Console
    Start free

    gcloud access-context-manager perimeters dry-run create

    NAME
    gcloud access-context-manager perimeters dry-run create - create a dry-run mode configuration for a new or existing Service Perimeter
    SYNOPSIS
    gcloud access-context-manager perimeters dry-run create ( PERIMETER : --policy = POLICY ) ( --access-levels =[ access_levels , …] --egress-policies = YAML_FILE --ingress-policies = YAML_FILE --resources =[ resources , …] --restricted-services =[ restricted_services , …] --vpc-accessible-services = VPC_ACCESSIBLE_SERVICES_YAML_FILE     | --enable-vpc-accessible-services --vpc-allowed-services =[ vpc_allowed_services , …]     | [ --perimeter-title = PERIMETER_TITLE --perimeter-type = PERIMETER_TYPE : --perimeter-access-levels =[ access_levels , …] --perimeter-description = PERIMETER_DESCRIPTION --perimeter-egress-policies = YAML_FILE --perimeter-ingress-policies = YAML_FILE --perimeter-resources =[ resources , …] --perimeter-restricted-services =[ restricted_services , …] --perimeter-vpc-accessible-services = VPC_ACCESSIBLE_SERVICES_YAML_FILE | --perimeter-enable-vpc-accessible-services --perimeter-vpc-allowed-services =[ vpc_allowed_services , …]]) [ --async ] [ GCLOUD_WIDE_FLAG ]
    DESCRIPTION
    When a Service Perimeter with the specified name does not exist, a new Service Perimeter will be created. In this case, the newly created Service Perimeter will not have any enforcement mode configuration, and, therefore, all policy violations will be logged.

    When a perimeter with the specified name does exist, a dry-run mode configuration will be created for it. The behavior of the enforcement mode configuration, if present, will not be impacted in this case. Requests that violate the existing enforcement mode configuration of the Service Perimeter will continue being denied. Requests that only violate the policy in the dry-run mode configuration will be logged but will not be denied.

    EXAMPLES
    To create a dry-run configuration for an existing Service Perimeter: 
     gcloud  
access-context-manager  
perimeters  
dry-run  
create  
my-perimeter  
 --resources 
 = 
 "projects/0123456789" 
  
 --access-levels 
 = 
 "accessPolicies/a_policy/accessLevels/a_level" 
  
 --restricted-services 
 = 
 "storage.googleapis.com"

    To create a dry-run configuration for a new Service Perimeter:

     gcloud  
access-context-manager  
perimeters  
dry-run  
create  
my-perimeter  
 --perimeter-title 
 = 
 "My New Perimeter" 
  
 --perimeter-description 
 = 
 "Perimeter description" 
  
 --perimeter-type 
 = 
 "regular" 
  
 --perimeter-resources 
 = 
 "projects/0123456789" 
  
 --perimeter-access-levels 
 = 
 "accessPolicies/a_policy/accessLevels/a_level" 
  
 --perimeter-restricted-services 
 = 
 "storage.googleapis.com"
    POSITIONAL ARGUMENTS
    Perimeter resource - The service perimeter to update. The arguments in this group can be used to specify the attributes of this resource.

    This must be specified.

    PERIMETER
    ID of the perimeter or fully qualified identifier for the perimeter.

    To set the perimeter attribute:

    • provide the argument perimeter on the command line.

    This positional argument must be specified if any of the other arguments in this group are specified.

    --policy = POLICY
    The ID of the access policy.

    To set the policy attribute:

    • provide the argument perimeter on the command line with a fully specified name;
    • provide the argument --policy on the command line;
    • set the property access_context_manager/policy .
    REQUIRED FLAGS
    Exactly one of these must be specified:
    Arguments for creating dry-run spec for an **existing** Service Perimeter.
    --access-levels =[ access_levels ,…]
    Comma-separated list of IDs for access levels (in the same policy) that an intra-perimeter request must satisfy to be allowed.
    --egress-policies = YAML_FILE
    Path to a file containing a list of Egress Policies. This file contains a list of YAML-compliant objects representing Egress Policies described in the API reference. For more information about the alpha version, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters For more information about non-alpha versions, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters
    --ingress-policies = YAML_FILE
    Path to a file containing a list of Ingress Policies. This file contains a list of YAML-compliant objects representing Ingress Policies described in the API reference. For more information about the alpha version, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters For more information about non-alpha versions, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters
    --resources =[ resources ,…]
    Comma-separated list of resources (currently only projects, in the form projects/<projectnumber> ) in this perimeter.
    --restricted-services =[ restricted_services ,…]
    Comma-separated list of services to which the perimeter boundary does apply (for example, storage.googleapis.com ).
    At most one of these can be specified:
    --vpc-accessible-services = VPC_ACCESSIBLE_SERVICES_YAML_FILE
    Path to a YAML file containing a VpcAccessibleServices object.
    Or at least one of these can be specified:
    --enable-vpc-accessible-services
    Whether to restrict API calls within the perimeter to those in the vpc-allowed-services list.
    --vpc-allowed-services =[ vpc_allowed_services ,…]
    Comma-separated list of APIs accessible from within the Service Perimeter. In order to include all restricted services, use reference "RESTRICTED-SERVICES". Requires vpc-accessible-services be enabled.
    Arguments for creating a dry-run spec for a new Service Perimeter.
    --perimeter-title = PERIMETER_TITLE
    Short human-readable title for the Service Perimeter.

    This flag argument must be specified if any of the other arguments in this group are specified.

    --perimeter-type = PERIMETER_TYPE
    Type of the perimeter. 
    A  
*regular*  
perimeter  
allows  
resources  
within  
this  
service  
perimeter
to  
import  
and  
 export 
  
data  
amongst  
themselves.  
A  
project  
may  
belong
to  
at  
most  
one  
regular  
service  
perimeter.
     
    A  
*bridge*  
perimeter  
allows  
resources  
 in 
  
different  
regular  
service
perimeters  
to  
import  
and  
 export 
  
data  
between  
each  
other.  
A  
project
may  
belong  
to  
multiple  
bridge  
service  
perimeters  
 ( 
only  
 if 
  
it  
also
belongs  
to  
a  
regular  
service  
perimeter ) 
.  
Both  
restricted  
and
unrestricted  
service  
lists,  
as  
well  
as  
access  
level  
lists,  
must  
be
empty.

    This flag argument must be specified if any of the other arguments in this group are specified.

    --perimeter-access-levels =[ access_levels ,…]
    Comma-separated list of IDs for access levels (in the same policy) that an intra-perimeter request must satisfy to be allowed.
    --perimeter-description = PERIMETER_DESCRIPTION
    Long-form description of Service Perimeter.
    --perimeter-egress-policies = YAML_FILE
    Path to a file containing a list of Egress Policies. This file contains a list of YAML-compliant objects representing Egress Policies described in the API reference. For more information about the alpha version, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters For more information about non-alpha versions, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters
    --perimeter-ingress-policies = YAML_FILE
    Path to a file containing a list of Ingress Policies. This file contains a list of YAML-compliant objects representing Ingress Policies described in the API reference. For more information about the alpha version, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters For more information about non-alpha versions, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters
    --perimeter-resources =[ resources ,…]
    Comma-separated list of resources (currently only projects, in the form projects/<projectnumber> ) in this perimeter.
    --perimeter-restricted-services =[ restricted_services ,…]
    Comma-separated list of services to which the perimeter boundary does apply (for example, storage.googleapis.com ).
    At most one of these can be specified:
    --perimeter-vpc-accessible-services = VPC_ACCESSIBLE_SERVICES_YAML_FILE
    Path to a YAML file containing a VpcAccessibleServices object.
    Or at least one of these can be specified:
    --perimeter-enable-vpc-accessible-services
    Whether to restrict API calls within the perimeter to those in the vpc-allowed-services list.
    --perimeter-vpc-allowed-services =[ vpc_allowed_services ,…]
    Comma-separated list of APIs accessible from within the Service Perimeter. In order to include all restricted services, use reference "RESTRICTED-SERVICES". Requires vpc-accessible-services be enabled.
    OPTIONAL FLAGS
    --async
    Return immediately, without waiting for the operation in progress to complete.
    GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file , --account , --billing-project , --configuration , --flags-file , --flatten , --format , --help , --impersonate-service-account , --log-http , --project , --quiet , --trace-token , --user-output-enabled , --verbosity .

    Run $ gcloud help for details.

    NOTES
    These variants are also available: 
      gcloud  
alpha  
access-context-manager  
perimeters  
dry-run  
create 
 

      gcloud  
beta  
access-context-manager  
perimeters  
dry-run  
create
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: