davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/__init__.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The workforce-pools command group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class WorkforcePools(base.Group):
"""Create and manage workforce pools.
The {command} group lets you create and manage workforce pools for
organizations on the Google Cloud Platform.
"""

194
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/create.py Normal file
View File

@@ -0,0 +1,194 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to create a new workforce pool under a parent organization."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.iam import util
from googlecloudsdk.api_lib.util import waiter
from googlecloudsdk.calliope import arg_parsers
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions as gcloud_exceptions
from googlecloudsdk.calliope.concepts import concepts
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.command_lib.iam import identity_pool_waiter
from googlecloudsdk.command_lib.iam.workforce_pools import flags
from googlecloudsdk.command_lib.util.apis import yaml_data
from googlecloudsdk.command_lib.util.concepts import concept_parsers
from googlecloudsdk.core import log
from googlecloudsdk.core import resources
class Create(base.CreateCommand):
r"""Create a new workforce pool under an organization.
Creates a workforce pool under an organization given a valid organization ID.
## EXAMPLES
The following command creates a workforce pool with ID `my-workforce-pool`
in the organization ``12345'':
$ {command} my-workforce-pool --organization=12345
The following command creates a workforce pool with ID `my-workforce-pool`
with explicit values for all required and optional parameters:
$ {command} my-workforce-pool --organization=12345 --location=global
--display-name="My Workforce Pool" --description="My workforce pool
description." --session-duration="7200s" --disabled
"""
@staticmethod
def Args(parser):
workforce_pool_data = yaml_data.ResourceYAMLData.FromPath(
'iam.workforce_pool'
)
concept_parsers.ConceptParser.ForResource(
'workforce_pool',
concepts.ResourceSpec.FromYaml(
workforce_pool_data.GetData(), is_positional=True
),
'The workforce pool to create.',
required=True,
).AddToParser(parser)
flags.AddParentFlags(parser, 'create')
parser.add_argument(
'--display-name',
help=(
'A display name for the workforce pool. Cannot exceed 32 '
+ 'characters in length.'
),
)
parser.add_argument(
'--description',
help=(
'A description for the workforce pool. Cannot exceed 256 '
+ 'characters in length.'
),
)
parser.add_argument(
'--disabled',
action='store_true',
help='Whether or not the workforce pool is disabled.',
)
parser.add_argument(
'--session-duration',
help=(
'How long the Google Cloud access tokens, console sign-in '
+ 'sessions, and gcloud sign-in sessions from this workforce '
+ 'pool are valid. Must be greater than 15 minutes (900s) and '
+ 'less than 12 hours (43200s). If not configured, minted '
+ 'credentials will have a default duration of one hour (3600s).'
),
)
parser.add_argument(
'--allowed-services',
action='append',
type=arg_parsers.ArgDict(
spec={'domain': str}, required_keys=['domain']
),
help=(
'Services allowed for web sign-in with the workforce pool. The flag'
' accepts multiple values with the key as `domain` and value as the'
' domain of the service allowed for web sign-in. If not set, by'
' default all the services are allowed.'
),
)
parser.add_argument(
'--disable-programmatic-signin',
action='store_true',
help='Disable programmatic sign-in for workforce pool users.',
)
base.ASYNC_FLAG.AddToParser(parser)
def Run(self, args):
client, messages = util.GetClientAndMessages()
if not args.organization:
raise gcloud_exceptions.RequiredArgumentException(
'--organization',
'Should specify the organization for workforce pools.',
)
parent_name = iam_util.GetParentName(
args.organization, None, 'workforce pool'
)
workforce_pool_ref = args.CONCEPTS.workforce_pool.Parse()
new_workforce_pool = messages.WorkforcePool(
parent=parent_name,
displayName=args.display_name,
description=args.description,
disabled=args.disabled,
sessionDuration=args.session_duration,
accessRestrictions=self.CreateAccessRestrictions(args, messages),
)
lro_ref = client.locations_workforcePools.Create(
messages.IamLocationsWorkforcePoolsCreateRequest(
location=flags.ParseLocation(args),
workforcePoolId=workforce_pool_ref.workforcePoolsId,
workforcePool=new_workforce_pool,
)
)
log.status.Print(
'Create request issued for: [{}]'.format(
workforce_pool_ref.workforcePoolsId
)
)
if args.async_:
log.status.Print('Check operation [{}] for status.'.format(lro_ref.name))
return lro_ref
lro_resource = resources.REGISTRY.ParseRelativeName(
lro_ref.name, collection='iam.locations.workforcePools.operations'
)
poller = identity_pool_waiter.IdentityPoolOperationPoller(
client.locations_workforcePools,
client.locations_workforcePools_operations,
)
# Wait for a maximum of 5 minutes, as the IAM replication has a lag of up to
# 80 seconds. GetOperation has a dependency on IAMInternal.CheckPolicy, and
# requires the caller to have `workforcePools.get` permission on the created
# resource to return as `done`. See b/203589135.
result = waiter.WaitFor(
poller,
lro_resource,
'Waiting for operations [{}] to complete'.format(lro_ref.name),
max_wait_ms=300000,
)
log.status.Print(
'Created workforce pool [{}].'.format(
workforce_pool_ref.workforcePoolsId
)
)
return result
def CreateAccessRestrictions(self, args, messages):
if args.IsSpecified('allowed_services') or args.IsSpecified(
'disable_programmatic_signin'
):
access_restrictions = messages.AccessRestrictions()
if args.IsSpecified('allowed_services'):
access_restrictions.allowedServices = args.allowed_services
if args.IsSpecified('disable_programmatic_signin'):
access_restrictions.disableProgrammaticSignin = (
args.disable_programmatic_signin
)
return access_restrictions
return None

106
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/create_cred_config.py Normal file
View File

@@ -0,0 +1,106 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to create a configuration file to allow authentication from 3rd party user identities."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import flags
from googlecloudsdk.command_lib.iam.byoid_utilities import cred_config
class CreateCredConfig(base.CreateCommand):
"""Create a configuration file for generated credentials.
This command creates a configuration file to allow access to authenticated
Google Cloud actions from a variety of external user accounts.
"""
detailed_help = {
'EXAMPLES': textwrap.dedent(
"""\
To create a file-sourced credential configuration for your project, run:
$ {command} locations/$REGION/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID --credential-source-file=$PATH_TO_OIDC_ID_TOKEN --workforce-pool-user-project=$PROJECT_NUMBER --output-file=credentials.json
To create a URL-sourced credential configuration for your project, run:
$ {command} locations/$REGION/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID --credential-source-url=$URL_FOR_OIDC_TOKEN --credential-source-headers=Key=Value --workforce-pool-user-project=$PROJECT_NUMBER --output-file=credentials.json
To create an executable-source credential configuration for your project, run the following command:
$ {command} locations/$REGION/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID --executable-command=$EXECUTABLE_COMMAND --executable-timeout-millis=30000 --executable-output-file=$CACHE_FILE --workforce-pool-user-project=$PROJECT_NUMBER --output-file=credentials.json
To use the resulting file for any of these commands, set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the generated file.
"""
),
}
_use_pluggable_auth = False
@classmethod
def Args(cls, parser):
# Add args common between workload and workforce.
flags.AddCommonByoidCreateConfigFlags(
parser, cred_config.ConfigType.WORKFORCE_POOLS)
# Required args. The audience is a positional arg, meaning it is required.
parser.add_argument(
'audience', help='The workforce pool provider resource name.')
# The credential source must be specified (file-sourced or URL-sourced).
credential_types = parser.add_group(
mutex=True, required=True, help='Credential types.')
credential_types.add_argument(
'--credential-source-file',
help='The location of the file which stores the credential.')
credential_types.add_argument(
'--credential-source-url',
help='The URL to obtain the credential from.')
credential_types.add_argument(
'--executable-command',
help=(
'The full command to run to retrieve the credential. Must be an'
' absolute path for the program including arguments.'
),
)
parser.add_argument(
'--workforce-pool-user-project',
help='The client project number used to identify the application ' +
'(client project) to the server when calling Google APIs. The user ' +
'principal must have serviceusage.services.use IAM permission to use ' +
'the specified project.',
required=True)
# Optional args.
parser.add_argument(
'--subject-token-type',
help='The type of token being used for authorization. ' +
'This defaults to urn:ietf:params:oauth:token-type:id_token.')
parser.add_argument(
'--enable-mtls',
help='Use mTLS for STS endpoints.',
action='store_true',
hidden=True)
def Run(self, args):
cred_config.create_credential_config(args,
cred_config.ConfigType.WORKFORCE_POOLS)

143
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/create_login_config.py Normal file
View File

@@ -0,0 +1,143 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to create a login configuration file used to enable browser based sign-in using third-party user identities via gcloud auth login.
"""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import json
import os
import textwrap
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam.byoid_utilities import cred_config
from googlecloudsdk.core import log
from googlecloudsdk.core import properties
from googlecloudsdk.core.universe_descriptor import universe_descriptor
from googlecloudsdk.core.util import files
RESOURCE_TYPE = 'login configuration file'
GOOGLE_DEFAULT_CLOUD_WEB_DOMAIN = 'cloud.google'
@base.UniverseCompatible
class CreateLoginConfig(base.CreateCommand):
"""Create a login configuration file to enable sign-in via a web-based authorization flow using Workforce Identity Federation.
This command creates a configuration file to enable browser based
third-party sign in with Workforce Identity Federation through
`gcloud auth login --login-config=/path/to/config.json`.
"""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
To create a login configuration for your project, run:
$ {command} locations/global/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID --output-file=login-config.json
"""),
}
@classmethod
def Args(cls, parser):
# Required args.
parser.add_argument(
'audience', help='Workforce pool provider resource name.'
)
parser.add_argument(
'--output-file',
help='Location to store the generated login configuration file.',
required=True,
)
# Optional args.
parser.add_argument(
'--activate',
action='store_true',
default=False,
help=(
'Sets the property `auth/login_config_file` to the created login'
' configuration file. Calling `gcloud auth login` will'
' automatically use this login configuration unless it is'
' explicitly unset.'
),
)
parser.add_argument(
'--enable-mtls',
help='Use mTLS for STS endpoints.',
action='store_true',
hidden=True,
)
parser.add_argument(
'--universe-domain',
help='The universe domain.',
hidden=True,
)
parser.add_argument(
'--universe-cloud-web-domain',
help='The universe cloud web domain.',
hidden=True,
)
def Run(self, args):
# Take universe domains into account.
universe_domain_property = properties.VALUES.core.universe_domain
universe_domain = universe_domain_property.Get()
# Universe_domain arg takes precedence over the configuration.
if getattr(args, 'universe_domain', None):
universe_domain = args.universe_domain
# Don't use universe descriptor for GDU as there is a potential edge case
# that will result in the cloud web domain not being retrievable.
# TODO(b/368357376): Remove once the edge case is fixed.
if universe_domain == universe_domain_property.default:
universe_cloud_web_domain = GOOGLE_DEFAULT_CLOUD_WEB_DOMAIN
# Hidden attribute. Should not be used, but check just in case.
elif getattr(args, 'universe_cloud_web_domain', None):
universe_cloud_web_domain = args.universe_cloud_web_domain
else:
universe_cloud_web_domain = (
universe_descriptor.UniverseDescriptor()
.Get(universe_domain)
.cloud_web_domain
)
enable_mtls = getattr(args, 'enable_mtls', False)
token_endpoint_builder = cred_config.StsEndpoints(
enable_mtls=enable_mtls, universe_domain=universe_domain
)
output = {
'universe_domain': universe_domain,
'universe_cloud_web_domain': universe_cloud_web_domain,
'type': 'external_account_authorized_user_login_config',
'audience': '//iam.googleapis.com/' + args.audience,
'auth_url': 'https://auth.{cloud_web_domain}/authorize'.format(
cloud_web_domain=universe_cloud_web_domain
),
'token_url': token_endpoint_builder.oauth_token_url,
'token_info_url': token_endpoint_builder.token_info_url,
}
files.WriteFileContents(args.output_file, json.dumps(output, indent=2))
log.CreatedResource(args.output_file, RESOURCE_TYPE)
if args.activate:
properties.PersistProperty(
properties.VALUES.auth.login_config_file,
os.path.abspath(args.output_file),
)

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/delete.yaml Normal file
View File

@@ -0,0 +1,34 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Delete a workforce pool.
description: Delete a workforce pool.
examples: |
The following command deletes a workforce pool with ID ``my-workforce-pool'':
$ {command} my-workforce-pool --location=global
request:
collection: iam.locations.workforcePools
arguments:
resource:
help_text: The workforce pool to delete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool
is_positional: true
async:
collection: iam.locations.workforcePools.operations

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/describe.yaml Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Describe a workforce pool.
description: Describe a workforce pool.
examples: |
The following command describes a workforce pool with ID ``my-workforce-pool'':
$ {command} my-workforce-pool --location=global
request:
collection: iam.locations.workforcePools
arguments:
resource:
help_text: The workforce pool to describe.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool
is_positional: true

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/get_iam_policy.yaml Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [GA]
help_text:
brief: Get the IAM policy for a workforce pool.
description: Get the IAM policy for a workforce pool.
examples: |
The following command gets the IAM policy for the workforce pool with ID ``my-workforce-pool'':
$ {command} my-workforce-pool --location=global
request:
collection: iam.locations.workforcePools
arguments:
resource:
help_text: The workforce pool for which to display the IAM policy.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool
is_positional: true

78
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/list.py Normal file
View File

@@ -0,0 +1,78 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to list all of the workforce pools under a parent organization."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from apitools.base.py import list_pager
from googlecloudsdk.api_lib.iam import util
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions as gcloud_exceptions
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.command_lib.iam.workforce_pools import flags
class List(base.ListCommand):
"""List the workforce pools for an organization.
Lists all of the workforce pools for an organization given a valid
organization ID.
This command can fail for the following reasons:
* The organization specified does not exist.
* The active account does not have permission to access the organization.
## EXAMPLES
The following command lists the workforce pools for an organization with the
ID ``12345'', including soft-deleted pools:
$ {command} --organization=12345 --location=global --show-deleted
"""
@staticmethod
def Args(parser):
flags.AddParentFlags(parser, 'list')
flags.AddLocationFlag(parser, 'list')
parser.add_argument(
'--show-deleted',
action='store_true',
help='Show soft-deleted workforce pools by specifying this flag.')
base.URI_FLAG.RemoveFromParser(parser)
def Run(self, args):
if args.limit is not None and (args.limit < 1):
raise gcloud_exceptions.InvalidArgumentException('Limit size must be >=1')
client, messages = util.GetClientAndMessages()
if not args.organization:
raise gcloud_exceptions.RequiredArgumentException(
'--organization',
'Should specify the organization for workforce pools.')
parent_name = iam_util.GetParentName(args.organization, None,
'workforce pools')
return list_pager.YieldFromList(
client.locations_workforcePools,
messages.IamLocationsWorkforcePoolsListRequest(
parent=parent_name,
showDeleted=args.show_deleted,
location=flags.ParseLocation(args)),
field='workforcePools',
limit=args.limit,
batch_size=args.page_size,
batch_size_attribute='pageSize')

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/operations/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The workforce-pools operations command group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class WorkforcePoolOperations(base.Group):
"""Manage IAM workforce pool long-running operations.
Commands for managing IAM workforce pool long-running operations.
"""

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/operations/describe.yaml Normal file
View File

@@ -0,0 +1,31 @@
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Describe a workforce pool operation.
description: Describe a workforce pool operation.
examples: |
To describe the long-running workforce pool operation with the ID ``my-operation'', run:
$ {command} my-operation --workforce-pool="my-workforce-pool" --location="global"
request:
collection: iam.locations.workforcePools.operations
arguments:
resource:
help_text: The workforce pool long-running operation to describe.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_operation
is_positional: true

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The workforce-pools providers command group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class WorkforcePoolProviders(base.Group):
"""Create and manage workforce pool providers.
The {command} group lets you create and manage workforce pool providers.
"""

74
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/create_oidc.yaml Normal file
View File

@@ -0,0 +1,74 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
command_type: CREATE
help_text:
brief: Create a new OIDC workforce pool provider.
description: Create a new OIDC workforce pool provider.
examples: |
The following command creates a disabled OIDC workforce pool provider with the ID
`my-workforce-pool-provider`. Explicit values for all required and optional parameters are
provided.
$ {command} my-workforce-pool-provider \
--workforce-pool="my-workforce-pool" \
--location="global" \
--display-name="My Workforce Pool Provider" \
--description="My workforce pool provider description." \
--disabled \
--detailed-audit-logging \
--attribute-mapping="google.subject=assertion.sub" \
--attribute-condition="true" \
--client-id="client-id" \
--client-secret-value="client-secret" \
--issuer-uri="https://test-idp.com" \
--web-sso-response-type="code" \
--web-sso-assertion-claims-behavior="merge-user-info-over-id-token-claims" \
--web-sso-additional-scopes="groups,photos"
--jwk-json-path="path/to/jwk.json"
request:
collection: iam.locations.workforcePools.providers
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:AddCreateExtraAndExtendedAttributesConfigToRequest
arguments:
resource:
help_text: The workforce pool provider to create.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.display_name
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.description
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.disabled
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.detailed_audit_logging
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.attribute_mapping
required: true
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.attribute_condition
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_issuer_uri
required: true
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_client_id
required: true
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_client_secret_value
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_web_sso_group
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_jwks_json_path
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.scim_usage
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.attribute_sync_interval
hidden: true
additional_arguments_hook: googlecloudsdk.command_lib.iam.workforce_pools.flags:AddExtraAndExtendedAttributesOAuth2Client
async:
collection: iam.locations.workforcePools.providers.operations

61
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/create_saml.yaml Normal file
View File

@@ -0,0 +1,61 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [GA]
command_type: CREATE
help_text:
brief: Create a new SAML workforce pool provider.
description: Create a new SAML workforce pool provider.
examples: |
The following command creates a disabled SAML workforce pool provider with the ID
`my-workforce-pool-provider`. Explicit values for all required and optional parameters are
provided.
$ {command} my-workforce-pool-provider \
--workforce-pool="my-workforce-pool" \
--location="global" \
--display-name="My Workforce Pool Provider" \
--description="My workforce pool provider description." \
--disabled \
--detailed-audit-logging \
--attribute-mapping="google.subject=assertion.sub" \
--attribute-condition="true" \
--idp-metadata-path="path/to/metdata/file.xml"
request:
collection: iam.locations.workforcePools.providers
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:AddCreateExtraAndExtendedAttributesConfigToRequest
arguments:
resource:
help_text: The workforce pool provider to create.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.display_name
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.description
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.disabled
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.detailed_audit_logging
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.attribute_mapping
required: true
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.attribute_condition
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.saml_idp_metadata_path
required: true
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.scim_usage
additional_arguments_hook: googlecloudsdk.command_lib.iam.workforce_pools.flags:AddExtraAndExtendedAttributesOAuth2Client
async:
collection: iam.locations.workforcePools.providers.operations

37
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/delete.yaml Normal file
View File

@@ -0,0 +1,37 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Delete a workforce pool provider.
description: Delete a workforce pool provider.
examples: |
The following command deletes a workforce pool provider with the ID
`my-workforce-pool-provider`:
$ {command} my-workforce-pool-provider \
--workforce-pool="my-workforce-pool" \
--location="global"
request:
collection: iam.locations.workforcePools.providers
arguments:
resource:
help_text: The workforce pool provider to delete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider
is_positional: true
async:
collection: iam.locations.workforcePools.providers.operations

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/describe.yaml Normal file
View File

@@ -0,0 +1,34 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Describe a workforce pool provider.
description: Describe a workforce pool provider.
examples: |
The following command describes a workforce pool provider with the ID
`my-workforce-pool-provider`:
$ {command} my-workforce-pool-provider \
--workforce-pool="my-workforce-pool" \
--location="global"
request:
collection: iam.locations.workforcePools.providers
arguments:
resource:
help_text: The workforce pool provider to describe.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider
is_positional: true

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/keys/__init__.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The workforce-pools provider keys command group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class WorkforcePoolProviderKeys(base.Group):
"""Create and manage IAM workforce pool provider keys.
The {command} group lets you create and manage IAM workforce pool provider
keys.
"""

47
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/keys/create.yaml Normal file
View File

@@ -0,0 +1,47 @@
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Create a new workforce pool provider key.
description: Create a new workforce pool provider key.
examples: |
The following command creates a workforce pool provider key with the ID ``my-key''. Explicit
values for all required and optional parameters are provided.
$ {command} my-key \
--location="global" \
--workforce-pool="my-workforce-pool" \
--provider="my-provider"
--use="ENCRYPTION"
--spec="RSA_4096"
request:
collection: iam.locations.workforcePools.providers.keys
arguments:
resource:
help_text: |-
The workforce pool provider key to create.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_key
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider_key.use
required: true
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider_key.spec
required: true
async:
collection: iam.locations.workforcePools.providers.keys.operations

38
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/keys/delete.yaml Normal file
View File

@@ -0,0 +1,38 @@
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Delete a workforce pool provider key.
description: Delete a workforce pool provider key.
examples: |
The following command deletes a workforce pool provider key with the ID ``my-key''.
$ {command} my-key \
--location="global" \
--workforce-pool="my-workforce-pool" \
--provider="my-provider"
request:
collection: iam.locations.workforcePools.providers.keys
arguments:
resource:
help_text: |-
The workforce pool provider key to delete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_key
is_positional: true
async:
collection: iam.locations.workforcePools.providers.keys.operations

35
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/keys/describe.yaml Normal file
View File

@@ -0,0 +1,35 @@
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Describe a workforce pool provider key.
description: Describe a workforce pool provider key.
examples: |
The following command describes a workforce pool provider key with the ID ``my-key''.
$ {command} my-key \
--location="global" \
--workforce-pool="my-workforce-pool" \
--provider="my-provider"
request:
collection: iam.locations.workforcePools.providers.keys
arguments:
resource:
help_text: |-
The workforce pool provider key to describe.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_key
is_positional: true

42
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/keys/list.yaml Normal file
View File

@@ -0,0 +1,42 @@
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: List workforce pool provider keys.
description: List workforce pool provider keys.
examples: |
The following command lists the keys in the workforce pool provider with ID ``my-provider'',
including soft-deleted keys:
$ {command} \
--workforce-pool="my-workforce-pool" \
--provider="my-provider" \
--location="global" \
--show-deleted
request:
collection: iam.locations.workforcePools.providers.keys
arguments:
resource:
help_text: The parent workforce pool provider of the keys to list.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider
is_positional: false
params:
- api_field: showDeleted
arg_name: show-deleted
required: false
help_text: Show soft-deleted keys by specifying this flag.

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/keys/operations/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The workforce-pools providers keys operations group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class WorkforcePoolProviderKeyOperations(base.Group):
"""Manage IAM workforce pool provider key long-running operations.
Commands for managing IAM workforce pool provider key long-running operations.
"""

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/keys/operations/describe.yaml Normal file
View File

@@ -0,0 +1,31 @@
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Describe a workforce pool provider key operation.
description: Describe a workforce pool provider key operation.
examples: |
To describe the long-running workforce pool provider key operation with the ID ``my-operation'', run:
$ {command} my-operation --workforce-pool="my-workforce-pool" --provider="my-provider" --key="my-key" --location="global"
request:
collection: iam.locations.workforcePools.providers.keys.operations
arguments:
resource:
help_text: The workforce pool provider key long-running operation to describe.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_key_operation
is_positional: true

39
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/keys/undelete.yaml Normal file
View File

@@ -0,0 +1,39 @@
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Undelete a workforce pool provider key.
description: Undelete a workforce pool provider key.
examples: |
The following command undeletes a workforce pool provider key with the ID ``my-key''.
$ {command} my-key \
--location="global" \
--workforce-pool="my-workforce-pool" \
--provider="my-provider"
request:
collection: iam.locations.workforcePools.providers.keys
method: undelete
arguments:
resource:
help_text: |-
The workforce pool provider key to undelete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_key
is_positional: true
async:
collection: iam.locations.workforcePools.providers.keys.operations

41
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/list.yaml Normal file
View File

@@ -0,0 +1,41 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: List workforce pool providers.
description: List workforce pool providers.
examples: |
The following command lists the workforce pool providers in the workforce pool with ID
`my-workforce-pool`, including soft-deleted pools:
$ {command} \
--workforce-pool="my-workforce-pool" \
--location="global" \
--show-deleted
request:
collection: iam.locations.workforcePools.providers
arguments:
resource:
help_text: The parent workforce pool of the workforce pool providers to list.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool
is_positional: false
params:
- api_field: showDeleted
arg_name: show-deleted
help_text: Show soft-deleted workforce pool providers by specifying this flag.
required: false

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/operations/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The workforce-pools providers operations group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class WorkforcePoolProviderOperations(base.Group):
"""Manage IAM workforce pool provider long-running operations.
Commands for managing IAM workforce pool provider long-running operations.
"""

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/operations/describe.yaml Normal file
View File

@@ -0,0 +1,31 @@
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Describe a workforce pool provider operation.
description: Describe a workforce pool provider operation.
examples: |
To describe the long-running workforce pool provider operation with the ID ``my-operation'', run:
$ {command} my-operation --workforce-pool="my-workforce-pool" --provider="my-provider" --location="global"
request:
collection: iam.locations.workforcePools.providers.operations
arguments:
resource:
help_text: The workforce pool provider long-running operation to describe.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_operation
is_positional: true

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/__init__.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for IAM Workforce Pools Providers SCIM Tenants."""
from googlecloudsdk.calliope import base
# NOTE: No longer need hook-specific imports unless other hooks are added later
@base.UniverseCompatible
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
class ScimTenants(base.Group):
"""Manage IAM workforce identity pool provider SCIM tenants.
Commands for creating, describing, listing, updating, and deleting
SCIM tenants associated with IAM workforce identity pool providers. SCIM
tenants enable automated user and group provisioning.
"""

52
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/create.yaml Normal file
View File

@@ -0,0 +1,52 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Create an IAM workforce identity pool provider SCIM tenant.
description: |
Create a new SCIM tenant associated with a specific workforce identity pool provider.
Upon successful creation, the command returns the created SCIM tenant resource.
examples: |
To create a SCIM tenant with ID `my-tenant` under provider `my-okta-provider` in pool `my-pool` located in `global` with claim mappings:
$ {command} my-tenant --location=global --workforce-pool=my-pool --provider=my-okta-provider --claim-mapping="google.subject=user.externalId,google.group=group.externalId"
To create a SCIM tenant `sales-tenant` under provider `salesforce` in pool `partner-pool` located in `europe-west1` with claim mappings:
$ {command} sales-tenant --location=europe-west1 --workforce-pool=partner-pool --provider=salesforce --claim-mapping="google.subject=user.externalId,google.group=group.externalId"
request:
collection: iam.locations.workforcePools.providers.scimTenants
arguments:
resource:
help_text: The ID of the SCIM tenant to create. Must be 4-32 characters, alphanumeric ([a-z0-9-]), and cannot start with gcp-.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_tenant
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider_scim_tenant.display_name
required: false
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider_scim_tenant.description
required: false
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider_scim_tenant.claim_mapping
required: true
output:
format: yaml

45
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/delete.yaml Normal file
View File

@@ -0,0 +1,45 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Implementation definition for gcloud iam workforce-pools providers scim-tenants delete
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Delete an IAM workforce identity pool provider SCIM tenant.
description: |
Delete an existing SCIM tenant associated with a specific workforce identity pool provider.
This operation marks the tenant for deletion, and it may be recoverable using the `undelete` command for a period.
examples: |
To delete a SCIM tenant with ID `my-tenant` under provider `my-okta-provider` in pool `my-pool` located in `global`:
$ {command} my-tenant --location=global --workforce-pool=my-pool --provider=my-okta-provider
request:
collection: iam.locations.workforcePools.providers.scimTenants
api_version: v1
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:ModifyHardDeleteFlagInRequest
arguments:
resource:
help_text: The SCIM tenant to delete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_tenant
is_positional: true
params:
- arg_name: hard-delete
api_field: hardDelete
required: false
help_text: Deletes the SCIM tenant immediately. This operation cannot be undone.

38
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/describe.yaml Normal file
View File

@@ -0,0 +1,38 @@
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Implementation definition for gcloud iam workforce-pools providers scim-tenants describe
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Describe an IAM workforce identity pool provider SCIM tenant.
description: |
Describe an existing SCIM tenant associated with a specific workforce identity pool provider.
examples: |
To describe a SCIM tenant with ID `my-tenant` under provider `my-provider` in pool `my-pool` located in `global`:
$ {command} my-tenant --location=global --workforce-pool=my-pool --provider=my-provider
request:
collection: iam.locations.workforcePools.providers.scimTenants
api_version: v1
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_tenant
help_text: The SCIM tenant to describe.
is_positional: true

55
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/list.yaml Normal file
View File

@@ -0,0 +1,55 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Implementation definition for gcloud iam workforce-pools providers scim-tenants list
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: List IAM workforce identity pool provider SCIM tenants.
description: |
List all SCIM tenants associated with a specific workforce identity pool provider.
examples: |
To list all SCIM tenants under provider `my-okta-provider` in pool `my-pool` located in `global`:
$ {command} --location=global --workforce-pool=my-pool --provider=my-okta-provider
To list deleted SCIM tenants as well:
$ {command} --location=global --workforce-pool=my-pool --provider=my-okta-provider --show-deleted
request:
collection: iam.locations.workforcePools.providers.scimTenants
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider
help_text: The workforce identity pool provider under which to list SCIM tenants.
is_positional: false
params:
- arg_name: show-deleted
api_field: showDeleted
required: false
help_text: Include SCIM tenants that have been deleted.
output:
format: |
table(
name.basename():label=SCIM_TENANT_ID,
displayName,
state,
baseUri
)

29
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/tokens/__init__.py Normal file
View File

@@ -0,0 +1,29 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for IAM Workforce Pools Providers SCIM Tenant Tokens."""
from googlecloudsdk.calliope import base
@base.UniverseCompatible
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
class Tokens(base.Group):
"""Manage IAM workforce identity pool provider SCIM tenant tokens.
Commands for creating, describing, listing, updating, and deleting
SCIM tokens associated with IAM workforce identity pool provider SCIM tenants.
"""

26
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/tokens/create.yaml Normal file
View File

@@ -0,0 +1,26 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Create an IAM workforce identity pool provider SCIM tenant token.
description: |
Create a new SCIM token associated with a specific workforce identity pool provider SCIM tenant.
Upon successful creation, the command returns the created SCIM token resource.
examples: |
To create a SCIM token with ID `my-token` under tenant `my-tenant` provider `my-provider` in pool `my-pool` located in `global`:
$ {command} my-token --location=global --workforce-pool=my-pool --provider=my-provider --scim-tenant=my-tenant
request:
collection: iam.locations.workforcePools.providers.scimTenants.tokens
arguments:
resource:
help_text: The ID of the SCIM token to create. Must be 4-32 characters, alphanumeric ([a-z0-9-]), and cannot start with gcp-.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_token
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider_scim_token.display_name
required: false
output:
format: yaml

36
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/tokens/delete.yaml Normal file
View File

@@ -0,0 +1,36 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Implementation definition for gcloud iam workforce-pools providers scim-tenants delete
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Delete an IAM workforce identity pool provider SCIM tenant token.
description: |
Delete a SCIM token associated with a specific workforce identity pool provider SCIM tenant.
examples: |
To delete a SCIM token with ID `my-token` under tenant `my-tenant` provider `my-provider` in pool `my-pool` located in `global`:
$ {command} my-token --location=global --workforce-pool=my-pool --provider=my-provider --scim-tenant=my-tenant
request:
collection: iam.locations.workforcePools.providers.scimTenants.tokens
method: delete
arguments:
resource:
help_text: The SCIM token to delete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_token
is_positional: true

36
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/tokens/describe.yaml Normal file
View File

@@ -0,0 +1,36 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Implementation definition for gcloud iam workforce-pools providers scim-tenants describe
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Describe an IAM workforce identity pool provider SCIM tenant token.
description: |
Describe a SCIM token associated with a specific workforce identity pool provider SCIM tenant.
examples: |
To describe a SCIM token with ID `my-token` under tenant `my-tenant` provider `my-provider` in pool `my-pool` located in `global`:
$ {command} my-token --location=global --workforce-pool=my-pool --provider=my-provider --scim-tenant=my-tenant
request:
collection: iam.locations.workforcePools.providers.scimTenants.tokens
method: get
arguments:
resource:
help_text: The SCIM token to describe.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_token
is_positional: true

52
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/tokens/list.yaml Normal file
View File

@@ -0,0 +1,52 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Implementation definition for gcloud iam workforce-pools providers scim-tenants tokens list
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: List IAM workforce identity pool provider SCIM tenant tokens.
description: |
List all SCIM tokens associated with a specific workforce identity pool provider SCIM tenant.
examples: |
To list all SCIM tokens under tenant `my-tenant` provider `my-provider` in pool `my-pool` located in `global`:
$ {command} --location=global --workforce-pool=my-pool --provider=my-provider --scim-tenant=my-tenant
To list deleted SCIM tokens as well:
$ {command} --location=global --workforce-pool=my-pool --provider=my-provider --scim-tenant=my-tenant --show-deleted
request:
collection: iam.locations.workforcePools.providers.scimTenants.tokens
arguments:
resource:
help_text: The SCIM tenant to list tokens for.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_tenant
params:
- arg_name: show-deleted
api_field: showDeleted
required: false
help_text: Include soft-deleted tokens in the results.
output:
format: |
table(
name.basename():label=SCIM_TOKEN_ID,
displayName,
state
)

36
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/tokens/undelete.yaml Normal file
View File

@@ -0,0 +1,36 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Implementation definition for gcloud iam workforce-pools providers scim-tenants undelete
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Undelete an IAM workforce identity pool provider SCIM tenant token.
description: |
Undelete a SCIM token associated with a specific workforce identity pool provider SCIM tenant.
examples: |
To undelete a SCIM token with ID `my-token` under tenant `my-tenant` provider `my-provider` in pool `my-pool` located in `global`:
$ {command} my-token --location=global --workforce-pool=my-pool --provider=my-provider --scim-tenant=my-tenant
request:
collection: iam.locations.workforcePools.providers.scimTenants.tokens
method: undelete
arguments:
resource:
help_text: The SCIM token to undelete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_token
is_positional: true

42
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/tokens/update.yaml Normal file
View File

@@ -0,0 +1,42 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Implementation definition for gcloud iam workforce-pools providers scim-tenants tokens update
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Update an IAM workforce identity pool provider SCIM tenant token.
description: |
Update an existing SCIM token associated with a specific workforce identity pool provider SCIM tenant.
examples: |
To update the display name of a SCIM token with ID `my-token` under tenant `my-tenant` provider `my-provider` in pool `my-pool` located in `global`:
$ {command} my-token --location=global --workforce-pool=my-pool --provider=my-provider --scim-tenant=my-tenant --display-name="New display name"
request:
collection: iam.locations.workforcePools.providers.scimTenants.tokens
method: patch
arguments:
resource:
help_text: The SCIM token to update.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_token
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider_scim_token.display_name
required: true
output:
format: yaml

36
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/undelete.yaml Normal file
View File

@@ -0,0 +1,36 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Implementation definition for gcloud iam workforce-pools providers scim-tenants undelete
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Undelete an IAM workforce identity pool provider SCIM tenant.
description: |
Undelete a previously deleted SCIM tenant associated with a specific workforce identity pool provider, restoring it to an active state.
examples: |
To undelete a SCIM tenant with ID `my-tenant` under provider `my-okta-provider` in pool `my-pool` located in `global`:
$ {command} my-tenant --location=global --workforce-pool=my-pool --provider=my-okta-provider
request:
collection: iam.locations.workforcePools.providers.scimTenants
method: undelete
arguments:
resource:
help_text: The SCIM tenant to undelete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_tenant
is_positional: true

55
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/scim_tenants/update.yaml Normal file
View File

@@ -0,0 +1,55 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Implementation definition for gcloud iam workforce-pools providers scim-tenants update
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Update an IAM workforce identity pool provider SCIM tenant.
description: |
Update the configuration of an existing SCIM tenant associated with a specific workforce identity pool provider.
Only fields specified in the command will be modified.
examples: |
To update the display name and description of a SCIM tenant with ID `my-tenant` under provider `my-okta-provider` in pool `my-pool` located in `global`:
$ {command} my-tenant --location=global --workforce-pool=my-pool --provider=my-okta-provider \
--display-name="Updated Tenant Name" --description="New description"
To update the claim mapping for the same tenant:
$ {command} my-tenant --location=global --workforce-pool=my-pool --provider=my-okta-provider \
--claim-mapping="google.subject=new_external_id,google.groups=all_groups"
request:
collection: iam.locations.workforcePools.providers.scimTenants
arguments:
resource:
help_text: The SCIM tenant to update.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider_scim_tenant
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider_scim_tenant.display_name
required: false
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider_scim_tenant.description
required: false
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider_scim_tenant.claim_mapping
required: false
output:
format: yaml

38
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/undelete.yaml Normal file
View File

@@ -0,0 +1,38 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Undelete a workforce pool provider.
description: Undelete a workforce pool provider.
examples: |
The following command undeletes a workforce pool provider with the ID
`my-workforce-pool-provider`:
$ {command} my-workforce-pool-provider \
--workforce-pool="my-workforce-pool" \
--location="global"
request:
collection: iam.locations.workforcePools.providers
method: undelete
arguments:
resource:
help_text: The workforce pool provider to undelete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider
is_positional: true
async:
collection: iam.locations.workforcePools.providers.operations

76
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/update_oidc.yaml Normal file
View File

@@ -0,0 +1,76 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
command_type: UPDATE
help_text:
brief: Update an OIDC workforce pool provider.
description: Update an OIDC workforce pool provider.
examples: |
The following command updates the OIDC workforce pool provider with the ID
`my-workforce-pool-provider` in the workforce pool `my-workforce-pool`. Explicit values for
all required and optional parameters are provided:
$ {command} my-workforce-pool-provider \
--workforce-pool="my-workforce-pool" \
--location="global" \
--display-name="My Workforce Pool Provider" \
--description="My workforce pool provider description." \
--disabled \
--detailed-audit-logging \
--attribute-mapping="google.subject=assertion.sub" \
--attribute-condition="true" \
--client-id="client-id" \
--client-secret-value="client-secret" \
--issuer-uri="https://test-idp.com" \
--web-sso-response-type="code" \
--web-sso-assertion-claims-behavior="merge-user-info-over-id-token-claims" \
--web-sso-additional-scopes="groups,photos"
--jwk-json-path="path/to/jwk.json"
request:
collection: iam.locations.workforcePools.providers
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:AddClearableExtraAttributesConfigToRequest
- googlecloudsdk.command_lib.iam.hooks:AddExtraAttributesConfigFieldMask
- googlecloudsdk.command_lib.iam.hooks:AddClearableExtendedAttributesConfigToRequest
- googlecloudsdk.command_lib.iam.hooks:AddExtendedAttributesConfigFieldMask
arguments:
resource:
help_text: The workforce pool provider to update.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.display_name
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.description
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.disabled
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.detailed_audit_logging
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.attribute_mapping
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.attribute_condition
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_issuer_uri
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_client_id
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_clearable_client_secret
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_web_sso_response_type
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_web_sso_assertion_claims_behavior
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_web_sso_additional_scopes
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.oidc_jwks_json_path
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.scim_usage
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.attribute_sync_interval
hidden: true
additional_arguments_hook: googlecloudsdk.command_lib.iam.workforce_pools.flags:AddClearableExtraAndExtendedAttributesOAuth2Client
async:
collection: iam.locations.workforcePools.providers.operations

62
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/providers/update_saml.yaml Normal file
View File

@@ -0,0 +1,62 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [GA]
command_type: UPDATE
help_text:
brief: Update a new SAML workforce pool provider.
description: Update a new SAML workforce pool provider.
examples: |
The following command updates the SAML workforce pool provider with the ID
`my-workforce-pool-provider`. Explicit values for all required and optional parameters are
provided.
$ {command} my-workforce-pool-provider \
--workforce-pool="my-workforce-pool" \
--location="global" \
--display-name="My Workforce Pool Provider" \
--description="My workforce pool provider description." \
--disabled \
--detailed-audit-logging \
--attribute-mapping="google.subject=assertion.sub" \
--attribute-condition="true" \
--idp-metadata-path="path/to/metdata/file.xml"
request:
collection: iam.locations.workforcePools.providers
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:AddClearableExtraAttributesConfigToRequest
- googlecloudsdk.command_lib.iam.hooks:AddExtraAttributesConfigFieldMask
- googlecloudsdk.command_lib.iam.hooks:AddClearableExtendedAttributesConfigToRequest
- googlecloudsdk.command_lib.iam.hooks:AddExtendedAttributesConfigFieldMask
arguments:
resource:
help_text: The workforce pool provider to update.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_provider
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.display_name
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.description
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.disabled
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.detailed_audit_logging
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.attribute_mapping
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.attribute_condition
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.saml_idp_metadata_path
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool_provider.scim_usage
additional_arguments_hook: googlecloudsdk.command_lib.iam.workforce_pools.flags:AddClearableExtraAndExtendedAttributesOAuth2Client
async:
collection: iam.locations.workforcePools.providers.operations

32
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/set_iam_policy.yaml Normal file
View File

@@ -0,0 +1,32 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [GA]
help_text:
brief: Set the IAM policy for a workforce pool.
description: Set the IAM policy for a workforce pool.
examples: |
The following command reads an IAM policy defined in a JSON file ``policy.json'' and sets it
for the workforce pool with ID ``my-workforce-pool'':
$ {command} my-workforce-pool policy.json --location=global
request:
collection: iam.locations.workforcePools
arguments:
resource:
help_text: The workforce pool for which to display the IAM policy.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool
is_positional: true

29
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/subjects/__init__.py Normal file
View File

@@ -0,0 +1,29 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The workforce-pools subjects command group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.GA)
class WorkforcePoolSubjects(base.Group):
"""Create and manage workforce pool subjects.
The {command} group lets you create and manage workforce pool subjects.
"""

36
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/subjects/delete.yaml Normal file
View File

@@ -0,0 +1,36 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [GA]
help_text:
brief: Delete a workforce pool subject.
description: Delete a workforce pool subject.
examples: |
The following command deletes a workforce pool subject with the ID
`my-workforce-pool-subject`:
$ {command} my-workforce-pool-subject --workforce-pool="my-workforce-pool" --location="global"
request:
collection: iam.locations.workforcePools.subjects
arguments:
resource:
help_text: The workforce pool subject to delete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_subject
is_positional: true
async:
collection: iam.locations.workforcePools.subjects.operations
extract_resource_result: false

29
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/subjects/operations/__init__.py Normal file
View File

@@ -0,0 +1,29 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The workforce-pools subjects operations group for the IAM CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.GA)
class WorkforcePoolSubjectOperations(base.Group):
"""Manage IAM workforce pool subject long-running operations.
Commands for managing IAM workforce pool subject long-running operations.
"""

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/subjects/operations/describe.yaml Normal file
View File

@@ -0,0 +1,31 @@
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [GA]
help_text:
brief: Describe a workforce pool subject operation.
description: Describe a workforce pool subject operation.
examples: |
To describe the long-running workforce pool subject operation with the ID ``my-operation'', run:
$ {command} my-operation --workforce-pool="my-workforce-pool" --subject="my-subject" --location="global"
request:
collection: iam.locations.workforcePools.subjects.operations
arguments:
resource:
help_text: The workforce pool subject long-running operation to describe.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_subject_operation
is_positional: true

37
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/subjects/undelete.yaml Normal file
View File

@@ -0,0 +1,37 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [GA]
help_text:
brief: Undelete a workforce pool subject.
description: Undelete a workforce pool subject.
examples: |
The following command undeletes a workforce pool subject with the ID
`my-workforce-pool-subject`:
$ {command} my-workforce-pool-subject --workforce-pool="my-workforce-pool" --location="global"
request:
collection: iam.locations.workforcePools.subjects
method: undelete
arguments:
resource:
help_text: The workforce pool subject to undelete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool_subject
is_positional: true
async:
collection: iam.locations.workforcePools.subjects.operations
extract_resource_result: false

35
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/undelete.yaml Normal file
View File

@@ -0,0 +1,35 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Undelete a workforce pool.
description: Undelete a workforce pool.
examples: |
The following command undeletes a workforce pool with ID ``my-workforce-pool'':
$ {command} my-workforce-pool --location=global
request:
collection: iam.locations.workforcePools
method: undelete
arguments:
resource:
help_text: The workforce pool to undelete.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool
is_positional: true
async:
collection: iam.locations.workforcePools.operations

46
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/workforce_pools/update.yaml Normal file
View File

@@ -0,0 +1,46 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Update a workforce pool.
description: Update a workforce pool.
examples: |
The following command updates a workforce pool with ID ``my-workforce-pool'' with explicit
values for all required and optional parameters:
$ {command} my-workforce-pool --location=global \
--display-name="My Workforce Pool" \
--description="My workforce pool description." \
--session-duration="7200s" \
--disabled
request:
collection: iam.locations.workforcePools
arguments:
resource:
help_text: The workforce pool to update.
spec: !REF googlecloudsdk.command_lib.iam.resources:workforce_pool
is_positional: true
params:
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool.display_name
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool.description
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool.session_duration
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool.disabled
- _REF_: googlecloudsdk.command_lib.iam.flags:workforce_pool.disable_programmatic_signin
async:
collection: iam.locations.workforcePools.operations