gcloud_alpha_iam_policies_lint-condition (1)
NAME
- gcloud alpha iam policies lint-condition - lint an IAM condition
SYNOPSIS
-
gcloud alpha iam policies lint-condition (--condition-from-file=CONDITION_FROM_FILE | [--expression=EXPRESSION --title=TITLE : --description=DESCRIPTION]) [--resource-name=RESOURCE_NAME] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Lint an IAM condition. The problems found by linter will not be
REQUIRED FLAGS
-
-
Exactly one of these must be specified:
-
- --condition-from-file=CONDITION_FROM_FILE
-
The path to a JSON or YAML file containing the condition. See
cloud.google.com/iam/docs/conditions-overview for schema of the
condition.
-
condition to lint.
-
- --expression=EXPRESSION
-
The expression of the condition which evaluates to True or False. This uses a
subset of Common Expression Language syntax. This flag must be specified if any
of the other arguments in this group are specified.
- --title=TITLE
-
A title for the expression, i.e. a short string describing its purpose. This
flag must be specified if any of the other arguments in this group are
specified.
- --description=DESCRIPTION
-
A description of the expression. This is a longer text which describes the
expression.
-
-
-
Exactly one of these must be specified:
OPTIONAL FLAGS
-
- --resource-name=RESOURCE_NAME
-
The full resource name of the policy containing the condition to lint. See
cloud.google.com/apis/design/resource_names for details.
To get a URI from most list commands in gcloud, pass the --uri flag. For example:
- $ gcloud compute instances list --project prj --uri
- www.googleapis.com/compute/v1/projects/prj/zones/us-east1-c/instances/i1 www.googleapis.com/compute/v1/projects/prj/zones/us-east1-d/instances/i2
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
API REFERENCE
This command uses the iam/v1 API. The full documentation for this API can be found at: cloud.google.com/iam
EXAMPLES
To lint an IAM condition of resource //cloudresourcemanager.googleapis.com/v1/projects/example-project, and the condtion to lint is expression='true', title='title', description='description', run:
-
$ gcloud alpha iam policies lint-condition \
--resource-name='//cloudresourcemanager.googleapis.com/v1/projec\ ts/example-project' --expression='true' --title='title' \
--description='description'
To lint an IAM condition of resource //cloudresourcemanager.googleapis.com/v1/projects/example-project, and the condition is read from a local YAML file condition.yaml, run:
-
$ gcloud alpha iam policies lint-condition \
--resource-name='//cloudresourcemanager.googleapis.com/v1/projec\ ts/example-project' --condition-from-file='condition.yaml'
NOTES
This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you will have to apply for early access and have your projects registered on the API whitelist to use it. To do so, contact Support at cloud.google.com/support