davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/__init__.py Normal file
View File

@@ -0,0 +1,84 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""The super-group for the IAM CLI."""
from googlecloudsdk.calliope import base
from surface.iam import _init_extensions as extensions
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
@base.Autogenerated
class IamAlpha(extensions.IamAlpha):
"""Manage IAM service accounts and keys.
The gcloud iam command group lets you manage Google Cloud Identity &
Access Management (IAM) service accounts and keys.
Cloud IAM authorizes who can take action on specific resources, giving you
full control and visibility to manage cloud resources centrally. For
established enterprises with complex organizational structures, hundreds of
workgroups and potentially many more projects, Cloud IAM provides a unified
view into security policy across your entire organization, with built-in
auditing to ease compliance processes.
More information on Cloud IAM can be found here:
https://cloud.google.com/iam and detailed documentation can be found here:
https://cloud.google.com/iam/docs/.
"""
@base.ReleaseTracks(base.ReleaseTrack.BETA)
@base.Autogenerated
class IamBeta(extensions.IamBeta):
"""Manage IAM service accounts and keys.
The gcloud iam command group lets you manage Google Cloud Identity &
Access Management (IAM) service accounts and keys.
Cloud IAM authorizes who can take action on specific resources, giving you
full control and visibility to manage cloud resources centrally. For
established enterprises with complex organizational structures, hundreds of
workgroups and potentially many more projects, Cloud IAM provides a unified
view into security policy across your entire organization, with built-in
auditing to ease compliance processes.
More information on Cloud IAM can be found here:
https://cloud.google.com/iam and detailed documentation can be found here:
https://cloud.google.com/iam/docs/.
"""
@base.ReleaseTracks(base.ReleaseTrack.GA)
@base.Autogenerated
class IamGa(extensions.IamGa):
"""Manage IAM service accounts and keys.
The gcloud iam command group lets you manage Google Cloud Identity &
Access Management (IAM) service accounts and keys.
Cloud IAM authorizes who can take action on specific resources, giving you
full control and visibility to manage cloud resources centrally. For
established enterprises with complex organizational structures, hundreds of
workgroups and potentially many more projects, Cloud IAM provides a unified
view into security policy across your entire organization, with built-in
auditing to ease compliance processes.
More information on Cloud IAM can be found here:
https://cloud.google.com/iam and detailed documentation can be found here:
https://cloud.google.com/iam/docs/.
"""

61
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/_init_extensions.py Normal file
View File

@@ -0,0 +1,61 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""File to add optional custom code to extend __init__.py."""
from googlecloudsdk.calliope import base
class IamAlpha(base.Group):
"""Optional no-auto-generated code for ALPHA."""
category = base.IDENTITY_AND_SECURITY_CATEGORY
def Filter(self, context, args):
# TODO(b/190535430): Determine if command group works with project number
base.RequireProjectID(args)
base.DisableUserProjectQuota()
self.EnableSelfSignedJwtForTracks(
[base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA]
)
class IamBeta(base.Group):
"""Optional no-auto-generated code for BETA."""
category = base.IDENTITY_AND_SECURITY_CATEGORY
def Filter(self, context, args):
# TODO(b/190535430): Determine if command group works with project number
base.RequireProjectID(args)
base.DisableUserProjectQuota()
self.EnableSelfSignedJwtForTracks(
[base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA]
)
class IamGa(base.Group):
"""Optional no-auto-generated code for GA."""
category = base.IDENTITY_AND_SECURITY_CATEGORY
def Filter(self, context, args):
# TODO(b/190535430): Determine if command group works with project number
base.RequireProjectID(args)
base.DisableUserProjectQuota()
self.EnableSelfSignedJwtForTracks(
[base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA]
)

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/__init__.py Normal file
View File

@@ -0,0 +1,34 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""Manage Access Policy resources."""
from googlecloudsdk.calliope import base
from surface.iam.access_policies import _init_extensions as extensions
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
@base.Autogenerated
@base.Hidden
class AccessPoliciesAlpha(extensions.AccessPoliciesAlpha):
"""Manage Access Policy resources."""
@base.ReleaseTracks(base.ReleaseTrack.BETA)
@base.Autogenerated
class AccessPoliciesBeta(extensions.AccessPoliciesBeta):
"""Manage Access Policy resources."""

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_init_extensions.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""File to add optional custom code to extend __init__.py."""
from googlecloudsdk.calliope import base
class AccessPoliciesAlpha(base.Group):
"""Optional no-auto-generated code for ALPHA."""
class AccessPoliciesBeta(base.Group):
"""Optional no-auto-generated code for BETA."""
class AccessPoliciesGa(base.Group):
"""Optional no-auto-generated code for GA."""

208
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_create_alpha.yaml Normal file
View File

@@ -0,0 +1,208 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Create AccessPolicy instance.
description: |
Create AccessPolicy instance.
examples: |-
To create a policy instance called `my-policy`, run:
$ {command} my-policy --organization=123 --location=global --details.rules=rule1.json
arguments:
params:
- help_text: |-
Identifier. The resource name of the access policy.
The following formats are supported:
* `projects/{project_id}/locations/{location}/accessPolicies/{policy_id}`
* `projects/{project_number}/locations/{location}/accessPolicies/{policy_id}`
* `folders/{folder_id}/locations/{location}/accessPolicies/{policy_id}`
* `organizations/{organization_id}/locations/{location}/accessPolicies/{policy_id}`
is_positional: true
is_primary_resource: true
request_id_field: accessPolicyId
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations_access_policies
required: true
- arg_name: etag
api_field: googleIamV3alphaAccessPolicy.etag
required: false
repeated: false
help_text: |-
The etag for the access policy.
If this is provided on update, it must match the server's etag.
- arg_name: display-name
api_field: googleIamV3alphaAccessPolicy.displayName
required: false
repeated: false
help_text: |-
The description of the access policy. Must be less than
or equal to 63 characters.
- arg_name: annotations
api_field: googleIamV3alphaAccessPolicy.annotations
required: false
repeated: true
help_text: |-
User defined annotations. See https://google.aip.dev/148#annotations for
more details such as format and size limitations
spec:
- api_field: key
- api_field: value
- group:
api_field: googleIamV3alphaAccessPolicy.details
required: false
help_text: |-
Access policy details.
params:
- arg_name: details-rules
api_field: googleIamV3alphaAccessPolicy.details.rules
required: true
repeated: true
help_text: |-
A list of access policy rules.
spec:
- api_field: description
one_of_index: 0
help_text: |-
Customer specified description of the rule. Must be less than or equal to
256 characters.
- api_field: effect
one_of_index: 1
help_text: |-
The effect of the rule.
- api_field: principals
help_text: |-
The identities for which this rule's effect governs using one or more
permissions on Google Cloud resources. This field can contain the
following values:
* `principal://goog/subject/{email_id}`: A specific Google Account.
Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
example, `principal://goog/subject/alice@example.com`.
If an identifier that was previously set on a policy is soft deleted, then
calls to read that policy will return the identifier with a deleted
prefix. Users cannot set identifiers with this syntax.
* `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
Google Account that was deleted recently. For example,
`deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
the Google Account is recovered, this identifier reverts to the standard
identifier for a Google Account.
* `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
that was deleted recently. For example,
`deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
If the Google group is restored, this identifier reverts to the standard
identifier for a Google group.
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
A Google Cloud service account that was deleted recently. For example,
`deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
If the service account is undeleted, this identifier reverts to the
standard identifier for a service account.
- api_field: excludedPrincipals
help_text: |-
The identities that are excluded from the access policy rule, even if they
are listed in the `principals`. For example, you could add a Google
group to the `principals`, then exclude specific users who belong to
that group.
- api_field: permissions
help_text: |-
The permissions that are explicitly affected by this rule. Each permission
uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
is the fully qualified domain name for the service.
Currently supported permissions are as follows:
* `eventarc.googleapis.com/messageBuses.publish`.
- api_field: excludedPermissions
help_text: |-
Specifies the permissions that this rule excludes from the set of affected
permissions given by `permissions`. If a permission appears in
`permissions` _and_ in `excluded_permissions` then it will _not_ be
subject to the policy effect.
The excluded permissions can be specified using the same syntax as
`permissions`.
- api_field: activationConditions
help_text: |-
The conditions that determine whether this rule applies to a request.
Conditions are identified by their key, which is the FQDN of the service
that they are relevant to. For example: `"activationConditions": {
"iam.googleapis.com": {
"cel_condition": <cel expression>
}
}`. Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
* `eventarc.googleapis.com`
spec:
- api_field: key
- api_field: value
spec:
- api_field: celCondition
help_text: |-
The CEL condition that will be evaluated to determine rule applicability.
Note that the attributes and functions that can be used in the condition
will be limited by the namespace it is associated with in the
`activation_conditions` map.
Expr.expression must be less than 512 characters in length.
spec:
- api_field: expression
help_text: |-
Textual representation of an expression in Common Expression Language
syntax.
- api_field: title
help_text: |-
Title for the expression, i.e. a short string describing
its purpose. This can be used e.g. in UIs which allow to enter the
expression.
- api_field: description
help_text: |-
Description of the expression. This is a longer text which
describes the expression, e.g. when hovered over it in a UI.
- api_field: location
help_text: |-
String indicating the location of the expression for error
reporting, e.g. a file name and a position in the file.
- arg_name: validate-only
api_field: validateOnly
action: store_true
required: false
type: bool
help_text: |-
If set, validate the request and preview the creation, but do not actually
post it.
default: null
request:
api_version: v3alpha
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations

210
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_create_beta.yaml Normal file
View File

@@ -0,0 +1,210 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: Create AccessPolicy instance.
description: |
Create AccessPolicy instance.
examples: |-
To create a policy instance called `my-policy`, run:
$ {command} my-policy --organization=123 --location=global --details.rules=rule1.json
arguments:
params:
- help_text: |-
Identifier. The resource name of the access policy.
The following formats are supported:
* `projects/{project_id}/locations/{location}/accessPolicies/{policy_id}`
* `projects/{project_number}/locations/{location}/accessPolicies/{policy_id}`
* `folders/{folder_id}/locations/{location}/accessPolicies/{policy_id}`
* `organizations/{organization_id}/locations/{location}/accessPolicies/{policy_id}`
is_positional: true
is_primary_resource: true
request_id_field: accessPolicyId
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations_access_policies
required: true
- arg_name: etag
api_field: googleIamV3betaAccessPolicy.etag
required: false
repeated: false
help_text: |-
The etag for the access policy.
If this is provided on update, it must match the server's etag.
- arg_name: display-name
api_field: googleIamV3betaAccessPolicy.displayName
required: false
repeated: false
help_text: |-
The description of the access policy. Must be less than
or equal to 63 characters.
- arg_name: annotations
api_field: googleIamV3betaAccessPolicy.annotations
required: false
repeated: true
help_text: |-
User defined annotations. See https://google.aip.dev/148#annotations for
more details such as format and size limitations
spec:
- api_field: key
- api_field: value
- group:
api_field: googleIamV3betaAccessPolicy.details
required: false
help_text: |-
Access policy details.
params:
- arg_name: details-rules
api_field: googleIamV3betaAccessPolicy.details.rules
required: true
repeated: true
help_text: |-
A list of access policy rules.
spec:
- api_field: description
one_of_index: 0
help_text: |-
Customer specified description of the rule. Must be less than or equal to
256 characters.
- api_field: effect
one_of_index: 1
help_text: |-
The effect of the rule.
- api_field: principals
help_text: |-
The identities for which this rule's effect governs using one or more
permissions on Google Cloud resources. This field can contain the
following values:
* `principal://goog/subject/{email_id}`: A specific Google Account.
Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
example, `principal://goog/subject/alice@example.com`.
If an identifier that was previously set on a policy is soft deleted, then
calls to read that policy will return the identifier with a deleted
prefix. Users cannot set identifiers with this syntax.
* `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
Google Account that was deleted recently. For example,
`deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
the Google Account is recovered, this identifier reverts to the standard
identifier for a Google Account.
* `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
that was deleted recently. For example,
`deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
If the Google group is restored, this identifier reverts to the standard
identifier for a Google group.
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
A Google Cloud service account that was deleted recently. For example,
`deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
If the service account is undeleted, this identifier reverts to the
standard identifier for a service account.
- api_field: excludedPrincipals
help_text: |-
The identities that are excluded from the access policy rule, even if they
are listed in the `principals`. For example, you could add a Google
group to the `principals`, then exclude specific users who belong to
that group.
- api_field: operation
help_text: |-
Attributes that are used to determine whether this rule applies to a
request.
spec:
- api_field: permissions
help_text: |-
The permissions that are explicitly affected by this rule. Each
permission uses the format `{service_fqdn}/{resource}.{verb}`, where
`{service_fqdn}` is the fully qualified domain name for the service.
Currently supported permissions are as follows:
* `eventarc.googleapis.com/messageBuses.publish`.
- api_field: excludedPermissions
help_text: |-
Specifies the permissions that this rule excludes from the set of
affected permissions given by `permissions`. If a permission appears in
`permissions` _and_ in `excluded_permissions` then it will _not_ be
subject to the policy effect.
The excluded permissions can be specified using the same syntax as
`permissions`.
- api_field: conditions
help_text: |-
The conditions that determine whether this rule applies to a request.
Conditions are identified by their key, which is the FQDN of the service
that they are relevant to. For example: `"conditions": {
"iam.googleapis.com": <cel expression>
}`. Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
* `eventarc.googleapis.com`: Can use `CEL` functions that evaluate
resource fields.
* `iam.googleapis.com`: Can use `CEL` functions that evaluate
[resource
tags](https://cloud.google.com/iam/help/conditions/resource-tags) and
combine them using boolean and logical operators. Other functions and
operators are not supported.
spec:
- api_field: key
- api_field: value
spec:
- api_field: expression
help_text: |-
Textual representation of an expression in Common Expression Language
syntax.
- api_field: title
help_text: |-
Title for the expression, i.e. a short string describing
its purpose. This can be used e.g. in UIs which allow to enter the
expression.
- api_field: description
help_text: |-
Description of the expression. This is a longer text which
describes the expression, e.g. when hovered over it in a UI.
- api_field: location
help_text: |-
String indicating the location of the expression for error
reporting, e.g. a file name and a position in the file.
- arg_name: validate-only
api_field: validateOnly
action: store_true
required: false
type: bool
help_text: |-
If set, validate the request and preview the creation, but do not actually
post it.
default: null
request:
api_version: v3beta
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations

79
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_delete_alpha.yaml Normal file
View File

@@ -0,0 +1,79 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Delete AccessPolicy instance.
description: |
Delete AccessPolicy instance.
examples: |-
To delete `my-policy` instance, run:
$ {command} my-policy
arguments:
params:
- help_text: |-
The name of the access policy to delete.
Format:
`projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}`
`projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`
`folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}`
`organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations_access_policies
required: true
- arg_name: etag
api_field: etag
required: false
repeated: false
help_text: |-
The etag of the access policy. If this is provided, it must match the
server's etag.
- arg_name: validate-only
api_field: validateOnly
action: store_true
required: false
type: bool
help_text: |-
If set, validate the request and preview the deletion, but do not actually
post it.
default: null
- arg_name: force
api_field: force
action: store_true
required: false
type: bool
help_text: |-
If set to true, the request will force the deletion of the Policy even if
the Policy references PolicyBindings.
default: null
request:
api_version: v3alpha
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations

78
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_delete_beta.yaml Normal file
View File

@@ -0,0 +1,78 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: Delete AccessPolicy instance.
description: |
Delete AccessPolicy instance.
examples: |-
To delete `my-policy` instance, run:
$ {command} my-policy
arguments:
params:
- help_text: |-
The name of the access policy to delete.
Format:
`projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}`
`projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`
`folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}`
`organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations_access_policies
required: true
- arg_name: etag
api_field: etag
required: false
repeated: false
help_text: |-
The etag of the access policy. If this is provided, it must match the
server's etag.
- arg_name: validate-only
api_field: validateOnly
action: store_true
required: false
type: bool
help_text: |-
If set, validate the request and preview the deletion, but do not actually
post it.
default: null
- arg_name: force
api_field: force
action: store_true
required: false
type: bool
help_text: |-
If set to true, the request will force the deletion of the Policy even if
the Policy references PolicyBindings.
default: null
request:
api_version: v3beta
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations

49
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_describe_alpha.yaml Normal file
View File

@@ -0,0 +1,49 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Get AccessPolicy instance.
description: |
Get AccessPolicy instance.
examples: |-
To get the details of a single policy `my-policy` in organization `123`, run:
$ {command} my-policy --organization=123 --location=global
arguments:
params:
- help_text: |-
The name of the access policy to retrieve.
Format:
`projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}`
`projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`
`folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}`
`organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations_access_policies
required: true
request:
api_version: v3alpha
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies

48
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_describe_beta.yaml Normal file
View File

@@ -0,0 +1,48 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: Get AccessPolicy instance.
description: |
Get AccessPolicy instance.
examples: |-
To get the details of a single policy `my-policy` in organization `123`, run:
$ {command} my-policy --organization=123 --location=global
arguments:
params:
- help_text: |-
The name of the access policy to retrieve.
Format:
`projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}`
`projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`
`folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}`
`organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations_access_policies
required: true
request:
api_version: v3beta
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies

52
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_list_alpha.yaml Normal file
View File

@@ -0,0 +1,52 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: List AccessPolicy instances.
description: |
List AccessPolicy instances.
examples: |-
To list all policy instances in organization `123`, run:
$ {command} --organization=123 --location=global
arguments:
params:
- help_text: |-
The parent resource, which owns the collection of access policy
resources.
Format:
`projects/{project_id}/locations/{location}`
`projects/{project_number}/locations/{location}`
`folders/{folder_id}/locations/{location}`
`organizations/{organization_id}/locations/{location}`
is_positional: false
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations
required: true
request:
api_version: v3alpha
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies
response:
id_field: name

51
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_list_beta.yaml Normal file
View File

@@ -0,0 +1,51 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: List AccessPolicy instances.
description: |
List AccessPolicy instances.
examples: |-
To list all policy instances in organization `123`, run:
$ {command} --organization=123 --location=global
arguments:
params:
- help_text: |-
The parent resource, which owns the collection of access policy
resources.
Format:
`projects/{project_id}/locations/{location}`
`projects/{project_number}/locations/{location}`
`folders/{folder_id}/locations/{location}`
`organizations/{organization_id}/locations/{location}`
is_positional: false
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations
required: true
request:
api_version: v3beta
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies
response:
id_field: name

49
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_search_policy_bindings_alpha.yaml Normal file
View File

@@ -0,0 +1,49 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: search accessPolicies
description: search accessPolicies
examples: |-
To search all accessPolicies, run:
$ {command}
arguments:
params:
- help_text: |-
The name of the access policy.
Format:
`organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`
`folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}`
`projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}`
`projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations_access_policies
required: true
request:
api_version: v3alpha
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies
method: searchPolicyBindings
command_type: GENERIC

48
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_search_policy_bindings_beta.yaml Normal file
View File

@@ -0,0 +1,48 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: search accessPolicies
description: search accessPolicies
examples: |-
To search all accessPolicies, run:
$ {command}
arguments:
params:
- help_text: |-
The name of the access policy.
Format:
`organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`
`folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}`
`projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}`
`projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations_access_policies
required: true
request:
api_version: v3beta
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies
method: searchPolicyBindings
command_type: GENERIC

212
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_update_alpha.yaml Normal file
View File

@@ -0,0 +1,212 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Update AccessPolicy instance.
description: |
Update AccessPolicy instance.
examples: |-
To update display name of `my-policy` in organization `123`, run:
$ {command} my-policy --organization=123 --location=global --display-name=new-display-name
arguments:
params:
- help_text: |-
Identifier. The resource name of the access policy.
The following formats are supported:
* `projects/{project_id}/locations/{location}/accessPolicies/{policy_id}`
* `projects/{project_number}/locations/{location}/accessPolicies/{policy_id}`
* `folders/{folder_id}/locations/{location}/accessPolicies/{policy_id}`
* `organizations/{organization_id}/locations/{location}/accessPolicies/{policy_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations_access_policies
required: true
- arg_name: etag
api_field: googleIamV3alphaAccessPolicy.etag
required: false
repeated: false
help_text: |-
The etag for the access policy.
If this is provided on update, it must match the server's etag.
- arg_name: display-name
api_field: googleIamV3alphaAccessPolicy.displayName
required: false
repeated: false
help_text: |-
The description of the access policy. Must be less than
or equal to 63 characters.
- arg_name: annotations
api_field: googleIamV3alphaAccessPolicy.annotations
required: false
repeated: true
help_text: |-
User defined annotations. See https://google.aip.dev/148#annotations for
more details such as format and size limitations
clearable: true
spec:
- api_field: key
- api_field: value
- group:
api_field: googleIamV3alphaAccessPolicy.details
arg_name: details
clearable: true
required: false
help_text: |-
Access policy details.
params:
- arg_name: details-rules
api_field: googleIamV3alphaAccessPolicy.details.rules
required: false
repeated: true
help_text: |-
A list of access policy rules.
clearable: true
spec:
- api_field: description
one_of_index: 0
help_text: |-
Customer specified description of the rule. Must be less than or equal to
256 characters.
- api_field: effect
one_of_index: 1
help_text: |-
The effect of the rule.
- api_field: principals
help_text: |-
The identities for which this rule's effect governs using one or more
permissions on Google Cloud resources. This field can contain the
following values:
* `principal://goog/subject/{email_id}`: A specific Google Account.
Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
example, `principal://goog/subject/alice@example.com`.
If an identifier that was previously set on a policy is soft deleted, then
calls to read that policy will return the identifier with a deleted
prefix. Users cannot set identifiers with this syntax.
* `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
Google Account that was deleted recently. For example,
`deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
the Google Account is recovered, this identifier reverts to the standard
identifier for a Google Account.
* `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
that was deleted recently. For example,
`deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
If the Google group is restored, this identifier reverts to the standard
identifier for a Google group.
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
A Google Cloud service account that was deleted recently. For example,
`deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
If the service account is undeleted, this identifier reverts to the
standard identifier for a service account.
- api_field: excludedPrincipals
help_text: |-
The identities that are excluded from the access policy rule, even if they
are listed in the `principals`. For example, you could add a Google
group to the `principals`, then exclude specific users who belong to
that group.
- api_field: permissions
help_text: |-
The permissions that are explicitly affected by this rule. Each permission
uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
is the fully qualified domain name for the service.
Currently supported permissions are as follows:
* `eventarc.googleapis.com/messageBuses.publish`.
- api_field: excludedPermissions
help_text: |-
Specifies the permissions that this rule excludes from the set of affected
permissions given by `permissions`. If a permission appears in
`permissions` _and_ in `excluded_permissions` then it will _not_ be
subject to the policy effect.
The excluded permissions can be specified using the same syntax as
`permissions`.
- api_field: activationConditions
help_text: |-
The conditions that determine whether this rule applies to a request.
Conditions are identified by their key, which is the FQDN of the service
that they are relevant to. For example: `"activationConditions": {
"iam.googleapis.com": {
"cel_condition": <cel expression>
}
}`. Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
* `eventarc.googleapis.com`
spec:
- api_field: key
- api_field: value
spec:
- api_field: celCondition
help_text: |-
The CEL condition that will be evaluated to determine rule applicability.
Note that the attributes and functions that can be used in the condition
will be limited by the namespace it is associated with in the
`activation_conditions` map.
Expr.expression must be less than 512 characters in length.
spec:
- api_field: expression
help_text: |-
Textual representation of an expression in Common Expression Language
syntax.
- api_field: title
help_text: |-
Title for the expression, i.e. a short string describing
its purpose. This can be used e.g. in UIs which allow to enter the
expression.
- api_field: description
help_text: |-
Description of the expression. This is a longer text which
describes the expression, e.g. when hovered over it in a UI.
- api_field: location
help_text: |-
String indicating the location of the expression for error
reporting, e.g. a file name and a position in the file.
- arg_name: validate-only
api_field: validateOnly
action: store_true_false
required: false
type: bool
help_text: |-
If set, validate the request and preview the update, but do not actually
post it.
request:
api_version: v3alpha
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations
update:
read_modify_update: true

214
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/_partials/_update_beta.yaml Normal file
View File

@@ -0,0 +1,214 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: Update AccessPolicy instance.
description: |
Update AccessPolicy instance.
examples: |-
To update display name of `my-policy` in organization `123`, run:
$ {command} my-policy --organization=123 --location=global --display-name=new-display-name
arguments:
params:
- help_text: |-
Identifier. The resource name of the access policy.
The following formats are supported:
* `projects/{project_id}/locations/{location}/accessPolicies/{policy_id}`
* `projects/{project_number}/locations/{location}/accessPolicies/{policy_id}`
* `folders/{folder_id}/locations/{location}/accessPolicies/{policy_id}`
* `organizations/{organization_id}/locations/{location}/accessPolicies/{policy_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations_access_policies
required: true
- arg_name: etag
api_field: googleIamV3betaAccessPolicy.etag
required: false
repeated: false
help_text: |-
The etag for the access policy.
If this is provided on update, it must match the server's etag.
- arg_name: display-name
api_field: googleIamV3betaAccessPolicy.displayName
required: false
repeated: false
help_text: |-
The description of the access policy. Must be less than
or equal to 63 characters.
- arg_name: annotations
api_field: googleIamV3betaAccessPolicy.annotations
required: false
repeated: true
help_text: |-
User defined annotations. See https://google.aip.dev/148#annotations for
more details such as format and size limitations
clearable: true
spec:
- api_field: key
- api_field: value
- group:
api_field: googleIamV3betaAccessPolicy.details
arg_name: details
clearable: true
required: false
help_text: |-
Access policy details.
params:
- arg_name: details-rules
api_field: googleIamV3betaAccessPolicy.details.rules
required: false
repeated: true
help_text: |-
A list of access policy rules.
clearable: true
spec:
- api_field: description
one_of_index: 0
help_text: |-
Customer specified description of the rule. Must be less than or equal to
256 characters.
- api_field: effect
one_of_index: 1
help_text: |-
The effect of the rule.
- api_field: principals
help_text: |-
The identities for which this rule's effect governs using one or more
permissions on Google Cloud resources. This field can contain the
following values:
* `principal://goog/subject/{email_id}`: A specific Google Account.
Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
example, `principal://goog/subject/alice@example.com`.
If an identifier that was previously set on a policy is soft deleted, then
calls to read that policy will return the identifier with a deleted
prefix. Users cannot set identifiers with this syntax.
* `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
Google Account that was deleted recently. For example,
`deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
the Google Account is recovered, this identifier reverts to the standard
identifier for a Google Account.
* `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
that was deleted recently. For example,
`deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
If the Google group is restored, this identifier reverts to the standard
identifier for a Google group.
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
A Google Cloud service account that was deleted recently. For example,
`deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
If the service account is undeleted, this identifier reverts to the
standard identifier for a service account.
- api_field: excludedPrincipals
help_text: |-
The identities that are excluded from the access policy rule, even if they
are listed in the `principals`. For example, you could add a Google
group to the `principals`, then exclude specific users who belong to
that group.
- api_field: operation
help_text: |-
Attributes that are used to determine whether this rule applies to a
request.
spec:
- api_field: permissions
help_text: |-
The permissions that are explicitly affected by this rule. Each
permission uses the format `{service_fqdn}/{resource}.{verb}`, where
`{service_fqdn}` is the fully qualified domain name for the service.
Currently supported permissions are as follows:
* `eventarc.googleapis.com/messageBuses.publish`.
- api_field: excludedPermissions
help_text: |-
Specifies the permissions that this rule excludes from the set of
affected permissions given by `permissions`. If a permission appears in
`permissions` _and_ in `excluded_permissions` then it will _not_ be
subject to the policy effect.
The excluded permissions can be specified using the same syntax as
`permissions`.
- api_field: conditions
help_text: |-
The conditions that determine whether this rule applies to a request.
Conditions are identified by their key, which is the FQDN of the service
that they are relevant to. For example: `"conditions": {
"iam.googleapis.com": <cel expression>
}`. Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
* `eventarc.googleapis.com`: Can use `CEL` functions that evaluate
resource fields.
* `iam.googleapis.com`: Can use `CEL` functions that evaluate
[resource
tags](https://cloud.google.com/iam/help/conditions/resource-tags) and
combine them using boolean and logical operators. Other functions and
operators are not supported.
spec:
- api_field: key
- api_field: value
spec:
- api_field: expression
help_text: |-
Textual representation of an expression in Common Expression Language
syntax.
- api_field: title
help_text: |-
Title for the expression, i.e. a short string describing
its purpose. This can be used e.g. in UIs which allow to enter the
expression.
- api_field: description
help_text: |-
Description of the expression. This is a longer text which
describes the expression, e.g. when hovered over it in a UI.
- api_field: location
help_text: |-
String indicating the location of the expression for error
reporting, e.g. a file name and a position in the file.
- arg_name: validate-only
api_field: validateOnly
action: store_true_false
required: false
type: bool
help_text: |-
If set, validate the request and preview the update, but do not actually
post it.
request:
api_version: v3beta
collection:
- iam.folders.locations.accessPolicies
- iam.organizations.locations.accessPolicies
- iam.projects.locations.accessPolicies
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations
update:
read_modify_update: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/create.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/delete.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/describe.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/list.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/search_policy_bindings.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/access_policies/update.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

89
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/list_grantable_roles.py Normal file
View File

@@ -0,0 +1,89 @@
# -*- coding: utf-8 -*- #
# Copyright 2015 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for listing grantable roles for a given resource."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from apitools.base.py import list_pager
from googlecloudsdk.api_lib.iam import exceptions
from googlecloudsdk.api_lib.iam import util
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import flags
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.core import resources
@base.UniverseCompatible
class ListGrantableRoles(base.Command):
"""List IAM grantable roles for a resource.
This command displays the list of grantable roles for a resource.
The resource can be referenced either via the full resource name or via a URI.
User can then add IAM policy bindings to grant the roles.
"""
detailed_help = {
'EXAMPLES': textwrap.dedent("""\
List grantable roles for a project:
$ {command} //cloudresourcemanager.googleapis.com/projects/PROJECT_ID
List grantable roles for a resource identified via full resource name:
$ {command} //compute.googleapis.com/projects/example-project/zones/us-central1-f/instances/example-instance
List grantable roles for a resource identified via URI:
$ {command} \\
https://www.googleapis.com/compute/v1/projects/example-project/zones/us-central1-f/instances/example-instance
"""),
}
@staticmethod
def Args(parser):
flags.GetResourceNameFlag('get the list of roles for').AddToParser(parser)
base.FILTER_FLAG.AddToParser(parser)
base.PAGE_SIZE_FLAG.AddToParser(parser)
base.PAGE_SIZE_FLAG.SetDefault(parser, 300)
def Run(self, args):
resource = None
if args.resource.startswith('//'):
# The atomic resource path inputted, just use this
resource = args.resource
if args.resource.startswith('http'):
# This is a full resource URL that needs to be converted to an atomic path
resource_ref = resources.REGISTRY.Parse(args.resource)
resource = iam_util.GetFullResourceName(resource_ref)
if not resource:
raise exceptions.InvalidResourceException(
'The given resource is not a valid full resource name or URL.'
)
client, messages = util.GetClientAndMessages()
return list_pager.YieldFromList(
client.roles,
messages.QueryGrantableRolesRequest(fullResourceName=resource),
field='roles',
method='QueryGrantableRoles',
batch_size=args.page_size,
batch_size_attribute='pageSize',
)

73
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/list_testable_permissions.py Normal file
View File

@@ -0,0 +1,73 @@
# -*- coding: utf-8 -*- #
# Copyright 2016 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for listing testable permissions for a given resource."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from apitools.base.py import list_pager
from googlecloudsdk.api_lib.iam import exceptions
from googlecloudsdk.api_lib.iam import util
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import flags
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.core import resources
class ListTestablePermissions(base.Command):
"""List IAM testable permissions for a resource.
Testable permissions mean the permissions that user can add or remove in
a role at a given resource.
The resource can be referenced either via the full resource name or via a URI.
## EXAMPLES
List testable permissions for a resource identified via full resource name:
$ {command} //cloudresourcemanager.googleapis.com/organizations/1234567
List testable permissions for a resource identified via URI:
$ {command} https://www.googleapis.com/compute/v1/projects/example-project
"""
@staticmethod
def Args(parser):
flags.GetResourceNameFlag(
'get the testable permissions for').AddToParser(parser)
base.FILTER_FLAG.AddToParser(parser)
def Run(self, args):
resource = None
if args.resource.startswith('//'):
resource = args.resource
elif args.resource.startswith('http'):
resource = iam_util.GetFullResourceName(
resources.REGISTRY.Parse(args.resource))
if not resource:
raise exceptions.InvalidResourceException(
'The given resource is not a valid full resource name or URL.')
client, messages = util.GetClientAndMessages()
return list_pager.YieldFromList(
client.permissions,
messages.QueryTestablePermissionsRequest(fullResourceName=resource),
field='permissions',
method='QueryTestablePermissions',
batch_size_attribute='pageSize')

32
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/__init__.py Normal file
View File

@@ -0,0 +1,32 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The oauth-clients command group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
# TODO: b/369204602 - revisit the annotation
@base.DefaultUniverseOnly
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.GA)
class OauthClients(base.Group):
"""Create and manage OAuth clients.
The {command} group lets you create and manage OAuth clients for
projects on the Google Cloud Platform.
"""

54
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/create.yaml Normal file
View File

@@ -0,0 +1,54 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, GA]
help_text:
brief: Create an OAuth client.
description: |
Create a new OAuth client.
examples: |
The following command creates a disabled OAuth client with ID ``my-oauth-client''
in the default project:
$ {command} my-oauth-client \
--location="global" \
--client-type="confidential-client" \
--display-name="My oauth client" \
--description="My oauth client description" \
--disabled \
--allowed-grant-types="authorization-code-grant,refresh-token-grant" \
--allowed-scopes="https://www.googleapis.com/auth/cloud-platform,openid" \
--allowed-redirect-uris="https://example.com"
request:
collection: iam.projects.locations.oauthClients
arguments:
resource:
help_text: The OAuth client to create.
spec: !REF googlecloudsdk.command_lib.iam.resources:oauth_client
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.client_type
required: true
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.description
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.display_name
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.disabled
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.allowed_grant_types
required: true
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.allowed_scopes
required: true
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.allowed_redirect_uris
required: true

32
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/credentials/__init__.py Normal file
View File

@@ -0,0 +1,32 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The oauth-clients credentials command group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
# TODO: b/369204602 - revisit this annotation
@base.DefaultUniverseOnly
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.GA)
class OauthClientCredentials(base.Group):
"""Create and manage OAuth client credentials.
The {command} group lets you create and manage OAuth client credentials for
projects on the Google Cloud Platform.
"""

41
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/credentials/create.yaml Normal file
View File

@@ -0,0 +1,41 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, GA]
help_text:
brief: Create an OAuth client credential.
description: |
Create a new OAuth client credential.
examples: |
To create a disabled OAuth client credential with ID ``my-oauth-client-credential''
in the default project, run:
$ {command} my-oauth-client-credential \
--location="global" \
--oauth-client="my-oauth-client" \
--display-name="My OAuth client credential" \
--disabled
request:
collection: iam.projects.locations.oauthClients.credentials
arguments:
resource:
help_text: The OAuth client credential to create.
spec: !REF googlecloudsdk.command_lib.iam.resources:oauth_client_credential
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client_credential.display_name
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client_credential.disabled

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/credentials/delete.yaml Normal file
View File

@@ -0,0 +1,34 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, GA]
help_text:
brief: Delete an OAuth client credential.
description: Delete an OAuth client credential.
examples: |
To delete the OAuth client credential with ID ``my-oauth-client-credential''
in the default project, run:
$ {command} my-oauth-client-credential \
--location="global" \
--oauth-client="my-oauth-client"
request:
collection: iam.projects.locations.oauthClients.credentials
arguments:
resource:
help_text: The OAuth client credential to delete.
spec: !REF googlecloudsdk.command_lib.iam.resources:oauth_client_credential
is_positional: true

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/credentials/describe.yaml Normal file
View File

@@ -0,0 +1,34 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, GA]
help_text:
brief: Describe an OAuth client credential.
description: Describe an OAuth client credential.
examples: |
To describe the OAuth client credential with ID ``my-oauth-client-credential''
in the default project, run:
$ {command} my-oauth-client-credential \
--location="global" \
--oauth-client="my-oauth-client"
request:
collection: iam.projects.locations.oauthClients.credentials
arguments:
resource:
help_text: The OAuth client credential you want to describe.
spec: !REF googlecloudsdk.command_lib.iam.resources:oauth_client_credential
is_positional: true

35
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/credentials/list.yaml Normal file
View File

@@ -0,0 +1,35 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, GA]
help_text:
brief: List OAuth client credentials.
description: |
List OAuth client credentials.
examples: |
To list all OAuth client credentials in the default project, run:
$ {command} --location="global" --oauth-client="my-oauth-client"
request:
collection: iam.projects.locations.oauthClients.credentials
arguments:
resource:
help_text: The OAuth client you want to list credentials for.
spec: !REF googlecloudsdk.command_lib.iam.resources:oauth_client
is_positional: false
# the backend list api doesn't support pagination
exclude: ['page-size']

42
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/credentials/update.yaml Normal file
View File

@@ -0,0 +1,42 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, GA]
help_text:
brief: Update an OAuth client credential.
description: |
Update an OAuth client credential.
examples: |
To update the OAuth client credential with ID ``my-oauth-client-credential''
in the default project, run:
$ {command} my-oauth-client-credential \
--location="global" \
--oauth-client="my-oauth-client" \
--display-name="My OAuth client credential" \
--disabled
request:
collection: iam.projects.locations.oauthClients.credentials
method: patch
arguments:
resource:
help_text: The OAuth client credential to update.
spec: !REF googlecloudsdk.command_lib.iam.resources:oauth_client_credential
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client_credential.display_name
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client_credential.disabled

33
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/delete.yaml Normal file
View File

@@ -0,0 +1,33 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, GA]
help_text:
brief: Delete an OAuth client.
description: |
Delete an OAuth client.
examples: |
The following command deletes the OAuth client with the ID ``my-oauth-client''
in the default project:
$ {command} my-oauth-client --location="global"
request:
collection: iam.projects.locations.oauthClients
arguments:
resource:
help_text: The OAuth client to delete.
spec: !REF googlecloudsdk.command_lib.iam.resources:oauth_client
is_positional: true

32
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/describe.yaml Normal file
View File

@@ -0,0 +1,32 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
release_tracks: [ALPHA, GA]
help_text:
brief: Describe an OAuth client.
description: Describe an OAuth client.
examples: |
The following command describes the OAuth client with the ID ``my-oauth-client''
in the default project:
$ {command} my-oauth-client --location="global"
request:
collection: iam.projects.locations.oauthClients
arguments:
resource:
help_text: The OAuth client you want to describe.
spec: !REF googlecloudsdk.command_lib.iam.resources:oauth_client
is_positional: true

37
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/list.yaml Normal file
View File

@@ -0,0 +1,37 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, GA]
help_text:
brief: List OAuth clients.
description: |
List OAuth clients.
examples: |
The following command lists all OAuth clients in the default project, including the
soft-deleted ones:
$ {command} --location="global" --show-deleted
request:
collection: iam.projects.locations.oauthClients
arguments:
resource:
help_text: The location you want to list OAuth clients for.
spec: !REF googlecloudsdk.command_lib.iam.resources:location
params:
- api_field: showDeleted
arg_name: show-deleted
help_text: Whether to return soft-deleted OAuth clients.

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/undelete.yaml Normal file
View File

@@ -0,0 +1,34 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, GA]
help_text:
brief: Undelete an OAuth client.
description: |
Undelete an OAuth client.
examples: |
The following command undeletes the OAuth client with the ID ``my-oauth-client''
in the default project:
$ {command} my-oauth-client --location="global"
request:
collection: iam.projects.locations.oauthClients
method: undelete
arguments:
resource:
help_text: The OAuth client to undelete.
spec: !REF googlecloudsdk.command_lib.iam.resources:oauth_client
is_positional: true

49
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/oauth_clients/update.yaml Normal file
View File

@@ -0,0 +1,49 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, GA]
help_text:
brief: Update an OAuth client.
description: |
Update an OAuth Client.
examples: |
The following command updates the OAuth client with ID ``my-oauth-client''
in the default project:
$ {command} my-oauth-client \
--location="global" \
--display-name="My oauth client" \
--description="My oauth client description" \
--disabled \
--allowed-grant-types="authorization-code-grant,refresh-token-grant" \
--allowed-scopes="https://www.googleapis.com/auth/cloud-platform,openid" \
--allowed-redirect-uris="http://localhost/"
request:
collection: iam.projects.locations.oauthClients
method: patch
arguments:
resource:
help_text: The OAuth client to update.
spec: !REF googlecloudsdk.command_lib.iam.resources:oauth_client
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.description
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.display_name
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.disabled
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.allowed_grant_types
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.allowed_scopes
- _REF_: googlecloudsdk.command_lib.iam.flags:oauth_client.allowed_redirect_uris

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policies/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The policies command group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class Policies(base.Group):
"""Manage IAM deny policies.
Commands for managing Google Cloud IAM deny policies.
"""

88
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policies/create.py Normal file
View File

@@ -0,0 +1,88 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to create a policy on the given attachment point."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.iam import policies as apis
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import policies_flags as flags
from googlecloudsdk.core import log
@base.UniverseCompatible
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class Create(base.CreateCommand):
"""Create a policy on the given attachment point with the given name."""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
The following command creates the IAM policy defined at the resource
project ``123'' of kind ``denypolicies'' and id ``my-deny-policy'' from the
file ``policy.json'':
$ {command} my-deny-policy --attachment-point=cloudresourcemanager.googleapis.com/projects/123 --kind=denypolicies --policy-file=policy.json
"""),
}
@staticmethod
def Args(parser):
flags.GetAttachmentPointFlag().AddToParser(parser)
flags.GetKindFlag().AddToParser(parser)
flags.GetPolicyIDFlag().AddToParser(parser)
flags.GetPolicyFileFlag().AddToParser(parser)
def Run(self, args):
release_track = args.calliope_command.ReleaseTrack()
client = apis.GetClientInstance(release_track)
messages = apis.GetMessagesModule(release_track)
kinds = {
'denypolicies': 'denyPolicy',
'principalaccessboundarypolicies': 'principalAccessBoundaryPolicy',
'accessboundarypolicies': 'accessboundaryPolicy',
}
attachment_point = args.attachment_point.replace('/', '%2F')
if release_track == base.ReleaseTrack.ALPHA:
result = client.policies.CreatePolicy(
messages.IamPoliciesCreatePolicyRequest(
parent='policies/{}/{}'.format(attachment_point, args.kind),
policyId=args.policy_id,
googleIamV2alphaPolicy=apis.ParseYamlOrJsonPolicyFile(
args.policy_file, messages.GoogleIamV2alphaPolicy)))
elif release_track == base.ReleaseTrack.BETA:
result = client.policies.CreatePolicy(
messages.IamPoliciesCreatePolicyRequest(
parent='policies/{}/{}'.format(attachment_point, args.kind),
policyId=args.policy_id,
googleIamV2betaPolicy=apis.ParseYamlOrJsonPolicyFile(
args.policy_file, messages.GoogleIamV2betaPolicy)))
else:
# GA
result = client.policies.CreatePolicy(
messages.IamPoliciesCreatePolicyRequest(
parent='policies/{}/{}'.format(attachment_point, args.kind),
policyId=args.policy_id,
googleIamV2Policy=apis.ParseYamlOrJsonPolicyFile(
args.policy_file, messages.GoogleIamV2Policy)))
log.CreatedResource(result.name, kinds[args.kind], is_async=True)
return result

69
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policies/delete.py Normal file
View File

@@ -0,0 +1,69 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to delete a policy on the given attachment point."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.iam import policies as apis
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import policies_flags as flags
from googlecloudsdk.core import log
@base.UniverseCompatible
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class Delete(base.DeleteCommand):
"""Delete a policy on the given attachment point with the given name."""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
The following command deletes the IAM policy defined at the resource
project ``123'' of kind ``denypolicies'' and id ``my-deny-policy'',
with etag ``abc'':
$ {command} my-deny-policy --attachment-point=cloudresourcemanager.googleapis.com/projects/123 --kind=denypolicies --etag=abc
"""),
}
@staticmethod
def Args(parser):
flags.GetAttachmentPointFlag().AddToParser(parser)
flags.GetKindFlag().AddToParser(parser)
flags.GetPolicyIDFlag().AddToParser(parser)
flags.GetEtagFlag().AddToParser(parser)
def Run(self, args):
release_track = args.calliope_command.ReleaseTrack()
client = apis.GetClientInstance(release_track)
messages = apis.GetMessagesModule(release_track)
attachment_point = args.attachment_point.replace('/', '%2F')
kinds = {
'denypolicies': 'denyPolicy',
'principalaccessboundarypolicies': 'principalAccessBoundaryPolicy',
'accessboundarypolicies': 'accessboundaryPolicy',
}
result = client.policies.Delete(
messages.IamPoliciesDeleteRequest(
name='policies/{}/{}/{}'.format(attachment_point, args.kind,
args.policy_id),
etag=args.etag))
log.DeletedResource(result.name, kinds[args.kind], is_async=True)
return result

59
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policies/get.py Normal file
View File

@@ -0,0 +1,59 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to get a policy on the given attachment point."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.iam import policies as apis
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import policies_flags as flags
@base.UniverseCompatible
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class Get(base.DescribeCommand):
"""Get a policy on the given attachment point with the given name."""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
The following command gets the IAM policy defined at the resource
project ``123'' of kind ``denypolicies'' and id ``my-deny-policy'':
$ {command} my-deny-policy --attachment-point=cloudresourcemanager.googleapis.com/projects/123 --kind=denypolicies
"""),
}
@staticmethod
def Args(parser):
flags.GetAttachmentPointFlag().AddToParser(parser)
flags.GetKindFlag().AddToParser(parser)
flags.GetPolicyIDFlag().AddToParser(parser)
def Run(self, args):
client = apis.GetClientInstance(args.calliope_command.ReleaseTrack())
messages = apis.GetMessagesModule(args.calliope_command.ReleaseTrack())
attachment_point = args.attachment_point.replace('/', '%2F')
result = client.policies.Get(
messages.IamPoliciesGetRequest(name='policies/{}/{}/{}'.format(
attachment_point, args.kind, args.policy_id)))
return result

68
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policies/lint_condition.yaml Normal file
View File

@@ -0,0 +1,68 @@
- release_tracks: [ALPHA]
help_text:
brief: Lint an IAM condition.
description: |
Lint an IAM condition. The problems found by linter will not be fixed.
Instead, it will show the problems.
examples: |
To lint an IAM condition of resource `//cloudresourcemanager.googleapis.com/v1/projects/example-project`,
and the condtion to lint is expression='true', title='title', description='description', run:
$ {command} --resource-name='//cloudresourcemanager.googleapis.com/v1/projects/example-project' --expression='true' --title='title' --description='description'
To lint an IAM condition of resource `//cloudresourcemanager.googleapis.com/v1/projects/example-project`,
and the condition is read from a local YAML file `condition.yaml`, run:
$ {command} --resource-name='//cloudresourcemanager.googleapis.com/v1/projects/example-project' --condition-from-file='condition.yaml'
request:
collection: iam.iamPolicies
method: lintPolicy
api_version: v1
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:UpdateRequestWithConditionFromFile
arguments:
params:
- arg_name: resource-name
api_field: fullResourceName
help_text: |
The full resource name of the policy containing the condition to lint.
See https://cloud.google.com/apis/design/resource_names for details.
To get a URI from most list commands in gcloud, pass the --uri flag.
For example:
$ gcloud compute instances list --project prj --uri
https://www.googleapis.com/compute/v1/projects/prj/zones/us-east1-c/instances/i1
https://www.googleapis.com/compute/v1/projects/prj/zones/us-east1-d/instances/i2
- group:
mutex: true
required: true
params:
- arg_name: condition-from-file
type: googlecloudsdk.command_lib.iam.hooks:ParseConditionFromFile
help_text: |
The path to a JSON or YAML file containing the condition.
See https://cloud.google.com/iam/docs/conditions-overview for schema of the condition.
- group:
help_text: |
The condition to lint. It must have an `expression` property and a `title` property.
The `description` property is optional.
params:
- arg_name: expression
api_field: condition.expression
required: true
help_text: |
The expression of the condition which evaluates to True or False. This uses a subset
of Common Expression Language syntax.
- arg_name: title
api_field: condition.title
required: true
help_text: |
A title for the expression, i.e. a short string describing its purpose.
- arg_name: description
api_field: condition.description
help_text: |
A description of the expression. This is a longer text which describes the
expression.

63
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policies/list.py Normal file
View File

@@ -0,0 +1,63 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to list the policies on the given attachment point."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.iam import policies as apis
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import policies_flags as flags
@base.UniverseCompatible
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class List(base.ListCommand):
"""List the policies on the given attachment point."""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
The following command lists the IAM policy defined at the resource
project ``123'' of kind ``denypolicies'':
$ {command} --attachment-point=cloudresourcemanager.googleapis.com/projects/123 --kind=denypolicies
"""),
}
@staticmethod
def Args(parser):
base.URI_FLAG.RemoveFromParser(parser)
flags.GetPageTokenFlag().AddToParser(parser)
flags.GetAttachmentPointFlag().AddToParser(parser)
flags.GetKindFlag().AddToParser(parser)
def Run(self, args):
client = apis.GetClientInstance(args.calliope_command.ReleaseTrack())
messages = apis.GetMessagesModule(args.calliope_command.ReleaseTrack())
attachment_point = args.attachment_point.replace('/', '%2F')
result = client.policies.ListPolicies(
messages.IamPoliciesListPoliciesRequest(
parent='policies/{}/{}'.format(attachment_point, args.kind),
pageSize=args.page_size,
pageToken=args.page_token))
return result

87
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policies/update.py Normal file
View File

@@ -0,0 +1,87 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to update a policy on the given attachment point."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.iam import policies as apis
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import policies_flags as flags
from googlecloudsdk.core import log
@base.UniverseCompatible
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class Update(base.UpdateCommand):
"""Update the policy on the given attachment point with the given name."""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
The following command updates the IAM policy ``my-deny-policy'', which
is attached to the resource project ``123'' and has the etag ``abc'':
$ {command} my-deny-policy --attachment-point=cloudresourcemanager.googleapis.com/projects/123 --kind=denypolicies --policy-file=policy.json --etag=abc
"""),
}
@staticmethod
def Args(parser):
flags.GetAttachmentPointFlag().AddToParser(parser)
flags.GetKindFlag().AddToParser(parser)
flags.GetPolicyIDFlag().AddToParser(parser)
flags.GetPolicyFileFlag().AddToParser(parser)
flags.GetEtagFlag().AddToParser(parser)
def Run(self, args):
release_track = args.calliope_command.ReleaseTrack()
client = apis.GetClientInstance(release_track)
messages = apis.GetMessagesModule(release_track)
attachment_point = args.attachment_point.replace('/', '%2F')
kinds = {
'denypolicies': 'denyPolicy',
'principalaccessboundarypolicies': 'principalAccessBoundaryPolicy',
'accessboundarypolicies': 'accessboundaryPolicy',
}
if release_track == base.ReleaseTrack.ALPHA:
policy = apis.ParseYamlOrJsonPolicyFile(args.policy_file,
messages.GoogleIamV2alphaPolicy)
elif release_track == base.ReleaseTrack.BETA:
policy = apis.ParseYamlOrJsonPolicyFile(args.policy_file,
messages.GoogleIamV2betaPolicy)
else:
# GA
policy = apis.ParseYamlOrJsonPolicyFile(args.policy_file,
messages.GoogleIamV2Policy)
policy.name = 'policies/{}/{}/{}'.format(attachment_point, args.kind,
args.policy_id)
etag = args.etag
if etag is None:
etag = policy.etag
policy.etag = etag
result = client.policies.Update(policy)
log.UpdatedResource(result.name, kinds[args.kind], is_async=True)
return result

40
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/__init__.py Normal file
View File

@@ -0,0 +1,40 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""Manage policy bindings."""
from googlecloudsdk.calliope import base
from surface.iam.policy_bindings import _init_extensions as extensions
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
@base.Autogenerated
@base.Hidden
class PolicyBindingsAlpha(extensions.PolicyBindingsAlpha):
"""Manage PolicyBinding instances."""
@base.ReleaseTracks(base.ReleaseTrack.BETA)
@base.Autogenerated
class PolicyBindingsBeta(extensions.PolicyBindingsBeta):
"""Manage PolicyBinding instances."""
@base.ReleaseTracks(base.ReleaseTrack.GA)
@base.Autogenerated
class PolicyBindingsGa(extensions.PolicyBindingsGa):
"""Manage policy bindings."""

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_init_extensions.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""File to add optional custom code to extend __init__.py."""
from googlecloudsdk.calliope import base
class PolicyBindingsAlpha(base.Group):
"""Optional no-auto-generated code for ALPHA."""
class PolicyBindingsBeta(base.Group):
"""Optional no-auto-generated code for BETA."""
class PolicyBindingsGa(base.Group):
"""Optional no-auto-generated code for GA."""

231
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_create_alpha.yaml Normal file
View File

@@ -0,0 +1,231 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Create PolicyBinding instance.
description: |
Create PolicyBinding instance.
examples: |-
To create a policy binding instance called `my-binding` that references a principal
access boundary policy run:
$ {command} my-binding --organization=123 --location=global \
--policy=organizations/123/locations/global/principalAccessBoundaryPolicies/my-policy \
--target-principal-set=//cloudresourcemanager.googleapis.com/organizations/123
arguments:
params:
- help_text: |-
Identifier. The name of the policy binding, in the format
`{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`.
The binding parent is the closest Resource Manager resource (project,
folder, or organization) to the binding target.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
request_id_field: policyBindingId
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
- arg_name: etag
api_field: googleIamV3alphaPolicyBinding.etag
required: false
repeated: false
help_text: |-
The etag for the policy binding.
If this is provided on update, it must match the server's etag.
- arg_name: display-name
api_field: googleIamV3alphaPolicyBinding.displayName
required: false
repeated: false
help_text: |-
The description of the policy binding. Must be less than or equal to 63
characters.
- arg_name: annotations
api_field: googleIamV3alphaPolicyBinding.annotations
required: false
repeated: true
help_text: |-
User-defined annotations. See https://google.aip.dev/148#annotations for
more details such as format and size limitations
spec:
- api_field: key
- api_field: value
- group:
api_field: googleIamV3alphaPolicyBinding.target
required: true
help_text: |-
The full resource name of the resource to which the policy will
be bound. Immutable once set.
params:
- group:
mutex: true
help_text: |-
Arguments for the target.
params:
- arg_name: target-principal-set
api_field: googleIamV3alphaPolicyBinding.target.principalSet
required: false
repeated: false
help_text: |-
The full resource name that's used for principal access boundary policy
bindings. The principal set must be directly parented by the policy
binding's parent or same as the parent if the target is a project,
folder, or organization.
Examples:
* For bindings parented by an organization:
* Organization:
`//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
* Workforce Identity:
`//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
* Workspace Identity:
`//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
* For bindings parented by a folder:
* Folder:
`//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
* For bindings parented by a project:
* Project:
* `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
* `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
* Workload Identity Pool:
`//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
- arg_name: target-resource
api_field: googleIamV3alphaPolicyBinding.target.resource
required: false
repeated: false
help_text: |-
The full resource name that's used for access policy bindings.
Examples:
* Organization:
`//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
* Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
* Project:
* `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
* `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
- arg_name: policy-kind
api_field: googleIamV3alphaPolicyBinding.policyKind
required: false
help_text: |-
The kind of the policy to attach in this binding. This field must be one of
the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind
choices:
- arg_value: principal-access-boundary
enum_value: PRINCIPAL_ACCESS_BOUNDARY
help_text: |-
Principal access boundary policy kind
- arg_value: access
enum_value: ACCESS
help_text: |-
Access policy kind.
- arg_name: policy
api_field: googleIamV3alphaPolicyBinding.policy
required: true
repeated: false
help_text: |-
The resource name of the policy to be bound. The binding parent and policy
must belong to the same organization.
- group:
api_field: googleIamV3alphaPolicyBinding.condition
required: false
help_text: |-
Represents a textual expression in the Common Expression Language (CEL)
syntax. CEL is a C-like expression language. The syntax and semantics of CEL
are documented at https://github.com/google/cel-spec.
Example (Comparison):
title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"
Example (Equality):
title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner == request.auth.claims.email"
Example (Logic):
title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"
Example (Data Manipulation):
title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)"
The exact variables and functions that may be referenced within an expression
are determined by the service that evaluates it. See the service
documentation for additional information.
params:
- arg_name: condition-expression
api_field: googleIamV3alphaPolicyBinding.condition.expression
required: false
repeated: false
help_text: |-
Textual representation of an expression in Common Expression Language
syntax.
- arg_name: condition-title
api_field: googleIamV3alphaPolicyBinding.condition.title
required: false
repeated: false
help_text: |-
Title for the expression, i.e. a short string describing
its purpose. This can be used e.g. in UIs which allow to enter the
expression.
- arg_name: condition-description
api_field: googleIamV3alphaPolicyBinding.condition.description
required: false
repeated: false
help_text: |-
Description of the expression. This is a longer text which
describes the expression, e.g. when hovered over it in a UI.
- arg_name: condition-location
api_field: googleIamV3alphaPolicyBinding.condition.location
required: false
repeated: false
help_text: |-
String indicating the location of the expression for error
reporting, e.g. a file name and a position in the file.
request:
api_version: v3alpha
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations

230
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_create_beta.yaml Normal file
View File

@@ -0,0 +1,230 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: Create PolicyBinding instance.
description: |
Create PolicyBinding instance.
examples: |-
To create a policy binding instance called `my-binding` that references a principal
access boundary policy run:
$ {command} my-binding --organization=123 --location=global \
--policy=organizations/123/locations/global/principalAccessBoundaryPolicies/my-policy \
--target-principal-set=//cloudresourcemanager.googleapis.com/organizations/123
arguments:
params:
- help_text: |-
Identifier. The name of the policy binding, in the format
`{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`.
The binding parent is the closest Resource Manager resource (project,
folder, or organization) to the binding target.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
request_id_field: policyBindingId
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
- arg_name: etag
api_field: googleIamV3betaPolicyBinding.etag
required: false
repeated: false
help_text: |-
The etag for the policy binding.
If this is provided on update, it must match the server's etag.
- arg_name: display-name
api_field: googleIamV3betaPolicyBinding.displayName
required: false
repeated: false
help_text: |-
The description of the policy binding. Must be less than or equal to 63
characters.
- arg_name: annotations
api_field: googleIamV3betaPolicyBinding.annotations
required: false
repeated: true
help_text: |-
User-defined annotations. See https://google.aip.dev/148#annotations for
more details such as format and size limitations
spec:
- api_field: key
- api_field: value
- group:
api_field: googleIamV3betaPolicyBinding.target
required: true
help_text: |-
The full resource name of the resource to which the policy will
be bound. Immutable once set.
params:
- group:
mutex: true
help_text: |-
Arguments for the target.
params:
- arg_name: target-principal-set
api_field: googleIamV3betaPolicyBinding.target.principalSet
required: false
repeated: false
help_text: |-
The full resource name that's used for principal access boundary policy
bindings. The principal set must be directly parented by the policy
binding's parent or same as the parent if the target is a project,
folder, or organization.
Examples:
* For bindings parented by an organization:
* Organization:
`//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
* Workforce Identity:
`//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
* Workspace Identity:
`//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
* For bindings parented by a folder:
* Folder:
`//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
* For bindings parented by a project:
* Project:
* `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
* `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
* Workload Identity Pool:
`//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
- arg_name: target-resource
api_field: googleIamV3betaPolicyBinding.target.resource
required: false
repeated: false
help_text: |-
The full resource name that's used for access policy bindings.
Examples:
* Organization:
`//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
* Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
* Project:
* `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
* `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
- arg_name: policy-kind
api_field: googleIamV3betaPolicyBinding.policyKind
required: false
help_text: |-
The kind of the policy to attach in this binding. This field must be one of
the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind
choices:
- arg_value: principal-access-boundary
enum_value: PRINCIPAL_ACCESS_BOUNDARY
help_text: |-
Principal access boundary policy kind
- arg_value: access
enum_value: ACCESS
help_text: |-
Access policy kind.
- arg_name: policy
api_field: googleIamV3betaPolicyBinding.policy
required: true
repeated: false
help_text: |-
The resource name of the policy to be bound. The binding parent and policy
must belong to the same organization.
- group:
api_field: googleIamV3betaPolicyBinding.condition
required: false
help_text: |-
Represents a textual expression in the Common Expression Language (CEL)
syntax. CEL is a C-like expression language. The syntax and semantics of CEL
are documented at https://github.com/google/cel-spec.
Example (Comparison):
title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"
Example (Equality):
title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner == request.auth.claims.email"
Example (Logic):
title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"
Example (Data Manipulation):
title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)"
The exact variables and functions that may be referenced within an expression
are determined by the service that evaluates it. See the service
documentation for additional information.
params:
- arg_name: condition-expression
api_field: googleIamV3betaPolicyBinding.condition.expression
required: false
repeated: false
help_text: |-
Textual representation of an expression in Common Expression Language
syntax.
- arg_name: condition-title
api_field: googleIamV3betaPolicyBinding.condition.title
required: false
repeated: false
help_text: |-
Title for the expression, i.e. a short string describing
its purpose. This can be used e.g. in UIs which allow to enter the
expression.
- arg_name: condition-description
api_field: googleIamV3betaPolicyBinding.condition.description
required: false
repeated: false
help_text: |-
Description of the expression. This is a longer text which
describes the expression, e.g. when hovered over it in a UI.
- arg_name: condition-location
api_field: googleIamV3betaPolicyBinding.condition.location
required: false
repeated: false
help_text: |-
String indicating the location of the expression for error
reporting, e.g. a file name and a position in the file.
request:
api_version: v3beta
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations

211
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_create_ga.yaml Normal file
View File

@@ -0,0 +1,211 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- GA
auto_generated: true
help_text:
brief: Create PolicyBinding instance.
description: |
Create PolicyBinding instance.
examples: |-
To create a policy binding instance called `my-binding` that references a principal
access boundary policy run:
$ {command} my-binding --organization=123 --location=global \
--policy=organizations/123/locations/global/principalAccessBoundaryPolicies/my-policy \
--target-principal-set=//cloudresourcemanager.googleapis.com/organizations/123
arguments:
params:
- help_text: |-
Identifier. The name of the policy binding, in the format
`{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`.
The binding parent is the closest Resource Manager resource (project,
folder, or organization) to the binding target.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
request_id_field: policyBindingId
resource_spec: !REF googlecloudsdk.command_lib.iam.v3_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
- arg_name: etag
api_field: googleIamV3PolicyBinding.etag
required: false
repeated: false
help_text: |-
The etag for the policy binding.
If this is provided on update, it must match the server's etag.
- arg_name: display-name
api_field: googleIamV3PolicyBinding.displayName
required: false
repeated: false
help_text: |-
The description of the policy binding. Must be less than or equal to 63
characters.
- arg_name: annotations
api_field: googleIamV3PolicyBinding.annotations
required: false
repeated: true
help_text: |-
User-defined annotations. See https://google.aip.dev/148#annotations for
more details such as format and size limitations
spec:
- api_field: key
- api_field: value
- group:
api_field: googleIamV3PolicyBinding.target
required: true
help_text: |-
The full resource name of the resource to which the policy will
be bound. Immutable once set.
params:
- group:
mutex: true
help_text: |-
Arguments for the target.
params:
- arg_name: target-principal-set
api_field: googleIamV3PolicyBinding.target.principalSet
required: false
repeated: false
help_text: |-
The full resource name that's used for principal access boundary policy
bindings. The principal set must be directly parented by the policy
binding's parent or same as the parent if the target is a project,
folder, or organization.
Examples:
* For bindings parented by an organization:
* Organization:
`//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
* Workforce Identity:
`//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
* Workspace Identity:
`//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
* For bindings parented by a folder:
* Folder:
`//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
* For bindings parented by a project:
* Project:
* `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
* `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
* Workload Identity Pool:
`//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
- arg_name: policy-kind
api_field: googleIamV3PolicyBinding.policyKind
required: false
help_text: |-
The kind of the policy to attach in this binding. This field must be one of
the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind
choices:
- arg_value: principal-access-boundary
enum_value: PRINCIPAL_ACCESS_BOUNDARY
help_text: |-
Principal access boundary policy kind
- arg_name: policy
api_field: googleIamV3PolicyBinding.policy
required: true
repeated: false
help_text: |-
The resource name of the policy to be bound. The binding parent and policy
must belong to the same organization.
- group:
api_field: googleIamV3PolicyBinding.condition
required: false
help_text: |-
Represents a textual expression in the Common Expression Language (CEL)
syntax. CEL is a C-like expression language. The syntax and semantics of CEL
are documented at https://github.com/google/cel-spec.
Example (Comparison):
title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"
Example (Equality):
title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner == request.auth.claims.email"
Example (Logic):
title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"
Example (Data Manipulation):
title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)"
The exact variables and functions that may be referenced within an expression
are determined by the service that evaluates it. See the service
documentation for additional information.
params:
- arg_name: condition-expression
api_field: googleIamV3PolicyBinding.condition.expression
required: false
repeated: false
help_text: |-
Textual representation of an expression in Common Expression Language
syntax.
- arg_name: condition-title
api_field: googleIamV3PolicyBinding.condition.title
required: false
repeated: false
help_text: |-
Title for the expression, i.e. a short string describing
its purpose. This can be used e.g. in UIs which allow to enter the
expression.
- arg_name: condition-description
api_field: googleIamV3PolicyBinding.condition.description
required: false
repeated: false
help_text: |-
Description of the expression. This is a longer text which
describes the expression, e.g. when hovered over it in a UI.
- arg_name: condition-location
api_field: googleIamV3PolicyBinding.condition.location
required: false
repeated: false
help_text: |-
String indicating the location of the expression for error
reporting, e.g. a file name and a position in the file.
request:
api_version: v3
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations

62
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_delete_alpha.yaml Normal file
View File

@@ -0,0 +1,62 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Delete PolicyBinding instance.
description: |
Delete PolicyBinding instance.
examples: |-
To delete `my-binding` instance in organization `123` run:
$ {command} my-binding --organization=123 --location=global
arguments:
params:
- help_text: |-
The name of the policy binding to delete.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
- arg_name: etag
api_field: etag
required: false
repeated: false
help_text: |-
The etag of the policy binding.
If this is provided, it must match the server's etag.
request:
api_version: v3alpha
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations

61
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_delete_beta.yaml Normal file
View File

@@ -0,0 +1,61 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: Delete PolicyBinding instance.
description: |
Delete PolicyBinding instance.
examples: |-
To delete `my-binding` instance in organization `123` run:
$ {command} my-binding --organization=123 --location=global
arguments:
params:
- help_text: |-
The name of the policy binding to delete.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
- arg_name: etag
api_field: etag
required: false
repeated: false
help_text: |-
The etag of the policy binding.
If this is provided, it must match the server's etag.
request:
api_version: v3beta
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations

61
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_delete_ga.yaml Normal file
View File

@@ -0,0 +1,61 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- GA
auto_generated: true
help_text:
brief: Delete PolicyBinding instance.
description: |
Delete PolicyBinding instance.
examples: |-
To delete `my-binding` instance in organization `123` run:
$ {command} my-binding --organization=123 --location=global
arguments:
params:
- help_text: |-
The name of the policy binding to delete.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
- arg_name: etag
api_field: etag
required: false
repeated: false
help_text: |-
The etag of the policy binding.
If this is provided, it must match the server's etag.
request:
api_version: v3
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations

50
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_describe_alpha.yaml Normal file
View File

@@ -0,0 +1,50 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Get PolicyBinding instance.
description: |
Get PolicyBinding instance.
examples: |-
To get the details of a single policy binding `my-binding` in organization `123` run:
$ {command} my-binding --organization=123 --location=global
arguments:
params:
- help_text: |-
The name of the policy binding to retrieve.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
request:
api_version: v3alpha
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings

49
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_describe_beta.yaml Normal file
View File

@@ -0,0 +1,49 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: Get PolicyBinding instance.
description: |
Get PolicyBinding instance.
examples: |-
To get the details of a single policy binding `my-binding` in organization `123` run:
$ {command} my-binding --organization=123 --location=global
arguments:
params:
- help_text: |-
The name of the policy binding to retrieve.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
request:
api_version: v3beta
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings

49
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_describe_ga.yaml Normal file
View File

@@ -0,0 +1,49 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- GA
auto_generated: true
help_text:
brief: Get PolicyBinding instance.
description: |
Get PolicyBinding instance.
examples: |-
To get the details of a single policy binding `my-binding` in organization `123` run:
$ {command} my-binding --organization=123 --location=global
arguments:
params:
- help_text: |-
The name of the policy binding to retrieve.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
request:
api_version: v3
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings

66
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_list_alpha.yaml Normal file
View File

@@ -0,0 +1,66 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: List PolicyBinding instances.
description: |
List PolicyBinding instances.
examples: |-
To list all policy binding instances in project `my-project` run:
$ {command} --project=my-project --location=global
arguments:
params:
- help_text: |-
The parent resource, which owns the collection of policy bindings.
Format:
* `projects/{project_id}/locations/{location}`
* `projects/{project_number}/locations/{location}`
* `folders/{folder_id}/locations/{location}`
* `organizations/{organization_id}/locations/{location}`
is_positional: false
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations
required: true
request:
api_version: v3alpha
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
response:
id_field: name
output:
format: |-
table(name,
uid,
etag,
displayName,
annotations,
target.principalSet:label=principalSet,
policyKind,
policy,
policy_uid,
condition,
createTime,
updateTime)

65
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_list_beta.yaml Normal file
View File

@@ -0,0 +1,65 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: List PolicyBinding instances.
description: |
List PolicyBinding instances.
examples: |-
To list all policy binding instances in project `my-project` run:
$ {command} --project=my-project --location=global
arguments:
params:
- help_text: |-
The parent resource, which owns the collection of policy bindings.
Format:
* `projects/{project_id}/locations/{location}`
* `projects/{project_number}/locations/{location}`
* `folders/{folder_id}/locations/{location}`
* `organizations/{organization_id}/locations/{location}`
is_positional: false
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations
required: true
request:
api_version: v3beta
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
response:
id_field: name
output:
format: |-
table(name,
uid,
etag,
displayName,
annotations,
target.principalSet:label=principalSet,
policyKind,
policy,
policy_uid,
condition,
createTime,
updateTime)

65
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_list_ga.yaml Normal file
View File

@@ -0,0 +1,65 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- GA
auto_generated: true
help_text:
brief: List PolicyBinding instances.
description: |
List PolicyBinding instances.
examples: |-
To list all policy binding instances in project `my-project` run:
$ {command} --project=my-project --location=global
arguments:
params:
- help_text: |-
The parent resource, which owns the collection of policy bindings.
Format:
* `projects/{project_id}/locations/{location}`
* `projects/{project_number}/locations/{location}`
* `folders/{folder_id}/locations/{location}`
* `organizations/{organization_id}/locations/{location}`
is_positional: false
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3_resources:folders_or_organizations_or_projects_locations
required: true
request:
api_version: v3
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
response:
id_field: name
output:
format: |-
table(name,
uid,
etag,
displayName,
annotations,
target.principalSet:label=principalSet,
policyKind,
policy,
policy_uid,
condition,
createTime,
updateTime)

70
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_search_target_policy_bindings_alpha.yaml Normal file
View File

@@ -0,0 +1,70 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Search policy bindings by target.
description: |
Search policy bindings by target.
examples: |-
To search for policy bindings with target, run:
$ {command} --organization=123 --location=global --target=//cloudresourcemanager.googleapis.com/organizations/123
arguments:
params:
- arg_name: target
api_field: target
required: true
repeated: false
help_text: |-
The target resource, which is bound to the policy in the binding.
Format:
* `//iam.googleapis.com/locations/global/workforcePools/POOL_ID`
* `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID`
* `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
* `//cloudresourcemanager.googleapis.com/projects/{project_number}`
* `//cloudresourcemanager.googleapis.com/folders/{folder_id}`
* `//cloudresourcemanager.googleapis.com/organizations/{organization_id}`
- help_text: |-
The parent resource where this search will be performed. This should be the
nearest Resource Manager resource (project, folder, or organization) to the
target.
Format:
* `projects/{project_id}/locations/{location}`
* `projects/{project_number}/locations/{location}`
* `folders/{folder_id}/locations/{location}`
* `organizations/{organization_id}/locations/{location}`
is_positional: false
is_parent_resource: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations
required: true
request:
api_version: v3alpha
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
method: searchTargetPolicyBindings
command_type: GENERIC

69
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_search_target_policy_bindings_beta.yaml Normal file
View File

@@ -0,0 +1,69 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: Search policy bindings by target.
description: |
Search policy bindings by target.
examples: |-
To search for policy bindings with target, run:
$ {command} --organization=123 --location=global --target=//cloudresourcemanager.googleapis.com/organizations/123
arguments:
params:
- arg_name: target
api_field: target
required: true
repeated: false
help_text: |-
The target resource, which is bound to the policy in the binding.
Format:
* `//iam.googleapis.com/locations/global/workforcePools/POOL_ID`
* `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID`
* `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
* `//cloudresourcemanager.googleapis.com/projects/{project_number}`
* `//cloudresourcemanager.googleapis.com/folders/{folder_id}`
* `//cloudresourcemanager.googleapis.com/organizations/{organization_id}`
- help_text: |-
The parent resource where this search will be performed. This should be the
nearest Resource Manager resource (project, folder, or organization) to the
target.
Format:
* `projects/{project_id}/locations/{location}`
* `projects/{project_number}/locations/{location}`
* `folders/{folder_id}/locations/{location}`
* `organizations/{organization_id}/locations/{location}`
is_positional: false
is_parent_resource: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations
required: true
request:
api_version: v3beta
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
method: searchTargetPolicyBindings
command_type: GENERIC

69
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_search_target_policy_bindings_ga.yaml Normal file
View File

@@ -0,0 +1,69 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- GA
auto_generated: true
help_text:
brief: Search policy bindings by target.
description: |
Search policy bindings by target.
examples: |-
To search for policy bindings with target, run:
$ {command} --organization=123 --location=global --target=//cloudresourcemanager.googleapis.com/organizations/123
arguments:
params:
- arg_name: target
api_field: target
required: true
repeated: false
help_text: |-
The target resource, which is bound to the policy in the binding.
Format:
* `//iam.googleapis.com/locations/global/workforcePools/POOL_ID`
* `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID`
* `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
* `//cloudresourcemanager.googleapis.com/projects/{project_number}`
* `//cloudresourcemanager.googleapis.com/folders/{folder_id}`
* `//cloudresourcemanager.googleapis.com/organizations/{organization_id}`
- help_text: |-
The parent resource where this search will be performed. This should be the
nearest Resource Manager resource (project, folder, or organization) to the
target.
Format:
* `projects/{project_id}/locations/{location}`
* `projects/{project_number}/locations/{location}`
* `folders/{folder_id}/locations/{location}`
* `organizations/{organization_id}/locations/{location}`
is_positional: false
is_parent_resource: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3_resources:folders_or_organizations_or_projects_locations
required: true
request:
api_version: v3
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
method: searchTargetPolicyBindings
command_type: GENERIC

152
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_update_alpha.yaml Normal file
View File

@@ -0,0 +1,152 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Update PolicyBinding instance.
description: |
Update PolicyBinding instance.
examples: |-
To update display name of `my-binding` in organization `123` run:
$ {command} my-binding --organization=123 --location=global --display-name=new-display-name
arguments:
params:
- help_text: |-
Identifier. The name of the policy binding, in the format
`{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`.
The binding parent is the closest Resource Manager resource (project,
folder, or organization) to the binding target.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
- arg_name: etag
api_field: googleIamV3alphaPolicyBinding.etag
required: false
repeated: false
help_text: |-
The etag for the policy binding.
If this is provided on update, it must match the server's etag.
- arg_name: display-name
api_field: googleIamV3alphaPolicyBinding.displayName
required: false
repeated: false
help_text: |-
The description of the policy binding. Must be less than or equal to 63
characters.
- arg_name: annotations
api_field: googleIamV3alphaPolicyBinding.annotations
required: false
repeated: true
help_text: |-
User-defined annotations. See https://google.aip.dev/148#annotations for
more details such as format and size limitations
clearable: true
spec:
- api_field: key
- api_field: value
- group:
api_field: googleIamV3alphaPolicyBinding.condition
arg_name: condition
clearable: true
required: false
help_text: |-
Represents a textual expression in the Common Expression Language (CEL)
syntax. CEL is a C-like expression language. The syntax and semantics of CEL
are documented at https://github.com/google/cel-spec.
Example (Comparison):
title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"
Example (Equality):
title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner == request.auth.claims.email"
Example (Logic):
title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"
Example (Data Manipulation):
title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)"
The exact variables and functions that may be referenced within an expression
are determined by the service that evaluates it. See the service
documentation for additional information.
params:
- arg_name: condition-expression
api_field: googleIamV3alphaPolicyBinding.condition.expression
required: false
repeated: false
help_text: |-
Textual representation of an expression in Common Expression Language
syntax.
- arg_name: condition-title
api_field: googleIamV3alphaPolicyBinding.condition.title
required: false
repeated: false
help_text: |-
Title for the expression, i.e. a short string describing
its purpose. This can be used e.g. in UIs which allow to enter the
expression.
- arg_name: condition-description
api_field: googleIamV3alphaPolicyBinding.condition.description
required: false
repeated: false
help_text: |-
Description of the expression. This is a longer text which
describes the expression, e.g. when hovered over it in a UI.
- arg_name: condition-location
api_field: googleIamV3alphaPolicyBinding.condition.location
required: false
repeated: false
help_text: |-
String indicating the location of the expression for error
reporting, e.g. a file name and a position in the file.
request:
api_version: v3alpha
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations
update:
read_modify_update: true

151
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_update_beta.yaml Normal file
View File

@@ -0,0 +1,151 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- BETA
auto_generated: true
help_text:
brief: Update PolicyBinding instance.
description: |
Update PolicyBinding instance.
examples: |-
To update display name of `my-binding` in organization `123` run:
$ {command} my-binding --organization=123 --location=global --display-name=new-display-name
arguments:
params:
- help_text: |-
Identifier. The name of the policy binding, in the format
`{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`.
The binding parent is the closest Resource Manager resource (project,
folder, or organization) to the binding target.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3beta_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
- arg_name: etag
api_field: googleIamV3betaPolicyBinding.etag
required: false
repeated: false
help_text: |-
The etag for the policy binding.
If this is provided on update, it must match the server's etag.
- arg_name: display-name
api_field: googleIamV3betaPolicyBinding.displayName
required: false
repeated: false
help_text: |-
The description of the policy binding. Must be less than or equal to 63
characters.
- arg_name: annotations
api_field: googleIamV3betaPolicyBinding.annotations
required: false
repeated: true
help_text: |-
User-defined annotations. See https://google.aip.dev/148#annotations for
more details such as format and size limitations
clearable: true
spec:
- api_field: key
- api_field: value
- group:
api_field: googleIamV3betaPolicyBinding.condition
arg_name: condition
clearable: true
required: false
help_text: |-
Represents a textual expression in the Common Expression Language (CEL)
syntax. CEL is a C-like expression language. The syntax and semantics of CEL
are documented at https://github.com/google/cel-spec.
Example (Comparison):
title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"
Example (Equality):
title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner == request.auth.claims.email"
Example (Logic):
title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"
Example (Data Manipulation):
title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)"
The exact variables and functions that may be referenced within an expression
are determined by the service that evaluates it. See the service
documentation for additional information.
params:
- arg_name: condition-expression
api_field: googleIamV3betaPolicyBinding.condition.expression
required: false
repeated: false
help_text: |-
Textual representation of an expression in Common Expression Language
syntax.
- arg_name: condition-title
api_field: googleIamV3betaPolicyBinding.condition.title
required: false
repeated: false
help_text: |-
Title for the expression, i.e. a short string describing
its purpose. This can be used e.g. in UIs which allow to enter the
expression.
- arg_name: condition-description
api_field: googleIamV3betaPolicyBinding.condition.description
required: false
repeated: false
help_text: |-
Description of the expression. This is a longer text which
describes the expression, e.g. when hovered over it in a UI.
- arg_name: condition-location
api_field: googleIamV3betaPolicyBinding.condition.location
required: false
repeated: false
help_text: |-
String indicating the location of the expression for error
reporting, e.g. a file name and a position in the file.
request:
api_version: v3beta
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations
update:
read_modify_update: true

151
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/_partials/_update_ga.yaml Normal file
View File

@@ -0,0 +1,151 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- GA
auto_generated: true
help_text:
brief: Update PolicyBinding instance.
description: |
Update PolicyBinding instance.
examples: |-
To update display name of `my-binding` in organization `123` run:
$ {command} my-binding --organization=123 --location=global --display-name=new-display-name
arguments:
params:
- help_text: |-
Identifier. The name of the policy binding, in the format
`{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`.
The binding parent is the closest Resource Manager resource (project,
folder, or organization) to the binding target.
Format:
* `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
* `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
* `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3_resources:folders_or_organizations_or_projects_locations_policy_bindings
required: true
- arg_name: etag
api_field: googleIamV3PolicyBinding.etag
required: false
repeated: false
help_text: |-
The etag for the policy binding.
If this is provided on update, it must match the server's etag.
- arg_name: display-name
api_field: googleIamV3PolicyBinding.displayName
required: false
repeated: false
help_text: |-
The description of the policy binding. Must be less than or equal to 63
characters.
- arg_name: annotations
api_field: googleIamV3PolicyBinding.annotations
required: false
repeated: true
help_text: |-
User-defined annotations. See https://google.aip.dev/148#annotations for
more details such as format and size limitations
clearable: true
spec:
- api_field: key
- api_field: value
- group:
api_field: googleIamV3PolicyBinding.condition
arg_name: condition
clearable: true
required: false
help_text: |-
Represents a textual expression in the Common Expression Language (CEL)
syntax. CEL is a C-like expression language. The syntax and semantics of CEL
are documented at https://github.com/google/cel-spec.
Example (Comparison):
title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"
Example (Equality):
title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner == request.auth.claims.email"
Example (Logic):
title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"
Example (Data Manipulation):
title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)"
The exact variables and functions that may be referenced within an expression
are determined by the service that evaluates it. See the service
documentation for additional information.
params:
- arg_name: condition-expression
api_field: googleIamV3PolicyBinding.condition.expression
required: false
repeated: false
help_text: |-
Textual representation of an expression in Common Expression Language
syntax.
- arg_name: condition-title
api_field: googleIamV3PolicyBinding.condition.title
required: false
repeated: false
help_text: |-
Title for the expression, i.e. a short string describing
its purpose. This can be used e.g. in UIs which allow to enter the
expression.
- arg_name: condition-description
api_field: googleIamV3PolicyBinding.condition.description
required: false
repeated: false
help_text: |-
Description of the expression. This is a longer text which
describes the expression, e.g. when hovered over it in a UI.
- arg_name: condition-location
api_field: googleIamV3PolicyBinding.condition.location
required: false
repeated: false
help_text: |-
String indicating the location of the expression for error
reporting, e.g. a file name and a position in the file.
request:
api_version: v3
collection:
- iam.folders.locations.policyBindings
- iam.organizations.locations.policyBindings
- iam.projects.locations.policyBindings
async:
collection:
- iam.folders.locations.operations
- iam.organizations.locations.operations
- iam.projects.locations.operations
update:
read_modify_update: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/create.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/delete.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/describe.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/list.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/search_target_policy_bindings.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_bindings/update.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

28
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/__init__.py Normal file
View File

@@ -0,0 +1,28 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""Manage Policy Porter resources."""
from googlecloudsdk.calliope import base
from surface.iam.policy_porters import _init_extensions as extensions
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
@base.Autogenerated
@base.Hidden
class PolicyPortersAlpha(extensions.PolicyPortersAlpha):
"""Manage Policy Porter resources."""

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/_init_extensions.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""File to add optional custom code to extend __init__.py."""
from googlecloudsdk.calliope import base
class PolicyPortersAlpha(base.Group):
"""Optional no-auto-generated code for ALPHA."""
class PolicyPortersBeta(base.Group):
"""Optional no-auto-generated code for BETA."""
class PolicyPortersGa(base.Group):
"""Optional no-auto-generated code for GA."""

187
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/_partials/_create_alpha.yaml Normal file
View File

@@ -0,0 +1,187 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Creates a PolicyPorter resource.
description: |
Creates a PolicyPorter resource, which is used to translate AWS IAM policies to GCP V1
policies.
examples: |-
To create a PolicyPorter resource, run:
$ {command} my-policy-porter --location=global --project=my-project \
--display-name=my-policy-porter \
--aws-mappings-resource-mapping='{"my_aws_resource": "my_gcp_resource"}}' \
--aws-mappings-principal-mapping='{"my_aws_identity": "my_gcp_identity"}}' \
--inline-policy-json-file='my-file-name' \
--inline-policy-json-content='{...}' \
arguments:
params:
- help_text: |-
Identifier. Name of resource.
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}.
is_positional: true
is_primary_resource: true
request_id_field: policyPorterId
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters
required: true
- arg_name: labels
api_field: googleIamV3alphaPolicyPorter.labels
required: false
repeated: true
help_text: |-
Resource labels as key value pairs, used for List API filtering.
spec:
- api_field: key
- api_field: value
- arg_name: display-name
api_field: googleIamV3alphaPolicyPorter.displayName
required: true
repeated: false
help_text: |-
An arbitrary user-provided name for policy porter.
The display name should adhere to the following format:
* Must be 6 to 63 characters in length.
* Can only contain lowercase letters, numbers, and hyphens.
* Must start with a letter.
- arg_name: description
api_field: googleIamV3alphaPolicyPorter.description
required: false
repeated: false
help_text: |-
Description about translation.
- group:
api_field: googleIamV3alphaPolicyPorter.policyConfig
required: false
help_text: |-
Represents config for PolicyPorter such as policies, mappings, etc. required
by PolicyPorter.
params:
- group:
mutex: true
help_text: |-
Arguments for the policy json.
params:
- group:
api_field: googleIamV3alphaPolicyPorter.policyConfig.inlinePolicyJson
required: false
help_text: |-
Inline representation of policy json that is being translated.
params:
- arg_name: inline-policy-json-file-name
api_field: googleIamV3alphaPolicyPorter.policyConfig.inlinePolicyJson.fileName
required: true
repeated: false
help_text: |-
Name of file from which policy json got imported. This helps user to
recognize the source of policies.
- group:
mutex: true
required: true
params:
- arg_name: inline-policy-json-content-from-file
api_field: googleIamV3alphaPolicyPorter.policyConfig.inlinePolicyJson.content
json_name: contentFromFile
required: false
repeated: false
type: file_type
help_text: |-
Content of the file containing policies in json format.
- arg_name: inline-policy-json-content
api_field: googleIamV3alphaPolicyPorter.policyConfig.inlinePolicyJson.content
required: false
repeated: false
type: bytes
help_text: |-
Content of the file containing policies in json format.
- group:
mutex: true
help_text: |-
Arguments for the mappings.
params:
- group:
api_field: googleIamV3alphaPolicyPorter.policyConfig.awsMappings
required: false
help_text: |-
Resource and principal mappings required for translating policies.
params:
- arg_name: aws-mappings-resource-mapping
api_field: googleIamV3alphaPolicyPorter.policyConfig.awsMappings.resourceMapping
required: false
repeated: true
help_text: |-
User provided resource mapping for keys in `resource_keys` field.
Keys format: [IAM JSON policy elements:
Resource](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html).
Values format: See [Resource
names](https://cloud.google.com/apis/design/resource_names).
spec:
- api_field: key
- api_field: value
- arg_name: aws-mappings-principal-mapping
api_field: googleIamV3alphaPolicyPorter.policyConfig.awsMappings.principalMapping
required: false
repeated: true
help_text: |-
User provided principal mapping for keys in `principal_keys` field.
Keys format: [AWS JSON policy elements:
Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html).
Values format: See [Members field in
bindings](https://cloud.google.com/iam/docs/reference/rest/v1/Policy#binding).
spec:
- api_field: key
- api_field: value
- arg_name: policy-config-source-cloud
api_field: googleIamV3alphaPolicyPorter.policyConfig.sourceCloud
required: false
help_text: |-
Type of source cloud from which policies are being translated.
choices:
- arg_value: aws
enum_value: AWS
help_text: |-
Represents AWS cloud.
- arg_name: request-id
api_field: requestId
required: false
repeated: false
help_text: |-
An optional request ID to identify requests. Specify a unique request ID
so that if you must retry your request, the server will know to ignore
the request if it has already been completed. The server will guarantee
that for at least 60 minutes since the first request.
For example, consider a situation where you make an initial request and the
request times out. If you make the request again with the same request
ID, the server can check if original operation with the same request ID
was received, and if so, will ignore the second request. This prevents
clients from accidentally creating duplicate commitments.
The request ID must be a valid UUID with the exception that zero UUID is
not supported (00000000-0000-0000-0000-000000000000).
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters
async:
collection:
- iam.projects.locations.operations

74
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/_partials/_delete_alpha.yaml Normal file
View File

@@ -0,0 +1,74 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Deletes policy porter and child resources.
description: |
Exports translated policies from a PolicyPorter resource.
examples: |-
To delete a PolicyPorter and child resources, run:
$ {command} my-policy-porter --location=global --project=my-project --force
arguments:
params:
- help_text: |-
Name of the resource.
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}.
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters
required: true
- arg_name: force
api_field: force
action: store_true
required: false
type: bool
help_text: |-
If set to true, any Translations from this PolicyPorter will also be
deleted. (Otherwise, the request will only work if the PolicyPorter has no
Translations.)
default: null
- arg_name: request-id
api_field: requestId
required: false
repeated: false
help_text: |-
An optional request ID to identify requests. Specify a unique request ID
so that if you must retry your request, the server will know to ignore
the request if it has already been completed. The server will guarantee
that for at least 60 minutes after the first request.
For example, consider a situation where you make an initial request and the
request times out. If you make the request again with the same request
ID, the server can check if original operation with the same request ID
was received, and if so, will ignore the second request. This prevents
clients from accidentally creating duplicate commitments.
The request ID must be a valid UUID with the exception that zero UUID is
not supported (00000000-0000-0000-0000-000000000000).
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters
async:
collection:
- iam.projects.locations.operations

43
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/_partials/_describe_alpha.yaml Normal file
View File

@@ -0,0 +1,43 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Describes a PolicyPorter resource.
description: |
Describes a PolicyPorter resource.
examples: |-
To describe a PolicyPorter resource, run:
$ {command} my-policy-porter --location=global --project=my-project
arguments:
params:
- help_text: |-
Name of the resource.
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}.
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters
required: true
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters

44
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/_partials/_list_alpha.yaml Normal file
View File

@@ -0,0 +1,44 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Lists PolicyPorter resources.
description: |
Lists PolicyPorters.
examples: |-
To list PolicyPorter resources, run:
$ {command} --location=global --project=my-project
arguments:
params:
- help_text: |-
Parent value for ListPolicyPortersRequest.
Format: projects/{project}/locations/{location}.
is_positional: false
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations
required: true
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters
response:
id_field: name

194
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/_partials/_update_alpha.yaml Normal file
View File

@@ -0,0 +1,194 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Updates a PolicyPorter resource.
description: |
Updates a PolicyPorter resource. It can be helpful to first Create a PolicyPorter resource
to see the parsed Principal/Resource keys, and use them to update the mappings in this
command.
examples: |-
To update a PolicyPorter resource and identity mappings, run:
$ {command} my-policy-porter --location=global --project=my-project \
--update-aws-mappings-resource-mapping='{"my_aws_resource": "my_gcp_resource"}}' \
--update-aws-mappings-principal-mapping='{"my_aws_identity": "my_gcp_identity"}}' \
arguments:
params:
- help_text: |-
Identifier. Name of resource.
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}.
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters
required: true
- arg_name: labels
api_field: googleIamV3alphaPolicyPorter.labels
required: false
repeated: true
help_text: |-
Resource labels as key value pairs, used for List API filtering.
clearable: true
spec:
- api_field: key
- api_field: value
- arg_name: display-name
api_field: googleIamV3alphaPolicyPorter.displayName
required: false
repeated: false
help_text: |-
An arbitrary user-provided name for policy porter.
The display name should adhere to the following format:
* Must be 6 to 63 characters in length.
* Can only contain lowercase letters, numbers, and hyphens.
* Must start with a letter.
- arg_name: description
api_field: googleIamV3alphaPolicyPorter.description
required: false
repeated: false
help_text: |-
Description about translation.
- group:
api_field: googleIamV3alphaPolicyPorter.policyConfig
arg_name: policy-config
clearable: true
required: false
help_text: |-
Represents config for PolicyPorter such as policies, mappings, etc. required
by PolicyPorter.
params:
- group:
mutex: true
help_text: |-
Arguments for the policy json.
params:
- group:
api_field: googleIamV3alphaPolicyPorter.policyConfig.inlinePolicyJson
required: false
help_text: |-
Inline representation of policy json that is being translated.
params:
- arg_name: inline-policy-json-file-name
api_field: googleIamV3alphaPolicyPorter.policyConfig.inlinePolicyJson.fileName
required: false
repeated: false
help_text: |-
Name of file from which policy json got imported. This helps user to
recognize the source of policies.
- group:
mutex: true
required: true
params:
- arg_name: inline-policy-json-content-from-file
api_field: googleIamV3alphaPolicyPorter.policyConfig.inlinePolicyJson.content
json_name: contentFromFile
required: false
repeated: false
type: file_type
help_text: |-
Content of the file containing policies in json format.
- arg_name: inline-policy-json-content
api_field: googleIamV3alphaPolicyPorter.policyConfig.inlinePolicyJson.content
required: false
repeated: false
type: bytes
help_text: |-
Content of the file containing policies in json format.
- group:
mutex: true
help_text: |-
Arguments for the mappings.
params:
- group:
api_field: googleIamV3alphaPolicyPorter.policyConfig.awsMappings
required: false
help_text: |-
Resource and principal mappings required for translating policies.
params:
- arg_name: aws-mappings-resource-mapping
api_field: googleIamV3alphaPolicyPorter.policyConfig.awsMappings.resourceMapping
required: false
repeated: true
help_text: |-
User provided resource mapping for keys in `resource_keys` field.
Keys format: [IAM JSON policy elements:
Resource](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html).
Values format: See [Resource
names](https://cloud.google.com/apis/design/resource_names).
clearable: true
spec:
- api_field: key
- api_field: value
- arg_name: aws-mappings-principal-mapping
api_field: googleIamV3alphaPolicyPorter.policyConfig.awsMappings.principalMapping
required: false
repeated: true
help_text: |-
User provided principal mapping for keys in `principal_keys` field.
Keys format: [AWS JSON policy elements:
Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html).
Values format: See [Members field in
bindings](https://cloud.google.com/iam/docs/reference/rest/v1/Policy#binding).
clearable: true
spec:
- api_field: key
- api_field: value
- arg_name: policy-config-source-cloud
api_field: googleIamV3alphaPolicyPorter.policyConfig.sourceCloud
required: false
help_text: |-
Type of source cloud from which policies are being translated.
choices:
- arg_value: aws
enum_value: AWS
help_text: |-
Represents AWS cloud.
- arg_name: request-id
api_field: requestId
required: false
repeated: false
help_text: |-
An optional request ID to identify requests. Specify a unique request ID
so that if you must retry your request, the server will know to ignore
the request if it has already been completed. The server will guarantee
that for at least 60 minutes since the first request.
For example, consider a situation where you make an initial request and the
request times out. If you make the request again with the same request
ID, the server can check if original operation with the same request ID
was received, and if so, will ignore the second request. This prevents
clients from accidentally creating duplicate commitments.
The request ID must be a valid UUID with the exception that zero UUID is
not supported (00000000-0000-0000-0000-000000000000).
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters
static_fields:
updateMask: '*'
async:
collection:
- iam.projects.locations.operations
update:
read_modify_update: true
disable_auto_field_mask: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/create.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/delete.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/describe.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/list.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

28
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/__init__.py Normal file
View File

@@ -0,0 +1,28 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""Manage Translation resources."""
from googlecloudsdk.calliope import base
from surface.iam.policy_porters.translations import _init_extensions as extensions
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
@base.Autogenerated
@base.Hidden
class TranslationsAlpha(extensions.TranslationsAlpha):
"""Manage Translation resources."""

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/_init_extensions.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""File to add optional custom code to extend __init__.py."""
from googlecloudsdk.calliope import base
class TranslationsAlpha(base.Group):
"""Optional no-auto-generated code for ALPHA."""
class TranslationsBeta(base.Group):
"""Optional no-auto-generated code for BETA."""
class TranslationsGa(base.Group):
"""Optional no-auto-generated code for GA."""

72
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/_partials/_create_alpha.yaml Normal file
View File

@@ -0,0 +1,72 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Creates a translation.
description: |
Instructs PolicyPorter to do a translation of the policies in the PolicyPorter resource.
examples: |-
To translate policies from a PolicyPorter resource, run:
$ {command} my-translation --policy-porter=my-policy-porter \
--location=global --project=my-project
arguments:
params:
- help_text: |-
Identifier. Name of resource.
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}/translations/{translation}.
is_positional: true
is_primary_resource: true
request_id_field: translationId
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters_translations
required: true
- arg_name: display-name
api_field: googleIamV3alphaTranslation.displayName
required: true
repeated: false
help_text: |-
The display name of translation.
- arg_name: request-id
api_field: requestId
required: false
repeated: false
help_text: |-
An optional request ID to identify requests. Specify a unique request ID
so that if you must retry your request, the server will know to ignore
the request if it has already been completed. The server will guarantee
that for at least 60 minutes since the first request.
For example, consider a situation where you make an initial request and the
request times out. If you make the request again with the same request
ID, the server can check if original operation with the same request ID
was received, and if so, will ignore the second request. This prevents
clients from accidentally creating duplicate commitments.
The request ID must be a valid UUID with the exception that zero UUID is
not supported (00000000-0000-0000-0000-000000000000).
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters.translations
async:
collection:
- iam.projects.locations.operations

75
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/_partials/_delete_alpha.yaml Normal file
View File

@@ -0,0 +1,75 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Delete a translation.
description: |
Deletes PolicyPorter translation resource.
examples: |-
To delete a policyporter translation, run:
$ {command} my-translation --policy-porter=my-policy-porter \
--location=global --project=my-project
arguments:
params:
- help_text: |-
Name of the resource
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}/translations/{translation}.
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters_translations
required: true
- arg_name: force
api_field: force
action: store_true
required: false
type: bool
help_text: |-
If set to true, any SourcePolicies and TranslatedPolicies from this
Translation will also be deleted. (Otherwise, the request will only work if
the Translation has no SourcePolicies and TranslatedPolicies.)
default: null
- arg_name: request-id
api_field: requestId
required: false
repeated: false
help_text: |-
An optional request ID to identify requests. Specify a unique request ID
so that if you must retry your request, the server will know to ignore
the request if it has already been completed. The server will guarantee
that for at least 60 minutes after the first request.
For example, consider a situation where you make an initial request and the
request times out. If you make the request again with the same request
ID, the server can check if original operation with the same request ID
was received, and if so, will ignore the second request. This prevents
clients from accidentally creating duplicate commitments.
The request ID must be a valid UUID with the exception that zero UUID is
not supported (00000000-0000-0000-0000-000000000000).
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters.translations
async:
collection:
- iam.projects.locations.operations

44
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/_partials/_describe_alpha.yaml Normal file
View File

@@ -0,0 +1,44 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Describes a translation.
description: |
Describes a PolicyPorter translation, useful for understanding translation status.
examples: |-
To get a policyporter translation, run:
$ {command} my-translation --policy-porter=my-policy-porter \
--location=global --project=my-project
arguments:
params:
- help_text: |-
Name of the resource.
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}/translations/{translation}.
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters_translations
required: true
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters.translations

45
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/_partials/_list_alpha.yaml Normal file
View File

@@ -0,0 +1,45 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Lists translations.
description: |
List PolicyPorter translation resources.
examples: |-
To list policyporter translations, run:
$ {command} --policy-porter=my-policy-porter --location=global --project=my-project
arguments:
params:
- help_text: |-
Parent value for ListTranslationsRequest.
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}.
is_positional: false
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters
required: true
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters.translations
response:
id_field: name

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/create.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/delete.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/describe.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/list.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

28
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/source_policies/__init__.py Normal file
View File

@@ -0,0 +1,28 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""Manage Source Policy resources."""
from googlecloudsdk.calliope import base
from surface.iam.policy_porters.translations.source_policies import _init_extensions as extensions
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
@base.Autogenerated
@base.Hidden
class SourcePoliciesAlpha(extensions.SourcePoliciesAlpha):
"""Manage Source Policy resources."""

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/source_policies/_init_extensions.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""File to add optional custom code to extend __init__.py."""
from googlecloudsdk.calliope import base
class SourcePoliciesAlpha(base.Group):
"""Optional no-auto-generated code for ALPHA."""
class SourcePoliciesBeta(base.Group):
"""Optional no-auto-generated code for BETA."""
class SourcePoliciesGa(base.Group):
"""Optional no-auto-generated code for GA."""

45
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/source_policies/_partials/_describe_alpha.yaml Normal file
View File

@@ -0,0 +1,45 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Gets a SourcePolicy.
description: |
Get the source policies parsed from the input policy json.
resource.
examples: |-
To get a source policy, run:
$ {command} my-policy --translation=my-translation --policy-porter=my-policy-porter \
--location=global --project=my-project
arguments:
params:
- help_text: |-
Name of the resource.
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}/translations/{translation}/sourcePolicies/{source_policy}.
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters_translations_source_policies
required: true
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters.translations.sourcePolicies

46
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/source_policies/_partials/_list_alpha.yaml Normal file
View File

@@ -0,0 +1,46 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Lists source policies.
description: |
Lists the source policies for a translation.
examples: |-
To export translated policies, run:
$ {command} --translation=my-translation --policy-porter=my-policy-porter \
--location=global --project=my-project
arguments:
params:
- help_text: |-
Parent value for ListSourcePoliciesRequest.
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}/translations/{translation}.
is_positional: false
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters_translations
required: true
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters.translations.sourcePolicies
response:
id_field: name

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/source_policies/describe.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/source_policies/list.yaml Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
_PARTIALS_: true

28
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/translated_policies/__init__.py Normal file
View File

@@ -0,0 +1,28 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""Manage Translated Policy resources."""
from googlecloudsdk.calliope import base
from surface.iam.policy_porters.translations.translated_policies import _init_extensions as extensions
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
@base.Autogenerated
@base.Hidden
class TranslatedPoliciesAlpha(extensions.TranslatedPoliciesAlpha):
"""Manage Translated Policy resources."""

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/translated_policies/_init_extensions.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
"""File to add optional custom code to extend __init__.py."""
from googlecloudsdk.calliope import base
class TranslatedPoliciesAlpha(base.Group):
"""Optional no-auto-generated code for ALPHA."""
class TranslatedPoliciesBeta(base.Group):
"""Optional no-auto-generated code for BETA."""
class TranslatedPoliciesGa(base.Group):
"""Optional no-auto-generated code for GA."""

44
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/policy_porters/translations/translated_policies/_partials/_describe_alpha.yaml Normal file
View File

@@ -0,0 +1,44 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: This file is autogenerated and should not be edited by hand.
# AUTOGEN_CLI_VERSION: HEAD
- release_tracks:
- ALPHA
auto_generated: true
hidden: true
help_text:
brief: Describes translated policies.
description: |
Describes the translated policy.
examples: |-
To export translated policies, run:
$ {command} my-translated-policy --translation=my-translation \
--policy-porter=my-policy-porter --location=global --project=my-project
arguments:
params:
- help_text: |-
Name of the resource.
Format:
projects/{project}/locations/{location}/policyPorters/{policy_porter}/translations/{translation}/translatedPolicies/{translated_policy}.
is_positional: true
is_primary_resource: true
resource_spec: !REF googlecloudsdk.command_lib.iam.v3alpha_resources:projects_locations_policy_porters_translations_translated_policies
required: true
request:
api_version: v3alpha
collection:
- iam.projects.locations.policyPorters.translations.translatedPolicies

Some files were not shown because too many files have changed in this diff Show More