gcloud beta container binauthz policy evaluate

NAME
gcloud beta container binauthz policy evaluate - evaluate a Binary Authorization platform policy
SYNOPSIS
gcloud beta container binauthz policy evaluate (POLICY_RESOURCE_NAME : --platform=PLATFORM) (--image=IMAGE     | --resource=RESOURCE) [GCLOUD_WIDE_FLAG]
EXAMPLES
To evaluate a policy using its resource name:
gcloud beta container binauthz policy evaluate projects/my-proj/platforms/gke/policies/my-policy --resource=$KUBERNETES_RESOURCE

To evaluate the same policy using flags against an image:

gcloud beta container binauthz policy evaluate my-policy --platform=gke --project=my-proj --image=$IMAGE
POSITIONAL ARGUMENTS
Policy resource - The resource name of the policy to evaluate. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

  • provide the argument policy_resource_name on the command line with a fully specified name;
  • provide the argument --project on the command line;
  • set the property core/project.

This must be specified.

POLICY_RESOURCE_NAME
ID of the policy or fully qualified identifier for the policy.

To set the policy attribute:

  • provide the argument policy_resource_name on the command line.

This positional argument must be specified if any of the other arguments in this group are specified.

--platform=PLATFORM
The platform that the policy belongs to. PLATFORM must be one of the following: cloudRun, gke.

To set the platform attribute:

  • provide the argument policy_resource_name on the command line with a fully specified name;
  • provide the argument --platform on the command line.
REQUIRED FLAGS
Exactly one of these must be specified:
--image=IMAGE
The image to evaluate. If the policy being evaluated has scoped checksets, this mode of evaluation will always use the default (unscoped) checkset.
--resource=RESOURCE
The JSON or YAML file containing the Kubernetes resource to evaluate.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in beta and might change without notice. This variant is also available:
gcloud alpha container binauthz policy evaluate