- NAME
-
- gcloud beta iam policy-bindings create - create PolicyBinding instance
- SYNOPSIS
-
-
gcloud beta iam policy-bindings create
(POLICY_BINDING
:--folder
=FOLDER
--location
=LOCATION
--organization
=ORGANIZATION
)--policy
=POLICY
--target-principal-set
=TARGET_PRINCIPAL_SET
[--annotations
=[ANNOTATIONS
,…]] [--async
] [--display-name
=DISPLAY_NAME
] [--etag
=ETAG
] [--policy-kind
=POLICY_KIND
] [--condition-description
=CONDITION_DESCRIPTION
--condition-expression
=CONDITION_EXPRESSION
--condition-location
=CONDITION_LOCATION
--condition-title
=CONDITION_TITLE
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(BETA)
Create PolicyBinding instance. - EXAMPLES
-
To create a policy binding instance called
my-binding
that references a principal access boundary policy run:gcloud beta iam policy-bindings create my-binding --organization=123 --location=global --policy=organizations/123/locations/global/principalAccessBoundaryPolicies/my-policy --target-principal-set=//cloudresourcemanager.googleapis.com/organizations/123
- POSITIONAL ARGUMENTS
-
-
PolicyBinding resource - Identifier. The resource name of the policy binding.
The binding parent is the closest CRM resource (i.e., Project, Folder or
Organization) to the binding target.
Format:
projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}
projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}
folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}
organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}
The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.To set the
project
attribute:-
provide the argument
policy_binding
on the command line with a fully specified name; -
set the property
core/project
; -
provide the argument
--project
on the command line. This resource can be one of the following types: [iam.folders.locations.policyBindings, iam.organizations.locations.policyBindings, iam.projects.locations.policyBindings].
This must be specified.
POLICY_BINDING
-
ID of the policyBinding or fully qualified identifier for the policyBinding.
To set the
policy_binding
attribute:-
provide the argument
policy_binding
on the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--folder
=FOLDER
-
The folder id of the policyBinding resource.
To set the
folder
attribute:-
provide the argument
policy_binding
on the command line with a fully specified name; -
provide the argument
--folder
on the command line. Must be specified for resource of type [iam.folders.locations.policyBindings].
-
provide the argument
--location
=LOCATION
-
The location id of the policyBinding resource.
To set the
location
attribute:-
provide the argument
policy_binding
on the command line with a fully specified name; -
provide the argument
--location
on the command line.
-
provide the argument
--organization
=ORGANIZATION
-
The organization id of the policyBinding resource.
To set the
organization
attribute:-
provide the argument
policy_binding
on the command line with a fully specified name; -
provide the argument
--organization
on the command line. Must be specified for resource of type [iam.organizations.locations.policyBindings].
-
provide the argument
-
provide the argument
-
PolicyBinding resource - Identifier. The resource name of the policy binding.
The binding parent is the closest CRM resource (i.e., Project, Folder or
Organization) to the binding target.
- REQUIRED FLAGS
-
--policy
=POLICY
- The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
-
Target is the full resource name of the resource to which the policy will be
bound. Immutable once set.
This must be specified.
-
Arguments for the target.
--target-principal-set
=TARGET_PRINCIPAL_SET
- Full Resource Name used for principal access boundary policy bindings Examples: Organization: "//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID" Folder: "//cloudresourcemanager.googleapis.com/folders/FOLDER_ID" Project: "//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER" "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID" Workload Identity Pool: "//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID" Workforce Identity: "//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID" Workspace Identity: "//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID"
-
Arguments for the target.
- OPTIONAL FLAGS
-
--annotations
=[ANNOTATIONS
,…]-
User defined annotations. See http://google.aip.dev/148#annotations
for more details such as format and size limitations.
KEY
-
Sets
KEY
value. VALUE
-
Sets
VALUE
value.
Shorthand Example:
--annotations=string=string
JSON Example:
--annotations='{"string": "string"}'
File Example:
--annotations=path_to_file.(yaml|json)
--async
- Return immediately, without waiting for the operation in progress to complete.
--display-name
=DISPLAY_NAME
- The description of the policy binding. Must be less than or equal to 63 characters.
--etag
=ETAG
- The etag for the policy binding. If this is provided on update, it must match the server's etag.
--policy-kind
=POLICY_KIND
-
The kind of the policy to attach in this binding:
+ When the policy is empty, this field must be set. + When the policy is set, this field + can be left empty and will be set to the policy kind, or + must set to the input policy kind
POLICY_KIND
must be (only one value is supported):principal-access-boundary
- Principal access boundary policy kind
-
Represents a textual expression in the Common Expression Language (CEL) syntax.
CEL is a C-like expression language. The syntax and semantics of CEL are
documented at http://github.com/google/cel-spec.
Example (Comparison):
title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100"
Example (Equality):
title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email"
Example (Logic):
title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'"
Example (Data Manipulation):
title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)"
The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
--condition-description
=CONDITION_DESCRIPTION
- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
--condition-expression
=CONDITION_EXPRESSION
- Textual representation of an expression in Common Expression Language syntax.
--condition-location
=CONDITION_LOCATION
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
--condition-title
=CONDITION_TITLE
- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - API REFERENCE
-
This command uses the
iam/v3beta
API. The full documentation for this API can be found at: http://cloud.go888ogle.com.fqhub.com/iam/ - NOTES
- This command is currently in beta and might change without notice.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-06-04 UTC.
[{
"type": "thumb-down",
"id": "hardToUnderstand",
"label":"Hard to understand"
},{
"type": "thumb-down",
"id": "incorrectInformationOrSampleCode",
"label":"Incorrect information or sample code"
},{
"type": "thumb-down",
"id": "missingTheInformationSamplesINeed",
"label":"Missing the information/samples I need"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]