1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-14 00:46:53 +00:00
gcloud-help/gcloud/alpha/container/binauthz/policy/evaluate
2024-02-22 10:25:44 +00:00

80 lines
3 KiB
Text

NAME
gcloud alpha container binauthz policy evaluate - evaluate a Binary
Authorization platform policy
SYNOPSIS
gcloud alpha container binauthz policy evaluate
(POLICY_RESOURCE_NAME : --platform=PLATFORM)
(--image=IMAGE | --resource=RESOURCE) [GCLOUD_WIDE_FLAG ...]
EXAMPLES
To evaluate a policy using its resource name:
$ gcloud alpha container binauthz policy evaluate \
projects/my-proj/platforms/gke/policies/my-policy \
--resource=$KUBERNETES_RESOURCE
To evaluate the same policy using flags against an image:
$ gcloud alpha container binauthz policy evaluate my-policy \
--platform=gke --project=my-proj --image=$IMAGE
POSITIONAL ARGUMENTS
Policy resource - The resource name of the policy to evaluate. The
arguments in this group can be used to specify the attributes of this
resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.
To set the project attribute:
◆ provide the argument policy_resource_name on the command line with a
fully specified name;
◆ provide the argument --project on the command line;
◆ set the property core/project.
This must be specified.
POLICY_RESOURCE_NAME
ID of the policy or fully qualified identifier for the policy.
To set the policy attribute:
▸ provide the argument policy_resource_name on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--platform=PLATFORM
The platform that the policy belongs to. PLATFORM must be one of the
following: cloudRun, gke.
To set the platform attribute:
▸ provide the argument policy_resource_name on the command line
with a fully specified name;
▸ provide the argument --platform on the command line.
REQUIRED FLAGS
Exactly one of these must be specified:
--image=IMAGE
The image to evaluate. If the policy being evaluated has scoped
checksets, this mode of evaluation will always use the default
(unscoped) checkset.
--resource=RESOURCE
The JSON or YAML file containing the Kubernetes resource to evaluate.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct
project, you might be trying to access an API with an invitation-only early
access allowlist. This variant is also available:
$ gcloud beta container binauthz policy evaluate