manager/docs/sync-k8-secrets + + --enable-secret-sync-rotation + Enables the rotation of secrets in the Secret Sync component. + provider component. + + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL + Set the rotation period for secrets in the Secret Sync component. + At most one of these can be specified: --location=LOCATION diff --git a/gcloud/alpha/container/clusters/update b/gcloud/alpha/container/clusters/update index f0b0ebb91..ef44585aa 100644 --- a/gcloud/alpha/container/clusters/update +++ b/gcloud/alpha/container/clusters/update @@ -5,6 +5,7 @@ NAME SYNOPSIS gcloud alpha container clusters update NAME (--anonymous-authentication-config=ANONYMOUS_AUTHENTICATION_CONFIG + | --autopilot-workload-policies=WORKLOAD_POLICIES | --autoprovisioning-cgroup-mode=AUTOPROVISIONING_CGROUP_MODE | --autoprovisioning-enable-insecure-kubelet-readonly-port | --autoprovisioning-network-tags=[TAGS,...] @@ -40,7 +41,9 @@ SYNOPSIS | --notification-config=[pubsub=ENABLED|DISABLED, pubsub-topic=TOPIC,...] | --patch-update=[PATCH_UPDATE] | --private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE - | --release-channel=CHANNEL | --remove-labels=[KEY,...] + | --release-channel=CHANNEL + | --remove-autopilot-workload-policies=REMOVE_WORKLOAD_POLICIES + | --remove-labels=[KEY,...] | --remove-workload-policies=REMOVE_WORKLOAD_POLICIES | --security-group=SECURITY_GROUP | --security-posture=SECURITY_POSTURE @@ -120,6 +123,8 @@ SYNOPSIS --monitoring-service=MONITORING_SERVICE | --[no-]enable-secret-manager --[no-]enable-secret-manager-rotation --secret-manager-rotation-interval=SECRET_MANAGER_ROTATION_INTERVAL + | --[no-]enable-secret-sync --[no-]enable-secret-sync-rotation + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL | --password=PASSWORD --enable-basic-auth | --username=USERNAME, -u USERNAME) [--async] [--cloud-run-config=[load-balancer-type=EXTERNAL,...]] @@ -162,6 +167,16 @@ REQUIRED FLAGS to the health check endpoints are allowed anonymously, all other calls will be rejected. + --autopilot-workload-policies=WORKLOAD_POLICIES + Add Autopilot workload policies to the cluster. + + Examples: + + $ gcloud alpha container clusters update example-cluster \ + --autopilot-workload-policies=allow-net-admin + + The only supported workload policy is 'allow-net-admin'. + --autoprovisioning-cgroup-mode=AUTOPROVISIONING_CGROUP_MODE Sets the cgroup mode for auto-provisioned nodes. @@ -695,6 +710,16 @@ REQUIRED FLAGS Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. + --remove-autopilot-workload-policies=REMOVE_WORKLOAD_POLICIES + Remove Autopilot workload policies from the cluster. + + Examples: + + $ gcloud alpha container clusters update example-cluster \ + --remove-autopilot-workload-policies=allow-net-admin + + The only supported workload policy is 'allow-net-admin'. + --remove-labels=[KEY,...] Labels to remove from the Google Cloud resources in use by the Kubernetes Engine cluster. These are unrelated to Kubernetes labels. @@ -1662,6 +1687,22 @@ REQUIRED FLAGS driver provider component. If you don't specify a time interval for the rotation, it will default to a rotation period of two minutes. + Flags for Secret Sync configuration: + + --[no-]enable-secret-sync + Enables the Secret Sync component. See + https://cloud.google.com/secret-manager/docs/sync-k8-secrets. Use + --enable-secret-sync to enable and --no-enable-secret-sync to + disable. + + --[no-]enable-secret-sync-rotation + Enables the rotation of secrets in the Secret Sync component. + provider component. Use --enable-secret-sync-rotation to enable and + --no-enable-secret-sync-rotation to disable. + + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL + Set the rotation period for secrets in the Secret Sync component. + Basic auth --password=PASSWORD diff --git a/gcloud/alpha/database-migration/migration-jobs/create b/gcloud/alpha/database-migration/migration-jobs/create index 4fb6ac16d..b207695c1 100644 --- a/gcloud/alpha/database-migration/migration-jobs/create +++ b/gcloud/alpha/database-migration/migration-jobs/create @@ -6,7 +6,8 @@ SYNOPSIS gcloud alpha database-migration migration-jobs create (MIGRATION_JOB : --region=REGION) --destination=DESTINATION --source=SOURCE --type=TYPE [--no-async] [--display-name=DISPLAY_NAME] - [--dump-path=DUMP_PATH] [--labels=[KEY=VALUE,...]] + [--labels=[KEY=VALUE,...]] + [--dump-flags=[KEY=VALUE,...] | --dump-path=DUMP_PATH] [--peer-vpc=PEER_VPC | --static-ip | [--vm-ip=VM_IP --vm-port=VM_PORT --vpc=VPC : --vm=VM]] [GCLOUD_WIDE_FLAG ...] @@ -139,10 +140,6 @@ OPTIONAL FLAGS include letters, numbers, spaces, and hyphens, and must start with a letter. - --dump-path=DUMP_PATH - Path to the dump file in Google Cloud Storage, in the format: - gs://[BUCKET_NAME]/[OBJECT_NAME]. - --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. @@ -151,6 +148,16 @@ OPTIONAL FLAGS contain only hyphens (-), underscores (_), lowercase characters, and numbers. + At most one of these can be specified: + + --dump-flags=[KEY=VALUE,...] + A list of dump flags. An object containing a list of "key": "value" + pairs. + + --dump-path=DUMP_PATH + Path to the dump file in Google Cloud Storage, in the format: + gs://[BUCKET_NAME]/[OBJECT_NAME]. + The connectivity method used by the migration job. If a connectivity method isn't specified, then it isn't added to the migration job. diff --git a/gcloud/alpha/database-migration/migration-jobs/update b/gcloud/alpha/database-migration/migration-jobs/update index 0626cf28e..d940faabe 100644 --- a/gcloud/alpha/database-migration/migration-jobs/update +++ b/gcloud/alpha/database-migration/migration-jobs/update @@ -6,9 +6,9 @@ SYNOPSIS gcloud alpha database-migration migration-jobs update (MIGRATION_JOB : --region=REGION) [--no-async] [--destination=DESTINATION] [--display-name=DISPLAY_NAME] - [--dump-path=DUMP_PATH] [--source=SOURCE] [--type=TYPE] - [--update-labels=[KEY=VALUE,...]] + [--source=SOURCE] [--type=TYPE] [--update-labels=[KEY=VALUE,...]] [--clear-labels | --remove-labels=[KEY,...]] + [--dump-flags=[KEY=VALUE,...] | --dump-path=DUMP_PATH] [--peer-vpc=PEER_VPC | --static-ip | --vm=VM --vm-ip=VM_IP --vm-port=VM_PORT --vpc=VPC] [GCLOUD_WIDE_FLAG ...] @@ -96,10 +96,6 @@ FLAGS include letters, numbers, spaces, and hyphens, and must start with a letter. - --dump-path=DUMP_PATH - Path to the dump file in Google Cloud Storage, in the format: - gs://[BUCKET_NAME]/[OBJECT_NAME]. - Connection profile resource - ID of the source connection profile, representing the source database. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in @@ -156,6 +152,16 @@ FLAGS silently ignored. If --update-labels is also specified then --update-labels is applied first. + At most one of these can be specified: + + --dump-flags=[KEY=VALUE,...] + A list of dump flags. An object containing a list of "key": "value" + pairs. + + --dump-path=DUMP_PATH + Path to the dump file in Google Cloud Storage, in the format: + gs://[BUCKET_NAME]/[OBJECT_NAME]. + The connectivity method used by the migration job. If a connectivity method isn't specified, then it isn't updated for the migration job. diff --git a/gcloud/alpha/design-center/spaces/help b/gcloud/alpha/design-center/spaces/help index 660efeee9..c4cc33a60 100644 --- a/gcloud/alpha/design-center/spaces/help +++ b/gcloud/alpha/design-center/spaces/help @@ -42,6 +42,9 @@ COMMANDS get-iam-policy (ALPHA) Get the IAM policy for a Design Center space. + infer-connections + (ALPHA) Infer connections for components in a space. + list (ALPHA) List spaces. diff --git a/gcloud/alpha/design-center/spaces/infer-connections b/gcloud/alpha/design-center/spaces/infer-connections new file mode 100644 index 000000000..942fb4f69 --- /dev/null +++ b/gcloud/alpha/design-center/spaces/infer-connections @@ -0,0 +1,125 @@ +NAME + gcloud alpha design-center spaces infer-connections - infer connections for + components in a space + +SYNOPSIS + gcloud alpha design-center spaces infer-connections [--async] + [--location=LOCATION] [--space=SPACE] [--use-gemini] + [--catalog-template-revision-uris=[CATALOG_TEMPLATE_REVISION_URIS,...] + : --catalog=CATALOG --template=TEMPLATE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Infers connections for components present in a space. + +EXAMPLES + To infer connections for space my-space in project my-project and location + us-central1, run: + + $ gcloud alpha design-center spaces infer-connections my-space \ + --project=my-project --location=us-central1 + + To infer connections for space my-space in project my-project and location + us-central1 using gemini, run: + + $ gcloud alpha design-center spaces infer-connections my-space \ + --project=my-project --location=us-central1 --use-gemini + + To infer connections for specific catalog template revisions rev1 and rev2 + in space my-space in project my-project and location us-central1, run: + + $ gcloud alpha design-center spaces infer-connections my-space \ + --project=my-project --location=us-central1 \ + --catalog-template-revision-uris=projects/my-project/locations/\ + us-central1/spaces/my-space/catalogs/my-catalog/templates/\ + my-template/revisions/rev1,projects/my-project/locations/\ + us-central1/spaces/my-space/catalogs/my-catalog/templates/\ + my-template/revisions/rev2 + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + + --location=LOCATION + For resources [space, catalog-template-revision-uris], provides + fallback value for resource location attribute. When the resource's + full URI path is not provided, location will fallback to this flag + value. + + --space=SPACE + For resources [space, catalog-template-revision-uris], provides + fallback value for resource space attribute. When the resource's full + URI path is not provided, space will fallback to this flag value. + + --use-gemini + Whether to use Gemini. + + Revision resource - A list of Catalog template revisions that you want to + infer connections for. If you don't provide this, the system infers + connections for the latest revisions of all catalog templates in all the + catalogs present in the space. The arguments in this group can be used to + specify the attributes of this resource. (NOTE) Some attributes are not + given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument --catalog-template-revision-uris on the command + line with a fully specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + To set the location attribute: + ◆ provide the argument --catalog-template-revision-uris on the command + line with a fully specified name; + ◆ provide the argument --location on the command line. + + To set the space attribute: + ◆ provide the argument --catalog-template-revision-uris on the command + line with a fully specified name; + ◆ provide the argument --space on the command line. + + --catalog-template-revision-uris=[CATALOG_TEMPLATE_REVISION_URIS,...] + IDs of the revisions or fully qualified identifiers for the + revisions. + + To set the revision attribute: + ▸ provide the argument --catalog-template-revision-uris on the + command line. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --catalog=CATALOG + The catalog id of the revisions resource. + + To set the catalog attribute: + ▸ provide the argument --catalog-template-revision-uris on the + command line with a fully specified name; + ▸ provide the argument --catalog on the command line. + + --template=TEMPLATE + The template id of the revisions resource. + + To set the template attribute: + ▸ provide the argument --catalog-template-revision-uris on the + command line with a fully specified name; + ▸ provide the argument --template on the command line. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the designcenter/v1alpha API. The full documentation for + this API can be found at: + http://cloud.google.com/application-design-center/docs + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/developer-connect/account-connectors/create b/gcloud/alpha/developer-connect/account-connectors/create index c241c6dd9..890991fe3 100644 --- a/gcloud/alpha/developer-connect/account-connectors/create +++ b/gcloud/alpha/developer-connect/account-connectors/create @@ -145,6 +145,8 @@ FLAGS datastax Datastax provider. No scopes are allowed. + dynatrace + Dynatrace provider. github GitHub provider. Scopes can be found at https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes diff --git a/gcloud/alpha/developer-connect/insights-configs/help b/gcloud/alpha/developer-connect/insights-configs/help index e3b7466f6..802c7e9d4 100644 --- a/gcloud/alpha/developer-connect/insights-configs/help +++ b/gcloud/alpha/developer-connect/insights-configs/help @@ -3,7 +3,7 @@ NAME resources SYNOPSIS - gcloud alpha developer-connect insights-configs COMMAND + gcloud alpha developer-connect insights-configs GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION diff --git a/gcloud/alpha/iam/workforce-pools/providers/create-oidc b/gcloud/alpha/iam/workforce-pools/providers/create-oidc index 9204e244e..2ee10c132 100644 --- a/gcloud/alpha/iam/workforce-pools/providers/create-oidc +++ b/gcloud/alpha/iam/workforce-pools/providers/create-oidc @@ -13,7 +13,7 @@ SYNOPSIS [--async] [--attribute-condition=ATTRIBUTE_CONDITION] [--client-secret-value=CLIENT_SECRET_VALUE] [--description=DESCRIPTION] [--detailed-audit-logging] [--disabled] [--display-name=DISPLAY_NAME] - [--jwk-json-path=PATH_TO_FILE] + [--jwk-json-path=PATH_TO_FILE] [--scim-usage=SCIM_USAGE] [--extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE : --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER] [--extra-attributes-client-id=EXTRA_ATTRIBUTES_CLIENT_ID @@ -276,70 +276,120 @@ OPTIONAL FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. - *--extended-attributes-client-id*=_EXTENDED_ATTRIBUTES_CLIENT_ID_:: + --scim-usage=SCIM_USAGE + Specifies whether the workforce identity pool provider uses + SCIM-managed groups instead of the google.groups attribute mapping for + authorization checks. - The OAuth 2.0 client ID for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + The scim_usage and extended_attributes_oauth2_client fields are + mutually exclusive. A request that enables both fields on the same + workforce identity pool provider will produce an error. - *--extended-attributes-client-secret-value*=_EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE_:: + Use enabled-for-groups to enable SCIM-managed groups. Use + scim-usage-unspecified to disable SCIM-managed groups. - The OAuth 2.0 client secret for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + SCIM_USAGE must be one of: enabled-for-groups, scim-usage-unspecified. - *--extended-attributes-issuer-uri*=_EXTENDED_ATTRIBUTES_ISSUER_URI_:: + --extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extended attributes from the + identity provider. Required to get extended group memberships for a + subset of Google Cloud products. - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. + --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extended attributes from the + identity provider. Required to get extended group memberships for a + subset of Google Cloud products. - *--extended-attributes-type*=_EXTENDED_ATTRIBUTES_TYPE_:: + --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - Represents the identity provider and type of claims that should be fetched. _EXTENDED_ATTRIBUTES_TYPE_ must be (only one value is supported): *azure-ad-groups-id*. + --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTENDED_ATTRIBUTES_TYPE must be (only one value is + supported): azure-ad-groups-id. - *--extended-attributes-filter*=_EXTENDED_ATTRIBUTES_FILTER_:: + --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using [Keyword + Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based + on the value of attributes_type. Values passed to filter are converted + to $search query parameters. Additional $filter query parameters cannot + be added using this field. - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. + ◆ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. + --extra-attributes-client-id=EXTRA_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - *--extra-attributes-client-id*=_EXTRA_ATTRIBUTES_CLIENT_ID_:: + --extra-attributes-client-secret-value=EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. + --extra-attributes-issuer-uri=EXTRA_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - *--extra-attributes-client-secret-value*=_EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE_:: + --extra-attributes-type=EXTRA_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTRA_ATTRIBUTES_TYPE must be one of: azure-ad-groups-mail, + azure-ad-groups-id. - The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. + --extra-attributes-filter=EXTRA_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using [Keyword + Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - *--extra-attributes-issuer-uri*=_EXTRA_ATTRIBUTES_ISSUER_URI_:: + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based + on the value of attributes_type. Values passed to filter are converted + to $search query parameters. Additional $filter query parameters cannot + be added using this field. - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. - - *--extra-attributes-type*=_EXTRA_ATTRIBUTES_TYPE_:: - - Represents the identity provider and type of claims that should be fetched. _EXTRA_ATTRIBUTES_TYPE_ must be one of: *azure-ad-groups-mail*, *azure-ad-groups-id*. - - *--extra-attributes-filter*=_EXTRA_ATTRIBUTES_FILTER_:: - - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). - - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. - - * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `securityEnabled` filters are applied. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. + ◆ AZURE_AD_GROUPS_MAIL: mailEnabled and securityEnabled filters are + applied. + ◆ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1 API. The full documentation for this API can + be found at: https://cloud.google.com/iam/ NOTES - This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. - These variants are also available: + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: - $ gcloud iam workforce-pools providers create-oidc + $ gcloud iam workforce-pools providers create-oidc - $ gcloud beta iam workforce-pools providers create-oidc + $ gcloud beta iam workforce-pools providers create-oidc diff --git a/gcloud/alpha/iam/workforce-pools/providers/scim-tenants/create b/gcloud/alpha/iam/workforce-pools/providers/scim-tenants/create index 1c708f03e..b46b00304 100644 --- a/gcloud/alpha/iam/workforce-pools/providers/scim-tenants/create +++ b/gcloud/alpha/iam/workforce-pools/providers/scim-tenants/create @@ -18,20 +18,22 @@ DESCRIPTION EXAMPLES To create a SCIM tenant with ID my-tenant under provider my-okta-provider - in pool my-pool located in global: + in pool my-pool located in global with claim mappings: $ gcloud alpha iam workforce-pools providers scim-tenants create \ my-tenant --location=global --workforce-pool=my-pool \ - --provider=my-okta-provider + --provider=my-okta-provider \ + --claim-mapping="google.subject=user.externalId,google.group=gro\ + up.externalId" To create a SCIM tenant sales-tenant under provider salesforce in pool - partner-pool located in europe-west1 with specific claim mappings: + partner-pool located in europe-west1 with claim mappings: $ gcloud alpha iam workforce-pools providers scim-tenants create \ sales-tenant --location=europe-west1 \ --workforce-pool=partner-pool --provider=salesforce \ - --claim-mapping="google.subject=salesforce_id,assertion.groups=m\ - emberOf" + --claim-mapping="google.subject=user.externalId,google.group=gro\ + up.externalId" POSITIONAL ARGUMENTS Workforce pool provider scim tenant resource - The ID of the SCIM tenant diff --git a/gcloud/alpha/iam/workforce-pools/providers/update-oidc b/gcloud/alpha/iam/workforce-pools/providers/update-oidc index a4e1b295b..949e96a60 100644 --- a/gcloud/alpha/iam/workforce-pools/providers/update-oidc +++ b/gcloud/alpha/iam/workforce-pools/providers/update-oidc @@ -9,7 +9,7 @@ SYNOPSIS [--attribute-mapping=[KEY=VALUE,...]] [--client-id=CLIENT_ID] [--description=DESCRIPTION] [--detailed-audit-logging] [--disabled] [--display-name=DISPLAY_NAME] [--issuer-uri=ISSUER_URI] - [--jwk-json-path=PATH_TO_FILE] + [--jwk-json-path=PATH_TO_FILE] [--scim-usage=SCIM_USAGE] [--web-sso-additional-scopes=[WEB_SSO_ADDITIONAL_SCOPES,...]] [--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR] [--web-sso-response-type=WEB_SSO_RESPONSE_TYPE] @@ -228,116 +228,167 @@ FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. - *--web-sso-additional-scopes*=[_WEB_SSO_ADDITIONAL_SCOPES_,...]:: + --scim-usage=SCIM_USAGE + Specifies whether the workforce identity pool provider uses + SCIM-managed groups instead of the google.groups attribute mapping for + authorization checks. - Additional scopes to request for the OIDC authentication on - top of scopes requested by default. By default, the `openid`, `profile` - and `email` scopes that are supported by the identity provider are - requested. + The scim_usage and extended_attributes_oauth2_client fields are + mutually exclusive. A request that enables both fields on the same + workforce identity pool provider will produce an error. - Each additional scope may be at most 256 - characters. A maximum of 10 additional scopes may be configured. + Use enabled-for-groups to enable SCIM-managed groups. Use + scim-usage-unspecified to disable SCIM-managed groups. - *--web-sso-assertion-claims-behavior*=_WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR_:: + SCIM_USAGE must be one of: enabled-for-groups, scim-usage-unspecified. - The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition. - Use `merge-user-info-over-id-token-claims` to merge the UserInfo Endpoint Claims with ID Token - Claims, preferring UserInfo Claim Values for the same Claim Name. Currently this option is only - available for Authorization Code flow. - Use `only-id-token-claims` to include only ID token claims. _WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR_ must be one of: *assertion-claims-behavior-unspecified*, *merge-user-info-over-id-token-claims*, *only-id-token-claims*. + --web-sso-additional-scopes=[WEB_SSO_ADDITIONAL_SCOPES,...] + Additional scopes to request for the OIDC authentication on top of + scopes requested by default. By default, the openid, profile and email + scopes that are supported by the identity provider are requested. - *--web-sso-response-type*=_WEB_SSO_RESPONSE_TYPE_:: + Each additional scope may be at most 256 characters. A maximum of 10 + additional scopes may be configured. - Response Type to request for in the OIDC Authorization Request for web sign-in. - Use `code` to select the authorization code flow (https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) - Use `id-token` to select the implicit flow (https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth). _WEB_SSO_RESPONSE_TYPE_ must be one of: *code*, *id-token*, *response-type-unspecified*. + --web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR + The behavior for how OIDC Claims are included in the assertion object + used for attribute mapping and attribute condition. Use + merge-user-info-over-id-token-claims to merge the UserInfo Endpoint + Claims with ID Token Claims, preferring UserInfo Claim Values for the + same Claim Name. Currently this option is only available for + Authorization Code flow. Use only-id-token-claims to include only ID + token claims. WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR must be one of: + assertion-claims-behavior-unspecified, + merge-user-info-over-id-token-claims, only-id-token-claims. - :: At most one of these can be specified: + --web-sso-response-type=WEB_SSO_RESPONSE_TYPE + Response Type to request for in the OIDC Authorization Request for web + sign-in. Use code to select the authorization code flow + (https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) + Use id-token to select the implicit flow + (https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth). + WEB_SSO_RESPONSE_TYPE must be one of: code, id-token, + response-type-unspecified. - *--clear-client-secret*::: + At most one of these can be specified: - Clear the OIDC client secret. + --clear-client-secret + Clear the OIDC client secret. - *--client-secret-value*=_CLIENT_SECRET_VALUE_::: + --client-secret-value=CLIENT_SECRET_VALUE + The OIDC client secret. Required to enable Authorization Code flow + for web sign-in. - The OIDC client secret. Required to enable Authorization Code flow for web sign-in. + At most one of these can be specified: - :: At most one of these can be specified: + --clear-extended-attributes-config + Clear the extended attributes configuration. - *--clear-extended-attributes-config*::: + --extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extended attributes from the + identity provider. Required to get extended group memberships for a + subset of Google Cloud products. - Clear the extended attributes configuration. + --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extended attributes from + the identity provider. Required to get extended group memberships for + a subset of Google Cloud products. - *--extended-attributes-client-id*=_EXTENDED_ATTRIBUTES_CLIENT_ID_::: + --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using + [Keyword Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - The OAuth 2.0 client ID for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), + based on the value of attributes_type. Values passed to filter are + converted to $search query parameters. Additional $filter query + parameters cannot be added using this field. - *--extended-attributes-client-secret-value*=_EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE_::: + ▸ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. - The OAuth 2.0 client secret for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - *--extended-attributes-filter*=_EXTENDED_ATTRIBUTES_FILTER_::: + --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTENDED_ATTRIBUTES_TYPE must be (only one value is + supported): azure-ad-groups-id. - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). + At most one of these can be specified: - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. + --clear-extra-attributes-config + Clear the extra attributes configuration. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. + --extra-attributes-client-id=EXTRA_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - *--extended-attributes-issuer-uri*=_EXTENDED_ATTRIBUTES_ISSUER_URI_::: + --extra-attributes-client-secret-value=EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. + --extra-attributes-filter=EXTRA_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using + [Keyword Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - *--extended-attributes-type*=_EXTENDED_ATTRIBUTES_TYPE_::: + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), + based on the value of attributes_type. Values passed to filter are + converted to $search query parameters. Additional $filter query + parameters cannot be added using this field. - Represents the identity provider and type of claims that should be fetched. _EXTENDED_ATTRIBUTES_TYPE_ must be (only one value is supported): *azure-ad-groups-id*. + ▸ AZURE_AD_GROUPS_MAIL: mailEnabled and securityEnabled filters are + applied. + ▸ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. - :: At most one of these can be specified: + --extra-attributes-issuer-uri=EXTRA_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - *--clear-extra-attributes-config*::: - - Clear the extra attributes configuration. - - *--extra-attributes-client-id*=_EXTRA_ATTRIBUTES_CLIENT_ID_::: - - The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. - - *--extra-attributes-client-secret-value*=_EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE_::: - - The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. - - *--extra-attributes-filter*=_EXTRA_ATTRIBUTES_FILTER_::: - - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). - - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. - - * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `securityEnabled` filters are applied. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. - - *--extra-attributes-issuer-uri*=_EXTRA_ATTRIBUTES_ISSUER_URI_::: - - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. - - *--extra-attributes-type*=_EXTRA_ATTRIBUTES_TYPE_::: - - Represents the identity provider and type of claims that should be fetched. _EXTRA_ATTRIBUTES_TYPE_ must be one of: *azure-ad-groups-mail*, *azure-ad-groups-id*. + --extra-attributes-type=EXTRA_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTRA_ATTRIBUTES_TYPE must be one of: azure-ad-groups-mail, + azure-ad-groups-id. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1 API. The full documentation for this API can + be found at: https://cloud.google.com/iam/ NOTES - This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. - These variants are also available: + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: - $ gcloud iam workforce-pools providers update-oidc + $ gcloud iam workforce-pools providers update-oidc - $ gcloud beta iam workforce-pools providers update-oidc + $ gcloud beta iam workforce-pools providers update-oidc diff --git a/gcloud/alpha/iam/workload-identity-pools/providers/create-aws b/gcloud/alpha/iam/workload-identity-pools/providers/create-aws index 0459c62fc..66a463516 100644 --- a/gcloud/alpha/iam/workload-identity-pools/providers/create-aws +++ b/gcloud/alpha/iam/workload-identity-pools/providers/create-aws @@ -139,7 +139,7 @@ OPTIONAL FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. diff --git a/gcloud/alpha/iam/workload-identity-pools/providers/create-oidc b/gcloud/alpha/iam/workload-identity-pools/providers/create-oidc index c49a0b26e..c1ab4ee55 100644 --- a/gcloud/alpha/iam/workload-identity-pools/providers/create-oidc +++ b/gcloud/alpha/iam/workload-identity-pools/providers/create-oidc @@ -113,7 +113,7 @@ REQUIRED FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. @@ -224,21 +224,28 @@ OPTIONAL FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1beta* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1beta API. The full documentation for this API + can be found at: https://cloud.google.com/iam/ NOTES - This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. - These variants are also available: + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: - $ gcloud iam workload-identity-pools providers create-oidc + $ gcloud iam workload-identity-pools providers create-oidc - $ gcloud beta iam workload-identity-pools providers create-oidc + $ gcloud beta iam workload-identity-pools providers create-oidc diff --git a/gcloud/alpha/iam/workload-identity-pools/providers/update-aws b/gcloud/alpha/iam/workload-identity-pools/providers/update-aws index a069d65e8..d9ebe57c7 100644 --- a/gcloud/alpha/iam/workload-identity-pools/providers/update-aws +++ b/gcloud/alpha/iam/workload-identity-pools/providers/update-aws @@ -138,7 +138,7 @@ FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. diff --git a/gcloud/alpha/iam/workload-identity-pools/providers/update-oidc b/gcloud/alpha/iam/workload-identity-pools/providers/update-oidc index ac2eb1e60..808ef5f45 100644 --- a/gcloud/alpha/iam/workload-identity-pools/providers/update-oidc +++ b/gcloud/alpha/iam/workload-identity-pools/providers/update-oidc @@ -153,7 +153,7 @@ FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. @@ -223,21 +223,28 @@ FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1beta* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1beta API. The full documentation for this API + can be found at: https://cloud.google.com/iam/ NOTES - This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. - These variants are also available: + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. These variants are also available: - $ gcloud iam workload-identity-pools providers update-oidc + $ gcloud iam workload-identity-pools providers update-oidc - $ gcloud beta iam workload-identity-pools providers update-oidc + $ gcloud beta iam workload-identity-pools providers update-oidc diff --git a/gcloud/alpha/monitoring/alerts/describe b/gcloud/alpha/monitoring/alerts/describe new file mode 100644 index 000000000..ec9872761 --- /dev/null +++ b/gcloud/alpha/monitoring/alerts/describe @@ -0,0 +1,46 @@ +NAME + gcloud alpha monitoring alerts describe - describe an alert + +SYNOPSIS + gcloud alpha monitoring alerts describe ALERT [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Describe an alert. + +POSITIONAL ARGUMENTS + Alert resource - The alert to describe. This represents a Cloud resource. + (NOTE) Some attributes are not given arguments in this group but can be + set in other ways. + + To set the project attribute: + ◆ provide the argument alert on the command line with a fully specified + name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + ALERT + ID of the alert or fully qualified identifier for the alert. + + To set the alert attribute: + ▸ provide the argument alert on the command line. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the monitoring/v3 API. The full documentation for this + API can be found at: https://cloud.google.com/monitoring/api/ + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/monitoring/alerts/help b/gcloud/alpha/monitoring/alerts/help new file mode 100644 index 000000000..e64b3993e --- /dev/null +++ b/gcloud/alpha/monitoring/alerts/help @@ -0,0 +1,32 @@ +NAME + gcloud alpha monitoring alerts - manage Cloud Monitoring alerts + +SYNOPSIS + gcloud alpha monitoring alerts COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage Monitoring alerts. + + More information can be found here: + https://cloud.google.com/monitoring/api/v3/ + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + (ALPHA) Describe an alert. + + list + (ALPHA) List alerts. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/monitoring/alerts/list b/gcloud/alpha/monitoring/alerts/list new file mode 100644 index 000000000..d6815ee47 --- /dev/null +++ b/gcloud/alpha/monitoring/alerts/list @@ -0,0 +1,81 @@ +NAME + gcloud alpha monitoring alerts list - list alerts + +SYNOPSIS + gcloud alpha monitoring alerts list [--filter=EXPRESSION] [--limit=LIMIT] + [--page-size=PAGE_SIZE; default=1000] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) List alerts for a project. + +EXAMPLES + To list all open alerts: + + $ gcloud alpha monitoring alerts list --filter="state='OPEN'" + + To order alerts by when the alert was opened: + + $ gcloud alpha monitoring alerts list --sort-by=openTime + + To order alerts by when the alert was opened in reverse order: + + $ gcloud alpha monitoring alerts list --sort-by="~openTime" + + To list alerts for a specific policy: + + $ gcloud alpha monitoring alerts list \ + --filter="policy.displayName='My Policy'" + + More information can be found at + https://cloud.google.com/sdk/gcloud/reference/topic/filters + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE; default=1000 + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + 1000. Paging may be applied before or after --filter and --limit + depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the monitoring/v3 API. The full documentation for this + API can be found at: https://cloud.google.com/monitoring/api/ + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/monitoring/help b/gcloud/alpha/monitoring/help index 607915b97..35321174c 100644 --- a/gcloud/alpha/monitoring/help +++ b/gcloud/alpha/monitoring/help @@ -24,6 +24,9 @@ GCLOUD WIDE FLAGS GROUPS GROUP is one of the following: + alerts + (ALPHA) Manage Cloud Monitoring alerts. + channel-descriptors (ALPHA) Read Cloud Monitoring notification channel descriptors. diff --git a/gcloud/alpha/run/deploy b/gcloud/alpha/run/deploy index 738cbf317..d03f64359 100644 --- a/gcloud/alpha/run/deploy +++ b/gcloud/alpha/run/deploy @@ -3,11 +3,11 @@ NAME SYNOPSIS gcloud alpha run deploy [[SERVICE] --namespace=NAMESPACE] - [--[no-]allow-unauthenticated] [--allow-unencrypted-build] [--async] - [--breakglass=JUSTIFICATION] [--clear-vpc-connector] - [--concurrency=CONCURRENCY] [--container=CONTAINER] [--[no-]cpu-boost] - [--[no-]cpu-throttling] [--[no-]default-url] [--delegate-builds] - [--[no-]deploy-health-check] [--description=DESCRIPTION] + [--[no-]allow-unauthenticated] [--async] [--breakglass=JUSTIFICATION] + [--clear-vpc-connector] [--concurrency=CONCURRENCY] + [--container=CONTAINER] [--[no-]cpu-boost] [--[no-]cpu-throttling] + [--[no-]default-url] [--delegate-builds] [--[no-]deploy-health-check] + [--description=DESCRIPTION] [--execution-environment=EXECUTION_ENVIRONMENT] [--gpu-type=GPU_TYPE] [--[no-]gpu-zonal-redundancy] [--[no-]iap] [--ingress=INGRESS; default="all"] [--[no-]invoker-iam-check] @@ -116,16 +116,6 @@ FLAGS may take a few moments to take effect. Use --allow-unauthenticated to enable and --no-allow-unauthenticated to disable. - --allow-unencrypted-build - (DEPRECATED) Whether to allow customer-managed encryption key (CMEK) - deployments without encrypting the build process. This means that only - the deployed container will be encrypted. - - The flag --allow-unencrypted-build is deprecated. The CMEK compliance - is now available for the build process of source-based deployments. For - more details, see - https://cloud.google.com/run/docs/securing/using-cmek#source-deploy - --async Return immediately, without waiting for the operation in progress to complete. @@ -390,10 +380,11 @@ FLAGS --add-volume=[KEY=VALUE,...] Adds a volume to the Cloud Run resource. To add more than one volume, - specify this flag multiple times. Volumes must have a name and type - key. Only certain values are supported for type. Depending on the - provided type, other keys will be required. The following types are - supported with the specified additional keys: + specify this flag multiple times. Volumes must have a type key. Volumes + must have a name key if mount-path is not specified. A name key is + optional if mount-path is specified.Only certain values are supported + for type. Depending on the provided type, other keys will be required. + The following types are supported with the specified additional keys: cloud-storage: A volume representing a Cloud Storage bucket. This volume type is mounted using Cloud Storage FUSE. See @@ -409,15 +400,30 @@ FLAGS ◆ dynamic-mounting: (optional) A boolean. If true, the volume will be mounted dynamically. Note: You will either need to specify a bucket or set dynamic-mounting to true, but not both. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. cloudsql: Represents a Cloud SQL instance as a volume. Additional keys: ◆ instances: (required) The name of the Cloud SQL instances to mount. Must be in the form project_id:region:instance_id and separated by semicolons. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ephemeral-disk: A volume that stores data on a temporary disk. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size: (optional) A quantity representing the amount of disk space allocated to this volume, such as "512Mi" or "3G". @@ -425,6 +431,11 @@ FLAGS memory. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size-limit: (optional) A quantity representing the maximum amount of memory allocated to this volume, such as "512Mi" or "3G". Data stored in an in-memory volume consumes the memory allocation of the @@ -434,6 +445,11 @@ FLAGS nfs: Represents a volume backed by an NFS server. Additional keys: ◆ location: (required) The location of the NFS Server, in the form SERVER:/PATH + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ readonly: (optional) A boolean. If true, this volume will be read-only from all mounts. @@ -446,6 +462,11 @@ FLAGS the volume. ◆ path: (required) The relative path within the volume to mount that version. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. --clear-volumes Remove all existing volumes from the Cloud Run resource, including diff --git a/gcloud/alpha/run/jobs/create b/gcloud/alpha/run/jobs/create index 2fc522478..651501b7a 100644 --- a/gcloud/alpha/run/jobs/create +++ b/gcloud/alpha/run/jobs/create @@ -157,10 +157,11 @@ FLAGS --add-volume=[KEY=VALUE,...] Adds a volume to the Cloud Run resource. To add more than one volume, - specify this flag multiple times. Volumes must have a name and type - key. Only certain values are supported for type. Depending on the - provided type, other keys will be required. The following types are - supported with the specified additional keys: + specify this flag multiple times. Volumes must have a type key. Volumes + must have a name key if mount-path is not specified. A name key is + optional if mount-path is specified.Only certain values are supported + for type. Depending on the provided type, other keys will be required. + The following types are supported with the specified additional keys: cloud-storage: A volume representing a Cloud Storage bucket. This volume type is mounted using Cloud Storage FUSE. See @@ -176,15 +177,30 @@ FLAGS ◆ dynamic-mounting: (optional) A boolean. If true, the volume will be mounted dynamically. Note: You will either need to specify a bucket or set dynamic-mounting to true, but not both. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. cloudsql: Represents a Cloud SQL instance as a volume. Additional keys: ◆ instances: (required) The name of the Cloud SQL instances to mount. Must be in the form project_id:region:instance_id and separated by semicolons. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ephemeral-disk: A volume that stores data on a temporary disk. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size: (optional) A quantity representing the amount of disk space allocated to this volume, such as "512Mi" or "3G". @@ -192,6 +208,11 @@ FLAGS memory. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size-limit: (optional) A quantity representing the maximum amount of memory allocated to this volume, such as "512Mi" or "3G". Data stored in an in-memory volume consumes the memory allocation of the @@ -201,6 +222,11 @@ FLAGS nfs: Represents a volume backed by an NFS server. Additional keys: ◆ location: (required) The location of the NFS Server, in the form SERVER:/PATH + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ readonly: (optional) A boolean. If true, this volume will be read-only from all mounts. @@ -213,6 +239,11 @@ FLAGS the volume. ◆ path: (required) The relative path within the volume to mount that version. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. --clear-volumes Remove all existing volumes from the Cloud Run resource, including diff --git a/gcloud/alpha/run/jobs/deploy b/gcloud/alpha/run/jobs/deploy index 2907915ea..2427c7ddb 100644 --- a/gcloud/alpha/run/jobs/deploy +++ b/gcloud/alpha/run/jobs/deploy @@ -162,10 +162,11 @@ FLAGS --add-volume=[KEY=VALUE,...] Adds a volume to the Cloud Run resource. To add more than one volume, - specify this flag multiple times. Volumes must have a name and type - key. Only certain values are supported for type. Depending on the - provided type, other keys will be required. The following types are - supported with the specified additional keys: + specify this flag multiple times. Volumes must have a type key. Volumes + must have a name key if mount-path is not specified. A name key is + optional if mount-path is specified.Only certain values are supported + for type. Depending on the provided type, other keys will be required. + The following types are supported with the specified additional keys: cloud-storage: A volume representing a Cloud Storage bucket. This volume type is mounted using Cloud Storage FUSE. See @@ -181,15 +182,30 @@ FLAGS ◆ dynamic-mounting: (optional) A boolean. If true, the volume will be mounted dynamically. Note: You will either need to specify a bucket or set dynamic-mounting to true, but not both. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. cloudsql: Represents a Cloud SQL instance as a volume. Additional keys: ◆ instances: (required) The name of the Cloud SQL instances to mount. Must be in the form project_id:region:instance_id and separated by semicolons. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ephemeral-disk: A volume that stores data on a temporary disk. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size: (optional) A quantity representing the amount of disk space allocated to this volume, such as "512Mi" or "3G". @@ -197,6 +213,11 @@ FLAGS memory. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size-limit: (optional) A quantity representing the maximum amount of memory allocated to this volume, such as "512Mi" or "3G". Data stored in an in-memory volume consumes the memory allocation of the @@ -206,6 +227,11 @@ FLAGS nfs: Represents a volume backed by an NFS server. Additional keys: ◆ location: (required) The location of the NFS Server, in the form SERVER:/PATH + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ readonly: (optional) A boolean. If true, this volume will be read-only from all mounts. @@ -218,6 +244,11 @@ FLAGS the volume. ◆ path: (required) The relative path within the volume to mount that version. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. --clear-volumes Remove all existing volumes from the Cloud Run resource, including diff --git a/gcloud/alpha/run/jobs/update b/gcloud/alpha/run/jobs/update index 3486299d5..2387e17e0 100644 --- a/gcloud/alpha/run/jobs/update +++ b/gcloud/alpha/run/jobs/update @@ -172,10 +172,11 @@ FLAGS --add-volume=[KEY=VALUE,...] Adds a volume to the Cloud Run resource. To add more than one volume, - specify this flag multiple times. Volumes must have a name and type - key. Only certain values are supported for type. Depending on the - provided type, other keys will be required. The following types are - supported with the specified additional keys: + specify this flag multiple times. Volumes must have a type key. Volumes + must have a name key if mount-path is not specified. A name key is + optional if mount-path is specified.Only certain values are supported + for type. Depending on the provided type, other keys will be required. + The following types are supported with the specified additional keys: cloud-storage: A volume representing a Cloud Storage bucket. This volume type is mounted using Cloud Storage FUSE. See @@ -191,15 +192,30 @@ FLAGS ◆ dynamic-mounting: (optional) A boolean. If true, the volume will be mounted dynamically. Note: You will either need to specify a bucket or set dynamic-mounting to true, but not both. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. cloudsql: Represents a Cloud SQL instance as a volume. Additional keys: ◆ instances: (required) The name of the Cloud SQL instances to mount. Must be in the form project_id:region:instance_id and separated by semicolons. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ephemeral-disk: A volume that stores data on a temporary disk. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size: (optional) A quantity representing the amount of disk space allocated to this volume, such as "512Mi" or "3G". @@ -207,6 +223,11 @@ FLAGS memory. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size-limit: (optional) A quantity representing the maximum amount of memory allocated to this volume, such as "512Mi" or "3G". Data stored in an in-memory volume consumes the memory allocation of the @@ -216,6 +237,11 @@ FLAGS nfs: Represents a volume backed by an NFS server. Additional keys: ◆ location: (required) The location of the NFS Server, in the form SERVER:/PATH + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ readonly: (optional) A boolean. If true, this volume will be read-only from all mounts. @@ -228,6 +254,11 @@ FLAGS the volume. ◆ path: (required) The relative path within the volume to mount that version. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. --clear-volumes Remove all existing volumes from the Cloud Run resource, including diff --git a/gcloud/alpha/run/services/update b/gcloud/alpha/run/services/update index 5fd669893..cfc956498 100644 --- a/gcloud/alpha/run/services/update +++ b/gcloud/alpha/run/services/update @@ -349,10 +349,11 @@ FLAGS --add-volume=[KEY=VALUE,...] Adds a volume to the Cloud Run resource. To add more than one volume, - specify this flag multiple times. Volumes must have a name and type - key. Only certain values are supported for type. Depending on the - provided type, other keys will be required. The following types are - supported with the specified additional keys: + specify this flag multiple times. Volumes must have a type key. Volumes + must have a name key if mount-path is not specified. A name key is + optional if mount-path is specified.Only certain values are supported + for type. Depending on the provided type, other keys will be required. + The following types are supported with the specified additional keys: cloud-storage: A volume representing a Cloud Storage bucket. This volume type is mounted using Cloud Storage FUSE. See @@ -368,15 +369,30 @@ FLAGS ◆ dynamic-mounting: (optional) A boolean. If true, the volume will be mounted dynamically. Note: You will either need to specify a bucket or set dynamic-mounting to true, but not both. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. cloudsql: Represents a Cloud SQL instance as a volume. Additional keys: ◆ instances: (required) The name of the Cloud SQL instances to mount. Must be in the form project_id:region:instance_id and separated by semicolons. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ephemeral-disk: A volume that stores data on a temporary disk. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size: (optional) A quantity representing the amount of disk space allocated to this volume, such as "512Mi" or "3G". @@ -384,6 +400,11 @@ FLAGS memory. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size-limit: (optional) A quantity representing the maximum amount of memory allocated to this volume, such as "512Mi" or "3G". Data stored in an in-memory volume consumes the memory allocation of the @@ -393,6 +414,11 @@ FLAGS nfs: Represents a volume backed by an NFS server. Additional keys: ◆ location: (required) The location of the NFS Server, in the form SERVER:/PATH + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ readonly: (optional) A boolean. If true, this volume will be read-only from all mounts. @@ -405,6 +431,11 @@ FLAGS the volume. ◆ path: (required) The relative path within the volume to mount that version. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. --clear-volumes Remove all existing volumes from the Cloud Run resource, including diff --git a/gcloud/alpha/run/worker-pools/deploy b/gcloud/alpha/run/worker-pools/deploy index 4473a4d97..b19a71c68 100644 --- a/gcloud/alpha/run/worker-pools/deploy +++ b/gcloud/alpha/run/worker-pools/deploy @@ -206,10 +206,11 @@ FLAGS --add-volume=[KEY=VALUE,...] Adds a volume to the Cloud Run resource. To add more than one volume, - specify this flag multiple times. Volumes must have a name and type - key. Only certain values are supported for type. Depending on the - provided type, other keys will be required. The following types are - supported with the specified additional keys: + specify this flag multiple times. Volumes must have a type key. Volumes + must have a name key if mount-path is not specified. A name key is + optional if mount-path is specified.Only certain values are supported + for type. Depending on the provided type, other keys will be required. + The following types are supported with the specified additional keys: cloud-storage: A volume representing a Cloud Storage bucket. This volume type is mounted using Cloud Storage FUSE. See @@ -225,15 +226,30 @@ FLAGS ◆ dynamic-mounting: (optional) A boolean. If true, the volume will be mounted dynamically. Note: You will either need to specify a bucket or set dynamic-mounting to true, but not both. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. cloudsql: Represents a Cloud SQL instance as a volume. Additional keys: ◆ instances: (required) The name of the Cloud SQL instances to mount. Must be in the form project_id:region:instance_id and separated by semicolons. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ephemeral-disk: A volume that stores data on a temporary disk. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size: (optional) A quantity representing the amount of disk space allocated to this volume, such as "512Mi" or "3G". @@ -241,6 +257,11 @@ FLAGS memory. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size-limit: (optional) A quantity representing the maximum amount of memory allocated to this volume, such as "512Mi" or "3G". Data stored in an in-memory volume consumes the memory allocation of the @@ -250,6 +271,11 @@ FLAGS nfs: Represents a volume backed by an NFS server. Additional keys: ◆ location: (required) The location of the NFS Server, in the form SERVER:/PATH + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ readonly: (optional) A boolean. If true, this volume will be read-only from all mounts. @@ -262,6 +288,11 @@ FLAGS the volume. ◆ path: (required) The relative path within the volume to mount that version. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. --clear-volumes Remove all existing volumes from the Cloud Run resource, including diff --git a/gcloud/alpha/run/worker-pools/update b/gcloud/alpha/run/worker-pools/update index afe245572..4217db9ee 100644 --- a/gcloud/alpha/run/worker-pools/update +++ b/gcloud/alpha/run/worker-pools/update @@ -202,10 +202,11 @@ FLAGS --add-volume=[KEY=VALUE,...] Adds a volume to the Cloud Run resource. To add more than one volume, - specify this flag multiple times. Volumes must have a name and type - key. Only certain values are supported for type. Depending on the - provided type, other keys will be required. The following types are - supported with the specified additional keys: + specify this flag multiple times. Volumes must have a type key. Volumes + must have a name key if mount-path is not specified. A name key is + optional if mount-path is specified.Only certain values are supported + for type. Depending on the provided type, other keys will be required. + The following types are supported with the specified additional keys: cloud-storage: A volume representing a Cloud Storage bucket. This volume type is mounted using Cloud Storage FUSE. See @@ -221,15 +222,30 @@ FLAGS ◆ dynamic-mounting: (optional) A boolean. If true, the volume will be mounted dynamically. Note: You will either need to specify a bucket or set dynamic-mounting to true, but not both. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. cloudsql: Represents a Cloud SQL instance as a volume. Additional keys: ◆ instances: (required) The name of the Cloud SQL instances to mount. Must be in the form project_id:region:instance_id and separated by semicolons. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ephemeral-disk: A volume that stores data on a temporary disk. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size: (optional) A quantity representing the amount of disk space allocated to this volume, such as "512Mi" or "3G". @@ -237,6 +253,11 @@ FLAGS memory. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys: + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ size-limit: (optional) A quantity representing the maximum amount of memory allocated to this volume, such as "512Mi" or "3G". Data stored in an in-memory volume consumes the memory allocation of the @@ -246,6 +267,11 @@ FLAGS nfs: Represents a volume backed by an NFS server. Additional keys: ◆ location: (required) The location of the NFS Server, in the form SERVER:/PATH + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. ◆ readonly: (optional) A boolean. If true, this volume will be read-only from all mounts. @@ -258,6 +284,11 @@ FLAGS the volume. ◆ path: (required) The relative path within the volume to mount that version. + ◆ mount-path: (optional) The path at which the volume should be + mounted. The mount-path parameter is only supported for single + container services which do not make use of the --container flag. For + multi-container services, specify the mount-path parameter under the + --add-volume-mount flag. --clear-volumes Remove all existing volumes from the Cloud Run resource, including diff --git a/gcloud/alpha/scc/findings/bulk-mute b/gcloud/alpha/scc/findings/bulk-mute index 2abfdef3c..3ad02a50d 100644 --- a/gcloud/alpha/scc/findings/bulk-mute +++ b/gcloud/alpha/scc/findings/bulk-mute @@ -62,8 +62,9 @@ OPTIONAL FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -71,6 +72,10 @@ OPTIONAL FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --mute-state=MUTE_STATE; default="muted" Desired mute state of the finding. MUTE_STATE must be one of: muted, undefined. diff --git a/gcloud/alpha/scc/findings/create b/gcloud/alpha/scc/findings/create index 4af2e5674..8444a186f 100644 --- a/gcloud/alpha/scc/findings/create +++ b/gcloud/alpha/scc/findings/create @@ -116,8 +116,9 @@ OPTIONAL FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -125,6 +126,10 @@ OPTIONAL FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --source-properties=[KEY=VALUE,...] Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map diff --git a/gcloud/alpha/scc/findings/export-to-bigquery b/gcloud/alpha/scc/findings/export-to-bigquery index 2c5923789..936c5151a 100644 --- a/gcloud/alpha/scc/findings/export-to-bigquery +++ b/gcloud/alpha/scc/findings/export-to-bigquery @@ -43,8 +43,9 @@ OPTIONAL FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -52,6 +53,10 @@ OPTIONAL FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --source=SOURCE; default="-" Source id. Defaults to all sources. diff --git a/gcloud/alpha/scc/findings/group b/gcloud/alpha/scc/findings/group index eb638bf61..d1b9da9da 100644 --- a/gcloud/alpha/scc/findings/group +++ b/gcloud/alpha/scc/findings/group @@ -131,8 +131,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -140,6 +141,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --page-size=PAGE_SIZE Maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. diff --git a/gcloud/alpha/scc/findings/list b/gcloud/alpha/scc/findings/list index 687950a8d..fa227cc89 100644 --- a/gcloud/alpha/scc/findings/list +++ b/gcloud/alpha/scc/findings/list @@ -131,8 +131,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -140,6 +141,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --order-by=ORDER_BY Expression that defines what fields and order to use for sorting. String value should follow SQL syntax: comma separated list of fields. diff --git a/gcloud/alpha/scc/findings/list-marks b/gcloud/alpha/scc/findings/list-marks index b6f6e7b20..6e56cc479 100644 --- a/gcloud/alpha/scc/findings/list-marks +++ b/gcloud/alpha/scc/findings/list-marks @@ -46,8 +46,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -55,6 +56,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --page-token=PAGE_TOKEN Response objects will return a non-null value for page-token to indicate that there is at least one additional page of data. User can diff --git a/gcloud/alpha/scc/findings/set-mute b/gcloud/alpha/scc/findings/set-mute index cc697f65b..91a996a4e 100644 --- a/gcloud/alpha/scc/findings/set-mute +++ b/gcloud/alpha/scc/findings/set-mute @@ -58,8 +58,9 @@ OPTIONAL FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -67,6 +68,10 @@ OPTIONAL FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --source=SOURCE ID of the source. diff --git a/gcloud/alpha/scc/findings/update b/gcloud/alpha/scc/findings/update index 38f589cb9..bef0a3c2d 100644 --- a/gcloud/alpha/scc/findings/update +++ b/gcloud/alpha/scc/findings/update @@ -72,8 +72,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -81,6 +82,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --source=SOURCE; default="-" Source id. Defaults to all sources. diff --git a/gcloud/alpha/scc/findings/update-marks b/gcloud/alpha/scc/findings/update-marks index 429879e41..ced439043 100644 --- a/gcloud/alpha/scc/findings/update-marks +++ b/gcloud/alpha/scc/findings/update-marks @@ -63,8 +63,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -72,6 +73,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --security-marks=[KEY=VALUE,...] SecurityMarks resource to be passed as the request body. It's a key=value pair separated by comma (,). For example: diff --git a/gcloud/alpha/scc/muteconfigs/create b/gcloud/alpha/scc/muteconfigs/create index 5ae17f3d8..454840c5e 100644 --- a/gcloud/alpha/scc/muteconfigs/create +++ b/gcloud/alpha/scc/muteconfigs/create @@ -64,8 +64,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -73,6 +74,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --type=TYPE; default="static" The mute configuration type. Immutable after creation. TYPE must be one of: static, dynamic. diff --git a/gcloud/alpha/scc/muteconfigs/delete b/gcloud/alpha/scc/muteconfigs/delete index f454ae80b..90691097f 100644 --- a/gcloud/alpha/scc/muteconfigs/delete +++ b/gcloud/alpha/scc/muteconfigs/delete @@ -42,8 +42,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -51,6 +52,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + At most one of these can be specified: --folder=FOLDER diff --git a/gcloud/alpha/scc/muteconfigs/get b/gcloud/alpha/scc/muteconfigs/get index 52e5a9875..14ee7bc56 100644 --- a/gcloud/alpha/scc/muteconfigs/get +++ b/gcloud/alpha/scc/muteconfigs/get @@ -41,8 +41,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -50,6 +51,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + At most one of these can be specified: --folder=FOLDER diff --git a/gcloud/alpha/scc/muteconfigs/list b/gcloud/alpha/scc/muteconfigs/list index bceb69690..a41014a28 100644 --- a/gcloud/alpha/scc/muteconfigs/list +++ b/gcloud/alpha/scc/muteconfigs/list @@ -50,8 +50,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -59,6 +60,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + LIST COMMAND FLAGS --filter=EXPRESSION Apply a Boolean filter EXPRESSION to each resource item to be listed. diff --git a/gcloud/alpha/scc/muteconfigs/update b/gcloud/alpha/scc/muteconfigs/update index f47346251..e57710947 100644 --- a/gcloud/alpha/scc/muteconfigs/update +++ b/gcloud/alpha/scc/muteconfigs/update @@ -64,8 +64,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -73,6 +74,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --update-mask=UPDATE_MASK Optional: If left unspecified (default), an update-mask is automatically created using the flags specified in the command and only diff --git a/gcloud/alpha/sql/backups/restore b/gcloud/alpha/sql/backups/restore index bbb301086..b889d7870 100644 --- a/gcloud/alpha/sql/backups/restore +++ b/gcloud/alpha/sql/backups/restore @@ -5,15 +5,20 @@ NAME SYNOPSIS gcloud alpha sql backups restore ID --restore-instance=RESTORE_INSTANCE [--activation-policy=ACTIVATION_POLICY] - [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] [--[no-]assign-ip] - [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] + [--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...]] + [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] + [--active-directory-mode=ACTIVE_DIRECTORY_MODE] + [--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT] + [--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY] + [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] [--authorized-networks=NETWORK,[NETWORK,...]] [--availability-type=AVAILABILITY_TYPE] [--no-backup] [--backup-instance=BACKUP_INSTANCE] [--backup-location=BACKUP_LOCATION] [--backup-project=BACKUP_PROJECT] - [--backup-start-time=BACKUP_START_TIME] + [--backup-start-time=BACKUP_START_TIME] [--clear-active-directory] + [--clear-active-directory-dns-servers] [--clear-disk-encryption=CLEAR_DISK_ENCRYPTION] [--clear-network] [--collation=COLLATION] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--database-version=DATABASE_VERSION] @@ -76,10 +81,29 @@ OPTIONAL FLAGS https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never. + --active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...] + A comma-separated list of the DNS servers to be used for Active + Directory. Only available for SQL Server instances. E.g: + 10.0.0.1,10.0.0.2 + --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances. + --active-directory-mode=ACTIVE_DIRECTORY_MODE + Defines the Active Directory mode. Only available for SQL Server + instances. ACTIVE_DIRECTORY_MODE must be one of: + MANAGED_ACTIVE_DIRECTORY, CUSTOMER_MANAGED_ACTIVE_DIRECTORY. + + --active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT + Defines the organizational unit to be used for Active Directory. Only + available for SQL Server instances. E.g: + OU=Cloud,DC=ad,DC=example,DC=com + + --active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY + The secret manager key storing administrator credentials. Only + available for SQL Server instances. + --[no-]assign-ip Assign a public IP address to the instance. This is a public, externally available IPv4 address that you can use to connect to your @@ -143,6 +167,12 @@ OPTIONAL FLAGS Start time of daily backups, specified in the HH:MM format, in the UTC timezone. + --clear-active-directory + Clears the Active Directory configuration. + + --clear-active-directory-dns-servers + Removes the list of DNS Servers from the Active Directory Config. + --clear-disk-encryption=CLEAR_DISK_ENCRYPTION Disables CMEK in the restored instance. diff --git a/gcloud/alpha/sql/connect b/gcloud/alpha/sql/connect index e8b8d89a6..4112ea66d 100644 --- a/gcloud/alpha/sql/connect +++ b/gcloud/alpha/sql/connect @@ -4,8 +4,7 @@ NAME SYNOPSIS gcloud alpha sql connect INSTANCE [--database=DATABASE, -d DATABASE] [--debug-logs] [--port=PORT; default=9470] [--run-connection-test] - [--skip-ssl] [--sqladmin-api-endpoint=SQLADMIN_API_ENDPOINT] - [--auto-iam-authn | --user=USER, -u USER] + [--skip-ssl] [--auto-iam-authn | --user=USER, -u USER] [--auto-ip | --private-ip | --psc] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -37,9 +36,6 @@ FLAGS --skip-ssl Skip SSL certificate verification for MySQL instances. - --sqladmin-api-endpoint=SQLADMIN_API_ENDPOINT - Cloud SQL Admin API endpoint for Cloud SQL Proxy to use. - User selection settings for Cloud SQL Proxy connection. At most one of these can be specified: diff --git a/gcloud/alpha/sql/instances/create b/gcloud/alpha/sql/instances/create index c982af842..714de8726 100644 --- a/gcloud/alpha/sql/instances/create +++ b/gcloud/alpha/sql/instances/create @@ -4,7 +4,11 @@ NAME SYNOPSIS gcloud alpha sql instances create INSTANCE [--activation-policy=ACTIVATION_POLICY] + [--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...]] [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] + [--active-directory-mode=ACTIVE_DIRECTORY_MODE] + [--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT] + [--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY] [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME] [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] @@ -13,7 +17,7 @@ SYNOPSIS [--availability-type=AVAILABILITY_TYPE] [--no-backup] [--backup-location=BACKUP_LOCATION] [--backup-start-time=BACKUP_START_TIME] [--cascadable-replica] - [--collation=COLLATION] + [--clear-active-directory-dns-servers] [--collation=COLLATION] [--connection-pool-flags=FLAG=VALUE,[FLAG=VALUE,...]] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--custom-subject-alternative-names=DNS,[DNS,[DNS]]] @@ -76,6 +80,12 @@ SYNOPSIS : --client-certificate-path=CLIENT_CERTIFICATE_PATH --client-key-path=CLIENT_KEY_PATH] --master-password=MASTER_PASSWORD | --prompt-for-master-password] + [--[no-]auto-scale-disable-scale-in --[no-]auto-scale-enabled + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + --auto-scale-target-metrics=[METRIC=VALUE,...]] [--region=REGION; default="us-central" | --gce-zone=GCE_ZONE | --secondary-zone=SECONDARY_ZONE --zone=ZONE] [--source-ip-address=SOURCE_IP_ADDRESS @@ -123,10 +133,29 @@ FLAGS https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never. + --active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...] + A comma-separated list of the DNS servers to be used for Active + Directory. Only available for SQL Server instances. E.g: + 10.0.0.1,10.0.0.2 + --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances. + --active-directory-mode=ACTIVE_DIRECTORY_MODE + Defines the Active Directory mode. Only available for SQL Server + instances. ACTIVE_DIRECTORY_MODE must be one of: + MANAGED_ACTIVE_DIRECTORY, CUSTOMER_MANAGED_ACTIVE_DIRECTORY. + + --active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT + Defines the organizational unit to be used for Active Directory. Only + available for SQL Server instances. E.g: + OU=Cloud,DC=ad,DC=example,DC=com + + --active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY + The secret manager key storing administrator credentials. Only + available for SQL Server instances. + --allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME The name of the IP range allocated for a Cloud SQL instance with private network connectivity. For example: @@ -189,6 +218,9 @@ FLAGS --master-instance-name flag is set, and the replica under creation is in a different region than the primary instance. + --clear-active-directory-dns-servers + Removes the list of DNS Servers from the Active Directory Config. + --collation=COLLATION Cloud SQL server-level collation setting, which specifies the set of rules for comparing characters in a character set. @@ -725,6 +757,44 @@ FLAGS data source. The password is all typed characters up to but not including the RETURN or ENTER key. + Options for configuring read pool auto scale. + + --[no-]auto-scale-disable-scale-in + Disables automatic read pool scale-in. When disabled, read pool auto + scaling only supports increasing the read pool node count. By + default, both automatic read pool scale-in and scale-out are enabled. + Use --auto-scale-disable-scale-in to enable and + --no-auto-scale-disable-scale-in to disable. + + --[no-]auto-scale-enabled + Enables read pool auto scaling. Supports automatically increasing and + decreasing the read pool's node count based on need. Use + --auto-scale-enabled to enable and --no-auto-scale-enabled to + disable. + + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-in. Minimum time + between scale-in events. Must be an integer value. For example, if + the value is 60, then a scale-in event will not be triggered within + 60 seconds of the last scale-in event. + + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + Maximum number of read pool nodes to be maintained. + + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + Minimum number of read pool nodes to be maintained. + + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-out. Minimum time + between scale-out events. Must be an integer value. For example, if + the value is 60, then a scale-out event will not be triggered within + 60 seconds of the last scale-out event. + + --auto-scale-target-metrics=[METRIC=VALUE,...] + Target metrics for read pool auto scaling. Options are: + AVERAGE_CPU_UTILIZATION and AVERAGE_DB_CONNECTIONS. Example: + --auto-scale-target-metrics=AVERAGE_CPU_UTILIZATION=0.8 + At most one of these can be specified: --region=REGION; default="us-central" diff --git a/gcloud/alpha/sql/instances/patch b/gcloud/alpha/sql/instances/patch index b36b9f133..611d89e68 100644 --- a/gcloud/alpha/sql/instances/patch +++ b/gcloud/alpha/sql/instances/patch @@ -5,12 +5,17 @@ NAME SYNOPSIS gcloud alpha sql instances patch INSTANCE [--activation-policy=ACTIVATION_POLICY] + [--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...]] [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] + [--active-directory-mode=ACTIVE_DIRECTORY_MODE] + [--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT] + [--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY] [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME] [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] - [--availability-type=AVAILABILITY_TYPE] + [--availability-type=AVAILABILITY_TYPE] [--clear-active-directory] + [--clear-active-directory-dns-servers] [--clear-failover-dr-replica-name] [--clear-password-policy] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--database-version=DATABASE_VERSION] [--[no-]deletion-protection] @@ -80,6 +85,12 @@ SYNOPSIS [--clear-psc-network-attachment-uri | --psc-network-attachment-uri=PSC_NETWORK_ATTACHMENT_URI] [--gce-zone=GCE_ZONE | --secondary-zone=SECONDARY_ZONE --zone=ZONE] + [--[no-]auto-scale-disable-scale-in --[no-]auto-scale-enabled + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + --auto-scale-target-metrics=[METRIC=VALUE,...]] [--no-backup | --backup-location=BACKUP_LOCATION --backup-start-time=BACKUP_START_TIME --retained-backups-count=RETAINED_BACKUPS_COUNT @@ -102,10 +113,29 @@ FLAGS https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never. + --active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...] + A comma-separated list of the DNS servers to be used for Active + Directory. Only available for SQL Server instances. E.g: + 10.0.0.1,10.0.0.2 + --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances. + --active-directory-mode=ACTIVE_DIRECTORY_MODE + Defines the Active Directory mode. Only available for SQL Server + instances. ACTIVE_DIRECTORY_MODE must be one of: + MANAGED_ACTIVE_DIRECTORY, CUSTOMER_MANAGED_ACTIVE_DIRECTORY. + + --active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT + Defines the organizational unit to be used for Active Directory. Only + available for SQL Server instances. E.g: + OU=Cloud,DC=ad,DC=example,DC=com + + --active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY + The secret manager key storing administrator credentials. Only + available for SQL Server instances. + --allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME The name of the IP range allocated for a Cloud SQL instance with private network connectivity. For example: @@ -145,6 +175,12 @@ FLAGS zonal Provides no failover capability. This is the default. + --clear-active-directory + Clears the Active Directory configuration. + + --clear-active-directory-dns-servers + Removes the list of DNS Servers from the Active Directory Config. + --clear-failover-dr-replica-name Clear the DR replica setting for the primary instance. Flag is only available for MySQL and PostgreSQL database instances. @@ -716,6 +752,44 @@ FLAGS Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.). WARNING: Instance may be restarted. + Options for configuring read pool auto scale. + + --[no-]auto-scale-disable-scale-in + Disables automatic read pool scale-in. When disabled, read pool auto + scaling only supports increasing the read pool node count. By + default, both automatic read pool scale-in and scale-out are enabled. + Use --auto-scale-disable-scale-in to enable and + --no-auto-scale-disable-scale-in to disable. + + --[no-]auto-scale-enabled + Enables read pool auto scaling. Supports automatically increasing and + decreasing the read pool's node count based on need. Use + --auto-scale-enabled to enable and --no-auto-scale-enabled to + disable. + + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-in. Minimum time + between scale-in events. Must be an integer value. For example, if + the value is 60, then a scale-in event will not be triggered within + 60 seconds of the last scale-in event. + + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + Maximum number of read pool nodes to be maintained. + + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + Minimum number of read pool nodes to be maintained. + + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-out. Minimum time + between scale-out events. Must be an integer value. For example, if + the value is 60, then a scale-out event will not be triggered within + 60 seconds of the last scale-out event. + + --auto-scale-target-metrics=[METRIC=VALUE,...] + Target metrics for read pool auto scaling. Options are: + AVERAGE_CPU_UTILIZATION and AVERAGE_DB_CONNECTIONS. Example: + --auto-scale-target-metrics=AVERAGE_CPU_UTILIZATION=0.8 + At most one of these can be specified: --no-backup diff --git a/gcloud/artifacts/tags/export b/gcloud/artifacts/tags/export new file mode 100644 index 000000000..cf79e08b3 --- /dev/null +++ b/gcloud/artifacts/tags/export @@ -0,0 +1,81 @@ +NAME + gcloud artifacts tags export - export an Artifact Registry package version + by tag + +SYNOPSIS + gcloud artifacts tags export + (TAG : --location=LOCATION --package=PACKAGE --repository=REPOSITORY) + --gcs-destination=GCS_DESTINATION [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Export files of an Artifact Registry package version by tag to a Google + Cloud Storage path. + +EXAMPLES + To export by tag t1 of package my-pkg to a Google Cloud Storage path + gs://my-bucket/sub-folder under the current project, repository, and + location, run: + + $ gcloud artifacts tags export t1 --package=my-pkg \ + --gcs-destination=gs://my-bucket/sub-folder + +POSITIONAL ARGUMENTS + Tag resource - The Artifact Registry tag name. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument tag on the command line with a fully specified + name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + TAG + ID of the tag or fully qualified identifier for the tag. + + To set the name attribute: + ▸ provide the argument tag on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the tag. + + To set the location attribute: + ▸ provide the argument tag on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property artifacts/location. + + --package=PACKAGE + Package of the tag. + + To set the package attribute: + ▸ provide the argument tag on the command line with a fully + specified name; + ▸ provide the argument --package on the command line. + + --repository=REPOSITORY + Repository of the tag. + + To set the repository attribute: + ▸ provide the argument tag on the command line with a fully + specified name; + ▸ provide the argument --repository on the command line; + ▸ set the property artifacts/repository. + +REQUIRED FLAGS + --gcs-destination=GCS_DESTINATION + Google Cloud Storage path to export the artifact to. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/artifacts/tags/help b/gcloud/artifacts/tags/help index c9824d109..4c333b85e 100644 --- a/gcloud/artifacts/tags/help +++ b/gcloud/artifacts/tags/help @@ -40,6 +40,9 @@ COMMANDS delete Delete an Artifact Registry tag. + export + Export an Artifact Registry package version by tag. + list List Artifact Registry tags. diff --git a/gcloud/artifacts/versions/export b/gcloud/artifacts/versions/export new file mode 100644 index 000000000..d16f39ce3 --- /dev/null +++ b/gcloud/artifacts/versions/export @@ -0,0 +1,82 @@ +NAME + gcloud artifacts versions export - export an Artifact Registry package + version + +SYNOPSIS + gcloud artifacts versions export + (VERSION + : --location=LOCATION --package=PACKAGE --repository=REPOSITORY) + --gcs-destination=GCS_DESTINATION [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Export files of an Artifact Registry package version to a Google Cloud + Storage path. + +EXAMPLES + To export version 1.0.0 of package my-pkg to a Google Cloud Storage path + gs://my-bucket/sub-folder under the current project, repository, and + location, run: + + $ gcloud artifacts versions export 1.0.0 --package=my-pkg \ + --gcs-destination=gs://my-bucket/sub-folder + +POSITIONAL ARGUMENTS + Version resource - The Artifact Registry version name. The arguments in + this group can be used to specify the attributes of this resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument version on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + VERSION + ID of the version or fully qualified identifier for the version. + + To set the name attribute: + ▸ provide the argument version on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the version. + + To set the location attribute: + ▸ provide the argument version on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property artifacts/location. + + --package=PACKAGE + Package of the version. + + To set the package attribute: + ▸ provide the argument version on the command line with a fully + specified name; + ▸ provide the argument --package on the command line. + + --repository=REPOSITORY + Repository of the version. + + To set the repository attribute: + ▸ provide the argument version on the command line with a fully + specified name; + ▸ provide the argument --repository on the command line; + ▸ set the property artifacts/repository. + +REQUIRED FLAGS + --gcs-destination=GCS_DESTINATION + Google Cloud Storage path to export the artifact to. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/artifacts/versions/help b/gcloud/artifacts/versions/help index 4540d1505..26d438b7e 100644 --- a/gcloud/artifacts/versions/help +++ b/gcloud/artifacts/versions/help @@ -34,6 +34,9 @@ COMMANDS describe Describe an Artifact Registry package version. + export + Export an Artifact Registry package version. + list List Artifact Registry package versions. diff --git a/gcloud/beta/ai/model-garden/models/list b/gcloud/beta/ai/model-garden/models/list index e3b727e3f..0b44f4892 100644 --- a/gcloud/beta/ai/model-garden/models/list +++ b/gcloud/beta/ai/model-garden/models/list @@ -12,6 +12,19 @@ DESCRIPTION (BETA) This command lists either all models in Model Garden or all Hugging Face models supported by Model Garden. +EXAMPLES + To list all models in Model Garden, run: + + $ gcloud ai model-garden models list + + To list Hugging Face models that can be deployed in Model Garden, run: + + $ gcloud ai model-garden models list --can-deploy-hugging-face-models + + To list models with gemma in their names, run: + + $ gcloud ai model-garden models list --model-filter=gemma + Note: Since the number of Hugging Face models is large, the default limit is set to 500 with a page size of 100 when listing supported Hugging Face models. To override the limit or page size, specify the --limit or diff --git a/gcloud/beta/alloydb/clusters/create b/gcloud/beta/alloydb/clusters/create index 0c879c0e8..71eef8e22 100644 --- a/gcloud/beta/alloydb/clusters/create +++ b/gcloud/beta/alloydb/clusters/create @@ -62,7 +62,7 @@ OPTIONAL FLAGS --database-version=DATABASE_VERSION Database version of the cluster. DATABASE_VERSION must be one of: - POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17. + POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, POSTGRES_18. --enable-private-service-connect Enable Private Service Connect (PSC) connectivity for the cluster. diff --git a/gcloud/beta/alloydb/clusters/migrate-cloud-sql b/gcloud/beta/alloydb/clusters/migrate-cloud-sql index 9fa020d22..da1ef50aa 100644 --- a/gcloud/beta/alloydb/clusters/migrate-cloud-sql +++ b/gcloud/beta/alloydb/clusters/migrate-cloud-sql @@ -88,7 +88,7 @@ OPTIONAL FLAGS --database-version=DATABASE_VERSION Database version of the cluster. DATABASE_VERSION must be one of: - POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17. + POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, POSTGRES_18. --enable-private-service-connect Enable Private Service Connect (PSC) connectivity for the cluster. diff --git a/gcloud/beta/alloydb/instances/create b/gcloud/beta/alloydb/instances/create index 78ffdc265..c92013e87 100644 --- a/gcloud/beta/alloydb/instances/create +++ b/gcloud/beta/alloydb/instances/create @@ -225,7 +225,10 @@ OPTIONAL FLAGS n2-highmem-64, n2-highmem-96, n2-highmem-128, c4a-highmem-1, c4a-highmem-4-lssd, c4a-highmem-8-lssd, c4a-highmem-16-lssd, c4a-highmem-32-lssd, c4a-highmem-48-lssd, c4a-highmem-64-lssd, - c4a-highmem-72-lssd, z3-highmem-14-standardlssd, + c4a-highmem-72-lssd, c4-highmem-4-lssd, c4-highmem-8-lssd, + c4-highmem-16-lssd, c4-highmem-24-lssd, c4-highmem-32-lssd, + c4-highmem-48-lssd, c4-highmem-96-lssd, c4-highmem-144-lssd, + c4-highmem-192-lssd, c4-highmem-288-lssd, z3-highmem-14-standardlssd, z3-highmem-22-standardlssd, z3-highmem-44-standardlssd, z3-highmem-88-standardlssd. diff --git a/gcloud/beta/alloydb/instances/update b/gcloud/beta/alloydb/instances/update index eaf7f32ad..f298f5035 100644 --- a/gcloud/beta/alloydb/instances/update +++ b/gcloud/beta/alloydb/instances/update @@ -211,7 +211,10 @@ OPTIONAL FLAGS n2-highmem-64, n2-highmem-96, n2-highmem-128, c4a-highmem-1, c4a-highmem-4-lssd, c4a-highmem-8-lssd, c4a-highmem-16-lssd, c4a-highmem-32-lssd, c4a-highmem-48-lssd, c4a-highmem-64-lssd, - c4a-highmem-72-lssd, z3-highmem-14-standardlssd, + c4a-highmem-72-lssd, c4-highmem-4-lssd, c4-highmem-8-lssd, + c4-highmem-16-lssd, c4-highmem-24-lssd, c4-highmem-32-lssd, + c4-highmem-48-lssd, c4-highmem-96-lssd, c4-highmem-144-lssd, + c4-highmem-192-lssd, c4-highmem-288-lssd, z3-highmem-14-standardlssd, z3-highmem-22-standardlssd, z3-highmem-44-standardlssd, z3-highmem-88-standardlssd. diff --git a/gcloud/beta/composer/environments/run b/gcloud/beta/composer/environments/run index 1aa313f74..055cc49e8 100644 --- a/gcloud/beta/composer/environments/run +++ b/gcloud/beta/composer/environments/run @@ -81,17 +81,17 @@ POSITIONAL ARGUMENTS SUBCOMMAND The Airflow CLI subcommand to run. Available subcommands include (listed with Airflow versions that support): backfill [**, 2.0.0), - clear [**, 2.0.0), connections [**, 3.1.0), dag_state [**, 2.0.0), dags - [1.10.14, 3.1.0), db [2.3.0, 3.0.0), delete_dag [1.10.1, 2.0.0), - kerberos [**, 3.1.0), kubernetes [2.1.4, 3.1.0), list-import-errors + clear [**, 2.0.0), connections [**, 3.2.0), dag_state [**, 2.0.0), dags + [1.10.14, 3.2.0), db [2.3.0, 3.0.0), delete_dag [1.10.1, 2.0.0), + kerberos [**, 3.2.0), kubernetes [2.1.4, 3.2.0), list-import-errors [**, 3.0.0), list_dag_runs [1.10.2, 2.0.0), list_dags [**, 2.0.0), list_tasks [**, 2.0.0), next_execution [1.10.2, 2.0.0), pause [**, - 2.0.0), pool [**, 2.0.0), pools [1.10.14, 3.1.0), render [**, 2.0.0), - roles [2.0.0, 3.1.0), run [**, 2.0.0), sync-perm [1.10.14, 3.1.0), + 2.0.0), pool [**, 2.0.0), pools [1.10.14, 3.2.0), render [**, 2.0.0), + roles [2.0.0, 3.2.0), run [**, 2.0.0), sync-perm [1.10.14, 3.2.0), sync_perm [1.10.2, 2.0.0), task_failed_deps [**, 2.0.0), task_state - [**, 2.0.0), tasks [1.10.14, 3.1.0), test [**, 2.0.0), trigger_dag [**, + [**, 2.0.0), tasks [1.10.14, 3.2.0), test [**, 2.0.0), trigger_dag [**, 2.0.0), unpause [**, 2.0.0), upgrade_check [1.10.15, 2.0.0), users - [1.10.14, 3.1.0), variables [**, 3.1.0), version [**, 3.1.0) (see + [1.10.14, 3.2.0), variables [**, 3.2.0), version [**, 3.2.0) (see https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html for more info). diff --git a/gcloud/beta/compute/future-reservations/cancel b/gcloud/beta/compute/future-reservations/cancel index 948353155..8cc8563e1 100644 --- a/gcloud/beta/compute/future-reservations/cancel +++ b/gcloud/beta/compute/future-reservations/cancel @@ -66,8 +66,10 @@ API REFERENCE can be found at: https://cloud.google.com/compute/ NOTES - This command is currently in beta and might change without notice. This - variant is also available: + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute future-reservations cancel $ gcloud alpha compute future-reservations cancel diff --git a/gcloud/beta/compute/future-reservations/create b/gcloud/beta/compute/future-reservations/create index 1c5036687..9f57871ed 100644 --- a/gcloud/beta/compute/future-reservations/create +++ b/gcloud/beta/compute/future-reservations/create @@ -328,8 +328,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. NOTES - This command is currently in beta and might change without notice. This - variant is also available: + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute future-reservations create $ gcloud alpha compute future-reservations create diff --git a/gcloud/beta/compute/future-reservations/delete b/gcloud/beta/compute/future-reservations/delete index 4cf68954f..c625dd8e8 100644 --- a/gcloud/beta/compute/future-reservations/delete +++ b/gcloud/beta/compute/future-reservations/delete @@ -66,8 +66,10 @@ API REFERENCE can be found at: https://cloud.google.com/compute/ NOTES - This command is currently in beta and might change without notice. This - variant is also available: + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute future-reservations delete $ gcloud alpha compute future-reservations delete diff --git a/gcloud/beta/compute/future-reservations/describe b/gcloud/beta/compute/future-reservations/describe index 5aea44bd0..70adbcbfa 100644 --- a/gcloud/beta/compute/future-reservations/describe +++ b/gcloud/beta/compute/future-reservations/describe @@ -61,8 +61,10 @@ API REFERENCE can be found at: https://cloud.google.com/compute/ NOTES - This command is currently in beta and might change without notice. This - variant is also available: + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute future-reservations describe $ gcloud alpha compute future-reservations describe diff --git a/gcloud/beta/compute/future-reservations/help b/gcloud/beta/compute/future-reservations/help index 3a482a508..1166c0ee6 100644 --- a/gcloud/beta/compute/future-reservations/help +++ b/gcloud/beta/compute/future-reservations/help @@ -35,8 +35,10 @@ COMMANDS (BETA) Update Compute Engine future reservations. NOTES - This command is currently in beta and might change without notice. This - variant is also available: + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute future-reservations $ gcloud alpha compute future-reservations diff --git a/gcloud/beta/compute/future-reservations/list b/gcloud/beta/compute/future-reservations/list index 5f547d72a..67e6f2e20 100644 --- a/gcloud/beta/compute/future-reservations/list +++ b/gcloud/beta/compute/future-reservations/list @@ -56,8 +56,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. NOTES - This command is currently in beta and might change without notice. This - variant is also available: + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute future-reservations list $ gcloud alpha compute future-reservations list diff --git a/gcloud/beta/compute/future-reservations/update b/gcloud/beta/compute/future-reservations/update index 98c16c809..49e08e809 100644 --- a/gcloud/beta/compute/future-reservations/update +++ b/gcloud/beta/compute/future-reservations/update @@ -286,8 +286,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. NOTES - This command is currently in beta and might change without notice. This - variant is also available: + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute future-reservations update $ gcloud alpha compute future-reservations update diff --git a/gcloud/beta/compute/instance-groups/managed/create b/gcloud/beta/compute/instance-groups/managed/create index e1d9bb7a3..a14d25fa4 100644 --- a/gcloud/beta/compute/instance-groups/managed/create +++ b/gcloud/beta/compute/instance-groups/managed/create @@ -14,6 +14,7 @@ SYNOPSIS machine-type=MACHINE_TYPE[,machine-type=MACHINE_TYPE...][,rank=RANK]] [--instance-selection-machine-types=[MACHINE_TYPE,...]] [--list-managed-instances-results=MODE] + [--on-repair-allow-changing-zone=ON_REPAIR_ALLOW_CHANGING_ZONE] [--resource-manager-tags=[KEY=VALUE,...]] [--standby-policy-initial-delay=STANDBY_POLICY_INITIAL_DELAY] [--standby-policy-mode=STANDBY_POLICY_MODE] @@ -174,6 +175,15 @@ OPTIONAL FLAGS Pagination is enabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are respected. + --on-repair-allow-changing-zone=ON_REPAIR_ALLOW_CHANGING_ZONE + Specifies whether the MIG can change a VM's zone during a repair. + ON_REPAIR_ALLOW_CHANGING_ZONE must be one of: + + no + (Default) MIG cannot change a VM's zone during a repair. + yes + MIG can select a different zone for the VM during a repair. + --resource-manager-tags=[KEY=VALUE,...] Specifies a list of resource manager tags to apply to the managed instance group. A resource manager tag is a key-value pair. You can diff --git a/gcloud/beta/compute/instance-groups/managed/update b/gcloud/beta/compute/instance-groups/managed/update index faeaedae6..4ba393d6a 100644 --- a/gcloud/beta/compute/instance-groups/managed/update +++ b/gcloud/beta/compute/instance-groups/managed/update @@ -12,6 +12,7 @@ SYNOPSIS machine-type=MACHINE_TYPE[,machine-type=MACHINE_TYPE...][,rank=RANK]] [--instance-selection-machine-types=[MACHINE_TYPE,...]] [--list-managed-instances-results=MODE] + [--on-repair-allow-changing-zone=ON_REPAIR_ALLOW_CHANGING_ZONE] [--remove-instance-selections=[INSTANCE_SELECTION_NAME,...]] [--remove-instance-selections-all] [--remove-stateful-disks=DEVICE_NAME,[DEVICE_NAME,...]] @@ -153,6 +154,15 @@ FLAGS Pagination is enabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are respected. + --on-repair-allow-changing-zone=ON_REPAIR_ALLOW_CHANGING_ZONE + Specifies whether the MIG can change a VM's zone during a repair. + ON_REPAIR_ALLOW_CHANGING_ZONE must be one of: + + no + (Default) MIG cannot change a VM's zone during a repair. + yes + MIG can select a different zone for the VM during a repair. + --remove-instance-selections=[INSTANCE_SELECTION_NAME,...] Remove specific instance selections from the instance flexibility policy. diff --git a/gcloud/beta/compute/interconnects/attachments/dedicated/create b/gcloud/beta/compute/interconnects/attachments/dedicated/create index a28265b92..74c419ce3 100644 --- a/gcloud/beta/compute/interconnects/attachments/dedicated/create +++ b/gcloud/beta/compute/interconnects/attachments/dedicated/create @@ -15,8 +15,8 @@ SYNOPSIS [--customer-router-ipv6-interface-id=PEER_INTERFACE_ID] [--description=DESCRIPTION] [--enable-admin] [--encryption=ENCRYPTION] [--ipsec-internal-addresses=[ADDRESSES]] [--mtu=MTU] [--region=REGION] - [--stack-type=STACK_TYPE] [--subnet-length=SUBNET_LENGTH] [--vlan=VLAN] - [GCLOUD_WIDE_FLAG ...] + [--resource-manager-tags=[KEY=VALUE,...]] [--stack-type=STACK_TYPE] + [--subnet-length=SUBNET_LENGTH] [--vlan=VLAN] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) gcloud beta compute interconnects attachments dedicated create is @@ -171,6 +171,10 @@ OPTIONAL FLAGS Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION. + --resource-manager-tags=[KEY=VALUE,...] + A comma-separated list of Resource Manager tags to apply to the + interconnect. + --stack-type=STACK_TYPE Stack type of the protocol(s) enabled on this interconnect attachment. STACK_TYPE must be one of: diff --git a/gcloud/beta/compute/interconnects/attachments/partner/create b/gcloud/beta/compute/interconnects/attachments/partner/create index 68d1ee55e..406f71318 100644 --- a/gcloud/beta/compute/interconnects/attachments/partner/create +++ b/gcloud/beta/compute/interconnects/attachments/partner/create @@ -11,7 +11,8 @@ SYNOPSIS [--candidate-customer-router-ipv6-address=CANDIDATE_CUSTOMER_ROUTER_IPV6_ADDRESS] [--description=DESCRIPTION] [--enable-admin] [--encryption=ENCRYPTION] [--ipsec-internal-addresses=[ADDRESSES]] [--mtu=MTU] [--region=REGION] - [--stack-type=STACK_TYPE] [GCLOUD_WIDE_FLAG ...] + [--resource-manager-tags=[KEY=VALUE,...]] [--stack-type=STACK_TYPE] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) gcloud beta compute interconnects attachments partner create is used @@ -135,6 +136,10 @@ OPTIONAL FLAGS Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION. + --resource-manager-tags=[KEY=VALUE,...] + A comma-separated list of Resource Manager tags to apply to the + interconnect. + --stack-type=STACK_TYPE Stack type of the protocol(s) enabled on this interconnect attachment. STACK_TYPE must be one of: diff --git a/gcloud/beta/compute/interconnects/create b/gcloud/beta/compute/interconnects/create index c3863f6b1..24ca94249 100644 --- a/gcloud/beta/compute/interconnects/create +++ b/gcloud/beta/compute/interconnects/create @@ -9,7 +9,8 @@ SYNOPSIS [--admin-enabled] [--customer-name=CUSTOMER_NAME] [--description=DESCRIPTION] [--noc-contact-email=NOC_CONTACT_EMAIL] [--remote-location=REMOTE_LOCATION] - [--requested-features=[FEATURES,...]] [--subzone=SUBZONE] + [--requested-features=[FEATURES,...]] + [--resource-manager-tags=[KEY=VALUE,...]] [--subzone=SUBZONE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -119,6 +120,10 @@ OPTIONAL FLAGS only be provided during interconnect INSERT and cannot be changed using interconnect PATCH. + --resource-manager-tags=[KEY=VALUE,...] + A comma-separated list of Resource Manager tags to apply to the + interconnect. + --subzone=SUBZONE Subzone in the LOCATION specified by the --location flag. SUBZONE must be one of: diff --git a/gcloud/beta/compute/reservations/sub-blocks/describe b/gcloud/beta/compute/reservations/sub-blocks/describe index d157214fa..541a691e5 100644 --- a/gcloud/beta/compute/reservations/sub-blocks/describe +++ b/gcloud/beta/compute/reservations/sub-blocks/describe @@ -4,8 +4,9 @@ NAME SYNOPSIS gcloud beta compute reservations sub-blocks describe RESERVATION - --block-name=BLOCK_NAME --sub-block-name=SUB_BLOCK_NAME [--zone=ZONE] - [GCLOUD_WIDE_FLAG ...] + --block-name=BLOCK_NAME --sub-block-name=SUB_BLOCK_NAME + [--full-view=FULL_VIEW; default="SUB_BLOCK_VIEW_UNSPECIFIED"] + [--zone=ZONE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) Describe a Compute Engine reservation sub-block. @@ -30,6 +31,14 @@ REQUIRED FLAGS The name of the reservation sub block. OPTIONAL FLAGS + --full-view=FULL_VIEW; default="SUB_BLOCK_VIEW_UNSPECIFIED" + The view type for the reservation sub-block. FULL_VIEW must be one of: + + SUB_BLOCK_VIEW_BASIC + Basic default view of the reservation sub-block. + SUB_BLOCK_VIEW_FULL + Full detailed view of the reservation sub-block. + --zone=ZONE Zone of the reservation to describe. If not specified and the compute/zone property isn't set, you might be prompted to select a zone diff --git a/gcloud/beta/compute/tpus/help b/gcloud/beta/compute/tpus/help index 7d1755c1f..cdf007d1f 100644 --- a/gcloud/beta/compute/tpus/help +++ b/gcloud/beta/compute/tpus/help @@ -2,7 +2,7 @@ NAME gcloud beta compute tpus - list, create, and delete Cloud TPUs SYNOPSIS - gcloud beta compute tpus GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] + gcloud beta compute tpus GROUP [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) List, create, and delete Cloud TPUs. diff --git a/gcloud/beta/container/clusters/create b/gcloud/beta/container/clusters/create index 07f6b8770..378cd7945 100644 --- a/gcloud/beta/container/clusters/create +++ b/gcloud/beta/container/clusters/create @@ -13,6 +13,7 @@ SYNOPSIS [--alpha-cluster-feature-gates=[FEATURE=true|false,...]] [--anonymous-authentication-config=ANONYMOUS_AUTHENTICATION_CONFIG] [--async] [--auto-monitoring-scope=AUTO_MONITORING_SCOPE] + [--autopilot-workload-policies=WORKLOAD_POLICIES] [--autoprovisioning-enable-insecure-kubelet-readonly-port] [--autoprovisioning-network-tags=TAGS,[TAGS,...]] [--autoprovisioning-resource-manager-tags=[KEY=VALUE,...]] @@ -141,6 +142,8 @@ SYNOPSIS --master-ipv4-cidr=MASTER_IPV4_CIDR --private-cluster] [--enable-secret-manager --enable-secret-manager-rotation --secret-manager-rotation-interval=SECRET_MANAGER_ROTATION_INTERVAL] + [--enable-secret-sync --enable-secret-sync-rotation + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL] [--ephemeral-storage[=[local-ssd-count=LOCAL-SSD-COUNT]] | --ephemeral-storage-local-ssd[=[count=COUNT]] | --local-nvme-ssd-block[=[count=COUNT]] @@ -271,6 +274,16 @@ FLAGS NONE: Disables Auto-Monitoring. AUTO_MONITORING_SCOPE must be one of: ALL, NONE. + --autopilot-workload-policies=WORKLOAD_POLICIES + Add Autopilot workload policies to the cluster. + + Examples: + + $ gcloud beta container clusters create example-cluster \ + --autopilot-workload-policies=allow-net-admin + + The only supported workload policy is 'allow-net-admin'. + --autoprovisioning-enable-insecure-kubelet-readonly-port Enables the Kubelet's insecure read only port for Autoprovisioned Node Pools. @@ -2449,6 +2462,19 @@ FLAGS provider component. If you don't specify a time interval for the rotation, it will default to a rotation period of two minutes. + Flags for Secret Sync configuration: + + --enable-secret-sync + Enables the Secret Sync component. See + https://cloud.google.com/secret-manager/docs/sync-k8-secrets + + --enable-secret-sync-rotation + Enables the rotation of secrets in the Secret Sync component. + provider component. + + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL + Set the rotation period for secrets in the Secret Sync component. + At most one of these can be specified: --ephemeral-storage[=[local-ssd-count=LOCAL-SSD-COUNT]] diff --git a/gcloud/beta/container/clusters/create-auto b/gcloud/beta/container/clusters/create-auto index 7ac495eff..ba91733f0 100644 --- a/gcloud/beta/container/clusters/create-auto +++ b/gcloud/beta/container/clusters/create-auto @@ -57,6 +57,8 @@ SYNOPSIS --enable-private-nodes --master-ipv4-cidr=MASTER_IPV4_CIDR] [--enable-secret-manager --enable-secret-manager-rotation --secret-manager-rotation-interval=SECRET_MANAGER_ROTATION_INTERVAL] + [--enable-secret-sync --enable-secret-sync-rotation + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL] [--location=LOCATION | --region=REGION | --zone=ZONE, -z ZONE] [--scopes=[SCOPE,...]; default="gke-default" --service-account=SERVICE_ACCOUNT] @@ -719,6 +721,19 @@ FLAGS provider component. If you don't specify a time interval for the rotation, it will default to a rotation period of two minutes. + Flags for Secret Sync configuration: + + --enable-secret-sync + Enables the Secret Sync component. See + https://cloud.google.com/secret-manager/docs/sync-k8-secrets + + --enable-secret-sync-rotation + Enables the rotation of secrets in the Secret Sync component. + provider component. + + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL + Set the rotation period for secrets in the Secret Sync component. + At most one of these can be specified: --location=LOCATION diff --git a/gcloud/beta/container/clusters/update b/gcloud/beta/container/clusters/update index f1da3b8cb..77c8f4976 100644 --- a/gcloud/beta/container/clusters/update +++ b/gcloud/beta/container/clusters/update @@ -5,6 +5,7 @@ NAME SYNOPSIS gcloud beta container clusters update NAME (--anonymous-authentication-config=ANONYMOUS_AUTHENTICATION_CONFIG + | --autopilot-workload-policies=WORKLOAD_POLICIES | --autoprovisioning-cgroup-mode=AUTOPROVISIONING_CGROUP_MODE | --autoprovisioning-enable-insecure-kubelet-readonly-port | --autoprovisioning-network-tags=[TAGS,...] @@ -40,7 +41,9 @@ SYNOPSIS | --notification-config=[pubsub=ENABLED|DISABLED, pubsub-topic=TOPIC,...] | --patch-update=[PATCH_UPDATE] | --private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE - | --release-channel=CHANNEL | --remove-labels=[KEY,...] + | --release-channel=CHANNEL + | --remove-autopilot-workload-policies=REMOVE_WORKLOAD_POLICIES + | --remove-labels=[KEY,...] | --remove-workload-policies=REMOVE_WORKLOAD_POLICIES | --security-group=SECURITY_GROUP | --security-posture=SECURITY_POSTURE | --set-password @@ -118,6 +121,8 @@ SYNOPSIS --monitoring-service=MONITORING_SERVICE | --[no-]enable-secret-manager --[no-]enable-secret-manager-rotation --secret-manager-rotation-interval=SECRET_MANAGER_ROTATION_INTERVAL + | --[no-]enable-secret-sync --[no-]enable-secret-sync-rotation + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL | --password=PASSWORD --enable-basic-auth | --username=USERNAME, -u USERNAME) [--async] [--cloud-run-config=[load-balancer-type=EXTERNAL,...]] @@ -160,6 +165,16 @@ REQUIRED FLAGS to the health check endpoints are allowed anonymously, all other calls will be rejected. + --autopilot-workload-policies=WORKLOAD_POLICIES + Add Autopilot workload policies to the cluster. + + Examples: + + $ gcloud beta container clusters update example-cluster \ + --autopilot-workload-policies=allow-net-admin + + The only supported workload policy is 'allow-net-admin'. + --autoprovisioning-cgroup-mode=AUTOPROVISIONING_CGROUP_MODE Sets the cgroup mode for auto-provisioned nodes. @@ -693,6 +708,16 @@ REQUIRED FLAGS Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. + --remove-autopilot-workload-policies=REMOVE_WORKLOAD_POLICIES + Remove Autopilot workload policies from the cluster. + + Examples: + + $ gcloud beta container clusters update example-cluster \ + --remove-autopilot-workload-policies=allow-net-admin + + The only supported workload policy is 'allow-net-admin'. + --remove-labels=[KEY,...] Labels to remove from the Google Cloud resources in use by the Kubernetes Engine cluster. These are unrelated to Kubernetes labels. @@ -1641,6 +1666,22 @@ REQUIRED FLAGS driver provider component. If you don't specify a time interval for the rotation, it will default to a rotation period of two minutes. + Flags for Secret Sync configuration: + + --[no-]enable-secret-sync + Enables the Secret Sync component. See + https://cloud.google.com/secret-manager/docs/sync-k8-secrets. Use + --enable-secret-sync to enable and --no-enable-secret-sync to + disable. + + --[no-]enable-secret-sync-rotation + Enables the rotation of secrets in the Secret Sync component. + provider component. Use --enable-secret-sync-rotation to enable and + --no-enable-secret-sync-rotation to disable. + + --secret-sync-rotation-interval=SECRET_SYNC_ROTATION_INTERVAL + Set the rotation period for secrets in the Secret Sync component. + Basic auth --password=PASSWORD diff --git a/gcloud/beta/iam/workforce-pools/providers/create-oidc b/gcloud/beta/iam/workforce-pools/providers/create-oidc index 43ac5d733..4ba3efc87 100644 --- a/gcloud/beta/iam/workforce-pools/providers/create-oidc +++ b/gcloud/beta/iam/workforce-pools/providers/create-oidc @@ -13,7 +13,7 @@ SYNOPSIS [--async] [--attribute-condition=ATTRIBUTE_CONDITION] [--client-secret-value=CLIENT_SECRET_VALUE] [--description=DESCRIPTION] [--detailed-audit-logging] [--disabled] [--display-name=DISPLAY_NAME] - [--jwk-json-path=PATH_TO_FILE] + [--jwk-json-path=PATH_TO_FILE] [--scim-usage=SCIM_USAGE] [--extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE : --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER] [--extra-attributes-client-id=EXTRA_ATTRIBUTES_CLIENT_ID @@ -276,70 +276,118 @@ OPTIONAL FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. - *--extended-attributes-client-id*=_EXTENDED_ATTRIBUTES_CLIENT_ID_:: + --scim-usage=SCIM_USAGE + Specifies whether the workforce identity pool provider uses + SCIM-managed groups instead of the google.groups attribute mapping for + authorization checks. - The OAuth 2.0 client ID for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + The scim_usage and extended_attributes_oauth2_client fields are + mutually exclusive. A request that enables both fields on the same + workforce identity pool provider will produce an error. - *--extended-attributes-client-secret-value*=_EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE_:: + Use enabled-for-groups to enable SCIM-managed groups. Use + scim-usage-unspecified to disable SCIM-managed groups. - The OAuth 2.0 client secret for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + SCIM_USAGE must be one of: enabled-for-groups, scim-usage-unspecified. - *--extended-attributes-issuer-uri*=_EXTENDED_ATTRIBUTES_ISSUER_URI_:: + --extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extended attributes from the + identity provider. Required to get extended group memberships for a + subset of Google Cloud products. - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. + --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extended attributes from the + identity provider. Required to get extended group memberships for a + subset of Google Cloud products. - *--extended-attributes-type*=_EXTENDED_ATTRIBUTES_TYPE_:: + --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - Represents the identity provider and type of claims that should be fetched. _EXTENDED_ATTRIBUTES_TYPE_ must be (only one value is supported): *azure-ad-groups-id*. + --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTENDED_ATTRIBUTES_TYPE must be (only one value is + supported): azure-ad-groups-id. - *--extended-attributes-filter*=_EXTENDED_ATTRIBUTES_FILTER_:: + --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using [Keyword + Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based + on the value of attributes_type. Values passed to filter are converted + to $search query parameters. Additional $filter query parameters cannot + be added using this field. - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. + ◆ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. + --extra-attributes-client-id=EXTRA_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - *--extra-attributes-client-id*=_EXTRA_ATTRIBUTES_CLIENT_ID_:: + --extra-attributes-client-secret-value=EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. + --extra-attributes-issuer-uri=EXTRA_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - *--extra-attributes-client-secret-value*=_EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE_:: + --extra-attributes-type=EXTRA_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTRA_ATTRIBUTES_TYPE must be one of: azure-ad-groups-mail, + azure-ad-groups-id. - The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. + --extra-attributes-filter=EXTRA_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using [Keyword + Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - *--extra-attributes-issuer-uri*=_EXTRA_ATTRIBUTES_ISSUER_URI_:: + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based + on the value of attributes_type. Values passed to filter are converted + to $search query parameters. Additional $filter query parameters cannot + be added using this field. - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. - - *--extra-attributes-type*=_EXTRA_ATTRIBUTES_TYPE_:: - - Represents the identity provider and type of claims that should be fetched. _EXTRA_ATTRIBUTES_TYPE_ must be one of: *azure-ad-groups-mail*, *azure-ad-groups-id*. - - *--extra-attributes-filter*=_EXTRA_ATTRIBUTES_FILTER_:: - - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). - - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. - - * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `securityEnabled` filters are applied. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. + ◆ AZURE_AD_GROUPS_MAIL: mailEnabled and securityEnabled filters are + applied. + ◆ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1 API. The full documentation for this API can + be found at: https://cloud.google.com/iam/ NOTES - This command is currently in beta and might change without notice. - These variants are also available: + This command is currently in beta and might change without notice. These + variants are also available: - $ gcloud iam workforce-pools providers create-oidc + $ gcloud iam workforce-pools providers create-oidc - $ gcloud alpha iam workforce-pools providers create-oidc + $ gcloud alpha iam workforce-pools providers create-oidc diff --git a/gcloud/beta/iam/workforce-pools/providers/scim-tenants/create b/gcloud/beta/iam/workforce-pools/providers/scim-tenants/create index 4e28f631a..39d6f7d4b 100644 --- a/gcloud/beta/iam/workforce-pools/providers/scim-tenants/create +++ b/gcloud/beta/iam/workforce-pools/providers/scim-tenants/create @@ -18,20 +18,22 @@ DESCRIPTION EXAMPLES To create a SCIM tenant with ID my-tenant under provider my-okta-provider - in pool my-pool located in global: + in pool my-pool located in global with claim mappings: $ gcloud beta iam workforce-pools providers scim-tenants create \ my-tenant --location=global --workforce-pool=my-pool \ - --provider=my-okta-provider + --provider=my-okta-provider \ + --claim-mapping="google.subject=user.externalId,google.group=gro\ + up.externalId" To create a SCIM tenant sales-tenant under provider salesforce in pool - partner-pool located in europe-west1 with specific claim mappings: + partner-pool located in europe-west1 with claim mappings: $ gcloud beta iam workforce-pools providers scim-tenants create \ sales-tenant --location=europe-west1 \ --workforce-pool=partner-pool --provider=salesforce \ - --claim-mapping="google.subject=salesforce_id,assertion.groups=m\ - emberOf" + --claim-mapping="google.subject=user.externalId,google.group=gro\ + up.externalId" POSITIONAL ARGUMENTS Workforce pool provider scim tenant resource - The ID of the SCIM tenant diff --git a/gcloud/beta/iam/workforce-pools/providers/update-oidc b/gcloud/beta/iam/workforce-pools/providers/update-oidc index 404fd60eb..d8b31075e 100644 --- a/gcloud/beta/iam/workforce-pools/providers/update-oidc +++ b/gcloud/beta/iam/workforce-pools/providers/update-oidc @@ -9,7 +9,7 @@ SYNOPSIS [--attribute-mapping=[KEY=VALUE,...]] [--client-id=CLIENT_ID] [--description=DESCRIPTION] [--detailed-audit-logging] [--disabled] [--display-name=DISPLAY_NAME] [--issuer-uri=ISSUER_URI] - [--jwk-json-path=PATH_TO_FILE] + [--jwk-json-path=PATH_TO_FILE] [--scim-usage=SCIM_USAGE] [--web-sso-additional-scopes=[WEB_SSO_ADDITIONAL_SCOPES,...]] [--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR] [--web-sso-response-type=WEB_SSO_RESPONSE_TYPE] @@ -228,116 +228,165 @@ FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. - *--web-sso-additional-scopes*=[_WEB_SSO_ADDITIONAL_SCOPES_,...]:: + --scim-usage=SCIM_USAGE + Specifies whether the workforce identity pool provider uses + SCIM-managed groups instead of the google.groups attribute mapping for + authorization checks. - Additional scopes to request for the OIDC authentication on - top of scopes requested by default. By default, the `openid`, `profile` - and `email` scopes that are supported by the identity provider are - requested. + The scim_usage and extended_attributes_oauth2_client fields are + mutually exclusive. A request that enables both fields on the same + workforce identity pool provider will produce an error. - Each additional scope may be at most 256 - characters. A maximum of 10 additional scopes may be configured. + Use enabled-for-groups to enable SCIM-managed groups. Use + scim-usage-unspecified to disable SCIM-managed groups. - *--web-sso-assertion-claims-behavior*=_WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR_:: + SCIM_USAGE must be one of: enabled-for-groups, scim-usage-unspecified. - The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition. - Use `merge-user-info-over-id-token-claims` to merge the UserInfo Endpoint Claims with ID Token - Claims, preferring UserInfo Claim Values for the same Claim Name. Currently this option is only - available for Authorization Code flow. - Use `only-id-token-claims` to include only ID token claims. _WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR_ must be one of: *assertion-claims-behavior-unspecified*, *merge-user-info-over-id-token-claims*, *only-id-token-claims*. + --web-sso-additional-scopes=[WEB_SSO_ADDITIONAL_SCOPES,...] + Additional scopes to request for the OIDC authentication on top of + scopes requested by default. By default, the openid, profile and email + scopes that are supported by the identity provider are requested. - *--web-sso-response-type*=_WEB_SSO_RESPONSE_TYPE_:: + Each additional scope may be at most 256 characters. A maximum of 10 + additional scopes may be configured. - Response Type to request for in the OIDC Authorization Request for web sign-in. - Use `code` to select the authorization code flow (https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) - Use `id-token` to select the implicit flow (https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth). _WEB_SSO_RESPONSE_TYPE_ must be one of: *code*, *id-token*, *response-type-unspecified*. + --web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR + The behavior for how OIDC Claims are included in the assertion object + used for attribute mapping and attribute condition. Use + merge-user-info-over-id-token-claims to merge the UserInfo Endpoint + Claims with ID Token Claims, preferring UserInfo Claim Values for the + same Claim Name. Currently this option is only available for + Authorization Code flow. Use only-id-token-claims to include only ID + token claims. WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR must be one of: + assertion-claims-behavior-unspecified, + merge-user-info-over-id-token-claims, only-id-token-claims. - :: At most one of these can be specified: + --web-sso-response-type=WEB_SSO_RESPONSE_TYPE + Response Type to request for in the OIDC Authorization Request for web + sign-in. Use code to select the authorization code flow + (https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) + Use id-token to select the implicit flow + (https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth). + WEB_SSO_RESPONSE_TYPE must be one of: code, id-token, + response-type-unspecified. - *--clear-client-secret*::: + At most one of these can be specified: - Clear the OIDC client secret. + --clear-client-secret + Clear the OIDC client secret. - *--client-secret-value*=_CLIENT_SECRET_VALUE_::: + --client-secret-value=CLIENT_SECRET_VALUE + The OIDC client secret. Required to enable Authorization Code flow + for web sign-in. - The OIDC client secret. Required to enable Authorization Code flow for web sign-in. + At most one of these can be specified: - :: At most one of these can be specified: + --clear-extended-attributes-config + Clear the extended attributes configuration. - *--clear-extended-attributes-config*::: + --extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extended attributes from the + identity provider. Required to get extended group memberships for a + subset of Google Cloud products. - Clear the extended attributes configuration. + --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extended attributes from + the identity provider. Required to get extended group memberships for + a subset of Google Cloud products. - *--extended-attributes-client-id*=_EXTENDED_ATTRIBUTES_CLIENT_ID_::: + --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using + [Keyword Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - The OAuth 2.0 client ID for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), + based on the value of attributes_type. Values passed to filter are + converted to $search query parameters. Additional $filter query + parameters cannot be added using this field. - *--extended-attributes-client-secret-value*=_EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE_::: + ▸ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. - The OAuth 2.0 client secret for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - *--extended-attributes-filter*=_EXTENDED_ATTRIBUTES_FILTER_::: + --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTENDED_ATTRIBUTES_TYPE must be (only one value is + supported): azure-ad-groups-id. - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). + At most one of these can be specified: - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. + --clear-extra-attributes-config + Clear the extra attributes configuration. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. + --extra-attributes-client-id=EXTRA_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - *--extended-attributes-issuer-uri*=_EXTENDED_ATTRIBUTES_ISSUER_URI_::: + --extra-attributes-client-secret-value=EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. + --extra-attributes-filter=EXTRA_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using + [Keyword Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - *--extended-attributes-type*=_EXTENDED_ATTRIBUTES_TYPE_::: + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), + based on the value of attributes_type. Values passed to filter are + converted to $search query parameters. Additional $filter query + parameters cannot be added using this field. - Represents the identity provider and type of claims that should be fetched. _EXTENDED_ATTRIBUTES_TYPE_ must be (only one value is supported): *azure-ad-groups-id*. + ▸ AZURE_AD_GROUPS_MAIL: mailEnabled and securityEnabled filters are + applied. + ▸ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. - :: At most one of these can be specified: + --extra-attributes-issuer-uri=EXTRA_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - *--clear-extra-attributes-config*::: - - Clear the extra attributes configuration. - - *--extra-attributes-client-id*=_EXTRA_ATTRIBUTES_CLIENT_ID_::: - - The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. - - *--extra-attributes-client-secret-value*=_EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE_::: - - The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. - - *--extra-attributes-filter*=_EXTRA_ATTRIBUTES_FILTER_::: - - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). - - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. - - * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `securityEnabled` filters are applied. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. - - *--extra-attributes-issuer-uri*=_EXTRA_ATTRIBUTES_ISSUER_URI_::: - - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. - - *--extra-attributes-type*=_EXTRA_ATTRIBUTES_TYPE_::: - - Represents the identity provider and type of claims that should be fetched. _EXTRA_ATTRIBUTES_TYPE_ must be one of: *azure-ad-groups-mail*, *azure-ad-groups-id*. + --extra-attributes-type=EXTRA_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTRA_ATTRIBUTES_TYPE must be one of: azure-ad-groups-mail, + azure-ad-groups-id. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1 API. The full documentation for this API can + be found at: https://cloud.google.com/iam/ NOTES - This command is currently in beta and might change without notice. - These variants are also available: + This command is currently in beta and might change without notice. These + variants are also available: - $ gcloud iam workforce-pools providers update-oidc + $ gcloud iam workforce-pools providers update-oidc - $ gcloud alpha iam workforce-pools providers update-oidc + $ gcloud alpha iam workforce-pools providers update-oidc diff --git a/gcloud/beta/iam/workload-identity-pools/providers/create-aws b/gcloud/beta/iam/workload-identity-pools/providers/create-aws index 9403c2780..ef70e45be 100644 --- a/gcloud/beta/iam/workload-identity-pools/providers/create-aws +++ b/gcloud/beta/iam/workload-identity-pools/providers/create-aws @@ -139,7 +139,7 @@ OPTIONAL FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. diff --git a/gcloud/beta/iam/workload-identity-pools/providers/create-oidc b/gcloud/beta/iam/workload-identity-pools/providers/create-oidc index 7e95818da..d46064c84 100644 --- a/gcloud/beta/iam/workload-identity-pools/providers/create-oidc +++ b/gcloud/beta/iam/workload-identity-pools/providers/create-oidc @@ -113,7 +113,7 @@ REQUIRED FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. @@ -224,21 +224,26 @@ OPTIONAL FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1beta* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1beta API. The full documentation for this API + can be found at: https://cloud.google.com/iam/ NOTES - This command is currently in beta and might change without notice. - These variants are also available: + This command is currently in beta and might change without notice. These + variants are also available: - $ gcloud iam workload-identity-pools providers create-oidc + $ gcloud iam workload-identity-pools providers create-oidc - $ gcloud alpha iam workload-identity-pools providers create-oidc + $ gcloud alpha iam workload-identity-pools providers create-oidc diff --git a/gcloud/beta/iam/workload-identity-pools/providers/update-aws b/gcloud/beta/iam/workload-identity-pools/providers/update-aws index 3ccf80725..184232923 100644 --- a/gcloud/beta/iam/workload-identity-pools/providers/update-aws +++ b/gcloud/beta/iam/workload-identity-pools/providers/update-aws @@ -138,7 +138,7 @@ FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. diff --git a/gcloud/beta/iam/workload-identity-pools/providers/update-oidc b/gcloud/beta/iam/workload-identity-pools/providers/update-oidc index 1e54520f2..c649ab785 100644 --- a/gcloud/beta/iam/workload-identity-pools/providers/update-oidc +++ b/gcloud/beta/iam/workload-identity-pools/providers/update-oidc @@ -153,7 +153,7 @@ FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. @@ -223,21 +223,26 @@ FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1beta* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1beta API. The full documentation for this API + can be found at: https://cloud.google.com/iam/ NOTES - This command is currently in beta and might change without notice. - These variants are also available: + This command is currently in beta and might change without notice. These + variants are also available: - $ gcloud iam workload-identity-pools providers update-oidc + $ gcloud iam workload-identity-pools providers update-oidc - $ gcloud alpha iam workload-identity-pools providers update-oidc + $ gcloud alpha iam workload-identity-pools providers update-oidc diff --git a/gcloud/beta/network-connectivity/hubs/accept-spoke b/gcloud/beta/network-connectivity/hubs/accept-spoke index 5ca262776..585f6a43e 100644 --- a/gcloud/beta/network-connectivity/hubs/accept-spoke +++ b/gcloud/beta/network-connectivity/hubs/accept-spoke @@ -15,8 +15,8 @@ EXAMPLES To accept a spoke named my-spoke into a hub named my-hub, run: $ gcloud beta network-connectivity hubs accept-spoke my-hub \ - --spoke="https://networkconnectivity.googleapis.com/v1/projects/\ - spoke-project/locations/global/spokes/my-spoke" + --spoke="https://networkconnectivity.googleapis.com/v1/projects/\ + spoke-project/locations/global/spokes/my-spoke" POSITIONAL ARGUMENTS Hub resource - Name of the hub to accept the spoke into. This represents a diff --git a/gcloud/beta/network-security/firewall-endpoints/create b/gcloud/beta/network-security/firewall-endpoints/create index b350003dc..a4bbd04b6 100644 --- a/gcloud/beta/network-security/firewall-endpoints/create +++ b/gcloud/beta/network-security/firewall-endpoints/create @@ -6,8 +6,8 @@ SYNOPSIS gcloud beta network-security firewall-endpoints create (FIREWALL_ENDPOINT : --organization=ORGANIZATION --zone=ZONE) --billing-project=BILLING_PROJECT [--async] [--description=DESCRIPTION] - [--labels=[KEY=VALUE,...]] [--max-wait=MAX_WAIT; default="60m"] - [GCLOUD_WIDE_FLAG ...] + [--enable-jumbo-frames] [--labels=[KEY=VALUE,...]] + [--max-wait=MAX_WAIT; default="60m"] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) Create a firewall endpoint. Successful creation of an endpoint @@ -70,6 +70,10 @@ OPTIONAL FLAGS --description=DESCRIPTION Description of the endpoint + --enable-jumbo-frames + Enable jumbo frames for the firewall endpoint. To disable jumbo frames, + use --no-enable-jumbo-frames. + --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. diff --git a/gcloud/beta/run/deploy b/gcloud/beta/run/deploy index 3d0612141..dae51b474 100644 --- a/gcloud/beta/run/deploy +++ b/gcloud/beta/run/deploy @@ -3,11 +3,11 @@ NAME SYNOPSIS gcloud beta run deploy [[SERVICE] --namespace=NAMESPACE] - [--[no-]allow-unauthenticated] [--allow-unencrypted-build] [--async] - [--breakglass=JUSTIFICATION] [--clear-vpc-connector] - [--concurrency=CONCURRENCY] [--container=CONTAINER] [--[no-]cpu-boost] - [--[no-]cpu-throttling] [--[no-]default-url] - [--[no-]deploy-health-check] [--description=DESCRIPTION] + [--[no-]allow-unauthenticated] [--async] [--breakglass=JUSTIFICATION] + [--clear-vpc-connector] [--concurrency=CONCURRENCY] + [--container=CONTAINER] [--[no-]cpu-boost] [--[no-]cpu-throttling] + [--[no-]default-url] [--[no-]deploy-health-check] + [--description=DESCRIPTION] [--execution-environment=EXECUTION_ENVIRONMENT] [--gpu-type=GPU_TYPE] [--[no-]gpu-zonal-redundancy] [--[no-]iap] [--ingress=INGRESS; default="all"] [--[no-]invoker-iam-check] @@ -113,16 +113,6 @@ FLAGS may take a few moments to take effect. Use --allow-unauthenticated to enable and --no-allow-unauthenticated to disable. - --allow-unencrypted-build - (DEPRECATED) Whether to allow customer-managed encryption key (CMEK) - deployments without encrypting the build process. This means that only - the deployed container will be encrypted. - - The flag --allow-unencrypted-build is deprecated. The CMEK compliance - is now available for the build process of source-based deployments. For - more details, see - https://cloud.google.com/run/docs/securing/using-cmek#source-deploy - --async Return immediately, without waiting for the operation in progress to complete. diff --git a/gcloud/beta/scc/findings/create b/gcloud/beta/scc/findings/create index cc814c133..c84687773 100644 --- a/gcloud/beta/scc/findings/create +++ b/gcloud/beta/scc/findings/create @@ -116,8 +116,9 @@ OPTIONAL FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -125,6 +126,10 @@ OPTIONAL FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --source-properties=[KEY=VALUE,...] Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map diff --git a/gcloud/beta/scc/findings/group b/gcloud/beta/scc/findings/group index 4ebec7848..26e37a4a6 100644 --- a/gcloud/beta/scc/findings/group +++ b/gcloud/beta/scc/findings/group @@ -131,8 +131,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -140,6 +141,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --page-size=PAGE_SIZE Maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. diff --git a/gcloud/beta/scc/findings/list b/gcloud/beta/scc/findings/list index db78fc97d..fa3d32fb9 100644 --- a/gcloud/beta/scc/findings/list +++ b/gcloud/beta/scc/findings/list @@ -131,8 +131,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -140,6 +141,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --order-by=ORDER_BY Expression that defines what fields and order to use for sorting. String value should follow SQL syntax: comma separated list of fields. diff --git a/gcloud/beta/scc/findings/list-marks b/gcloud/beta/scc/findings/list-marks index 13256eab1..49c68109f 100644 --- a/gcloud/beta/scc/findings/list-marks +++ b/gcloud/beta/scc/findings/list-marks @@ -46,8 +46,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -55,6 +56,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --page-token=PAGE_TOKEN Response objects will return a non-null value for page-token to indicate that there is at least one additional page of data. User can diff --git a/gcloud/beta/scc/findings/update b/gcloud/beta/scc/findings/update index f7b498588..56c462ca4 100644 --- a/gcloud/beta/scc/findings/update +++ b/gcloud/beta/scc/findings/update @@ -72,8 +72,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -81,6 +82,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --source=SOURCE; default="-" Source id. Defaults to all sources. diff --git a/gcloud/beta/scc/findings/update-marks b/gcloud/beta/scc/findings/update-marks index 679a89f02..2a15d9f26 100644 --- a/gcloud/beta/scc/findings/update-marks +++ b/gcloud/beta/scc/findings/update-marks @@ -63,8 +63,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -72,6 +73,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --security-marks=[KEY=VALUE,...] SecurityMarks resource to be passed as the request body. It's a key=value pair separated by comma (,). For example: diff --git a/gcloud/beta/sql/backups/restore b/gcloud/beta/sql/backups/restore index 766b2fe12..d51e79e68 100644 --- a/gcloud/beta/sql/backups/restore +++ b/gcloud/beta/sql/backups/restore @@ -4,15 +4,20 @@ NAME SYNOPSIS gcloud beta sql backups restore ID --restore-instance=RESTORE_INSTANCE [--activation-policy=ACTIVATION_POLICY] - [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] [--[no-]assign-ip] - [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] + [--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...]] + [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] + [--active-directory-mode=ACTIVE_DIRECTORY_MODE] + [--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT] + [--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY] + [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] [--authorized-networks=NETWORK,[NETWORK,...]] [--availability-type=AVAILABILITY_TYPE] [--no-backup] [--backup-instance=BACKUP_INSTANCE] [--backup-location=BACKUP_LOCATION] [--backup-project=BACKUP_PROJECT] - [--backup-start-time=BACKUP_START_TIME] + [--backup-start-time=BACKUP_START_TIME] [--clear-active-directory] + [--clear-active-directory-dns-servers] [--clear-disk-encryption=CLEAR_DISK_ENCRYPTION] [--clear-network] [--collation=COLLATION] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--database-version=DATABASE_VERSION] @@ -75,10 +80,29 @@ OPTIONAL FLAGS https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never. + --active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...] + A comma-separated list of the DNS servers to be used for Active + Directory. Only available for SQL Server instances. E.g: + 10.0.0.1,10.0.0.2 + --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances. + --active-directory-mode=ACTIVE_DIRECTORY_MODE + Defines the Active Directory mode. Only available for SQL Server + instances. ACTIVE_DIRECTORY_MODE must be one of: + MANAGED_ACTIVE_DIRECTORY, CUSTOMER_MANAGED_ACTIVE_DIRECTORY. + + --active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT + Defines the organizational unit to be used for Active Directory. Only + available for SQL Server instances. E.g: + OU=Cloud,DC=ad,DC=example,DC=com + + --active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY + The secret manager key storing administrator credentials. Only + available for SQL Server instances. + --[no-]assign-ip Assign a public IP address to the instance. This is a public, externally available IPv4 address that you can use to connect to your @@ -142,6 +166,12 @@ OPTIONAL FLAGS Start time of daily backups, specified in the HH:MM format, in the UTC timezone. + --clear-active-directory + Clears the Active Directory configuration. + + --clear-active-directory-dns-servers + Removes the list of DNS Servers from the Active Directory Config. + --clear-disk-encryption=CLEAR_DISK_ENCRYPTION Disables CMEK in the restored instance. diff --git a/gcloud/beta/sql/instances/create b/gcloud/beta/sql/instances/create index e34a76a34..033027c35 100644 --- a/gcloud/beta/sql/instances/create +++ b/gcloud/beta/sql/instances/create @@ -4,7 +4,11 @@ NAME SYNOPSIS gcloud beta sql instances create INSTANCE [--activation-policy=ACTIVATION_POLICY] + [--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...]] [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] + [--active-directory-mode=ACTIVE_DIRECTORY_MODE] + [--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT] + [--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY] [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME] [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] @@ -13,7 +17,7 @@ SYNOPSIS [--availability-type=AVAILABILITY_TYPE] [--no-backup] [--backup-location=BACKUP_LOCATION] [--backup-start-time=BACKUP_START_TIME] [--cascadable-replica] - [--collation=COLLATION] + [--clear-active-directory-dns-servers] [--collation=COLLATION] [--connection-pool-flags=FLAG=VALUE,[FLAG=VALUE,...]] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--custom-subject-alternative-names=DNS,[DNS,[DNS]]] @@ -76,6 +80,12 @@ SYNOPSIS : --client-certificate-path=CLIENT_CERTIFICATE_PATH --client-key-path=CLIENT_KEY_PATH] --master-password=MASTER_PASSWORD | --prompt-for-master-password] + [--[no-]auto-scale-disable-scale-in --[no-]auto-scale-enabled + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + --auto-scale-target-metrics=[METRIC=VALUE,...]] [--region=REGION; default="us-central" | --gce-zone=GCE_ZONE | --secondary-zone=SECONDARY_ZONE --zone=ZONE] [--source-ip-address=SOURCE_IP_ADDRESS @@ -123,10 +133,29 @@ FLAGS https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never. + --active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...] + A comma-separated list of the DNS servers to be used for Active + Directory. Only available for SQL Server instances. E.g: + 10.0.0.1,10.0.0.2 + --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances. + --active-directory-mode=ACTIVE_DIRECTORY_MODE + Defines the Active Directory mode. Only available for SQL Server + instances. ACTIVE_DIRECTORY_MODE must be one of: + MANAGED_ACTIVE_DIRECTORY, CUSTOMER_MANAGED_ACTIVE_DIRECTORY. + + --active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT + Defines the organizational unit to be used for Active Directory. Only + available for SQL Server instances. E.g: + OU=Cloud,DC=ad,DC=example,DC=com + + --active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY + The secret manager key storing administrator credentials. Only + available for SQL Server instances. + --allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME The name of the IP range allocated for a Cloud SQL instance with private network connectivity. For example: @@ -189,6 +218,9 @@ FLAGS --master-instance-name flag is set, and the replica under creation is in a different region than the primary instance. + --clear-active-directory-dns-servers + Removes the list of DNS Servers from the Active Directory Config. + --collation=COLLATION Cloud SQL server-level collation setting, which specifies the set of rules for comparing characters in a character set. @@ -725,6 +757,44 @@ FLAGS data source. The password is all typed characters up to but not including the RETURN or ENTER key. + Options for configuring read pool auto scale. + + --[no-]auto-scale-disable-scale-in + Disables automatic read pool scale-in. When disabled, read pool auto + scaling only supports increasing the read pool node count. By + default, both automatic read pool scale-in and scale-out are enabled. + Use --auto-scale-disable-scale-in to enable and + --no-auto-scale-disable-scale-in to disable. + + --[no-]auto-scale-enabled + Enables read pool auto scaling. Supports automatically increasing and + decreasing the read pool's node count based on need. Use + --auto-scale-enabled to enable and --no-auto-scale-enabled to + disable. + + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-in. Minimum time + between scale-in events. Must be an integer value. For example, if + the value is 60, then a scale-in event will not be triggered within + 60 seconds of the last scale-in event. + + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + Maximum number of read pool nodes to be maintained. + + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + Minimum number of read pool nodes to be maintained. + + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-out. Minimum time + between scale-out events. Must be an integer value. For example, if + the value is 60, then a scale-out event will not be triggered within + 60 seconds of the last scale-out event. + + --auto-scale-target-metrics=[METRIC=VALUE,...] + Target metrics for read pool auto scaling. Options are: + AVERAGE_CPU_UTILIZATION and AVERAGE_DB_CONNECTIONS. Example: + --auto-scale-target-metrics=AVERAGE_CPU_UTILIZATION=0.8 + At most one of these can be specified: --region=REGION; default="us-central" diff --git a/gcloud/beta/sql/instances/patch b/gcloud/beta/sql/instances/patch index 27d795250..fdc88c4d9 100644 --- a/gcloud/beta/sql/instances/patch +++ b/gcloud/beta/sql/instances/patch @@ -5,12 +5,17 @@ NAME SYNOPSIS gcloud beta sql instances patch INSTANCE [--activation-policy=ACTIVATION_POLICY] + [--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...]] [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] + [--active-directory-mode=ACTIVE_DIRECTORY_MODE] + [--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT] + [--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY] [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME] [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] - [--availability-type=AVAILABILITY_TYPE] + [--availability-type=AVAILABILITY_TYPE] [--clear-active-directory] + [--clear-active-directory-dns-servers] [--clear-failover-dr-replica-name] [--clear-password-policy] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--database-version=DATABASE_VERSION] [--[no-]deletion-protection] @@ -80,6 +85,12 @@ SYNOPSIS [--clear-psc-network-attachment-uri | --psc-network-attachment-uri=PSC_NETWORK_ATTACHMENT_URI] [--gce-zone=GCE_ZONE | --secondary-zone=SECONDARY_ZONE --zone=ZONE] + [--[no-]auto-scale-disable-scale-in --[no-]auto-scale-enabled + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + --auto-scale-target-metrics=[METRIC=VALUE,...]] [--no-backup | --backup-location=BACKUP_LOCATION --backup-start-time=BACKUP_START_TIME --retained-backups-count=RETAINED_BACKUPS_COUNT @@ -102,10 +113,29 @@ FLAGS https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never. + --active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...] + A comma-separated list of the DNS servers to be used for Active + Directory. Only available for SQL Server instances. E.g: + 10.0.0.1,10.0.0.2 + --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances. + --active-directory-mode=ACTIVE_DIRECTORY_MODE + Defines the Active Directory mode. Only available for SQL Server + instances. ACTIVE_DIRECTORY_MODE must be one of: + MANAGED_ACTIVE_DIRECTORY, CUSTOMER_MANAGED_ACTIVE_DIRECTORY. + + --active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT + Defines the organizational unit to be used for Active Directory. Only + available for SQL Server instances. E.g: + OU=Cloud,DC=ad,DC=example,DC=com + + --active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY + The secret manager key storing administrator credentials. Only + available for SQL Server instances. + --allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME The name of the IP range allocated for a Cloud SQL instance with private network connectivity. For example: @@ -145,6 +175,12 @@ FLAGS zonal Provides no failover capability. This is the default. + --clear-active-directory + Clears the Active Directory configuration. + + --clear-active-directory-dns-servers + Removes the list of DNS Servers from the Active Directory Config. + --clear-failover-dr-replica-name Clear the DR replica setting for the primary instance. Flag is only available for MySQL and PostgreSQL database instances. @@ -716,6 +752,44 @@ FLAGS Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.). WARNING: Instance may be restarted. + Options for configuring read pool auto scale. + + --[no-]auto-scale-disable-scale-in + Disables automatic read pool scale-in. When disabled, read pool auto + scaling only supports increasing the read pool node count. By + default, both automatic read pool scale-in and scale-out are enabled. + Use --auto-scale-disable-scale-in to enable and + --no-auto-scale-disable-scale-in to disable. + + --[no-]auto-scale-enabled + Enables read pool auto scaling. Supports automatically increasing and + decreasing the read pool's node count based on need. Use + --auto-scale-enabled to enable and --no-auto-scale-enabled to + disable. + + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-in. Minimum time + between scale-in events. Must be an integer value. For example, if + the value is 60, then a scale-in event will not be triggered within + 60 seconds of the last scale-in event. + + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + Maximum number of read pool nodes to be maintained. + + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + Minimum number of read pool nodes to be maintained. + + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-out. Minimum time + between scale-out events. Must be an integer value. For example, if + the value is 60, then a scale-out event will not be triggered within + 60 seconds of the last scale-out event. + + --auto-scale-target-metrics=[METRIC=VALUE,...] + Target metrics for read pool auto scaling. Options are: + AVERAGE_CPU_UTILIZATION and AVERAGE_DB_CONNECTIONS. Example: + --auto-scale-target-metrics=AVERAGE_CPU_UTILIZATION=0.8 + At most one of these can be specified: --no-backup diff --git a/gcloud/composer/environments/run b/gcloud/composer/environments/run index 5166fa59c..bbaab412e 100644 --- a/gcloud/composer/environments/run +++ b/gcloud/composer/environments/run @@ -80,17 +80,17 @@ POSITIONAL ARGUMENTS SUBCOMMAND The Airflow CLI subcommand to run. Available subcommands include (listed with Airflow versions that support): backfill [**, 2.0.0), - clear [**, 2.0.0), connections [**, 3.1.0), dag_state [**, 2.0.0), dags - [1.10.14, 3.1.0), db [2.3.0, 3.0.0), delete_dag [1.10.1, 2.0.0), - kerberos [**, 3.1.0), kubernetes [2.1.4, 3.1.0), list-import-errors + clear [**, 2.0.0), connections [**, 3.2.0), dag_state [**, 2.0.0), dags + [1.10.14, 3.2.0), db [2.3.0, 3.0.0), delete_dag [1.10.1, 2.0.0), + kerberos [**, 3.2.0), kubernetes [2.1.4, 3.2.0), list-import-errors [**, 3.0.0), list_dag_runs [1.10.2, 2.0.0), list_dags [**, 2.0.0), list_tasks [**, 2.0.0), next_execution [1.10.2, 2.0.0), pause [**, - 2.0.0), pool [**, 2.0.0), pools [1.10.14, 3.1.0), render [**, 2.0.0), - roles [2.0.0, 3.1.0), run [**, 2.0.0), sync-perm [1.10.14, 3.1.0), + 2.0.0), pool [**, 2.0.0), pools [1.10.14, 3.2.0), render [**, 2.0.0), + roles [2.0.0, 3.2.0), run [**, 2.0.0), sync-perm [1.10.14, 3.2.0), sync_perm [1.10.2, 2.0.0), task_failed_deps [**, 2.0.0), task_state - [**, 2.0.0), tasks [1.10.14, 3.1.0), test [**, 2.0.0), trigger_dag [**, + [**, 2.0.0), tasks [1.10.14, 3.2.0), test [**, 2.0.0), trigger_dag [**, 2.0.0), unpause [**, 2.0.0), upgrade_check [1.10.15, 2.0.0), users - [1.10.14, 3.1.0), variables [**, 3.1.0), version [**, 3.1.0) (see + [1.10.14, 3.2.0), variables [**, 3.2.0), version [**, 3.2.0) (see https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html for more info). diff --git a/gcloud/compute/future-reservations/cancel b/gcloud/compute/future-reservations/cancel new file mode 100644 index 000000000..d8e753ce8 --- /dev/null +++ b/gcloud/compute/future-reservations/cancel @@ -0,0 +1,74 @@ +NAME + gcloud compute future-reservations cancel - cancel a Compute Engine future + reservation + +SYNOPSIS + gcloud compute future-reservations cancel + (FUTURE_RESERVATION : --zone=ZONE) [--async] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Cancel a Compute Engine future reservation. + +EXAMPLES + To cancel a given Compute Engine future reservation, run: + + $ gcloud compute future-reservations cancel my-reservation \ + --zone=ZONE + +POSITIONAL ARGUMENTS + Future reservation resource - The name of the future reservation to + cancel. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument future_reservation on the command line with a + fully specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + FUTURE_RESERVATION + ID of the future reservation or fully qualified identifier for the + future reservation. + + To set the future_reservation attribute: + ▸ provide the argument future_reservation on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --zone=ZONE + The name of the Google Compute Engine zone. + + To set the zone attribute: + ▸ provide the argument future_reservation on the command line with + a fully specified name; + ▸ provide the argument --zone on the command line; + ▸ set the property compute/zone. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the compute/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/compute/ + +NOTES + These variants are also available: + + $ gcloud alpha compute future-reservations cancel + + $ gcloud beta compute future-reservations cancel + diff --git a/gcloud/compute/future-reservations/create b/gcloud/compute/future-reservations/create new file mode 100644 index 000000000..bbaa684b9 --- /dev/null +++ b/gcloud/compute/future-reservations/create @@ -0,0 +1,314 @@ +NAME + gcloud compute future-reservations create - create a Compute Engine + reservation + +SYNOPSIS + gcloud compute future-reservations create FUTURE_RESERVATION + --[no-]auto-delete-auto-created-reservations + (--source-instance-template=SOURCE_INSTANCE_TEMPLATE + | [--machine-type=MACHINE_TYPE + : --accelerator=[count=COUNT],[type=TYPE] + --local-ssd=[count=COUNT],[interface=INTERFACE],[size=SIZE] + --min-cpu-platform=MIN_CPU_PLATFORM] | [--tpu-version=TPU_VERSION + : --chip-count=CHIP_COUNT --workload-type=WORKLOAD_TYPE]) + (--start-time=START_TIME (--duration=DURATION | --end-time=END_TIME)) + [--deployment-type=DEPLOYMENT_TYPE] [--description=DESCRIPTION] + [--name-prefix=NAME_PREFIX] [--planning-status=PLANNING_STATUS] + [--[no-]require-specific-reservation] + [--reservation-mode=RESERVATION_MODE] + [--reservation-name=RESERVATION_NAME] + [--scheduling-type=SCHEDULING_TYPE] [--total-count=TOTAL_COUNT] + [--zone=ZONE] + [--auto-created-reservations-delete-time=AUTO_CREATED_RESERVATIONS_DELETE_TIME | --auto-created-reservations-duration=AUTO_CREATED_RESERVATIONS_DURATION] + [--commitment-name=COMMITMENT_NAME --commitment-plan=COMMITMENT_PLAN + --previous-commitment-terms=PREVIOUS_COMMITMENT_TERMS] + [--share-setting=SHARE_SETTING --share-with=PROJECT,[PROJECT,...]] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Create a Compute Engine reservation. + +POSITIONAL ARGUMENTS + FUTURE_RESERVATION + Name of the future reservation to create. + +REQUIRED FLAGS + --[no-]auto-delete-auto-created-reservations + If specified, the auto-created reservations for a future reservation + are deleted at the end time (default) or at a specified delete time. + Use --auto-delete-auto-created-reservations to enable and + --no-auto-delete-auto-created-reservations to disable. + + To create a future reservation request, specify the properties of the + resources that you want to reserve and when you want to start using them. + After the request is approved, Compute Engine automatically creates + reservations for your requested resources at your specified start time. + + Exactly one of these must be specified: + + --source-instance-template=SOURCE_INSTANCE_TEMPLATE + The url of the instance template that will be used to populate the + fields of the reservation. Instance properties can not be defined in + addition to source instance template. + + Define individual instance properties for the specific SKU reservation. + + --machine-type=MACHINE_TYPE + The type of machine (name only) that has a fixed number of vCPUs + and a fixed amount of memory. You can also specify a custom machine + type by using the pattern + custom-number_of_CPUs-amount_of_memory-for example, + custom-32-29440. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --accelerator=[count=COUNT],[type=TYPE] + Manage the configuration of the type and number of accelerator + cards attached. + count + The number of accelerators to attach to each instance in the + reservation. + type + The specific type (e.g. nvidia-tesla-k80 for nVidia Tesla K80) + of accelerator to attach to instances in the reservation. Use + gcloud compute accelerator-types list to learn about all + available accelerator types. + + --local-ssd=[count=COUNT],[interface=INTERFACE],[size=SIZE] + Manage the size and the interface of local SSD to use. See + https://cloud.google.com/compute/docs/disks/local-ssd for more + information. + interface + The kind of disk interface exposed to the VM for this SSD. + Valid values are scsi and nvme. SCSI is the default and is + supported by more guest operating systems. NVME may provide + higher performance. + size + The size of the local SSD in base-2 GB. + count + The number of local SSD to use per VM. If you don't specify + this argument, then the default value is 1. + + --min-cpu-platform=MIN_CPU_PLATFORM + Optional minimum CPU platform of the reservation to create. + + You must define the version and number of TPUs to reserve. + + --tpu-version=TPU_VERSION + The version of Cloud TPU to reserve. TPU_VERSION must be one of: + + V5E + Cloud TPU v5e Lite + V5P + Cloud TPU v5p + V6E + Cloud TPU v6e + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --chip-count=CHIP_COUNT + The number of chips to reserve. + + --workload-type=WORKLOAD_TYPE + The workload type of the TPU reservation. WORKLOAD_TYPE must be one + of: + + BATCH + Reserved resources will be optimized for BATCH workloads, such + as ML training. + SERVING + Reserved resources will be optimized for SERVING workloads, + such as ML inference + + Manage the time specific properties for requesting future capacity + + This must be specified. + + --start-time=START_TIME + Start time of the Future Reservation. The start time must be an + RFC3339 valid string formatted by date, time, and timezone or + "YYYY-MM-DDTHH:MM:SSZ"; where YYYY = year, MM = month, DD = day, HH = + hours, MM = minutes, SS = seconds, and Z = timezone (i.e. + 2021-11-20T07:00:00Z). + + This flag argument must be specified if any of the other arguments in + this group are specified. + + Exactly one of these must be specified: + + --duration=DURATION + Alternate way of specifying time in the number of seconds to + terminate capacity request relative to the start time of a request. + + --end-time=END_TIME + End time of the Future Reservation. The end time must be an RFC3339 + valid string formatted by date, time, and timezone or + "YYYY-MM-DDTHH:MM:SSZ"; where YYYY = year, MM = month, DD = day, HH + = hours, MM = minutes, SS = seconds, and Z = timezone (i.e. + 2021-11-20T07:00:00Z). + +OPTIONAL FLAGS + --deployment-type=DEPLOYMENT_TYPE + The deployment type for the reserved capacity. DEPLOYMENT_TYPE must be + one of: + + DENSE + DENSE mode is for densely deployed reservation blocks. + FLEXIBLE + FLEXIBLE mode is for highly flexible, logical reservation blocks. + + --description=DESCRIPTION + An optional description of the future reservation to create. + + --name-prefix=NAME_PREFIX + A name prefix for the auto-created reservations when capacity is + delivered at the start time. Each auto-created reservation name starts + with the name prefix. + + --planning-status=PLANNING_STATUS + The planning status of the future reservation. The default value is + DRAFT. While in DRAFT, any changes to the future reservation's + properties will be allowed. If set to SUBMITTED, the future reservation + will submit and its procurementStatus will change to PENDING_APPROVAL. + Once the future reservation is pending approval, changes to the future + reservation's properties will not be allowed. PLANNING_STATUS must be + one of: + + DRAFT + Default planning status value. + SUBMITTED + Planning status value to immediately submit the future reservation. + + --[no-]require-specific-reservation + Indicate whether the auto-created reservations can be consumed by VMs + with "any reservation" defined. If enabled, then only VMs that target + the auto-created reservation by name using + --reservation-affinity=specific can consume from this reservation. + Auto-created reservations delivered with this flag enabled will inherit + the name of the future reservation. Use --require-specific-reservation + to enable and --no-require-specific-reservation to disable. + + --reservation-mode=RESERVATION_MODE + The mode of the reservation. RESERVATION_MODE must be one of: + + CALENDAR + This indicates to create a future reservation in calendar mode, + which is ideal for reserving GPU VMs. The auto-created reservations + for the future reservation are automatically deleted at the end of + the reservation period. + DEFAULT + This indicates to create a standard future reservation. If you want + to automatically delete the auto-created reservations, then you + must use the --auto-delete-auto-created-reservations flag. + + --reservation-name=RESERVATION_NAME + Name of reservations where the capacity is provisioned at the time of + delivery of future reservations. If the reservation with the given name + does not exist already, it is created automatically at the time of + Approval with INACTIVE state till specified start-time. Either provide + the reservation_name or a name_prefix. + + --scheduling-type=SCHEDULING_TYPE + Maintenance for the reserved capacity. SCHEDULING_TYPE must be one of: + + GROUPED + In GROUPED mode, maintenance on all reserved instances is + synchronized. + INDEPENDENT + In INDEPENDENT mode, maintenance is not synchronized for this + reservation, and each instance has its own maintenance window. + + --total-count=TOTAL_COUNT + The total number of instances for which capacity assurance is requested + at a future time period. + + --zone=ZONE + Zone of the future reservation to create. If not specified and the + compute/zone property isn't set, you might be prompted to select a zone + (interactive mode only). + + To avoid prompting when this flag is omitted, you can set the + compute/zone property: + + $ gcloud config set compute/zone ZONE + + A list of zones can be fetched by running: + + $ gcloud compute zones list + + To unset the property, run: + + $ gcloud config unset compute/zone + + Alternatively, the zone can be stored in the environment variable + CLOUDSDK_COMPUTE_ZONE. + + Manage the auto-delete time properties. + + At most one of these can be specified: + + --auto-created-reservations-delete-time=AUTO_CREATED_RESERVATIONS_DELETE_TIME + Automatically deletes an auto-created reservations at a specific + time. The specified time must be an RFC3339 timestamp, which must be + formatted as "YYYY-MM-DDTHH:MM:SSZ" where YYYY = year, MM = month, DD + = day, HH = hours, MM = minutes, SS = seconds, and Z = time zone in + Coordinated Universal Time (UTC). For example, specify + 2021-11-20T07:00:00Z. + + --auto-created-reservations-duration=AUTO_CREATED_RESERVATIONS_DURATION + Automatically deletes an auto-created reservations after a specified + number of days, hours, minutes, or seconds. For example, specify 30m + for 30 minutes, or 1d2h3m4s for 1 day, 2 hours, 3 minutes, and 4 + seconds. For more information, see $ gcloud topic datetimes. + + Manage the commitment info properties + + --commitment-name=COMMITMENT_NAME + Name of commitment covering the delivered reservation at the time of + delivery of future reservations. If not specified, it takes the name + of the future reservation. + + --commitment-plan=COMMITMENT_PLAN + The plan for this commitment to be created, which determines duration + and discount rate. The currently supported plans are TWELVE_MONTH (1 + year), and THIRTY_SIX_MONTH (3 years). COMMITMENT_PLAN must be one + of: TWELVE_MONTH, THIRTY_SIX_MONTH. + + --previous-commitment-terms=PREVIOUS_COMMITMENT_TERMS + Applicable only if future reservation will deliver to an existing + reservation with a ramp plan. When set to EXTEND, all associated + parent Committed Used Discount's end-date/term will be extended to + the end-time of this future reservation. Default is to extend + previous commitment's time to the end_time of the reservation. + PREVIOUS_COMMITMENT_TERMS must be (only one value is supported): + EXTEND. + + Manage the properties of a shared reservation. + + --share-setting=SHARE_SETTING + Specify if this future reservation is shared, and if so, the type of + sharing. If you omit this flag, this value is local by default. + SHARE_SETTING must be one of: local, projects. + + --share-with=PROJECT,[PROJECT,...] + If this future reservation is shared, provide a comma-separated list + of projects that this future reservation is shared with. The list + must contain project IDs or project numbers. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute future-reservations create + + $ gcloud beta compute future-reservations create + diff --git a/gcloud/compute/future-reservations/delete b/gcloud/compute/future-reservations/delete new file mode 100644 index 000000000..83bd407a0 --- /dev/null +++ b/gcloud/compute/future-reservations/delete @@ -0,0 +1,74 @@ +NAME + gcloud compute future-reservations delete - delete a Compute Engine future + reservation + +SYNOPSIS + gcloud compute future-reservations delete + (FUTURE_RESERVATION : --zone=ZONE) [--async] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Delete a Compute Engine future reservation. + +EXAMPLES + To delete a given Compute Engine future reservation, run: + + $ gcloud compute future-reservations delete my-reservation \ + --zone=ZONE + +POSITIONAL ARGUMENTS + Future reservation resource - The name of the future reservation to + delete. The arguments in this group can be used to specify the attributes + of this resource. (NOTE) Some attributes are not given arguments in this + group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument future_reservation on the command line with a + fully specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + FUTURE_RESERVATION + ID of the future reservation or fully qualified identifier for the + future reservation. + + To set the future_reservation attribute: + ▸ provide the argument future_reservation on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --zone=ZONE + The name of the Google Compute Engine zone. + + To set the zone attribute: + ▸ provide the argument future_reservation on the command line with + a fully specified name; + ▸ provide the argument --zone on the command line; + ▸ set the property compute/zone. + +FLAGS + --async + Return immediately, without waiting for the operation in progress to + complete. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the compute/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/compute/ + +NOTES + These variants are also available: + + $ gcloud alpha compute future-reservations delete + + $ gcloud beta compute future-reservations delete + diff --git a/gcloud/compute/future-reservations/describe b/gcloud/compute/future-reservations/describe new file mode 100644 index 000000000..5a9903eee --- /dev/null +++ b/gcloud/compute/future-reservations/describe @@ -0,0 +1,69 @@ +NAME + gcloud compute future-reservations describe - show details about a Compute + Engine future reservation + +SYNOPSIS + gcloud compute future-reservations describe + (FUTURE_RESERVATION : --zone=ZONE) [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Show details about a Compute Engine future reservation. + +EXAMPLES + To describe a given Compute Engine future reservation, run: + + $ gcloud compute future-reservations describe my-reservation \ + --zone=ZONE + +POSITIONAL ARGUMENTS + Future reservation resource - The name of the future reservation to + describe. The arguments in this group can be used to specify the + attributes of this resource. (NOTE) Some attributes are not given + arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument future_reservation on the command line with a + fully specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + FUTURE_RESERVATION + ID of the future reservation or fully qualified identifier for the + future reservation. + + To set the future_reservation attribute: + ▸ provide the argument future_reservation on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --zone=ZONE + The name of the Google Compute Engine zone. + + To set the zone attribute: + ▸ provide the argument future_reservation on the command line with + a fully specified name; + ▸ provide the argument --zone on the command line; + ▸ set the property compute/zone. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the compute/v1 API. The full documentation for this API + can be found at: https://cloud.google.com/compute/ + +NOTES + These variants are also available: + + $ gcloud alpha compute future-reservations describe + + $ gcloud beta compute future-reservations describe + diff --git a/gcloud/compute/future-reservations/help b/gcloud/compute/future-reservations/help new file mode 100644 index 000000000..00539551b --- /dev/null +++ b/gcloud/compute/future-reservations/help @@ -0,0 +1,43 @@ +NAME + gcloud compute future-reservations - manage Compute Engine future + reservations + +SYNOPSIS + gcloud compute future-reservations COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage Compute Engine future reservations. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + cancel + Cancel a Compute Engine future reservation. + + create + Create a Compute Engine reservation. + + delete + Delete a Compute Engine future reservation. + + describe + Show details about a Compute Engine future reservation. + + list + List Compute Engine future reservations. + + update + Update Compute Engine future reservations. + +NOTES + These variants are also available: + + $ gcloud alpha compute future-reservations + + $ gcloud beta compute future-reservations + diff --git a/gcloud/compute/future-reservations/list b/gcloud/compute/future-reservations/list new file mode 100644 index 000000000..b6b5af6a1 --- /dev/null +++ b/gcloud/compute/future-reservations/list @@ -0,0 +1,64 @@ +NAME + gcloud compute future-reservations list - list Compute Engine future + reservations + +SYNOPSIS + gcloud compute future-reservations list [--filter=EXPRESSION] + [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + List Compute Engine future reservations. + +EXAMPLES + To list all Compute Engine future reservations, run: + + $ gcloud compute future-reservations list my-future-reservation + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute future-reservations list + + $ gcloud beta compute future-reservations list + diff --git a/gcloud/compute/future-reservations/update b/gcloud/compute/future-reservations/update new file mode 100644 index 000000000..4ced7ab2f --- /dev/null +++ b/gcloud/compute/future-reservations/update @@ -0,0 +1,293 @@ +NAME + gcloud compute future-reservations update - update Compute Engine future + reservations + +SYNOPSIS + gcloud compute future-reservations update FUTURE_RESERVATION + [--[no-]auto-delete-auto-created-reservations] + [--deployment-type=DEPLOYMENT_TYPE] [--description=DESCRIPTION] + [--[no-]enable-emergent-maintenance] + [--planning-status=PLANNING_STATUS] + [--[no-]require-specific-reservation] + [--reservation-name=RESERVATION_NAME] + [--scheduling-type=SCHEDULING_TYPE] [--total-count=TOTAL_COUNT] + [--zone=ZONE] + [--auto-created-reservations-delete-time=AUTO_CREATED_RESERVATIONS_DELETE_TIME | --auto-created-reservations-duration=AUTO_CREATED_RESERVATIONS_DURATION] + [--clear-name-prefix | --name-prefix=NAME_PREFIX] + [--clear-share-settings + | --share-setting=SHARE_SETTING --share-with=PROJECT,[PROJECT,...]] + [--commitment-name=COMMITMENT_NAME --commitment-plan=COMMITMENT_PLAN + --previous-commitment-terms=PREVIOUS_COMMITMENT_TERMS] + [--machine-type=MACHINE_TYPE --min-cpu-platform=MIN_CPU_PLATFORM + --accelerator=[count=COUNT],[type=TYPE] + | --clear-accelerator --clear-local-ssd + | --local-ssd=[count=COUNT],[interface=INTERFACE],[size=SIZE]] + [--start-time=START_TIME --duration=DURATION | --end-time=END_TIME] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Update Compute Engine future reservations. + +EXAMPLES + To update total count, start and end time of a Compute Engine future + reservation in us-central1-a, run: + + $ gcloud compute future-reservations update my-future-reservation \ + --total-count=1000 --start-time=2021-11-10T07:00:00Z \ + --end-time=2021-12-10T07:00:00Z --zone=us-central1-a + +POSITIONAL ARGUMENTS + FUTURE_RESERVATION + Name of the future reservation to update. + +FLAGS + --[no-]auto-delete-auto-created-reservations + If specified, the auto-created reservations for a future reservation + are deleted at the end time (default) or at a specified delete time. + Use --auto-delete-auto-created-reservations to enable and + --no-auto-delete-auto-created-reservations to disable. + + --deployment-type=DEPLOYMENT_TYPE + The deployment type for the reserved capacity. DEPLOYMENT_TYPE must be + one of: + + DENSE + DENSE mode is for densely deployed reservation blocks. + FLEXIBLE + FLEXIBLE mode is for highly flexible, logical reservation blocks. + + --description=DESCRIPTION + An optional description of the future reservation to create. + + --[no-]enable-emergent-maintenance + Emergent maintenance flag for the reservation, which enrolls all the + underlying vms, hosts and SB infrastructure to receive emergent + maintenance notifications in advance. Use --enable-emergent-maintenance + to enable and --no-enable-emergent-maintenance to disable. + + --planning-status=PLANNING_STATUS + The planning status of the future reservation. The default value is + DRAFT. While in DRAFT, any changes to the future reservation's + properties will be allowed. If set to SUBMITTED, the future reservation + will submit and its procurementStatus will change to PENDING_APPROVAL. + Once the future reservation is pending approval, changes to the future + reservation's properties will not be allowed. PLANNING_STATUS must be + one of: + + DRAFT + Default planning status value. + SUBMITTED + Planning status value to immediately submit the future reservation. + + --[no-]require-specific-reservation + Indicate whether the auto-created reservations can be consumed by VMs + with "any reservation" defined. If enabled, then only VMs that target + the auto-created reservation by name using + --reservation-affinity=specific can consume from this reservation. + Auto-created reservations delivered with this flag enabled will inherit + the name of the future reservation. Use --require-specific-reservation + to enable and --no-require-specific-reservation to disable. + + --reservation-name=RESERVATION_NAME + Name of reservations where the capacity is provisioned at the time of + delivery of future reservations. If the reservation with the given name + does not exist already, it is created automatically at the time of + Approval with INACTIVE state till specified start-time. Either provide + the reservation_name or a name_prefix. + + --scheduling-type=SCHEDULING_TYPE + Maintenance for the reserved capacity. SCHEDULING_TYPE must be one of: + + GROUPED + In GROUPED mode, maintenance on all reserved instances is + synchronized. + INDEPENDENT + In INDEPENDENT mode, maintenance is not synchronized for this + reservation, and each instance has its own maintenance window. + + --total-count=TOTAL_COUNT + The total number of instances for which capacity assurance is requested + at a future time period. + + --zone=ZONE + Zone of the future reservation to update. If not specified and the + compute/zone property isn't set, you might be prompted to select a zone + (interactive mode only). + + To avoid prompting when this flag is omitted, you can set the + compute/zone property: + + $ gcloud config set compute/zone ZONE + + A list of zones can be fetched by running: + + $ gcloud compute zones list + + To unset the property, run: + + $ gcloud config unset compute/zone + + Alternatively, the zone can be stored in the environment variable + CLOUDSDK_COMPUTE_ZONE. + + Manage the auto-delete time properties. + + At most one of these can be specified: + + --auto-created-reservations-delete-time=AUTO_CREATED_RESERVATIONS_DELETE_TIME + Automatically deletes an auto-created reservations at a specific + time. The specified time must be an RFC3339 timestamp, which must be + formatted as "YYYY-MM-DDTHH:MM:SSZ" where YYYY = year, MM = month, DD + = day, HH = hours, MM = minutes, SS = seconds, and Z = time zone in + Coordinated Universal Time (UTC). For example, specify + 2021-11-20T07:00:00Z. + + --auto-created-reservations-duration=AUTO_CREATED_RESERVATIONS_DURATION + Automatically deletes an auto-created reservations after a specified + number of days, hours, minutes, or seconds. For example, specify 30m + for 30 minutes, or 1d2h3m4s for 1 day, 2 hours, 3 minutes, and 4 + seconds. For more information, see $ gcloud topic datetimes. + + Manage the name-prefix of a future reservation. + + At most one of these can be specified: + + --clear-name-prefix + Clears the name prefix for the system generated reservations. + + --name-prefix=NAME_PREFIX + A name prefix for the auto-created reservations when capacity is + delivered at the start time. Each auto-created reservation name + starts with the name prefix. + + Manage the properties of a shared future reservation. + + At most one of these can be specified: + + --clear-share-settings + Clear share settings on future reservation. This will result in + non-shared future reservation. + + Manage the share settings of a future reservation. + + --share-setting=SHARE_SETTING + Specify if this future reservation is shared, and if so, the type + of sharing. If you omit this flag, this value is local by default. + SHARE_SETTING must be one of: local, projects. + + --share-with=PROJECT,[PROJECT,...] + If this future reservation is shared, provide a comma-separated + list of projects that this future reservation is shared with. The + list must contain project IDs or project numbers. + + Manage the commitment info properties + + --commitment-name=COMMITMENT_NAME + Name of commitment covering the delivered reservation at the time of + delivery of future reservations. If not specified, it takes the name + of the future reservation. + + --commitment-plan=COMMITMENT_PLAN + The plan for this commitment to be created, which determines duration + and discount rate. The currently supported plans are TWELVE_MONTH (1 + year), and THIRTY_SIX_MONTH (3 years). COMMITMENT_PLAN must be one + of: TWELVE_MONTH, THIRTY_SIX_MONTH. + + --previous-commitment-terms=PREVIOUS_COMMITMENT_TERMS + Applicable only if future reservation will deliver to an existing + reservation with a ramp plan. When set to EXTEND, all associated + parent Committed Used Discount's end-date/term will be extended to + the end-time of this future reservation. Default is to extend + previous commitment's time to the end_time of the reservation. + PREVIOUS_COMMITMENT_TERMS must be (only one value is supported): + EXTEND. + + Manage the specific SKU reservation properties. + + --machine-type=MACHINE_TYPE + The type of machine (name only) that has a fixed number of vCPUs and + a fixed amount of memory. You can also specify a custom machine type + by using the pattern custom-number_of_CPUs-amount_of_memory-for + example, custom-32-29440. + + --min-cpu-platform=MIN_CPU_PLATFORM + Optional minimum CPU platform of the reservation to create. + + Manage the accelerators of a future reservation. + + At most one of these can be specified: + + --accelerator=[count=COUNT],[type=TYPE] + Manage the configuration of the type and number of accelerator + cards attached. + count + The number of accelerators to attach to each instance in the + reservation. + type + The specific type (e.g. nvidia-tesla-k80 for nVidia Tesla K80) + of accelerator to attach to instances in the reservation. Use + gcloud compute accelerator-types list to learn about all + available accelerator types. + + --clear-accelerator + Remove all accelerators from the future reservation. + + Manage the local ssd of a future reservation. + + At most one of these can be specified: + + --clear-local-ssd + Remove all local ssd information on the future reservation. + + --local-ssd=[count=COUNT],[interface=INTERFACE],[size=SIZE] + Manage the size and the interface of local SSD to use. See + https://cloud.google.com/compute/docs/disks/local-ssd for more + information. + interface + The kind of disk interface exposed to the VM for this SSD. + Valid values are scsi and nvme. SCSI is the default and is + supported by more guest operating systems. NVME may provide + higher performance. + size + The size of the local SSD in base-2 GB. + count + The number of local SSD to use per VM. If you don't specify + this argument, then the default value is 1. + + Manage the time specific properties for requesting future capacity + + --start-time=START_TIME + Start time of the Future Reservation. The start time must be an + RFC3339 valid string formatted by date, time, and timezone or + "YYYY-MM-DDTHH:MM:SSZ"; where YYYY = year, MM = month, DD = day, HH = + hours, MM = minutes, SS = seconds, and Z = timezone (i.e. + 2021-11-20T07:00:00Z). + + At most one of these can be specified: + + --duration=DURATION + Alternate way of specifying time in the number of seconds to + terminate capacity request relative to the start time of a request. + + --end-time=END_TIME + End time of the Future Reservation. The end time must be an RFC3339 + valid string formatted by date, time, and timezone or + "YYYY-MM-DDTHH:MM:SSZ"; where YYYY = year, MM = month, DD = day, HH + = hours, MM = minutes, SS = seconds, and Z = timezone (i.e. + 2021-11-20T07:00:00Z). + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute future-reservations update + + $ gcloud beta compute future-reservations update + diff --git a/gcloud/compute/help b/gcloud/compute/help index 9e0be46a5..760645f4e 100644 --- a/gcloud/compute/help +++ b/gcloud/compute/help @@ -60,6 +60,9 @@ GROUPS forwarding-rules Read and manipulate traffic forwarding rules to network load balancers. + future-reservations + Manage Compute Engine future reservations. + health-checks Read and manipulate health checks for load balanced instances. diff --git a/gcloud/compute/instances/create b/gcloud/compute/instances/create index af77e600c..f3d05cbdd 100644 --- a/gcloud/compute/instances/create +++ b/gcloud/compute/instances/create @@ -808,6 +808,12 @@ FLAGS VLAN ID of a Dynamic Network Interface, must be an integer in the range from 2 to 255 inclusively. + igmp-query + Determines if the Compute Engine Instance can receive and respond + to IGMP query packets on the specified network interface. + IGMP_QUERY must be one of: IGMP_QUERY_V2, IGMP_QUERY_DISABLED. It + is disabled by default. + --network-performance-configs=[PROPERTY=VALUE,...] Configures network performance settings for the instance. If this flag is not specified, the instance will be created with its default network diff --git a/gcloud/compute/instances/network-interfaces/update b/gcloud/compute/instances/network-interfaces/update index 60346692f..cae70e668 100644 --- a/gcloud/compute/instances/network-interfaces/update +++ b/gcloud/compute/instances/network-interfaces/update @@ -6,6 +6,7 @@ SYNOPSIS gcloud compute instances network-interfaces update INSTANCE_NAME [--aliases=ALIASES] [--external-ipv6-address=EXTERNAL_IPV6_ADDRESS] [--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH] + [--igmp-query=IGMP_QUERY] [--internal-ipv6-address=INTERNAL_IPV6_ADDRESS] [--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH] [--ipv6-network-tier=IPV6_NETWORK_TIER] [--network=NETWORK] @@ -58,6 +59,16 @@ FLAGS be used together with --external-ipv6-address. Currently only /96 is supported and the default value is 96. + --igmp-query=IGMP_QUERY + Determines if the Compute Engine instance can receive and respond to + IGMP query packets on the specified network interface. IGMP_QUERY must + be one of: + + IGMP_QUERY_DISABLED + IGMP Query on the network interface is disabled. + IGMP_QUERY_V2 + IGMP Query V2 on the network interface is enabled. + --internal-ipv6-address=INTERNAL_IPV6_ADDRESS Assigns the given internal IPv6 address or range to an instance. The address must be the first IP address in the range or a /96 IP address diff --git a/gcloud/compute/reservations/sub-blocks/describe b/gcloud/compute/reservations/sub-blocks/describe index 04695e469..336a39db9 100644 --- a/gcloud/compute/reservations/sub-blocks/describe +++ b/gcloud/compute/reservations/sub-blocks/describe @@ -4,8 +4,9 @@ NAME SYNOPSIS gcloud compute reservations sub-blocks describe RESERVATION - --block-name=BLOCK_NAME --sub-block-name=SUB_BLOCK_NAME [--zone=ZONE] - [GCLOUD_WIDE_FLAG ...] + --block-name=BLOCK_NAME --sub-block-name=SUB_BLOCK_NAME + [--full-view=FULL_VIEW; default="SUB_BLOCK_VIEW_UNSPECIFIED"] + [--zone=ZONE] [GCLOUD_WIDE_FLAG ...] DESCRIPTION Describe a Compute Engine reservation sub-block. @@ -30,6 +31,14 @@ REQUIRED FLAGS The name of the reservation sub block. OPTIONAL FLAGS + --full-view=FULL_VIEW; default="SUB_BLOCK_VIEW_UNSPECIFIED" + The view type for the reservation sub-block. FULL_VIEW must be one of: + + SUB_BLOCK_VIEW_BASIC + Basic default view of the reservation sub-block. + SUB_BLOCK_VIEW_FULL + Full detailed view of the reservation sub-block. + --zone=ZONE Zone of the reservation to describe. If not specified and the compute/zone property isn't set, you might be prompted to select a zone diff --git a/gcloud/compute/tpus/help b/gcloud/compute/tpus/help index 2b26d9382..dba3fe877 100644 --- a/gcloud/compute/tpus/help +++ b/gcloud/compute/tpus/help @@ -2,7 +2,7 @@ NAME gcloud compute tpus - list, create, and delete Cloud TPUs SYNOPSIS - gcloud compute tpus GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] + gcloud compute tpus GROUP [GCLOUD_WIDE_FLAG ...] DESCRIPTION List, create, and delete Cloud TPUs. diff --git a/gcloud/container/clusters/create b/gcloud/container/clusters/create index 92bbb3e52..055ecd471 100644 --- a/gcloud/container/clusters/create +++ b/gcloud/container/clusters/create @@ -13,6 +13,7 @@ SYNOPSIS [--alpha-cluster-feature-gates=[FEATURE=true|false,...]] [--anonymous-authentication-config=ANONYMOUS_AUTHENTICATION_CONFIG] [--async] [--auto-monitoring-scope=AUTO_MONITORING_SCOPE] + [--autopilot-workload-policies=WORKLOAD_POLICIES] [--autoprovisioning-enable-insecure-kubelet-readonly-port] [--autoprovisioning-network-tags=TAGS,[TAGS,...]] [--autoprovisioning-resource-manager-tags=[KEY=VALUE,...]] @@ -272,6 +273,16 @@ FLAGS NONE: Disables Auto-Monitoring. AUTO_MONITORING_SCOPE must be one of: ALL, NONE. + --autopilot-workload-policies=WORKLOAD_POLICIES + Add Autopilot workload policies to the cluster. + + Examples: + + $ gcloud container clusters create example-cluster \ + --autopilot-workload-policies=allow-net-admin + + The only supported workload policy is 'allow-net-admin'. + --autoprovisioning-enable-insecure-kubelet-readonly-port Enables the Kubelet's insecure read only port for Autoprovisioned Node Pools. diff --git a/gcloud/container/clusters/update b/gcloud/container/clusters/update index f9c4b3ecd..91249a3de 100644 --- a/gcloud/container/clusters/update +++ b/gcloud/container/clusters/update @@ -5,6 +5,7 @@ NAME SYNOPSIS gcloud container clusters update NAME (--anonymous-authentication-config=ANONYMOUS_AUTHENTICATION_CONFIG + | --autopilot-workload-policies=WORKLOAD_POLICIES | --autoprovisioning-cgroup-mode=AUTOPROVISIONING_CGROUP_MODE | --autoprovisioning-enable-insecure-kubelet-readonly-port | --autoprovisioning-network-tags=[TAGS,...] @@ -38,7 +39,9 @@ SYNOPSIS | --notification-config=[pubsub=ENABLED|DISABLED, pubsub-topic=TOPIC,...] | --patch-update=[PATCH_UPDATE] | --private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE - | --release-channel=CHANNEL | --remove-labels=[KEY,...] + | --release-channel=CHANNEL + | --remove-autopilot-workload-policies=REMOVE_WORKLOAD_POLICIES + | --remove-labels=[KEY,...] | --remove-workload-policies=REMOVE_WORKLOAD_POLICIES | --security-group=SECURITY_GROUP | --security-posture=SECURITY_POSTURE | --set-password @@ -156,6 +159,16 @@ REQUIRED FLAGS to the health check endpoints are allowed anonymously, all other calls will be rejected. + --autopilot-workload-policies=WORKLOAD_POLICIES + Add Autopilot workload policies to the cluster. + + Examples: + + $ gcloud container clusters update example-cluster \ + --autopilot-workload-policies=allow-net-admin + + The only supported workload policy is 'allow-net-admin'. + --autoprovisioning-cgroup-mode=AUTOPROVISIONING_CGROUP_MODE Sets the cgroup mode for auto-provisioned nodes. @@ -673,6 +686,16 @@ REQUIRED FLAGS Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. + --remove-autopilot-workload-policies=REMOVE_WORKLOAD_POLICIES + Remove Autopilot workload policies from the cluster. + + Examples: + + $ gcloud container clusters update example-cluster \ + --remove-autopilot-workload-policies=allow-net-admin + + The only supported workload policy is 'allow-net-admin'. + --remove-labels=[KEY,...] Labels to remove from the Google Cloud resources in use by the Kubernetes Engine cluster. These are unrelated to Kubernetes labels. diff --git a/gcloud/database-migration/migration-jobs/create b/gcloud/database-migration/migration-jobs/create index 7dc828779..173b76525 100644 --- a/gcloud/database-migration/migration-jobs/create +++ b/gcloud/database-migration/migration-jobs/create @@ -8,11 +8,12 @@ SYNOPSIS --source=SOURCE --type=TYPE [--no-async] [--commit-id=COMMIT_ID] [--conversion-workspace=CONVERSION_WORKSPACE] [--display-name=DISPLAY_NAME] - [--dump-parallel-level=DUMP_PARALLEL_LEVEL] [--dump-path=DUMP_PATH] - [--dump-type=DUMP_TYPE] [--filter=FILTER] [--labels=[KEY=VALUE,...]] + [--dump-parallel-level=DUMP_PARALLEL_LEVEL] [--dump-type=DUMP_TYPE] + [--filter=FILTER] [--labels=[KEY=VALUE,...]] [--all-databases | --databases-filter=databaseName,[...]] [--cmek-key=CMEK_KEY : --cmek-keyring=CMEK_KEYRING --cmek-project=CMEK_PROJECT] + [--dump-flags=[KEY=VALUE,...] | --dump-path=DUMP_PATH] [--max-concurrent-cdc-connections=MAX_CONCURRENT_CDC_CONNECTIONS --max-concurrent-full-dump-connections=MAX_CONCURRENT_FULL_DUMP_CONNECTIONS --skip-full-dump --oracle-cdc-start-position=ORACLE_CDC_START_POSITION | --sqlserver-cdc-start-position=SQLSERVER_CDC_START_POSITION --max-concurrent-destination-connections=MAX_CONCURRENT_DESTINATION_CONNECTIONS --transaction-timeout=TRANSACTION_TIMEOUT] [--peer-vpc=PEER_VPC | --static-ip @@ -200,10 +201,6 @@ OPTIONAL FLAGS specified, will be defaulted to OPTIMAL. DUMP_PARALLEL_LEVEL must be one of: MIN, OPTIMAL, MAX. - --dump-path=DUMP_PATH - Path to the dump file in Google Cloud Storage, in the format: - gs://[BUCKET_NAME]/[OBJECT_NAME]. - --dump-type=DUMP_TYPE The type of the data dump. Currently applicable for MySQL to MySQL migrations only. DUMP_TYPE must be one of: LOGICAL, PHYSICAL. @@ -274,6 +271,16 @@ OPTIONAL FLAGS specified name; ▸ provide the argument --cmek-project on the command line. + At most one of these can be specified: + + --dump-flags=[KEY=VALUE,...] + A list of dump flags. An object containing a list of "key": "value" + pairs. + + --dump-path=DUMP_PATH + Path to the dump file in Google Cloud Storage, in the format: + gs://[BUCKET_NAME]/[OBJECT_NAME]. + The heterogeneous migration config. This is used only for Oracle to Cloud SQL for PostgreSQL and SQL Server to Cloud SQL for PostgreSQL migrations. diff --git a/gcloud/database-migration/migration-jobs/update b/gcloud/database-migration/migration-jobs/update index adc05a836..a0ffe40b4 100644 --- a/gcloud/database-migration/migration-jobs/update +++ b/gcloud/database-migration/migration-jobs/update @@ -6,11 +6,12 @@ SYNOPSIS gcloud database-migration migration-jobs update (MIGRATION_JOB : --region=REGION) [--no-async] [--commit-id=COMMIT_ID] [--destination=DESTINATION] [--display-name=DISPLAY_NAME] - [--dump-parallel-level=DUMP_PARALLEL_LEVEL] [--dump-path=DUMP_PATH] - [--dump-type=DUMP_TYPE] [--filter=FILTER] [--source=SOURCE] - [--type=TYPE] [--update-labels=[KEY=VALUE,...]] + [--dump-parallel-level=DUMP_PARALLEL_LEVEL] [--dump-type=DUMP_TYPE] + [--filter=FILTER] [--source=SOURCE] [--type=TYPE] + [--update-labels=[KEY=VALUE,...]] [--all-databases | --databases-filter=databaseName,[...]] [--clear-labels | --remove-labels=[KEY,...]] + [--dump-flags=[KEY=VALUE,...] | --dump-path=DUMP_PATH] [--max-concurrent-cdc-connections=MAX_CONCURRENT_CDC_CONNECTIONS --max-concurrent-full-dump-connections=MAX_CONCURRENT_FULL_DUMP_CONNECTIONS --max-concurrent-destination-connections=MAX_CONCURRENT_DESTINATION_CONNECTIONS --transaction-timeout=TRANSACTION_TIMEOUT] [--peer-vpc=PEER_VPC | --static-ip @@ -111,10 +112,6 @@ FLAGS specified, will be defaulted to OPTIMAL. DUMP_PARALLEL_LEVEL must be one of: MIN, OPTIMAL, MAX. - --dump-path=DUMP_PATH - Path to the dump file in Google Cloud Storage, in the format: - gs://[BUCKET_NAME]/[OBJECT_NAME]. - --dump-type=DUMP_TYPE The type of the data dump. Currently applicable for MySQL to MySQL migrations only. DUMP_TYPE must be one of: LOGICAL, PHYSICAL. @@ -197,6 +194,16 @@ FLAGS silently ignored. If --update-labels is also specified then --update-labels is applied first. + At most one of these can be specified: + + --dump-flags=[KEY=VALUE,...] + A list of dump flags. An object containing a list of "key": "value" + pairs. + + --dump-path=DUMP_PATH + Path to the dump file in Google Cloud Storage, in the format: + gs://[BUCKET_NAME]/[OBJECT_NAME]. + The heterogeneous migration config. This is used only for Oracle to Cloud SQL for PostgreSQL and SQL Server to Cloud SQL for PostgreSQL migrations. diff --git a/gcloud/iam/workforce-pools/providers/create-oidc b/gcloud/iam/workforce-pools/providers/create-oidc index abb616797..015ee422d 100644 --- a/gcloud/iam/workforce-pools/providers/create-oidc +++ b/gcloud/iam/workforce-pools/providers/create-oidc @@ -13,7 +13,7 @@ SYNOPSIS [--async] [--attribute-condition=ATTRIBUTE_CONDITION] [--client-secret-value=CLIENT_SECRET_VALUE] [--description=DESCRIPTION] [--detailed-audit-logging] [--disabled] [--display-name=DISPLAY_NAME] - [--jwk-json-path=PATH_TO_FILE] + [--jwk-json-path=PATH_TO_FILE] [--scim-usage=SCIM_USAGE] [--extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE : --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER] [--extra-attributes-client-id=EXTRA_ATTRIBUTES_CLIENT_ID @@ -276,69 +276,117 @@ OPTIONAL FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. - *--extended-attributes-client-id*=_EXTENDED_ATTRIBUTES_CLIENT_ID_:: + --scim-usage=SCIM_USAGE + Specifies whether the workforce identity pool provider uses + SCIM-managed groups instead of the google.groups attribute mapping for + authorization checks. - The OAuth 2.0 client ID for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + The scim_usage and extended_attributes_oauth2_client fields are + mutually exclusive. A request that enables both fields on the same + workforce identity pool provider will produce an error. - *--extended-attributes-client-secret-value*=_EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE_:: + Use enabled-for-groups to enable SCIM-managed groups. Use + scim-usage-unspecified to disable SCIM-managed groups. - The OAuth 2.0 client secret for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + SCIM_USAGE must be one of: enabled-for-groups, scim-usage-unspecified. - *--extended-attributes-issuer-uri*=_EXTENDED_ATTRIBUTES_ISSUER_URI_:: + --extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extended attributes from the + identity provider. Required to get extended group memberships for a + subset of Google Cloud products. - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. + --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extended attributes from the + identity provider. Required to get extended group memberships for a + subset of Google Cloud products. - *--extended-attributes-type*=_EXTENDED_ATTRIBUTES_TYPE_:: + --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - Represents the identity provider and type of claims that should be fetched. _EXTENDED_ATTRIBUTES_TYPE_ must be (only one value is supported): *azure-ad-groups-id*. + --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTENDED_ATTRIBUTES_TYPE must be (only one value is + supported): azure-ad-groups-id. - *--extended-attributes-filter*=_EXTENDED_ATTRIBUTES_FILTER_:: + --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using [Keyword + Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based + on the value of attributes_type. Values passed to filter are converted + to $search query parameters. Additional $filter query parameters cannot + be added using this field. - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. + ◆ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. + --extra-attributes-client-id=EXTRA_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - *--extra-attributes-client-id*=_EXTRA_ATTRIBUTES_CLIENT_ID_:: + --extra-attributes-client-secret-value=EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. + --extra-attributes-issuer-uri=EXTRA_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - *--extra-attributes-client-secret-value*=_EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE_:: + --extra-attributes-type=EXTRA_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTRA_ATTRIBUTES_TYPE must be one of: azure-ad-groups-mail, + azure-ad-groups-id. - The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. + --extra-attributes-filter=EXTRA_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using [Keyword + Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - *--extra-attributes-issuer-uri*=_EXTRA_ATTRIBUTES_ISSUER_URI_:: + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based + on the value of attributes_type. Values passed to filter are converted + to $search query parameters. Additional $filter query parameters cannot + be added using this field. - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. - - *--extra-attributes-type*=_EXTRA_ATTRIBUTES_TYPE_:: - - Represents the identity provider and type of claims that should be fetched. _EXTRA_ATTRIBUTES_TYPE_ must be one of: *azure-ad-groups-mail*, *azure-ad-groups-id*. - - *--extra-attributes-filter*=_EXTRA_ATTRIBUTES_FILTER_:: - - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). - - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. - - * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `securityEnabled` filters are applied. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. + ◆ AZURE_AD_GROUPS_MAIL: mailEnabled and securityEnabled filters are + applied. + ◆ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1 API. The full documentation for this API can + be found at: https://cloud.google.com/iam/ NOTES - These variants are also available: + These variants are also available: - $ gcloud alpha iam workforce-pools providers create-oidc + $ gcloud alpha iam workforce-pools providers create-oidc - $ gcloud beta iam workforce-pools providers create-oidc + $ gcloud beta iam workforce-pools providers create-oidc diff --git a/gcloud/iam/workforce-pools/providers/create-saml b/gcloud/iam/workforce-pools/providers/create-saml index c2640c85c..6bcd89593 100644 --- a/gcloud/iam/workforce-pools/providers/create-saml +++ b/gcloud/iam/workforce-pools/providers/create-saml @@ -8,7 +8,7 @@ SYNOPSIS --attribute-mapping=[KEY=VALUE,...] --idp-metadata-path=PATH_TO_FILE [--async] [--attribute-condition=ATTRIBUTE_CONDITION] [--description=DESCRIPTION] [--detailed-audit-logging] [--disabled] - [--display-name=DISPLAY_NAME] + [--display-name=DISPLAY_NAME] [--scim-usage=SCIM_USAGE] [--extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE : --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER] [--extra-attributes-client-id=EXTRA_ATTRIBUTES_CLIENT_ID @@ -198,6 +198,20 @@ OPTIONAL FLAGS A display name for the workforce pool provider. Cannot exceed 32 characters in length. + --scim-usage=SCIM_USAGE + Specifies whether the workforce identity pool provider uses + SCIM-managed groups instead of the google.groups attribute mapping for + authorization checks. + + The scim_usage and extended_attributes_oauth2_client fields are + mutually exclusive. A request that enables both fields on the same + workforce identity pool provider will produce an error. + + Use enabled-for-groups to enable SCIM-managed groups. Use + scim-usage-unspecified to disable SCIM-managed groups. + + SCIM_USAGE must be one of: enabled-for-groups, scim-usage-unspecified. + --extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID The OAuth 2.0 client ID for retrieving extended attributes from the identity provider. Required to get extended group memberships for a diff --git a/gcloud/iam/workforce-pools/providers/scim-tenants/create b/gcloud/iam/workforce-pools/providers/scim-tenants/create index d4e3ee38f..835fa78f1 100644 --- a/gcloud/iam/workforce-pools/providers/scim-tenants/create +++ b/gcloud/iam/workforce-pools/providers/scim-tenants/create @@ -18,20 +18,22 @@ DESCRIPTION EXAMPLES To create a SCIM tenant with ID my-tenant under provider my-okta-provider - in pool my-pool located in global: + in pool my-pool located in global with claim mappings: $ gcloud iam workforce-pools providers scim-tenants create \ my-tenant --location=global --workforce-pool=my-pool \ - --provider=my-okta-provider + --provider=my-okta-provider \ + --claim-mapping="google.subject=user.externalId,google.group=gro\ + up.externalId" To create a SCIM tenant sales-tenant under provider salesforce in pool - partner-pool located in europe-west1 with specific claim mappings: + partner-pool located in europe-west1 with claim mappings: $ gcloud iam workforce-pools providers scim-tenants create \ sales-tenant --location=europe-west1 \ --workforce-pool=partner-pool --provider=salesforce \ - --claim-mapping="google.subject=salesforce_id,assertion.groups=m\ - emberOf" + --claim-mapping="google.subject=user.externalId,google.group=gro\ + up.externalId" POSITIONAL ARGUMENTS Workforce pool provider scim tenant resource - The ID of the SCIM tenant diff --git a/gcloud/iam/workforce-pools/providers/update-oidc b/gcloud/iam/workforce-pools/providers/update-oidc index 0e22b677a..412b58b9c 100644 --- a/gcloud/iam/workforce-pools/providers/update-oidc +++ b/gcloud/iam/workforce-pools/providers/update-oidc @@ -9,7 +9,7 @@ SYNOPSIS [--attribute-mapping=[KEY=VALUE,...]] [--client-id=CLIENT_ID] [--description=DESCRIPTION] [--detailed-audit-logging] [--disabled] [--display-name=DISPLAY_NAME] [--issuer-uri=ISSUER_URI] - [--jwk-json-path=PATH_TO_FILE] + [--jwk-json-path=PATH_TO_FILE] [--scim-usage=SCIM_USAGE] [--web-sso-additional-scopes=[WEB_SSO_ADDITIONAL_SCOPES,...]] [--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR] [--web-sso-response-type=WEB_SSO_RESPONSE_TYPE] @@ -228,115 +228,164 @@ FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. - *--web-sso-additional-scopes*=[_WEB_SSO_ADDITIONAL_SCOPES_,...]:: + --scim-usage=SCIM_USAGE + Specifies whether the workforce identity pool provider uses + SCIM-managed groups instead of the google.groups attribute mapping for + authorization checks. - Additional scopes to request for the OIDC authentication on - top of scopes requested by default. By default, the `openid`, `profile` - and `email` scopes that are supported by the identity provider are - requested. + The scim_usage and extended_attributes_oauth2_client fields are + mutually exclusive. A request that enables both fields on the same + workforce identity pool provider will produce an error. - Each additional scope may be at most 256 - characters. A maximum of 10 additional scopes may be configured. + Use enabled-for-groups to enable SCIM-managed groups. Use + scim-usage-unspecified to disable SCIM-managed groups. - *--web-sso-assertion-claims-behavior*=_WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR_:: + SCIM_USAGE must be one of: enabled-for-groups, scim-usage-unspecified. - The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition. - Use `merge-user-info-over-id-token-claims` to merge the UserInfo Endpoint Claims with ID Token - Claims, preferring UserInfo Claim Values for the same Claim Name. Currently this option is only - available for Authorization Code flow. - Use `only-id-token-claims` to include only ID token claims. _WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR_ must be one of: *assertion-claims-behavior-unspecified*, *merge-user-info-over-id-token-claims*, *only-id-token-claims*. + --web-sso-additional-scopes=[WEB_SSO_ADDITIONAL_SCOPES,...] + Additional scopes to request for the OIDC authentication on top of + scopes requested by default. By default, the openid, profile and email + scopes that are supported by the identity provider are requested. - *--web-sso-response-type*=_WEB_SSO_RESPONSE_TYPE_:: + Each additional scope may be at most 256 characters. A maximum of 10 + additional scopes may be configured. - Response Type to request for in the OIDC Authorization Request for web sign-in. - Use `code` to select the authorization code flow (https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) - Use `id-token` to select the implicit flow (https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth). _WEB_SSO_RESPONSE_TYPE_ must be one of: *code*, *id-token*, *response-type-unspecified*. + --web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR + The behavior for how OIDC Claims are included in the assertion object + used for attribute mapping and attribute condition. Use + merge-user-info-over-id-token-claims to merge the UserInfo Endpoint + Claims with ID Token Claims, preferring UserInfo Claim Values for the + same Claim Name. Currently this option is only available for + Authorization Code flow. Use only-id-token-claims to include only ID + token claims. WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR must be one of: + assertion-claims-behavior-unspecified, + merge-user-info-over-id-token-claims, only-id-token-claims. - :: At most one of these can be specified: + --web-sso-response-type=WEB_SSO_RESPONSE_TYPE + Response Type to request for in the OIDC Authorization Request for web + sign-in. Use code to select the authorization code flow + (https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) + Use id-token to select the implicit flow + (https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth). + WEB_SSO_RESPONSE_TYPE must be one of: code, id-token, + response-type-unspecified. - *--clear-client-secret*::: + At most one of these can be specified: - Clear the OIDC client secret. + --clear-client-secret + Clear the OIDC client secret. - *--client-secret-value*=_CLIENT_SECRET_VALUE_::: + --client-secret-value=CLIENT_SECRET_VALUE + The OIDC client secret. Required to enable Authorization Code flow + for web sign-in. - The OIDC client secret. Required to enable Authorization Code flow for web sign-in. + At most one of these can be specified: - :: At most one of these can be specified: + --clear-extended-attributes-config + Clear the extended attributes configuration. - *--clear-extended-attributes-config*::: + --extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extended attributes from the + identity provider. Required to get extended group memberships for a + subset of Google Cloud products. - Clear the extended attributes configuration. + --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extended attributes from + the identity provider. Required to get extended group memberships for + a subset of Google Cloud products. - *--extended-attributes-client-id*=_EXTENDED_ATTRIBUTES_CLIENT_ID_::: + --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using + [Keyword Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - The OAuth 2.0 client ID for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), + based on the value of attributes_type. Values passed to filter are + converted to $search query parameters. Additional $filter query + parameters cannot be added using this field. - *--extended-attributes-client-secret-value*=_EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE_::: + ▸ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. - The OAuth 2.0 client secret for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products. + --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - *--extended-attributes-filter*=_EXTENDED_ATTRIBUTES_FILTER_::: + --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTENDED_ATTRIBUTES_TYPE must be (only one value is + supported): azure-ad-groups-id. - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). + At most one of these can be specified: - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. + --clear-extra-attributes-config + Clear the extra attributes configuration. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. + --extra-attributes-client-id=EXTRA_ATTRIBUTES_CLIENT_ID + The OAuth 2.0 client ID for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - *--extended-attributes-issuer-uri*=_EXTENDED_ATTRIBUTES_ISSUER_URI_::: + --extra-attributes-client-secret-value=EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE + The OAuth 2.0 client secret for retrieving extra attributes from the + identity provider. Required to get the access token using client + credentials grant flow. - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. + --extra-attributes-filter=EXTRA_ATTRIBUTES_FILTER + The filter used to request specific records from the IdP. By default, + all of the groups that are associated with a user are fetched. For + Microsoft Entra ID, you can add $search query parameters using + [Keyword Query Language] + (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). + To learn more about $search querying in Microsoft Entra ID, see [Use + the $search query parameter] + (https://learn.microsoft.com/en-us/graph/search-query-parameter). - *--extended-attributes-type*=_EXTENDED_ATTRIBUTES_TYPE_::: + Additionally, Workforce Identity Federation automatically adds the + following [$filter query parameters] + (https://learn.microsoft.com/en-us/graph/filter-query-parameter), + based on the value of attributes_type. Values passed to filter are + converted to $search query parameters. Additional $filter query + parameters cannot be added using this field. - Represents the identity provider and type of claims that should be fetched. _EXTENDED_ATTRIBUTES_TYPE_ must be (only one value is supported): *azure-ad-groups-id*. + ▸ AZURE_AD_GROUPS_MAIL: mailEnabled and securityEnabled filters are + applied. + ▸ AZURE_AD_GROUPS_ID: securityEnabled filter is applied. - :: At most one of these can be specified: + --extra-attributes-issuer-uri=EXTRA_ATTRIBUTES_ISSUER_URI + OIDC identity provider's issuer URI. Must be a valid URI using the + https scheme. Required to get the OIDC discovery document. - *--clear-extra-attributes-config*::: - - Clear the extra attributes configuration. - - *--extra-attributes-client-id*=_EXTRA_ATTRIBUTES_CLIENT_ID_::: - - The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. - - *--extra-attributes-client-secret-value*=_EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUE_::: - - The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow. - - *--extra-attributes-filter*=_EXTRA_ATTRIBUTES_FILTER_::: - - The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). - - Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. - - * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `securityEnabled` filters are applied. - * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. - - *--extra-attributes-issuer-uri*=_EXTRA_ATTRIBUTES_ISSUER_URI_::: - - OIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document. - - *--extra-attributes-type*=_EXTRA_ATTRIBUTES_TYPE_::: - - Represents the identity provider and type of claims that should be fetched. _EXTRA_ATTRIBUTES_TYPE_ must be one of: *azure-ad-groups-mail*, *azure-ad-groups-id*. + --extra-attributes-type=EXTRA_ATTRIBUTES_TYPE + Represents the identity provider and type of claims that should be + fetched. EXTRA_ATTRIBUTES_TYPE must be one of: azure-ad-groups-mail, + azure-ad-groups-id. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1 API. The full documentation for this API can + be found at: https://cloud.google.com/iam/ NOTES - These variants are also available: + These variants are also available: - $ gcloud alpha iam workforce-pools providers update-oidc + $ gcloud alpha iam workforce-pools providers update-oidc - $ gcloud beta iam workforce-pools providers update-oidc + $ gcloud beta iam workforce-pools providers update-oidc diff --git a/gcloud/iam/workforce-pools/providers/update-saml b/gcloud/iam/workforce-pools/providers/update-saml index 52ced8a51..60fb03825 100644 --- a/gcloud/iam/workforce-pools/providers/update-saml +++ b/gcloud/iam/workforce-pools/providers/update-saml @@ -8,7 +8,7 @@ SYNOPSIS [--async] [--attribute-condition=ATTRIBUTE_CONDITION] [--attribute-mapping=[KEY=VALUE,...]] [--description=DESCRIPTION] [--detailed-audit-logging] [--disabled] [--display-name=DISPLAY_NAME] - [--idp-metadata-path=PATH_TO_FILE] + [--idp-metadata-path=PATH_TO_FILE] [--scim-usage=SCIM_USAGE] [--clear-extended-attributes-config | --extended-attributes-client-id=EXTENDED_ATTRIBUTES_CLIENT_ID --extended-attributes-client-secret-value=EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUE --extended-attributes-filter=EXTENDED_ATTRIBUTES_FILTER --extended-attributes-issuer-uri=EXTENDED_ATTRIBUTES_ISSUER_URI --extended-attributes-type=EXTENDED_ATTRIBUTES_TYPE] @@ -199,6 +199,20 @@ FLAGS Use a full or relative path to a local file containing the value of idp_metadata_path. + --scim-usage=SCIM_USAGE + Specifies whether the workforce identity pool provider uses + SCIM-managed groups instead of the google.groups attribute mapping for + authorization checks. + + The scim_usage and extended_attributes_oauth2_client fields are + mutually exclusive. A request that enables both fields on the same + workforce identity pool provider will produce an error. + + Use enabled-for-groups to enable SCIM-managed groups. Use + scim-usage-unspecified to disable SCIM-managed groups. + + SCIM_USAGE must be one of: enabled-for-groups, scim-usage-unspecified. + At most one of these can be specified: --clear-extended-attributes-config diff --git a/gcloud/iam/workload-identity-pools/providers/create-aws b/gcloud/iam/workload-identity-pools/providers/create-aws index 1c460afee..13b89e5ad 100644 --- a/gcloud/iam/workload-identity-pools/providers/create-aws +++ b/gcloud/iam/workload-identity-pools/providers/create-aws @@ -139,7 +139,7 @@ OPTIONAL FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. diff --git a/gcloud/iam/workload-identity-pools/providers/create-oidc b/gcloud/iam/workload-identity-pools/providers/create-oidc index 8775cdd40..f52b1023d 100644 --- a/gcloud/iam/workload-identity-pools/providers/create-oidc +++ b/gcloud/iam/workload-identity-pools/providers/create-oidc @@ -113,7 +113,7 @@ REQUIRED FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. @@ -224,20 +224,25 @@ OPTIONAL FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1 API. The full documentation for this API can + be found at: https://cloud.google.com/iam/ NOTES - These variants are also available: + These variants are also available: - $ gcloud alpha iam workload-identity-pools providers create-oidc + $ gcloud alpha iam workload-identity-pools providers create-oidc - $ gcloud beta iam workload-identity-pools providers create-oidc + $ gcloud beta iam workload-identity-pools providers create-oidc diff --git a/gcloud/iam/workload-identity-pools/providers/create-saml b/gcloud/iam/workload-identity-pools/providers/create-saml index 3806c98ca..d9b4c3653 100644 --- a/gcloud/iam/workload-identity-pools/providers/create-saml +++ b/gcloud/iam/workload-identity-pools/providers/create-saml @@ -110,7 +110,7 @@ REQUIRED FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. diff --git a/gcloud/iam/workload-identity-pools/providers/create-x509 b/gcloud/iam/workload-identity-pools/providers/create-x509 index b03ec9789..6ce9eec9e 100644 --- a/gcloud/iam/workload-identity-pools/providers/create-x509 +++ b/gcloud/iam/workload-identity-pools/providers/create-x509 @@ -151,7 +151,7 @@ OPTIONAL FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. diff --git a/gcloud/iam/workload-identity-pools/providers/update-aws b/gcloud/iam/workload-identity-pools/providers/update-aws index fca3b8010..dd40c0956 100644 --- a/gcloud/iam/workload-identity-pools/providers/update-aws +++ b/gcloud/iam/workload-identity-pools/providers/update-aws @@ -138,7 +138,7 @@ FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. diff --git a/gcloud/iam/workload-identity-pools/providers/update-oidc b/gcloud/iam/workload-identity-pools/providers/update-oidc index 512579b85..b3af27273 100644 --- a/gcloud/iam/workload-identity-pools/providers/update-oidc +++ b/gcloud/iam/workload-identity-pools/providers/update-oidc @@ -153,7 +153,7 @@ FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. @@ -223,20 +223,25 @@ FLAGS } ] } - ```. Use a full or relative path to a local file containing the value of jwk_json_path. + . Use a full or relative path to a local file containing the value of + jwk_json_path. GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. - Run *$ gcloud help* for details. + Run $ gcloud help for details. API REFERENCE - This command uses the *iam/v1* API. The full documentation for this API can be found at: https://cloud.google.com/iam/ + This command uses the iam/v1 API. The full documentation for this API can + be found at: https://cloud.google.com/iam/ NOTES - These variants are also available: + These variants are also available: - $ gcloud alpha iam workload-identity-pools providers update-oidc + $ gcloud alpha iam workload-identity-pools providers update-oidc - $ gcloud beta iam workload-identity-pools providers update-oidc + $ gcloud beta iam workload-identity-pools providers update-oidc diff --git a/gcloud/iam/workload-identity-pools/providers/update-saml b/gcloud/iam/workload-identity-pools/providers/update-saml index aec99f885..85ffbb3f0 100644 --- a/gcloud/iam/workload-identity-pools/providers/update-saml +++ b/gcloud/iam/workload-identity-pools/providers/update-saml @@ -137,7 +137,7 @@ FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. diff --git a/gcloud/iam/workload-identity-pools/providers/update-x509 b/gcloud/iam/workload-identity-pools/providers/update-x509 index fd278bb86..c936ceb14 100644 --- a/gcloud/iam/workload-identity-pools/providers/update-x509 +++ b/gcloud/iam/workload-identity-pools/providers/update-x509 @@ -138,7 +138,7 @@ FLAGS ◆ attribute.{custom_attribute}: principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value} - Each value must be a [Common Expression Language] + Each value must be a Common Expression Language (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. diff --git a/gcloud/network-connectivity/hubs/accept-spoke b/gcloud/network-connectivity/hubs/accept-spoke index 25d717da8..92af9671c 100644 --- a/gcloud/network-connectivity/hubs/accept-spoke +++ b/gcloud/network-connectivity/hubs/accept-spoke @@ -14,8 +14,8 @@ EXAMPLES To accept a spoke named my-spoke into a hub named my-hub, run: $ gcloud network-connectivity hubs accept-spoke my-hub \ - --spoke="https://networkconnectivity.googleapis.com/v1/projects/\ - spoke-project/locations/global/spokes/my-spoke" + --spoke="https://networkconnectivity.googleapis.com/v1/projects/\ + spoke-project/locations/global/spokes/my-spoke" POSITIONAL ARGUMENTS Hub resource - Name of the hub to accept the spoke into. This represents a diff --git a/gcloud/network-security/firewall-endpoints/create b/gcloud/network-security/firewall-endpoints/create index 13387bd1b..8196210dd 100644 --- a/gcloud/network-security/firewall-endpoints/create +++ b/gcloud/network-security/firewall-endpoints/create @@ -6,8 +6,8 @@ SYNOPSIS gcloud network-security firewall-endpoints create (FIREWALL_ENDPOINT : --organization=ORGANIZATION --zone=ZONE) --billing-project=BILLING_PROJECT [--async] [--description=DESCRIPTION] - [--labels=[KEY=VALUE,...]] [--max-wait=MAX_WAIT; default="60m"] - [GCLOUD_WIDE_FLAG ...] + [--enable-jumbo-frames] [--labels=[KEY=VALUE,...]] + [--max-wait=MAX_WAIT; default="60m"] [GCLOUD_WIDE_FLAG ...] DESCRIPTION Create a firewall endpoint. Successful creation of an endpoint results in @@ -70,6 +70,10 @@ OPTIONAL FLAGS --description=DESCRIPTION Description of the endpoint + --enable-jumbo-frames + Enable jumbo frames for the firewall endpoint. To disable jumbo frames, + use --no-enable-jumbo-frames. + --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. diff --git a/gcloud/run/deploy b/gcloud/run/deploy index 44dd1416c..d1b653839 100644 --- a/gcloud/run/deploy +++ b/gcloud/run/deploy @@ -3,11 +3,11 @@ NAME SYNOPSIS gcloud run deploy [[SERVICE] --namespace=NAMESPACE] - [--[no-]allow-unauthenticated] [--allow-unencrypted-build] [--async] - [--breakglass=JUSTIFICATION] [--clear-vpc-connector] - [--concurrency=CONCURRENCY] [--container=CONTAINER] [--[no-]cpu-boost] - [--[no-]cpu-throttling] [--[no-]default-url] - [--[no-]deploy-health-check] [--description=DESCRIPTION] + [--[no-]allow-unauthenticated] [--async] [--breakglass=JUSTIFICATION] + [--clear-vpc-connector] [--concurrency=CONCURRENCY] + [--container=CONTAINER] [--[no-]cpu-boost] [--[no-]cpu-throttling] + [--[no-]default-url] [--[no-]deploy-health-check] + [--description=DESCRIPTION] [--execution-environment=EXECUTION_ENVIRONMENT] [--gpu-type=GPU_TYPE] [--[no-]gpu-zonal-redundancy] [--ingress=INGRESS; default="all"] [--[no-]invoker-iam-check] [--max=MAX] [--max-instances=MAX_INSTANCES] @@ -112,16 +112,6 @@ FLAGS may take a few moments to take effect. Use --allow-unauthenticated to enable and --no-allow-unauthenticated to disable. - --allow-unencrypted-build - (DEPRECATED) Whether to allow customer-managed encryption key (CMEK) - deployments without encrypting the build process. This means that only - the deployed container will be encrypted. - - The flag --allow-unencrypted-build is deprecated. The CMEK compliance - is now available for the build process of source-based deployments. For - more details, see - https://cloud.google.com/run/docs/securing/using-cmek#source-deploy - --async Return immediately, without waiting for the operation in progress to complete. diff --git a/gcloud/scc/bqexports/create b/gcloud/scc/bqexports/create index 5e4301770..d70c19578 100644 --- a/gcloud/scc/bqexports/create +++ b/gcloud/scc/bqexports/create @@ -78,8 +78,9 @@ OPTIONAL FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -87,6 +88,10 @@ OPTIONAL FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + At most one of these can be specified: --folder=FOLDER diff --git a/gcloud/scc/bqexports/delete b/gcloud/scc/bqexports/delete index 3f32e99d2..44e04e491 100644 --- a/gcloud/scc/bqexports/delete +++ b/gcloud/scc/bqexports/delete @@ -49,8 +49,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -58,6 +59,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + At most one of these can be specified: --folder=FOLDER diff --git a/gcloud/scc/bqexports/get b/gcloud/scc/bqexports/get index 755cd0616..95dd7be03 100644 --- a/gcloud/scc/bqexports/get +++ b/gcloud/scc/bqexports/get @@ -50,8 +50,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -59,6 +60,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + At most one of these can be specified: --folder=FOLDER diff --git a/gcloud/scc/bqexports/list b/gcloud/scc/bqexports/list index f93a087f5..00c19056a 100644 --- a/gcloud/scc/bqexports/list +++ b/gcloud/scc/bqexports/list @@ -57,8 +57,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -66,6 +67,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + LIST COMMAND FLAGS --filter=EXPRESSION Apply a Boolean filter EXPRESSION to each resource item to be listed. diff --git a/gcloud/scc/bqexports/update b/gcloud/scc/bqexports/update index 8eba9e525..6bfb35cf7 100644 --- a/gcloud/scc/bqexports/update +++ b/gcloud/scc/bqexports/update @@ -78,8 +78,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -87,6 +88,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --update-mask=UPDATE_MASK Optional: If left unspecified (default), an update-mask is automatically created using the flags specified in the command and only diff --git a/gcloud/scc/findings/bulk-mute b/gcloud/scc/findings/bulk-mute index c64b527f9..244e5a95a 100644 --- a/gcloud/scc/findings/bulk-mute +++ b/gcloud/scc/findings/bulk-mute @@ -60,8 +60,9 @@ OPTIONAL FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -69,6 +70,10 @@ OPTIONAL FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --mute-state=MUTE_STATE; default="muted" Desired mute state of the finding. MUTE_STATE must be one of: muted, undefined. diff --git a/gcloud/scc/findings/create b/gcloud/scc/findings/create index ae14c8a21..094cda2d2 100644 --- a/gcloud/scc/findings/create +++ b/gcloud/scc/findings/create @@ -114,8 +114,9 @@ OPTIONAL FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -123,6 +124,10 @@ OPTIONAL FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --source-properties=[KEY=VALUE,...] Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map diff --git a/gcloud/scc/findings/export-to-bigquery b/gcloud/scc/findings/export-to-bigquery index b6b4dc185..89b660ead 100644 --- a/gcloud/scc/findings/export-to-bigquery +++ b/gcloud/scc/findings/export-to-bigquery @@ -43,8 +43,9 @@ OPTIONAL FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -52,6 +53,10 @@ OPTIONAL FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --source=SOURCE; default="-" Source id. Defaults to all sources. diff --git a/gcloud/scc/findings/group b/gcloud/scc/findings/group index bd7a55522..1433377da 100644 --- a/gcloud/scc/findings/group +++ b/gcloud/scc/findings/group @@ -130,8 +130,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -139,6 +140,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --page-size=PAGE_SIZE Maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000. diff --git a/gcloud/scc/findings/list b/gcloud/scc/findings/list index 729107b13..fdac4c153 100644 --- a/gcloud/scc/findings/list +++ b/gcloud/scc/findings/list @@ -128,8 +128,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -137,6 +138,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --order-by=ORDER_BY Expression that defines what fields and order to use for sorting. String value should follow SQL syntax: comma separated list of fields. diff --git a/gcloud/scc/findings/list-marks b/gcloud/scc/findings/list-marks index 915b7e70c..4ff4d1fae 100644 --- a/gcloud/scc/findings/list-marks +++ b/gcloud/scc/findings/list-marks @@ -46,8 +46,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -55,6 +56,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --page-token=PAGE_TOKEN Response objects will return a non-null value for page-token to indicate that there is at least one additional page of data. User can diff --git a/gcloud/scc/findings/set-mute b/gcloud/scc/findings/set-mute index d7ee96289..d6c5f8806 100644 --- a/gcloud/scc/findings/set-mute +++ b/gcloud/scc/findings/set-mute @@ -58,8 +58,9 @@ OPTIONAL FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -67,6 +68,10 @@ OPTIONAL FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --source=SOURCE ID of the source. diff --git a/gcloud/scc/findings/update b/gcloud/scc/findings/update index ffee149a8..1071da4d6 100644 --- a/gcloud/scc/findings/update +++ b/gcloud/scc/findings/update @@ -71,8 +71,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -80,6 +81,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --source=SOURCE; default="-" Source id. Defaults to all sources. diff --git a/gcloud/scc/findings/update-marks b/gcloud/scc/findings/update-marks index 173396258..fe0eb3afb 100644 --- a/gcloud/scc/findings/update-marks +++ b/gcloud/scc/findings/update-marks @@ -63,8 +63,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -72,6 +73,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --security-marks=[KEY=VALUE,...] SecurityMarks resource to be passed as the request body. It's a key=value pair separated by comma (,). For example: diff --git a/gcloud/scc/muteconfigs/create b/gcloud/scc/muteconfigs/create index eb00217f4..848803da7 100644 --- a/gcloud/scc/muteconfigs/create +++ b/gcloud/scc/muteconfigs/create @@ -64,8 +64,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -73,6 +74,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --type=TYPE; default="static" The mute configuration type. Immutable after creation. TYPE must be one of: static, dynamic. diff --git a/gcloud/scc/muteconfigs/delete b/gcloud/scc/muteconfigs/delete index 369f44fb8..406279513 100644 --- a/gcloud/scc/muteconfigs/delete +++ b/gcloud/scc/muteconfigs/delete @@ -41,8 +41,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -50,6 +51,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + At most one of these can be specified: --folder=FOLDER diff --git a/gcloud/scc/muteconfigs/get b/gcloud/scc/muteconfigs/get index bf5636a89..fb9257ff9 100644 --- a/gcloud/scc/muteconfigs/get +++ b/gcloud/scc/muteconfigs/get @@ -39,8 +39,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -48,6 +49,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + At most one of these can be specified: --folder=FOLDER diff --git a/gcloud/scc/muteconfigs/list b/gcloud/scc/muteconfigs/list index 83af26502..b710b565f 100644 --- a/gcloud/scc/muteconfigs/list +++ b/gcloud/scc/muteconfigs/list @@ -49,8 +49,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -58,6 +59,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + LIST COMMAND FLAGS --filter=EXPRESSION Apply a Boolean filter EXPRESSION to each resource item to be listed. diff --git a/gcloud/scc/muteconfigs/update b/gcloud/scc/muteconfigs/update index 8b827982f..47f5ba514 100644 --- a/gcloud/scc/muteconfigs/update +++ b/gcloud/scc/muteconfigs/update @@ -64,8 +64,9 @@ FLAGS location in which the resource is located and applicable. The location attribute can be provided as part of the fully specified resource name or with the --location argument on the command line. The default - location is global. NOTE: If you override the endpoint to a regional - endpoint + location is global. + + NOTE: If you override the endpoint to a regional endpoint (https://cloud.google.com/security-command-center/docs/reference/rest/index.html?rep_location=global#regional-service-endpoint) you must specify the correct data location (https://cloud.google.com/security-command-center/docs/data-residency-support#locations) @@ -73,6 +74,10 @@ FLAGS the default location that is specified when data residency controls are enabled for Security Command Center. + NOTE: If no location is specified, the default location is global AND + the request will be routed to the SCC V1 API. To use the SCC V2 API - + please explicitly specify the flag. + --update-mask=UPDATE_MASK Optional: If left unspecified (default), an update-mask is automatically created using the flags specified in the command and only diff --git a/gcloud/scheduler/cmek-config/describe b/gcloud/scheduler/cmek-config/describe new file mode 100644 index 000000000..c72a722e0 --- /dev/null +++ b/gcloud/scheduler/cmek-config/describe @@ -0,0 +1,27 @@ +NAME + gcloud scheduler cmek-config describe - get CMEK configuration for Cloud + Scheduler in the specified location + +SYNOPSIS + gcloud scheduler cmek-config describe --location=LOCATION + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Get CMEK configuration for Cloud Scheduler in the specified location. + +EXAMPLES + To get a CMEK config: + + $ gcloud scheduler cmek-config describe --location=my-location + +REQUIRED FLAGS + --location=LOCATION + Google Cloud location for the KMS key. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/scheduler/cmek-config/help b/gcloud/scheduler/cmek-config/help new file mode 100644 index 000000000..a1bb8ecf3 --- /dev/null +++ b/gcloud/scheduler/cmek-config/help @@ -0,0 +1,24 @@ +NAME + gcloud scheduler cmek-config - manage CMEK configuration for Cloud + Scheduler + +SYNOPSIS + gcloud scheduler cmek-config COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage CMEK configuration for Cloud Scheduler. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + Get CMEK configuration for Cloud Scheduler in the specified location. + + update + Update CMEK configuration for Cloud Scheduler in the specified + location. diff --git a/gcloud/scheduler/cmek-config/update b/gcloud/scheduler/cmek-config/update new file mode 100644 index 000000000..1e7cb93c7 --- /dev/null +++ b/gcloud/scheduler/cmek-config/update @@ -0,0 +1,56 @@ +NAME + gcloud scheduler cmek-config update - update CMEK configuration for Cloud + Scheduler in the specified location + +SYNOPSIS + gcloud scheduler cmek-config update [--location=LOCATION] + [--clear-kms-key | [--kms-key-name=KMS_KEY_NAME + : --kms-keyring=KMS_KEYRING --kms-project=KMS_PROJECT]] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Update CMEK configuration for Cloud Scheduler in the specified location. + +EXAMPLES + To update a CMEK config: $ gcloud scheduler cmek-config update --location=my-location \ + --kms-location=europe-southwest1 --kms-project=new-kms-project \ + --kms-keyring=kms-keyring2 --kms-key=crypto-key2 + +FLAGS + --location=LOCATION + Google Cloud location for the KMS key. + + Flags for Clearing or Updating CMEK Resource + + At most one of these can be specified: + + Flags for clearing CMEK Resource key. + + --clear-kms-key + Disables CMEK for Cloud Scheduler in the specified location by + clearing the Cloud KMS cryptokey from the Cloud Scheduler project + and CMEK configuration. + + Flags for Updating CMEK Resource key + + --kms-key-name=KMS_KEY_NAME + Fully qualified identifier for the key or just the key ID. The + latter requires that the --kms-keyring and --kms-project flags be + provided too. + + This flag argument must be specified if any of the other arguments + in this group are specified. + + --kms-keyring=KMS_KEYRING + KMS keyring of the KMS key. + + --kms-project=KMS_PROJECT + Google Cloud project for the KMS key. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/scheduler/help b/gcloud/scheduler/help index 4243dc1ec..95a8073f8 100644 --- a/gcloud/scheduler/help +++ b/gcloud/scheduler/help @@ -15,12 +15,18 @@ GCLOUD WIDE FLAGS GROUPS GROUP is one of the following: + cmek-config + Manage CMEK configuration for Cloud Scheduler. + jobs Manage Cloud Scheduler jobs. locations Get information about Cloud Scheduler locations. + operations + Get information about Cloud Scheduler operations. + NOTES These variants are also available: diff --git a/gcloud/scheduler/operations/describe b/gcloud/scheduler/operations/describe new file mode 100644 index 000000000..c87163a12 --- /dev/null +++ b/gcloud/scheduler/operations/describe @@ -0,0 +1,29 @@ +NAME + gcloud scheduler operations describe - show the latest status of an + operation + +SYNOPSIS + gcloud scheduler operations describe --name=NAME [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Show the latest status of an operation. + +EXAMPLES + To describe the latest status of an operation: + + $ gcloud scheduler operations describe \ + projects/my-project/locations/us-central1/operations/\ + my-operation + +REQUIRED FLAGS + --name=NAME + The full name of the Cloud Scheduler operation to describe. Format: + projects/{project}/locations/{location}/operations/{operation} + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/scheduler/operations/help b/gcloud/scheduler/operations/help new file mode 100644 index 000000000..f2b30bba1 --- /dev/null +++ b/gcloud/scheduler/operations/help @@ -0,0 +1,20 @@ +NAME + gcloud scheduler operations - get information about Cloud Scheduler + operations + +SYNOPSIS + gcloud scheduler operations COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Get information about Cloud Scheduler operations. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + Show the latest status of an operation. diff --git a/gcloud/sql/backups/restore b/gcloud/sql/backups/restore index ea1063bfd..5f544ef56 100644 --- a/gcloud/sql/backups/restore +++ b/gcloud/sql/backups/restore @@ -4,15 +4,20 @@ NAME SYNOPSIS gcloud sql backups restore ID --restore-instance=RESTORE_INSTANCE [--activation-policy=ACTIVATION_POLICY] - [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] [--[no-]assign-ip] - [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] + [--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...]] + [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] + [--active-directory-mode=ACTIVE_DIRECTORY_MODE] + [--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT] + [--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY] + [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] [--authorized-networks=NETWORK,[NETWORK,...]] [--availability-type=AVAILABILITY_TYPE] [--no-backup] [--backup-instance=BACKUP_INSTANCE] [--backup-location=BACKUP_LOCATION] [--backup-project=BACKUP_PROJECT] - [--backup-start-time=BACKUP_START_TIME] + [--backup-start-time=BACKUP_START_TIME] [--clear-active-directory] + [--clear-active-directory-dns-servers] [--clear-disk-encryption=CLEAR_DISK_ENCRYPTION] [--clear-network] [--collation=COLLATION] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--database-version=DATABASE_VERSION] @@ -75,10 +80,29 @@ OPTIONAL FLAGS https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never. + --active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...] + A comma-separated list of the DNS servers to be used for Active + Directory. Only available for SQL Server instances. E.g: + 10.0.0.1,10.0.0.2 + --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances. + --active-directory-mode=ACTIVE_DIRECTORY_MODE + Defines the Active Directory mode. Only available for SQL Server + instances. ACTIVE_DIRECTORY_MODE must be one of: + MANAGED_ACTIVE_DIRECTORY, CUSTOMER_MANAGED_ACTIVE_DIRECTORY. + + --active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT + Defines the organizational unit to be used for Active Directory. Only + available for SQL Server instances. E.g: + OU=Cloud,DC=ad,DC=example,DC=com + + --active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY + The secret manager key storing administrator credentials. Only + available for SQL Server instances. + --[no-]assign-ip Assign a public IP address to the instance. This is a public, externally available IPv4 address that you can use to connect to your @@ -142,6 +166,12 @@ OPTIONAL FLAGS Start time of daily backups, specified in the HH:MM format, in the UTC timezone. + --clear-active-directory + Clears the Active Directory configuration. + + --clear-active-directory-dns-servers + Removes the list of DNS Servers from the Active Directory Config. + --clear-disk-encryption=CLEAR_DISK_ENCRYPTION Disables CMEK in the restored instance. diff --git a/gcloud/sql/instances/create b/gcloud/sql/instances/create index 26e985634..03a5856f7 100644 --- a/gcloud/sql/instances/create +++ b/gcloud/sql/instances/create @@ -4,15 +4,19 @@ NAME SYNOPSIS gcloud sql instances create INSTANCE [--activation-policy=ACTIVATION_POLICY] - [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] [--[no-]assign-ip] - [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] + [--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...]] + [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] + [--active-directory-mode=ACTIVE_DIRECTORY_MODE] + [--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT] + [--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY] + [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] [--authorized-networks=NETWORK,[NETWORK,...]] [--availability-type=AVAILABILITY_TYPE] [--no-backup] [--backup-location=BACKUP_LOCATION] [--backup-start-time=BACKUP_START_TIME] [--cascadable-replica] - [--collation=COLLATION] + [--clear-active-directory-dns-servers] [--collation=COLLATION] [--connection-pool-flags=FLAG=VALUE,[FLAG=VALUE,...]] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--custom-subject-alternative-names=DNS,[DNS,[DNS]]] @@ -67,6 +71,12 @@ SYNOPSIS : --disk-encryption-key-keyring=DISK_ENCRYPTION_KEY_KEYRING --disk-encryption-key-location=DISK_ENCRYPTION_KEY_LOCATION --disk-encryption-key-project=DISK_ENCRYPTION_KEY_PROJECT] + [--[no-]auto-scale-disable-scale-in --[no-]auto-scale-enabled + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + --auto-scale-target-metrics=[METRIC=VALUE,...]] [--region=REGION; default="us-central" | --gce-zone=GCE_ZONE | --secondary-zone=SECONDARY_ZONE --zone=ZONE] [GCLOUD_WIDE_FLAG ...] @@ -112,10 +122,29 @@ FLAGS https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never. + --active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...] + A comma-separated list of the DNS servers to be used for Active + Directory. Only available for SQL Server instances. E.g: + 10.0.0.1,10.0.0.2 + --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances. + --active-directory-mode=ACTIVE_DIRECTORY_MODE + Defines the Active Directory mode. Only available for SQL Server + instances. ACTIVE_DIRECTORY_MODE must be one of: + MANAGED_ACTIVE_DIRECTORY, CUSTOMER_MANAGED_ACTIVE_DIRECTORY. + + --active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT + Defines the organizational unit to be used for Active Directory. Only + available for SQL Server instances. E.g: + OU=Cloud,DC=ad,DC=example,DC=com + + --active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY + The secret manager key storing administrator credentials. Only + available for SQL Server instances. + --[no-]assign-ip Assign a public IP address to the instance. This is a public, externally available IPv4 address that you can use to connect to your @@ -172,6 +201,9 @@ FLAGS --master-instance-name flag is set, and the replica under creation is in a different region than the primary instance. + --clear-active-directory-dns-servers + Removes the list of DNS Servers from the Active Directory Config. + --collation=COLLATION Cloud SQL server-level collation setting, which specifies the set of rules for comparing characters in a character set. @@ -643,6 +675,44 @@ FLAGS line; ▸ set the property core/project. + Options for configuring read pool auto scale. + + --[no-]auto-scale-disable-scale-in + Disables automatic read pool scale-in. When disabled, read pool auto + scaling only supports increasing the read pool node count. By + default, both automatic read pool scale-in and scale-out are enabled. + Use --auto-scale-disable-scale-in to enable and + --no-auto-scale-disable-scale-in to disable. + + --[no-]auto-scale-enabled + Enables read pool auto scaling. Supports automatically increasing and + decreasing the read pool's node count based on need. Use + --auto-scale-enabled to enable and --no-auto-scale-enabled to + disable. + + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-in. Minimum time + between scale-in events. Must be an integer value. For example, if + the value is 60, then a scale-in event will not be triggered within + 60 seconds of the last scale-in event. + + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + Maximum number of read pool nodes to be maintained. + + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + Minimum number of read pool nodes to be maintained. + + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-out. Minimum time + between scale-out events. Must be an integer value. For example, if + the value is 60, then a scale-out event will not be triggered within + 60 seconds of the last scale-out event. + + --auto-scale-target-metrics=[METRIC=VALUE,...] + Target metrics for read pool auto scaling. Options are: + AVERAGE_CPU_UTILIZATION and AVERAGE_DB_CONNECTIONS. Example: + --auto-scale-target-metrics=AVERAGE_CPU_UTILIZATION=0.8 + At most one of these can be specified: --region=REGION; default="us-central" diff --git a/gcloud/sql/instances/patch b/gcloud/sql/instances/patch index 1f2914f69..1e3fd135e 100644 --- a/gcloud/sql/instances/patch +++ b/gcloud/sql/instances/patch @@ -3,11 +3,16 @@ NAME SYNOPSIS gcloud sql instances patch INSTANCE [--activation-policy=ACTIVATION_POLICY] - [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] [--[no-]assign-ip] - [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] + [--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...]] + [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] + [--active-directory-mode=ACTIVE_DIRECTORY_MODE] + [--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT] + [--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY] + [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] - [--availability-type=AVAILABILITY_TYPE] + [--availability-type=AVAILABILITY_TYPE] [--clear-active-directory] + [--clear-active-directory-dns-servers] [--clear-failover-dr-replica-name] [--clear-password-policy] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--database-version=DATABASE_VERSION] [--[no-]deletion-protection] @@ -72,6 +77,12 @@ SYNOPSIS [--clear-psc-network-attachment-uri | --psc-network-attachment-uri=PSC_NETWORK_ATTACHMENT_URI] [--gce-zone=GCE_ZONE | --secondary-zone=SECONDARY_ZONE --zone=ZONE] + [--[no-]auto-scale-disable-scale-in --[no-]auto-scale-enabled + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + --auto-scale-target-metrics=[METRIC=VALUE,...]] [--no-backup | --backup-location=BACKUP_LOCATION --backup-start-time=BACKUP_START_TIME --retained-backups-count=RETAINED_BACKUPS_COUNT @@ -94,10 +105,29 @@ FLAGS https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never. + --active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,...] + A comma-separated list of the DNS servers to be used for Active + Directory. Only available for SQL Server instances. E.g: + 10.0.0.1,10.0.0.2 + --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances. + --active-directory-mode=ACTIVE_DIRECTORY_MODE + Defines the Active Directory mode. Only available for SQL Server + instances. ACTIVE_DIRECTORY_MODE must be one of: + MANAGED_ACTIVE_DIRECTORY, CUSTOMER_MANAGED_ACTIVE_DIRECTORY. + + --active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT + Defines the organizational unit to be used for Active Directory. Only + available for SQL Server instances. E.g: + OU=Cloud,DC=ad,DC=example,DC=com + + --active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY + The secret manager key storing administrator credentials. Only + available for SQL Server instances. + --[no-]assign-ip Assign a public IP address to the instance. This is a public, externally available IPv4 address that you can use to connect to your @@ -131,6 +161,12 @@ FLAGS zonal Provides no failover capability. This is the default. + --clear-active-directory + Clears the Active Directory configuration. + + --clear-active-directory-dns-servers + Removes the list of DNS Servers from the Active Directory Config. + --clear-failover-dr-replica-name Clear the DR replica setting for the primary instance. Flag is only available for MySQL and PostgreSQL database instances. @@ -665,6 +701,44 @@ FLAGS Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.). WARNING: Instance may be restarted. + Options for configuring read pool auto scale. + + --[no-]auto-scale-disable-scale-in + Disables automatic read pool scale-in. When disabled, read pool auto + scaling only supports increasing the read pool node count. By + default, both automatic read pool scale-in and scale-out are enabled. + Use --auto-scale-disable-scale-in to enable and + --no-auto-scale-disable-scale-in to disable. + + --[no-]auto-scale-enabled + Enables read pool auto scaling. Supports automatically increasing and + decreasing the read pool's node count based on need. Use + --auto-scale-enabled to enable and --no-auto-scale-enabled to + disable. + + --auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-in. Minimum time + between scale-in events. Must be an integer value. For example, if + the value is 60, then a scale-in event will not be triggered within + 60 seconds of the last scale-in event. + + --auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT + Maximum number of read pool nodes to be maintained. + + --auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT + Minimum number of read pool nodes to be maintained. + + --auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS + The cooldown period for automatic read pool scale-out. Minimum time + between scale-out events. Must be an integer value. For example, if + the value is 60, then a scale-out event will not be triggered within + 60 seconds of the last scale-out event. + + --auto-scale-target-metrics=[METRIC=VALUE,...] + Target metrics for read pool auto scaling. Options are: + AVERAGE_CPU_UTILIZATION and AVERAGE_DB_CONNECTIONS. Example: + --auto-scale-target-metrics=AVERAGE_CPU_UTILIZATION=0.8 + At most one of these can be specified: --no-backup diff --git a/gcloud/vmware/announcements/help b/gcloud/vmware/announcements/help new file mode 100644 index 000000000..3836025ab --- /dev/null +++ b/gcloud/vmware/announcements/help @@ -0,0 +1,20 @@ +NAME + gcloud vmware announcements - manage announcements in Google Cloud VMware + Engine + +SYNOPSIS + gcloud vmware announcements COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage announcements in Google Cloud VMware Engine. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + list + List announcements in a Google Cloud VMware Engine. diff --git a/gcloud/vmware/announcements/list b/gcloud/vmware/announcements/list new file mode 100644 index 000000000..5c90e0093 --- /dev/null +++ b/gcloud/vmware/announcements/list @@ -0,0 +1,88 @@ +NAME + gcloud vmware announcements list - list announcements in a Google Cloud + VMware Engine + +SYNOPSIS + gcloud vmware announcements list --type=TYPE [--location=LOCATION] + [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] + [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + List announcements in a VMware Engine. + +EXAMPLES + To list maintanance announcements run: + + $ gcloud vmware announcements list --type=maintenance \ + --location=us-west2-a --project=my-project + + Or: + + $ gcloud vmware announcements list --type=maintenance + + In the second example, the project and location are taken from gcloud + properties core/project and compute/zone. + +REQUIRED FLAGS + --type=TYPE + The type of announcement to list. TYPE must be (only one value is + supported): maintenance. + +FLAGS + Location resource - location. This represents a Cloud resource. (NOTE) + Some attributes are not given arguments in this group but can be set in + other ways. + + To set the project attribute: + ◆ provide the argument --location on the command line with a fully + specified name; + ◆ set the property compute/zone with a fully specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + --location=LOCATION + ID of the location or fully qualified identifier for the location. + + To set the location attribute: + ▸ provide the argument --location on the command line; + ▸ set the property compute/zone. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/vmware/help b/gcloud/vmware/help index dfff85a5b..94a031726 100644 --- a/gcloud/vmware/help +++ b/gcloud/vmware/help @@ -15,6 +15,9 @@ GCLOUD WIDE FLAGS GROUPS GROUP is one of the following: + announcements + Manage announcements in Google Cloud VMware Engine. + dns-bind-permission Manage DNS binding permission in Google Cloud VMware Engine. diff --git a/gcloud/vmware/private-clouds/help b/gcloud/vmware/private-clouds/help index c1934f4ad..d755aafd2 100644 --- a/gcloud/vmware/private-clouds/help +++ b/gcloud/vmware/private-clouds/help @@ -40,6 +40,9 @@ GROUPS subnets Manage vmware subnets in Google Cloud VMware Engine. + upgrades + Manage upgrades in Google Cloud VMware Engine. + vcenter Manage vCenter resources in Google Cloud VMware Engine. diff --git a/gcloud/vmware/private-clouds/upgrades/describe b/gcloud/vmware/private-clouds/upgrades/describe new file mode 100644 index 000000000..bbd811af9 --- /dev/null +++ b/gcloud/vmware/private-clouds/upgrades/describe @@ -0,0 +1,74 @@ +NAME + gcloud vmware private-clouds upgrades describe - describe a Google Cloud + VMware Engine upgrades + +SYNOPSIS + gcloud vmware private-clouds upgrades describe + (UPGRADE : --location=LOCATION --private-cloud=PRIVATE_CLOUD) + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Display data associated with a VMware Engine upgrade, such as its schdule, + and status. + +EXAMPLES + To describe a upgrade called my-upgrade for a private cloud + my-private-cloud and zone us-west2-a, run: + + $ gcloud vmware private-clouds upgrades describe my-upgrade \ + --location=us-west2-a --project=my-project \ + --private-cloud=my-private-cloud + + Or: + + $ gcloud vmware private-clouds upgrades describe my-upgrade \ + --private-cloud=my-private-cloud + + In the second example, the project and location are taken from gcloud properties core/project and compute/zone. + +POSITIONAL ARGUMENTS + Upgrade resource - upgrade. The arguments in this group can be used to + specify the attributes of this resource. (NOTE) Some attributes are not + given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument upgrade on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + UPGRADE + ID of the upgrade or fully qualified identifier for the upgrade. + + To set the upgrade attribute: + ▸ provide the argument upgrade on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location of the private cloud or cluster. + + To set the location attribute: + ▸ provide the argument upgrade on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property compute/zone. + + --private-cloud=PRIVATE_CLOUD + VMware Engine private cloud. + + To set the private-cloud attribute: + ▸ provide the argument upgrade on the command line with a fully + specified name; + ▸ provide the argument --private-cloud on the command line. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. diff --git a/gcloud/vmware/private-clouds/upgrades/help b/gcloud/vmware/private-clouds/upgrades/help new file mode 100644 index 000000000..744fcc6a0 --- /dev/null +++ b/gcloud/vmware/private-clouds/upgrades/help @@ -0,0 +1,23 @@ +NAME + gcloud vmware private-clouds upgrades - manage upgrades in Google Cloud + VMware Engine + +SYNOPSIS + gcloud vmware private-clouds upgrades COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Manage upgrades in Google Cloud VMware Engine. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + Describe a Google Cloud VMware Engine upgrades. + + list + List upgrades for a Google Cloud VMware Engine private cloud. diff --git a/gcloud/vmware/private-clouds/upgrades/list b/gcloud/vmware/private-clouds/upgrades/list new file mode 100644 index 000000000..a9b6119df --- /dev/null +++ b/gcloud/vmware/private-clouds/upgrades/list @@ -0,0 +1,98 @@ +NAME + gcloud vmware private-clouds upgrades list - list upgrades for a Google + Cloud VMware Engine private cloud + +SYNOPSIS + gcloud vmware private-clouds upgrades list + (--private-cloud=PRIVATE_CLOUD : --location=LOCATION) + [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] + [--sort-by=[FIELD,...]] [--uri] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + List upgrades for a VMware Engine private cloud. + +EXAMPLES + To list upgrades for the my-private-cloud private cloud run: + + $ gcloud vmware private-clouds upgrades list --location=us-west2-a \ + --project=my-project --private-cloud=my-private-cloud + + Or: + + $ gcloud vmware private-clouds upgrades list \ + --private-cloud=my-private-cloud + + In the second example, the project and location are taken from gcloud + properties core/project and compute/zone. + +REQUIRED FLAGS + Private cloud resource - private_cloud. The arguments in this group can be + used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument --private-cloud on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + --private-cloud=PRIVATE_CLOUD + ID of the private cloud or fully qualified identifier for the private + cloud. + + To set the private-cloud attribute: + ▸ provide the argument --private-cloud on the command line. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --location=LOCATION + Location of the private cloud or cluster. + + To set the location attribute: + ▸ provide the argument --private-cloud on the command line with a + fully specified name; + ▸ provide the argument --location on the command line; + ▸ set the property compute/zone. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + + --uri + Print a list of resource URIs instead of the default output, and change + the command output to a list of URIs. If this flag is used with + --format, the formatting is applied on this URI list. To display URIs + alongside other keys instead, use the uri() transform. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details.