281 lines
12 KiB
YAML
281 lines
12 KiB
YAML
- release_tracks: [ALPHA, GA]
|
|
help_text:
|
|
brief: Create a Key.
|
|
description: Create a reCAPTCHA Key.
|
|
examples: |
|
|
To create a new reCAPTCHA key for websites showing no CAPTCHA challenge, run:
|
|
|
|
$ {command} --display-name=test-key-name --web --allow-all-domains --integration-type=score
|
|
|
|
request:
|
|
collection: recaptchaenterprise.projects.keys
|
|
modify_request_hooks:
|
|
- googlecloudsdk.command_lib.recaptcha.hooks:SanitizePlatformSettings
|
|
|
|
arguments:
|
|
resource:
|
|
spec: !REF googlecloudsdk.command_lib.recaptcha.resources:project
|
|
is_parent_resource: true
|
|
help_text: |
|
|
The reCAPTCHA Key to create.
|
|
|
|
params:
|
|
- arg_name: display-name
|
|
required: true
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.displayName
|
|
help_text: |
|
|
A human-readable name for the key. Typically a site or app name.
|
|
- arg_name: testing-score
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.testingOptions.testingScore
|
|
help_text: |
|
|
If set, all assessments for this key will return this score. Must be between 0
|
|
(likely not legitimate) and 1 (likely legitimate) inclusive.
|
|
- group:
|
|
help_text: |
|
|
Options for the creation of a WAF-enabled key. For more information, please refer to
|
|
https://cloud.google.com/recaptcha-enterprise/docs/integration-overview.
|
|
params:
|
|
- arg_name: waf-service
|
|
required: true
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.wafSettings.wafService
|
|
help_text: |
|
|
The WAF service provider to use.
|
|
choices:
|
|
- enum_value: CA
|
|
arg_value: ca
|
|
help_text: |
|
|
Cloud Armor
|
|
- enum_value: FASTLY
|
|
arg_value: fastly
|
|
help_text: |
|
|
Fastly
|
|
- enum_value: CLOUDFLARE
|
|
arg_value: cloudflare
|
|
help_text: |
|
|
Cloudflare
|
|
- enum_value: AKAMAI
|
|
arg_value: akamai
|
|
help_text: |
|
|
Akamai
|
|
- arg_name: waf-feature
|
|
required: false
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.wafSettings.wafFeature
|
|
help_text: |
|
|
The WAF feature to use. For more information, see
|
|
https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features.
|
|
choices:
|
|
- enum_value: CHALLENGE_PAGE
|
|
arg_value: challenge-page
|
|
help_text: |
|
|
Redirects suspicious traffic to reCAPTCHA challenge page.
|
|
- enum_value: ACTION_TOKEN
|
|
arg_value: action-token
|
|
help_text: |
|
|
Use reCAPTCHA action-tokens to protect user actions.
|
|
- enum_value: SESSION_TOKEN
|
|
arg_value: session-token
|
|
help_text: |
|
|
Use reCAPTCHA session-tokens to protect the whole user session on the
|
|
site's domain.
|
|
- enum_value: EXPRESS
|
|
arg_value: express
|
|
help_text: |
|
|
Assesses requests without tokens or frontend integration. This option is deprecated, use --express instead.
|
|
- group:
|
|
mutex: true
|
|
required: true
|
|
params:
|
|
- group:
|
|
help_text: |
|
|
Options for the creation of a site key for web.
|
|
params:
|
|
- arg_name: web
|
|
required: true
|
|
type: bool
|
|
help_text: |
|
|
Creates a Key configured for websites.
|
|
- arg_name: allow-amp-traffic
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.webSettings.allowAmpTraffic
|
|
help_text: |
|
|
Whether this key can be used on AMP (Accelerated Mobile Pages) websites.
|
|
- group:
|
|
mutex: true
|
|
required: true
|
|
params:
|
|
- arg_name: allow-all-domains
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.webSettings.allowAllDomains
|
|
help_text: |
|
|
If set, domain name enforcement will NOT be enabled on this key.
|
|
- arg_name: domains
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.webSettings.allowedDomains
|
|
help_text: |
|
|
Domains or subdomains of websites allowed to use the key. All subdomains of an
|
|
allowed domain are automatically allowed. A valid domain requires a host and must
|
|
not include any path, port, query or fragment.
|
|
|
|
Examples of valid domains:
|
|
'example.com'
|
|
'subdomain.example.com'
|
|
- arg_name: integration-type
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.webSettings.integrationType
|
|
help_text: |
|
|
Configures how reCAPTCHA will operate on your site. This only applies to 'web'
|
|
platform.
|
|
choices:
|
|
- enum_value: SCORE
|
|
arg_value: score
|
|
help_text: |
|
|
Shows no CAPTCHA challenge on the page
|
|
- enum_value: CHECKBOX
|
|
arg_value: checkbox
|
|
help_text: |
|
|
Renders the classic "I'm not a robot" checkbox, and a captcha challenge
|
|
for low scoring events
|
|
- enum_value: INVISIBLE
|
|
arg_value: invisible
|
|
help_text: |
|
|
Does not display the "I'm not a robot" checkbox, but may show CAPTCHA
|
|
challenges after risk analysis
|
|
- enum_value: POLICY_BASED_CHALLENGE
|
|
arg_value: policy-based-challenge
|
|
help_text: |
|
|
Conditionally displays a challenge based on the score
|
|
|
|
- arg_name: security-preference
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.webSettings.challengeSecurityPreference
|
|
help_text: |
|
|
Represents the possible challenge frequency and difficulty configurations for a web
|
|
key.
|
|
usability: show fewer and easier challenges.
|
|
balance: show balanced (in amount and difficulty) challenges.
|
|
security: show more and harder challenges.
|
|
- group:
|
|
help_text: |
|
|
Configure if you want to use the POLICY_BASED_CHALLENGE option.
|
|
required: false
|
|
params:
|
|
- arg_name: default-score-threshold
|
|
type: float
|
|
required: true
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.webSettings.challengeSettings.defaultSettings.scoreThreshold
|
|
help_text: |
|
|
The global threshold to be used for POLICY_BASED_CHALLENGE if no action specific one exists.
|
|
- arg_name: action-score-thresholds
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.webSettings.challengeSettings.actionSettings
|
|
help_text: |
|
|
The action to score threshold used for POLICY_BASED_CHALLENGE. For example:
|
|
--action-score-thresholds=login='{"scoreThreshold": "0.3"}',signup='{"scoreThreshold": "0.1"}'
|
|
or --action-score-thresholds=file_path.(json|yaml)
|
|
required: false
|
|
repeated: true
|
|
type: arg_object
|
|
- arg_name: testing-challenge
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.testingOptions.testingChallenge
|
|
help_text: |
|
|
For CHECKBOX and INVISIBLE Keys only, this option configures
|
|
whether challenges will be issued for execute requests.
|
|
choices:
|
|
- enum_value: NOCAPTCHA
|
|
arg_value: nocaptcha
|
|
help_text: |
|
|
Execute requests for this key will always return nocaptcha.
|
|
- enum_value: UNSOLVABLE_CHALLENGE
|
|
arg_value: challenge
|
|
help_text: |
|
|
Execute requests for this key will always return an unsolvable
|
|
challenge consisting of a message about this testing key.
|
|
|
|
- group:
|
|
help_text: |
|
|
Options for the creation of a site key for iOS.
|
|
params:
|
|
- arg_name: ios
|
|
required: true
|
|
type: bool
|
|
help_text: |
|
|
Creates a Key configured for iOS devices.
|
|
- group:
|
|
mutex: true
|
|
required: true
|
|
params:
|
|
- arg_name: allow-all-bundle-ids
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.iosSettings.allowAllBundleIds
|
|
help_text: |
|
|
If set, bundle id enforcement will NOT be enabled on this key.
|
|
- arg_name: bundle-ids
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.iosSettings.allowedBundleIds
|
|
help_text: |
|
|
iOS bundle ids of apps allowed to use the key.
|
|
|
|
Example of a valid bundle id:
|
|
'com.companyname.productname.appname'
|
|
- group:
|
|
required: false
|
|
help_text: |
|
|
Fields that are required to perform Apple-specific integrity checks (recommended
|
|
for iOS keys).
|
|
params:
|
|
- arg_name: private-key-file
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.iosSettings.appleDeveloperId.privateKey
|
|
required: true
|
|
type: "googlecloudsdk.calliope.arg_parsers:FileContents:"
|
|
help_text: |
|
|
File path to a private key (downloaded as a text file with a .p8 file extension)
|
|
generated for your Apple Developer account. Ensure that DeviceCheck is
|
|
enabled for the private key.
|
|
- arg_name: key-id
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.iosSettings.appleDeveloperId.keyId
|
|
required: true
|
|
help_text: The Apple developer key ID (10-character string).
|
|
- arg_name: team-id
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.iosSettings.appleDeveloperId.teamId
|
|
required: true
|
|
help_text: |
|
|
The Apple team ID (10-character string) owning the provisioning profile
|
|
used to build your application.
|
|
|
|
- group:
|
|
help_text: |
|
|
Options for the creation of a site key for Android.
|
|
params:
|
|
- arg_name: android
|
|
required: true
|
|
type: bool
|
|
help_text: |
|
|
Creates a Key configured for Android devices.
|
|
- arg_name: support-non-google-app-store-distribution
|
|
api_field:
|
|
googleCloudRecaptchaenterpriseV1Key.androidSettings.supportNonGoogleAppStoreDistribution
|
|
help_text: |
|
|
If set, this key can be used in an Android application that is
|
|
available for download in app stores other than the Google Play Store.
|
|
|
|
This setting allows your key to accept traffic from devices without Google
|
|
Mobile Services (GMS) installed.
|
|
- group:
|
|
mutex: true
|
|
required: true
|
|
params:
|
|
- arg_name: allow-all-package-names
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.androidSettings.allowAllPackageNames
|
|
help_text: |
|
|
If set, package name enforcement will NOT be enabled on this key.
|
|
- arg_name: package-names
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.androidSettings.allowedPackageNames
|
|
help_text: |
|
|
Android package names of apps allowed to use the key.
|
|
|
|
Example of a valid package name:
|
|
'com.companyname.appname'
|
|
- group:
|
|
help_text: |
|
|
Options for the creation of a site key for Express.
|
|
params:
|
|
- arg_name: express
|
|
required: true
|
|
type: bool
|
|
help_text: |
|
|
Creates a Key configured for Express assessments.
|
|
labels:
|
|
api_field: googleCloudRecaptchaenterpriseV1Key.labels
|