- NAME
-
- gcloud alpha resource-manager tags keys add-iam-policy-binding - adds a policy binding to the IAM policy of a TagKey
- SYNOPSIS
-
-
gcloud alpha resource-manager tags keys add-iam-policy-bindingRESOURCE_NAME--member=PRINCIPAL--role=ROLE[--condition=[KEY=VALUE,…] |--condition-from-file=CONDITION_FROM_FILE] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
(ALPHA)Adds the IAM policy binding for a TagKey resource given the binding and an identifier for the TagKey. The identifier can be the TagKey's parent/short name or the TagKey's ID in the form: tagKeys/{numeric_id}. - EXAMPLES
-
To add an IAM policy binding for the role of 'roles/editor' for the user
'test-user@gmail.com' on the Tag Key 'tagKeys/123', run:
gcloud alpha resource-manager tags keys add-iam-policy-binding tagKeys/123 --member='user:test-user@gmail.com' --role='roles/editor'To add an IAM policy binding for a Tag Key with the name 'env' under 'organization/456' for the role of 'roles/resourcemanager.tagUser' for the user 'test-user@gmail.com', run:
gcloud alpha resource-manager tags keys add-iam-policy-binding 456/env --member='user:test-user@gmail.com' --role='roles/resourcemanager.tagUser'See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types.
- POSITIONAL ARGUMENTS
-
RESOURCE_NAME- Resource name or namespaced name. The resource name should be in the form {resource_type}/{numeric_id}. The namespaced name should be in the form {org_id}/{short_name} where short_name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores ( _ ), dots (.), and alphanumerics between.
- REQUIRED FLAGS
-
--member=PRINCIPAL-
The principal to add the binding for. Should be of the form
user|group|serviceAccount:emailordomain:domain.Examples:
user:test-user@gmail.com,group:admins@example.com,serviceAccount:test123@example.domain.com, ordomain:example.domain.com.Some resources also accept the following special values:
-
allUsers- Special identifier that represents anyone who is on the internet, with or without a Google account. -
allAuthenticatedUsers- Special identifier that represents anyone who is authenticated with a Google account or a service account.
-
--role=ROLE-
Role name to assign to the principal. The role name is the complete path of a
predefined role, such as
roles/logging.viewer, or the role ID for a custom role, such asorganizations/{ORGANIZATION_ID}/roles/logging.viewer.
- OPTIONAL FLAGS
-
-
At most one of these can be specified:
--condition=[KEY=VALUE,…]-
A condition to include in the binding. When the condition is explicitly
specified as
None(--condition=None), a binding without a condition is added. When the condition is specified and is notNone,--rolecannot be a basic role. Basic roles areroles/editor,roles/owner, androles/viewer. For more on conditions, refer to the conditions overview guide: https://cloud.google.com/iam/docs/conditions-overviewWhen using the
--conditionflag, include the following key-value pairs:expression-
(Required) Condition expression that evaluates to True or False. This uses a
subset of Common Expression Language syntax.
If the condition expression includes a comma, use a different delimiter to separate the key-value pairs. Specify the delimiter before listing the key-value pairs. For example, to specify a colon (
:) as the delimiter, do the following:--condition=^:^title=TITLE:expression=EXPRESSION. For more information, see https://cloud.google.com/sdk/gcloud/reference/topic/escaping. title- (Required) A short string describing the purpose of the expression.
description- (Optional) Additional description for the expression.
--condition-from-file=CONDITION_FROM_FILE-
Path to a local JSON or YAML file that defines the condition. To see available
fields, see the help for
--condition.
-
At most one of these can be specified:
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud resource-manager tags keys add-iam-policy-bindinggcloud beta resource-manager tags keys add-iam-policy-binding
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-02-06 UTC.
[{
"type": "thumb-down",
"id": "hardToUnderstand",
"label":"Hard to understand"
},{
"type": "thumb-down",
"id": "incorrectInformationOrSampleCode",
"label":"Incorrect information or sample code"
},{
"type": "thumb-down",
"id": "missingTheInformationSamplesINeed",
"label":"Missing the information/samples I need"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]