File: //lib/google-cloud-sdk/lib/surface/access_context_manager/perimeters/create.yaml
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Create a new service perimeter.
description: Create a new service perimeter in a given access policy.
request:
api_version: v1
collection: accesscontextmanager.accessPolicies.servicePerimeters
modify_request_hooks:
- googlecloudsdk.command_lib.accesscontextmanager.policies:ValidateAccessPolicyArg
- googlecloudsdk.command_lib.accesscontextmanager.perimeters:AddAccessLevelsGA
- googlecloudsdk.command_lib.accesscontextmanager.perimeters:AddVpcAccessibleServicesGA
- googlecloudsdk.command_lib.util.hooks.request_modifiers:SetFieldFromRelativeName:api_field=servicePerimeter.name
ALPHA:
api_version: v1alpha
modify_request_hooks:
- googlecloudsdk.command_lib.accesscontextmanager.policies:ValidateAccessPolicyArg
- googlecloudsdk.command_lib.accesscontextmanager.perimeters:AddAccessLevelsAlpha
- googlecloudsdk.command_lib.accesscontextmanager.perimeters:AddVpcAccessibleServicesAlpha
- googlecloudsdk.command_lib.util.hooks.request_modifiers:SetFieldFromRelativeName:api_field=servicePerimeter.name
BETA:
api_version: v1
modify_request_hooks:
- googlecloudsdk.command_lib.accesscontextmanager.policies:ValidateAccessPolicyArg
- googlecloudsdk.command_lib.accesscontextmanager.perimeters:AddAccessLevelsGA
- googlecloudsdk.command_lib.accesscontextmanager.perimeters:AddVpcAccessibleServicesGA
- googlecloudsdk.command_lib.util.hooks.request_modifiers:SetFieldFromRelativeName:api_field=servicePerimeter.name
async:
collection: accesscontextmanager.operations
arguments:
resource:
help_text: The service perimeter to create.
spec: !REF googlecloudsdk.command_lib.accesscontextmanager.resources:perimeter
params:
- api_field: servicePerimeter.description
arg_name: description
required: false
help_text: Long-form description of service perimeter.
- api_field: servicePerimeter.title
arg_name: title
required: true
help_text: Short human-readable title for the service perimeter.
- api_field: servicePerimeter.status.resources
arg_name: resources
help_text: |
Comma-separated list of resources (currently only projects, in the
form `projects/<projectnumber>`) in this perimeter.
- api_field: servicePerimeter.status.restrictedServices
arg_name: restricted-services
metavar: SERVICE
help_text: |
Comma-separated list of services to which the perimeter boundary
*does* apply (for example, `storage.googleapis.com`).
- arg_name: access-levels
api_field: servicePerimeter.status.accessLevels
metavar: LEVEL
# Added in AddAccessLevels hook because a type wouldn't have access to
# the policy of the service perimeter
type: "googlecloudsdk.calliope.arg_parsers:ArgList:"
help_text: |
Comma-separated list of IDs for access levels (in the same policy)
that an intra-perimeter request must satisfy to be allowed.
- api_field: servicePerimeter.perimeterType
arg_name: perimeter-type
help_text: |
Type of the perimeter.
default: regular
choices:
- arg_value: regular
enum_value: PERIMETER_TYPE_REGULAR
help_text: |
Allows resources within this service perimeter to import and export
data amongst themselves.
A project may belong to at most one regular service perimeter.
- arg_value: bridge
enum_value: PERIMETER_TYPE_BRIDGE
help_text: |
Allows resources in different regular service perimeters to import
and export data between each other.
A project may belong to multiple bridge service perimeters (only if
it also belongs to a regular service perimeter). Both restricted and
unrestricted service lists, as well as access level lists,
must be empty.
- api_field: servicePerimeter.status.ingressPolicies
release_tracks: [ALPHA]
metavar: YAML_FILE
arg_name: ingress-policies
help_text: |
Path to a file containing a list of Ingress Policies.
This file contains a list of YAML-compliant objects representing
Ingress Policies described in the API reference.
For more information about the alpha version, see:
https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters
repeated: false
processor: googlecloudsdk.command_lib.accesscontextmanager.perimeters:ParseIngressPolicies:api_version=v1alpha
- api_field: servicePerimeter.status.egressPolicies
release_tracks: [ALPHA]
metavar: YAML_FILE
arg_name: egress-policies
help_text: |
Path to a file containing a list of Engress Policies.
This file contains a list of YAML-compliant objects representing
Engress Policies described in the API reference.
For more information about the alpha version, see:
https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters
repeated: false
processor: googlecloudsdk.command_lib.accesscontextmanager.perimeters:ParseEgressPolicies:api_version=v1alpha
- group:
params:
- api_field: servicePerimeter.status.vpcAccessibleServices.allowedServices
arg_name: vpc-allowed-services
metavar: VPC_SERVICE
required: false
help_text: |
Comma-separated list of APIs accessible from within the Service
Perimeter. In order to include all restricted services, use
reference "RESTRICTED-SERVICES".
Requires vpc-accessible-services be enabled.
- api_field: servicePerimeter.status.vpcAccessibleServices.enableRestriction
arg_name: enable-vpc-accessible-services
required: false
type: bool
help_text: |
Whether to restrict API calls within the perimeter to those in the
vpc-allowed-services list.