unable to apply json deny policy using gcloud
Question
I am unable to apply deny policy in gcloud.
gcloud beta iam policies create newdenypolicy \
--attachment-point=cloudresourcemanager.googleapis.com/projects/projectid-1 \
--kind=denypolicies \
--policy-file=policy.json`
{
"displayName": "My deny policy.",
"rules": [
{
"denyRule": {
"deniedPrincipals": [
"principal://goog/subject/nnnxxxxx.xyz.com"
],
"deniedPermissions": [
"compute.googleapis.com"
]
}
}
]
}
I get the error
ERROR: (gcloud.iam.policies.create) Failed to parse YAML from [policy.json]: while scanning for the next token found character '\t' that cannot start any token in "policy.json", line 3, column 1
1 answers
solution1
1 2022-09-29 15:46:09
Looks like a bug.
Evidently (although documented to accept JSON|YAML), the command appears (?.) to expect YAML.
Can you try replacing policy.json with policy.yaml :
displayName: "My deny policy."
rules:
- denyRule:
deniedPrincipals:
- principal://goog/subject/nnnxxxxx.xyz.com
deniedPermissions:
- compute.googleapis.com
You can report this issue on Google's public Issue Tracker
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Unable to delete a private service connection using gcloud CLI command
AWS Policy deny access on all production resources
How to add Gcloud consoles' IPs into organization policy?
gcloud SDK: Unable to write file
Terraform AWS IAM Role “inline_policy.0.policy” contains an invalid JSON policy using ${file xyz} and jsonencode
How to apply policy tags with dataform
AWS IAM policy for Event-Bridge to SQS with deny
Unable to uninstall / install / use the gcloud cli
How attach a GCP IAM policy to a resource with gcloud command tool?
Unable to use gcloud in a jenkins docker-agent
Related Tags