gcloud_beta_access-context-manager_perimeters_create (1)
NAME
- gcloud beta access-context-manager perimeters create - create a new service perimeter
SYNOPSIS
-
gcloud beta access-context-manager perimeters create (PERIMETER : --policy=POLICY) --resources=[RESOURCES,...] --title=TITLE [--access-levels=[LEVEL,...]] [--async] [--description=DESCRIPTION] [--perimeter-type=PERIMETER_TYPE; default="regular"] [--restricted-services=[SERVICE,...] | --unrestricted-services=[SERVICE,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) Create a new service perimeter in a given access policy.
POSITIONAL ARGUMENTS
-
-
- Perimeter resource - The service perimeter to create. The arguments in this group can be used to specify the attributes of this resource. This must be specified.
-
- PERIMETER
-
ID of the perimeter or fully qualified identifier for the perimeter. This
positional must be specified if any of the other arguments in this group are
specified.
- --policy=POLICY
-
The ID of the access policy.
- Perimeter resource - The service perimeter to create. The arguments in this group can be used to specify the attributes of this resource. This must be specified.
-
REQUIRED FLAGS
-
- --resources=[RESOURCES,...]
-
Comma-separated list of resources (currently only projects, in the form
projects/<projectnumber>) in this perimeter.
- --title=TITLE
-
Short human-readable title for the service perimeter.
OPTIONAL FLAGS
-
- --access-levels=[LEVEL,...]
-
Comma-separated list of IDs for access levels (in the same policy) that an
intra-perimeter request must satisfy to be allowed.
- --async
-
Display information about the operation in progress, without waiting for the
operation to complete.
- --description=DESCRIPTION
-
Long-form description of service perimeter.
- --perimeter-type=PERIMETER_TYPE; default="regular"
-
Type of the perimeter. PERIMETER_TYPE must be one of:
-
- bridge
-
Allows resources in different regular service perimeters to import and export
data between each other.
A project may belong to multiple bridge service perimeters (only if it also belongs to a regular service perimeter). Both restricted and unrestricted service lists, as well as access level lists, must be empty.
- regular
-
Allows resources within this service perimeter to import and export data amongst
themselves.
A project may belong to at most one regular service perimeter.
-
-
For a regular service perimeter, these parameters specify the services to
which the perimeter boundary applies. Only one may be provided, and the other is
implicitly provided as a wildcard (*) matching all other services. For
instance, --restricted-services storage.googleapis.com applies the
perimeter boundary to the Google Cloud Storage service, but not any other
services. At most one of these may be specified:
-
- --restricted-services=[SERVICE,...]
-
Comma-separated list of services to which the perimeter boundary does
apply (for example, storage.googleapis.com).
- --unrestricted-services=[SERVICE,...]
-
Comma-separated list of services to which the perimeter boundary does not
apply (for example, storage.googleapis.com).
-
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
API REFERENCE
This command uses the accesscontextmanager/v1beta API. The full documentation for this API can be found at: cloud.google.com/access-context-manager/docs/reference/rest
NOTES
This command is currently in BETA and may change without notice.