1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-08 02:25:19 +00:00

gcloud: Wed Jul 12 10:20:16 UTC 2023

This commit is contained in:
Automated 2023-07-12 10:20:16 +00:00
parent f52bc665a7
commit b4c2508b12
300 changed files with 7469 additions and 3231 deletions

View file

@ -6,12 +6,12 @@ SYNOPSIS
gcloud iam workforce-pools providers create-oidc
(PROVIDER : --location=LOCATION --workforce-pool=WORKFORCE_POOL)
--attribute-mapping=[ATTRIBUTE_MAPPING,...] --client-id=CLIENT_ID
--issuer-uri=ISSUER_URI [--async]
[--attribute-condition=ATTRIBUTE_CONDITION] [--description=DESCRIPTION]
[--disabled] [--display-name=DISPLAY_NAME]
[--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR,
[...]] [--web-sso-response-type=WEB_SSO_RESPONSE_TYPE]
[GCLOUD_WIDE_FLAG ...]
--issuer-uri=ISSUER_URI
(--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR
--web-sso-response-type=WEB_SSO_RESPONSE_TYPE) [--async]
[--attribute-condition=ATTRIBUTE_CONDITION]
[--client-secret-value=CLIENT_SECRET_VALUE] [--description=DESCRIPTION]
[--disabled] [--display-name=DISPLAY_NAME] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
Create a new OIDC workforce pool provider.
@ -146,6 +146,42 @@ REQUIRED FLAGS
--issuer-uri=ISSUER_URI
The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
This must be specified.
--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR
The behavior for how OIDC Claims are included in the assertion object
used for attribute mapping and attribute condition.
Use merge-user-info-over-id-token-claims to merge the UserInfo
Endpoint Claims with ID Token Claims, preferring UserInfo Claim
Values for the same Claim Name. Currently this option is only
available for Authorization Code flow.
Use only-id-token-claims to include only ID token claims.
WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR must be one of:
assertion-claims-behavior-unspecified,
merge-user-info-over-id-token-claims, only-id-token-claims.
This flag argument must be specified if any of the other arguments in
this group are specified.
--web-sso-response-type=WEB_SSO_RESPONSE_TYPE
Response Type to request for in the OIDC Authorization Request for
web sign-in.
Use code to select the authorization code flow
(https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
Use id-token to select the implicit flow
(https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth).
WEB_SSO_RESPONSE_TYPE must be one of: code, id-token,
response-type-unspecified.
This flag argument must be specified if any of the other arguments in
this group are specified.
OPTIONAL FLAGS
--async
Return immediately, without waiting for the operation in progress to
@ -178,6 +214,10 @@ OPTIONAL FLAGS
"'admins' in google.groups"
--client-secret-value=CLIENT_SECRET_VALUE
The OIDC client secret. Required to enable Authorization Code flow for
web sign-in.
--description=DESCRIPTION
A description for the workforce pool provider. Cannot exceed 256
characters in length.
@ -192,19 +232,6 @@ OPTIONAL FLAGS
A display name for the workforce pool provider. Cannot exceed 32
characters in length.
--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR,[...]
The behavior for how OIDC Claims are included in the assertion object
used for attribute mapping and attribute condition. Use
only-id-token-claims to include only ID token claims.
WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR must be (only one value is
supported): only-id-token-claims.
--web-sso-response-type=WEB_SSO_RESPONSE_TYPE
Response Type to request for in the OIDC Authorization Request for web
sign-in. Use id-token to select the implicit flow
(https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth).
WEB_SSO_RESPONSE_TYPE must be (only one value is supported): id-token.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -9,8 +9,9 @@ SYNOPSIS
[--attribute-mapping=[ATTRIBUTE_MAPPING,...]] [--client-id=CLIENT_ID]
[--description=DESCRIPTION] [--disabled] [--display-name=DISPLAY_NAME]
[--issuer-uri=ISSUER_URI]
[--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR,
[...]] [--web-sso-response-type=WEB_SSO_RESPONSE_TYPE]
[--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR]
[--web-sso-response-type=WEB_SSO_RESPONSE_TYPE]
[--clear-client-secret | --client-secret-value=CLIENT_SECRET_VALUE]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
@ -191,18 +192,34 @@ FLAGS
--issuer-uri=ISSUER_URI
The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR,[...]
--web-sso-assertion-claims-behavior=WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR
The behavior for how OIDC Claims are included in the assertion object
used for attribute mapping and attribute condition. Use
only-id-token-claims to include only ID token claims.
WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR must be (only one value is
supported): only-id-token-claims.
merge-user-info-over-id-token-claims to merge the UserInfo Endpoint
Claims with ID Token Claims, preferring UserInfo Claim Values for the
same Claim Name. Currently this option is only available for
Authorization Code flow. Use only-id-token-claims to include only ID
token claims. WEB_SSO_ASSERTION_CLAIMS_BEHAVIOR must be one of:
assertion-claims-behavior-unspecified,
merge-user-info-over-id-token-claims, only-id-token-claims.
--web-sso-response-type=WEB_SSO_RESPONSE_TYPE
Response Type to request for in the OIDC Authorization Request for web
sign-in. Use id-token to select the implicit flow
sign-in. Use code to select the authorization code flow
(https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
Use id-token to select the implicit flow
(https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth).
WEB_SSO_RESPONSE_TYPE must be (only one value is supported): id-token.
WEB_SSO_RESPONSE_TYPE must be one of: code, id-token,
response-type-unspecified.
At most one of these can be specified:
--clear-client-secret
Clear the OIDC client secret.
--client-secret-value=CLIENT_SECRET_VALUE
The OIDC client secret. Required to enable Authorization Code flow
for web sign-in.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,