- NAME
-
- gcloud alpha container binauthz policy evaluate - evaluate a Binary Authorization platform policy
- SYNOPSIS
-
-
gcloud alpha container binauthz policy evaluate(POLICY_RESOURCE_NAME:--platform=PLATFORM) (--image=IMAGE|--resource=RESOURCE) [GCLOUD_WIDE_FLAG …]
-
- EXAMPLES
-
To evaluate a policy using its resource name:
gcloud alpha container binauthz policy evaluate projects/my-proj/platforms/gke/policies/my-policy --resource=$KUBERNETES_RESOURCETo evaluate the same policy using flags against an image:
gcloud alpha container binauthz policy evaluate my-policy --platform=gke --project=my-proj --image=$IMAGE - POSITIONAL ARGUMENTS
-
-
Policy resource - The resource name of the policy to evaluate. The arguments in
this group can be used to specify the attributes of this resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.
To set the
projectattribute:-
provide the argument
policy_resource_nameon the command line with a fully specified name; -
provide the argument
--projecton the command line; -
set the property
core/project.
This must be specified.
POLICY_RESOURCE_NAME-
ID of the policy or fully qualified identifier for the policy.
To set the
policyattribute:-
provide the argument
policy_resource_nameon the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--platform=PLATFORM-
The platform that the policy belongs to. PLATFORM must be one of the following:
cloudRun, gke.
To set the
platformattribute:-
provide the argument
policy_resource_nameon the command line with a fully specified name; -
provide the argument
--platformon the command line.
-
provide the argument
-
provide the argument
-
Policy resource - The resource name of the policy to evaluate. The arguments in
this group can be used to specify the attributes of this resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.
- REQUIRED FLAGS
-
-
Exactly one of these must be specified:
--image=IMAGE- The image to evaluate. If the policy being evaluated has scoped checksets, this mode of evaluation will always use the default (unscoped) checkset.
--resource=RESOURCE- The JSON or YAML file containing the Kubernetes resource to evaluate.
-
Exactly one of these must be specified:
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. This variant is also available:
gcloud beta container binauthz policy evaluate
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-02-21 UTC.