mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-14 00:46:53 +00:00
80 lines
3 KiB
Text
80 lines
3 KiB
Text
NAME
|
|
gcloud alpha container binauthz policy evaluate - evaluate a Binary
|
|
Authorization platform policy
|
|
|
|
SYNOPSIS
|
|
gcloud alpha container binauthz policy evaluate
|
|
(POLICY_RESOURCE_NAME : --platform=PLATFORM)
|
|
(--image=IMAGE | --resource=RESOURCE) [GCLOUD_WIDE_FLAG ...]
|
|
|
|
EXAMPLES
|
|
To evaluate a policy using its resource name:
|
|
|
|
$ gcloud alpha container binauthz policy evaluate \
|
|
projects/my-proj/platforms/gke/policies/my-policy \
|
|
--resource=$KUBERNETES_RESOURCE
|
|
|
|
To evaluate the same policy using flags against an image:
|
|
|
|
$ gcloud alpha container binauthz policy evaluate my-policy \
|
|
--platform=gke --project=my-proj --image=$IMAGE
|
|
|
|
POSITIONAL ARGUMENTS
|
|
Policy resource - The resource name of the policy to evaluate. The
|
|
arguments in this group can be used to specify the attributes of this
|
|
resource. (NOTE) Some attributes are not given arguments in this group but
|
|
can be set in other ways.
|
|
|
|
To set the project attribute:
|
|
◆ provide the argument policy_resource_name on the command line with a
|
|
fully specified name;
|
|
◆ provide the argument --project on the command line;
|
|
◆ set the property core/project.
|
|
|
|
This must be specified.
|
|
|
|
POLICY_RESOURCE_NAME
|
|
ID of the policy or fully qualified identifier for the policy.
|
|
|
|
To set the policy attribute:
|
|
▸ provide the argument policy_resource_name on the command line.
|
|
|
|
This positional argument must be specified if any of the other
|
|
arguments in this group are specified.
|
|
|
|
--platform=PLATFORM
|
|
The platform that the policy belongs to. PLATFORM must be one of the
|
|
following: cloudRun, gke.
|
|
|
|
To set the platform attribute:
|
|
▸ provide the argument policy_resource_name on the command line
|
|
with a fully specified name;
|
|
▸ provide the argument --platform on the command line.
|
|
|
|
REQUIRED FLAGS
|
|
Exactly one of these must be specified:
|
|
|
|
--image=IMAGE
|
|
The image to evaluate. If the policy being evaluated has scoped
|
|
checksets, this mode of evaluation will always use the default
|
|
(unscoped) checkset.
|
|
|
|
--resource=RESOURCE
|
|
The JSON or YAML file containing the Kubernetes resource to evaluate.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
NOTES
|
|
This command is currently in alpha and might change without notice. If this
|
|
command fails with API permission errors despite specifying the correct
|
|
project, you might be trying to access an API with an invitation-only early
|
|
access allowlist. This variant is also available:
|
|
|
|
$ gcloud beta container binauthz policy evaluate
|
|
|