gcloud alpha build-artifacts repositories remove-iam-policy-binding

NAME
gcloud alpha build-artifacts repositories remove-iam-policy-binding - remove an IAM policy binding from the IAM policy of a Cloud Build Artifacts repository
SYNOPSIS
gcloud alpha build-artifacts repositories remove-iam-policy-binding REPOSITORY --member=MEMBER --role=ROLE [--all     | --condition=[KEY=VALUE,…]     | --condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) gcloud alpha build-artifacts repositories remove-iam-policy-binding removes an IAM policy binding from the IAM policy of a Cloud Build Artifacts repository. One binding consists of a member, a role, and an optional condition.

This command can fail for the following reasons:

  • The repository specified does not exist.
  • The active account does not have permission to access the given repository's IAM policies.
POSITIONAL ARGUMENTS
Repository resource - Name of the Cloud Build Artifacts repository. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the [project] attribute: provide the argument [repository] on the command line with a fully specified name; provide the argument [--project] on the command line; set the property [core/project]. This must be specified.
REPOSITORY
ID of the repository or fully qualified identifier for the repository.
REQUIRED FLAGS
--member=MEMBER
The member to remove the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.

Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.

Can also be one of the following special values:

  • allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account.
  • allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.
--role=ROLE
The role to remove the member from.
OPTIONAL FLAGS
At most one of these may be specified:
--all
Remove all bindings with this role and member, irrespective of any conditions.
--condition=[KEY=VALUE,…]
Condition of the binding to be removed. When condition is explicitly specified as None (e.g. --condition=None), it matches a binding without a condition. Otherwise, only the binding with a condition which exactly matches the specified condition (including the optional description) will be removed.
expression
(Required) Expression of the condition which evaluates to True or False. This uses a subset of Common Expression Language syntax.
title
(Required) Title for the expression, i.e. a short string describing its purpose.
description
(Optional) Description for the expression. This is a longer text which describes the expression.

NOTE: An unsatisfied condition will not allow access via this binding.

--condition-from-file=CONDITION_FROM_FILE
Path to a local JSON or YAML file that defines the condition. To see available fields, see the help for --condition.
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE
This command uses the buildartifacts/v1alpha2 API. The full documentation for this API can be found at: https://cloud.google.com/build-artifacts
EXAMPLES
To remove an IAM policy binding for the role of 'roles/editor' for the user 'test-user@gmail.com' with repository 'my-repo', run:
  $ gcloud alpha build-artifacts repositories \
      remove-iam-policy-binding my-repo \
      --member='user:test-user@gmail.com' --role='roles/editor'

See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types.

NOTES
This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you may be trying to access an API with an invitation-only early access whitelist.