1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-08 10:35:03 +00:00

gcloud: Wed Jan 31 10:36:17 UTC 2024

This commit is contained in:
Automated 2024-01-31 10:36:17 +00:00
parent 7a546ffea4
commit fa6c1dc7ec
142 changed files with 1981 additions and 793 deletions

View file

@ -22,8 +22,8 @@ EXAMPLES
$ gcloud alpha container binauthz attestations create \
--project=my_proj \
--artifact-url='gcr.io/example-project/example-image@sha256:abcd\
' --attestor=projects/foo/attestors/bar \
--artifact-url=gcr.io/example-project/\
example-image@sha256:abcd --attestor=projects/foo/attestors/bar \
--signature-file=signed_artifact_attestation.pgp.sig \
--public-key-id=AAAA0000000000000000FFFFFFFFFFFFFFFFFFFF

View file

@ -5,7 +5,6 @@ NAME
SYNOPSIS
gcloud alpha container binauthz attestations sign-and-create
--artifact-url=ARTIFACT_URL
(--attestor=ATTESTOR : --attestor-project=ATTESTOR_PROJECT)
(--keyversion=KEYVERSION : --keyversion-key=KEYVERSION_KEY
--keyversion-keyring=KEYVERSION_KEYRING
--keyversion-location=KEYVERSION_LOCATION
@ -13,8 +12,10 @@ SYNOPSIS
[--dsse-type=DSSE_TYPE;
default="application/vnd.dev.cosign.simplesigning.v1+json"]
[--pae-encode-payload]
[--public-key-id-override=PUBLIC_KEY_ID_OVERRIDE] [--validate]
[GCLOUD_WIDE_FLAG ...]
[--public-key-id-override=PUBLIC_KEY_ID_OVERRIDE]
[[--note=NOTE : --note-project=NOTE_PROJECT]
| --validate [--attestor=ATTESTOR
: --attestor-project=ATTESTOR_PROJECT]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) This command signs and creates a Binary Authorization attestation
@ -35,40 +36,23 @@ EXAMPLES
--keyversion-location=us-west1 --keyversion-keyring=aring \
--keyversion-key=akey --keyversion=1
To sign and create an attestation in the project "my_proj" in note "bar"
with the key
"projects/foo/locations/us-west1/keyRings/aring/cryptoKeys/akey/cryptoKeyVersions/1",
run:
$ gcloud alpha container binauthz attestations sign-and-create \
--project=my_proj \
--artifact-url='gcr.io/example-project/example-image@sha256:abcd\
' --note=projects/my_proj/notes/bar --keyversion-project=foo \
--keyversion-location=us-west1 --keyversion-keyring=aring \
--keyversion-key=akey --keyversion=1
REQUIRED FLAGS
--artifact-url=ARTIFACT_URL
Container URL. May be in the gcr.io/repository/image format, or may
optionally contain the http or https scheme
Attestor resource - The Attestor whose Container Analysis Note will be
used to host the created attestation. In order to successfully attach the
attestation, the active gcloud account (core/account) must be able to read
this attestor and must have the containeranalysis.notes.attachOccurrence
permission for the Attestor's underlying Note resource (usually via the
containeranalysis.notes.attacher role). The arguments in this group can be
used to specify the attributes of this resource.
This must be specified.
--attestor=ATTESTOR
ID of the attestor or fully qualified identifier for the attestor.
To set the name attribute:
▸ provide the argument --attestor on the command line.
This flag argument must be specified if any of the other arguments in
this group are specified.
--attestor-project=ATTESTOR_PROJECT
Project ID of the Google Cloud project for the attestor.
To set the project attribute:
▸ provide the argument --attestor on the command line with a fully
specified name;
▸ provide the argument --attestor-project on the command line;
▸ provide the argument --project on the command line;
▸ set the property core/project.
CryptoKeyVersion resource - The Cloud KMS (Key Management Service)
CryptoKeyVersion to use to sign the attestation payload. The arguments in
this group can be used to specify the attributes of this resource.
@ -135,9 +119,63 @@ OPTIONAL FLAGS
This parameter is only necessary if the --public-key-id-override flag
was provided when this KMS key was added to the Attestor.
--validate
Whether to validate that the Attestation can be verified by the
provided Attestor.
At most one of these can be specified:
Note resource - The Container Analysis Note which will be used to host
the created attestation. In order to successfully attach the
attestation, the active gcloud account (core/account) must have the
containeranalysis.notes.attachOccurrence permission for the Note
(usually via the containeranalysis.notes.attacher role). The arguments
in this group can be used to specify the attributes of this resource.
--note=NOTE
ID of the note or fully qualified identifier for the note.
To set the note attribute:
▫ provide the argument --note on the command line.
This flag argument must be specified if any of the other arguments
in this group are specified.
--note-project=NOTE_PROJECT
The Container Analysis project for the note.
To set the project attribute:
▫ provide the argument --note on the command line with a fully
specified name;
▫ provide the argument --note-project on the command line.
--validate
Whether to validate that the Attestation can be verified by the
provided Attestor.
Attestor resource - The Attestor whose Container Analysis Note will be
used to host the created attestation. In order to successfully attach
the attestation, the active gcloud account (core/account) must be able
to read this attestor and must have the
containeranalysis.notes.attachOccurrence permission for the Attestor's
underlying Note resource (usually via the
containeranalysis.notes.attacher role). The arguments in this group can
be used to specify the attributes of this resource.
--attestor=ATTESTOR
ID of the attestor or fully qualified identifier for the attestor.
To set the name attribute:
▫ provide the argument --attestor on the command line.
This flag argument must be specified if any of the other arguments
in this group are specified.
--attestor-project=ATTESTOR_PROJECT
Project ID of the Google Cloud project for the attestor.
To set the project attribute:
▫ provide the argument --attestor on the command line with a
fully specified name;
▫ provide the argument --attestor-project on the command line;
▫ provide the argument --project on the command line;
▫ set the property core/project.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,

View file

@ -1,20 +0,0 @@
NAME
gcloud alpha container fleet mesh debug - debug Service Mesh memberships
SYNOPSIS
gcloud alpha container fleet mesh debug COMMAND [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Debug Service Mesh memberships.
GCLOUD WIDE FLAGS
These flags are available to all commands: --help.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist.

View file

@ -12,12 +12,6 @@ GCLOUD WIDE FLAGS
Run $ gcloud help for details.
GROUPS
GROUP is one of the following:
debug
(ALPHA) Debug Service Mesh memberships.
COMMANDS
COMMAND is one of the following:

View file

@ -1,20 +0,0 @@
NAME
gcloud alpha container hub mesh debug - debug Service Mesh memberships
SYNOPSIS
gcloud alpha container hub mesh debug COMMAND [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Debug Service Mesh memberships.
GCLOUD WIDE FLAGS
These flags are available to all commands: --help.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist.

View file

@ -12,12 +12,6 @@ GCLOUD WIDE FLAGS
Run $ gcloud help for details.
GROUPS
GROUP is one of the following:
debug
(ALPHA) Debug Service Mesh memberships.
COMMANDS
COMMAND is one of the following: