1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-11 15:39:42 +00:00
gcloud-help/gcloud/bigtable/authorized-views/add-iam-policy-binding
2024-07-31 09:35:16 +00:00

159 lines
6.6 KiB
Text

NAME
gcloud bigtable authorized-views add-iam-policy-binding - add an IAM policy
binding to a Cloud Bigtable authorized view
SYNOPSIS
gcloud bigtable authorized-views add-iam-policy-binding
(AUTHORIZED_VIEW : --instance=INSTANCE --table=TABLE)
--member=PRINCIPAL --role=ROLE
[--condition=[KEY=VALUE,...] | --condition-from-file=PATH_TO_FILE]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
Add an IAM policy binding to a Cloud Bigtable authorized view. One binding
consists of a member, a role, and an optional condition.
EXAMPLES
To add an IAM policy binding for the role of 'roles/editor' for the user
'test-user@gmail.com' with authorized view 'my-authorized-view' in instance
'my-instance' and table 'my-table', run:
$ gcloud bigtable authorized-views add-iam-policy-binding \
my-authorized-view --instance='my-instance' --table='my-table' \
--member='user:test-user@gmail.com' --role='roles/editor'
To add an IAM policy binding which expires at the end of the year 2020 for
the role of 'roles/bigtable.admin' and the user 'test-user@gmail.com' with
authorized view 'my-authorized-view' in instance 'my-instance' and table
'my-table', run:
$ gcloud bigtable authorized-views add-iam-policy-binding \
my-authorized-view --instance='my-instance' --table='my-table' \
--member='user:test-user@gmail.com' \
--role='roles/bigtable.admin' \
--condition='expression=request.time <
timestamp("2021-01-01T00:00:00Z"),title=expires_end_of_2020,descrip\
tion=Expires at midnight on 2020-12-31'
See https://cloud.google.com/iam/docs/managing-policies for details of
policy role and member types.
POSITIONAL ARGUMENTS
Authorized view resource - Cloud Bigtable authorized view to add the IAM
policy binding to. The arguments in this group can be used to specify the
attributes of this resource. (NOTE) Some attributes are not given
arguments in this group but can be set in other ways.
To set the project attribute:
◆ provide the argument authorized_view on the command line with a fully
specified name;
◆ provide the argument --project on the command line;
◆ set the property core/project.
This must be specified.
AUTHORIZED_VIEW
ID of the authorized-view or fully qualified identifier for the
authorized-view.
To set the authorized_view attribute:
▸ provide the argument authorized_view on the command line.
This positional argument must be specified if any of the other
arguments in this group are specified.
--instance=INSTANCE
Name of the Cloud Bigtable instance.
To set the instance attribute:
▸ provide the argument authorized_view on the command line with a
fully specified name;
▸ provide the argument --instance on the command line.
--table=TABLE
Name of the Cloud Bigtable table.
To set the table attribute:
▸ provide the argument authorized_view on the command line with a
fully specified name;
▸ provide the argument --table on the command line.
REQUIRED FLAGS
--member=PRINCIPAL
The principal to add the binding for. Should be of the form
user|group|serviceAccount:email or domain:domain.
Examples: user:test-user@gmail.com, group:admins@example.com,
serviceAccount:test123@example.domain.com, or
domain:example.domain.com.
Some resources also accept the following special values:
◆ allUsers - Special identifier that represents anyone who is on the
internet, with or without a Google account.
◆ allAuthenticatedUsers - Special identifier that represents anyone
who is authenticated with a Google account or a service account.
--role=ROLE
Role name to assign to the principal. The role name is the complete
path of a predefined role, such as roles/logging.viewer, or the role ID
for a custom role, such as
organizations/{ORGANIZATION_ID}/roles/logging.viewer.
OPTIONAL FLAGS
At most one of these can be specified:
--condition=[KEY=VALUE,...]
A condition to include in the binding. When the condition is
explicitly specified as None (--condition=None), a binding without a
condition is added. When the condition is specified and is not None,
--role cannot be a basic role. Basic roles are roles/editor,
roles/owner, and roles/viewer. For more on conditions, refer to the
conditions overview guide:
https://cloud.google.com/iam/docs/conditions-overview
When using the --condition flag, include the following key-value
pairs:
expression
(Required) Condition expression that evaluates to True or False.
This uses a subset of Common Expression Language syntax.
If the condition expression includes a comma, use a different
delimiter to separate the key-value pairs. Specify the delimiter
before listing the key-value pairs. For example, to specify a
colon (:) as the delimiter, do the following:
--condition=^:^title=TITLE:expression=EXPRESSION. For more
information, see
https://cloud.google.com/sdk/gcloud/reference/topic/escaping.
title
(Required) A short string describing the purpose of the
expression.
description
(Optional) Additional description for the expression.
--condition-from-file=PATH_TO_FILE
Path to a local JSON or YAML file that defines the condition. To see
available fields, see the help for --condition. Use a full or
relative path to a local file containing the value of condition.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
API REFERENCE
This command uses the bigtableadmin/v2 API. The full documentation for this
API can be found at: https://cloud.google.com/bigtable/
NOTES
These variants are also available:
$ gcloud alpha bigtable authorized-views add-iam-policy-binding
$ gcloud beta bigtable authorized-views add-iam-policy-binding