gcloud alpha iam policies lint-condition - lint an IAM condition
gcloud alpha iam policies lint-condition (--condition-from-file=CONDITION_FROM_FILE | [--expression=EXPRESSION --title=TITLE : --description=DESCRIPTION]) [--resource-name=RESOURCE_NAME] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Lint an IAM condition. The problems found by linter will not be fixed. Instead, it will show the problems.
To lint an IAM condition of resource //cloudresourcemanager.googleapis.com/v1/projects/example-project, and the condtion to lint is expression='true', title='title', description='description', run:
$ gcloud alpha iam policies lint-condition \ --resource-name='//cloudresourcemanager.googleapis.com/v1/projec\ ts/example-project' --expression='true' --title='title' \ --description='description'
To lint an IAM condition of resource //cloudresourcemanager.googleapis.com/v1/projects/example-project, and the condition is read from a local YAML file condition.yaml, run:
$ gcloud alpha iam policies lint-condition \ --resource-name='//cloudresourcemanager.googleapis.com/v1/projec\ ts/example-project' --condition-from-file='condition.yaml'
- Exactly one of these must be specified:
- --condition-from-file=CONDITION_FROM_FILE
The path to a JSON or YAML file containing the condition. See https://cloud.google.com/iam/docs/conditions-overview for schema of the condition.
- condition to lint.
- --expression=EXPRESSION
The expression of the condition which evaluates to True or False. This uses a subset of Common Expression Language syntax.
This flag argument must be specified if any of the other arguments in this group are specified.
- --title=TITLE
A title for the expression, i.e. a short string describing its purpose.
This flag argument must be specified if any of the other arguments in this group are specified.
- --description=DESCRIPTION
A description of the expression. This is a longer text which describes the expression.
- --resource-name=RESOURCE_NAME
The full resource name of the policy containing the condition to lint. See https://cloud.google.com/apis/design/resource_names for details.
To get a URI from most list commands in gcloud, pass the --uri flag. For example:
$ gcloud compute instances list --project prj --uri
https://www.googleapis.com/compute/v1/projects/prj/zones/us-east1-c/instances/i1 https://www.googleapis.com/compute/v1/projects/prj/zones/us-east1-d/instances/i2
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command uses the iam/v1 API. The full documentation for this API can be found at: https://cloud.google.com/iam/
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.