mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-11 15:39:42 +00:00
159 lines
6.6 KiB
Text
159 lines
6.6 KiB
Text
NAME
|
|
gcloud bigtable authorized-views add-iam-policy-binding - add an IAM policy
|
|
binding to a Cloud Bigtable authorized view
|
|
|
|
SYNOPSIS
|
|
gcloud bigtable authorized-views add-iam-policy-binding
|
|
(AUTHORIZED_VIEW : --instance=INSTANCE --table=TABLE)
|
|
--member=PRINCIPAL --role=ROLE
|
|
[--condition=[KEY=VALUE,...] | --condition-from-file=PATH_TO_FILE]
|
|
[GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
Add an IAM policy binding to a Cloud Bigtable authorized view. One binding
|
|
consists of a member, a role, and an optional condition.
|
|
|
|
EXAMPLES
|
|
To add an IAM policy binding for the role of 'roles/editor' for the user
|
|
'test-user@gmail.com' with authorized view 'my-authorized-view' in instance
|
|
'my-instance' and table 'my-table', run:
|
|
|
|
$ gcloud bigtable authorized-views add-iam-policy-binding \
|
|
my-authorized-view --instance='my-instance' --table='my-table' \
|
|
--member='user:test-user@gmail.com' --role='roles/editor'
|
|
|
|
To add an IAM policy binding which expires at the end of the year 2020 for
|
|
the role of 'roles/bigtable.admin' and the user 'test-user@gmail.com' with
|
|
authorized view 'my-authorized-view' in instance 'my-instance' and table
|
|
'my-table', run:
|
|
|
|
$ gcloud bigtable authorized-views add-iam-policy-binding \
|
|
my-authorized-view --instance='my-instance' --table='my-table' \
|
|
--member='user:test-user@gmail.com' \
|
|
--role='roles/bigtable.admin' \
|
|
--condition='expression=request.time <
|
|
timestamp("2021-01-01T00:00:00Z"),title=expires_end_of_2020,descrip\
|
|
tion=Expires at midnight on 2020-12-31'
|
|
|
|
See https://cloud.google.com/iam/docs/managing-policies for details of
|
|
policy role and member types.
|
|
|
|
POSITIONAL ARGUMENTS
|
|
Authorized view resource - Cloud Bigtable authorized view to add the IAM
|
|
policy binding to. The arguments in this group can be used to specify the
|
|
attributes of this resource. (NOTE) Some attributes are not given
|
|
arguments in this group but can be set in other ways.
|
|
|
|
To set the project attribute:
|
|
◆ provide the argument authorized_view on the command line with a fully
|
|
specified name;
|
|
◆ provide the argument --project on the command line;
|
|
◆ set the property core/project.
|
|
|
|
This must be specified.
|
|
|
|
AUTHORIZED_VIEW
|
|
ID of the authorized-view or fully qualified identifier for the
|
|
authorized-view.
|
|
|
|
To set the authorized_view attribute:
|
|
▸ provide the argument authorized_view on the command line.
|
|
|
|
This positional argument must be specified if any of the other
|
|
arguments in this group are specified.
|
|
|
|
--instance=INSTANCE
|
|
Name of the Cloud Bigtable instance.
|
|
|
|
To set the instance attribute:
|
|
▸ provide the argument authorized_view on the command line with a
|
|
fully specified name;
|
|
▸ provide the argument --instance on the command line.
|
|
|
|
--table=TABLE
|
|
Name of the Cloud Bigtable table.
|
|
|
|
To set the table attribute:
|
|
▸ provide the argument authorized_view on the command line with a
|
|
fully specified name;
|
|
▸ provide the argument --table on the command line.
|
|
|
|
REQUIRED FLAGS
|
|
--member=PRINCIPAL
|
|
The principal to add the binding for. Should be of the form
|
|
user|group|serviceAccount:email or domain:domain.
|
|
|
|
Examples: user:test-user@gmail.com, group:admins@example.com,
|
|
serviceAccount:test123@example.domain.com, or
|
|
domain:example.domain.com.
|
|
|
|
Some resources also accept the following special values:
|
|
◆ allUsers - Special identifier that represents anyone who is on the
|
|
internet, with or without a Google account.
|
|
◆ allAuthenticatedUsers - Special identifier that represents anyone
|
|
who is authenticated with a Google account or a service account.
|
|
|
|
--role=ROLE
|
|
Role name to assign to the principal. The role name is the complete
|
|
path of a predefined role, such as roles/logging.viewer, or the role ID
|
|
for a custom role, such as
|
|
organizations/{ORGANIZATION_ID}/roles/logging.viewer.
|
|
|
|
OPTIONAL FLAGS
|
|
At most one of these can be specified:
|
|
|
|
--condition=[KEY=VALUE,...]
|
|
A condition to include in the binding. When the condition is
|
|
explicitly specified as None (--condition=None), a binding without a
|
|
condition is added. When the condition is specified and is not None,
|
|
--role cannot be a basic role. Basic roles are roles/editor,
|
|
roles/owner, and roles/viewer. For more on conditions, refer to the
|
|
conditions overview guide:
|
|
https://cloud.google.com/iam/docs/conditions-overview
|
|
|
|
When using the --condition flag, include the following key-value
|
|
pairs:
|
|
|
|
expression
|
|
(Required) Condition expression that evaluates to True or False.
|
|
This uses a subset of Common Expression Language syntax.
|
|
|
|
If the condition expression includes a comma, use a different
|
|
delimiter to separate the key-value pairs. Specify the delimiter
|
|
before listing the key-value pairs. For example, to specify a
|
|
colon (:) as the delimiter, do the following:
|
|
--condition=^:^title=TITLE:expression=EXPRESSION. For more
|
|
information, see
|
|
https://cloud.google.com/sdk/gcloud/reference/topic/escaping.
|
|
|
|
title
|
|
(Required) A short string describing the purpose of the
|
|
expression.
|
|
|
|
description
|
|
(Optional) Additional description for the expression.
|
|
|
|
--condition-from-file=PATH_TO_FILE
|
|
Path to a local JSON or YAML file that defines the condition. To see
|
|
available fields, see the help for --condition. Use a full or
|
|
relative path to a local file containing the value of condition.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
API REFERENCE
|
|
This command uses the bigtableadmin/v2 API. The full documentation for this
|
|
API can be found at: https://cloud.google.com/bigtable/
|
|
|
|
NOTES
|
|
These variants are also available:
|
|
|
|
$ gcloud alpha bigtable authorized-views add-iam-policy-binding
|
|
|
|
$ gcloud beta bigtable authorized-views add-iam-policy-binding
|
|
|