gcloud alpha iam policies lint-condition
- NAME
- gcloud alpha iam policies lint-condition - lint an IAM condition
- SYNOPSIS
gcloud alpha iam policies lint-condition(--condition-from-file=CONDITION_FROM_FILE| [--expression=EXPRESSION--title=TITLE:--description=DESCRIPTION])[--resource-name=RESOURCE_NAME][GCLOUD_WIDE_FLAG …]
- DESCRIPTION
(ALPHA)Lint an IAM condition. The problems found by linter willnot be fixed. Instead, it will show the problems.- EXAMPLES
- To lint an IAM condition of resource
//cloudresourcemanager.googleapis.com/v1/projects/example-project,and the condtion to lint is expression='true', title='title',description='description', run:gcloudalphaiampolicieslint-condition--resource-name='//cloudresourcemanager.googleapis.com/v1/projects/example-project'--expression='true'--title='title'--description='description'To lint an IAM condition of resource
//cloudresourcemanager.googleapis.com/v1/projects/example-project,and the condition is read from a local YAML filecondition.yaml,run:gcloudalphaiampolicieslint-condition--resource-name='//cloudresourcemanager.googleapis.com/v1/projects/example-project'--condition-from-file='condition.yaml' - REQUIRED FLAGS
- Exactly one of these must be specified:
--condition-from-file=CONDITION_FROM_FILE- The path to a JSON or YAML file containing the condition. Seehttps://cloud.google.com/iam/docs/conditions-overviewfor schema of the condition.
- Or at least one of these can be specified:
- The condition to lint. It must have an
expressionproperty and atitleproperty. Thedescriptionproperty is optional. --expression=EXPRESSION- The expression of the condition which evaluates to True or False. This uses asubset of Common Expression Language syntax.
This flag argument must be specified if any of the other arguments in this groupare specified.
--title=TITLE- A title for the expression, i.e. a short string describing its purpose.
This flag argument must be specified if any of the other arguments in this groupare specified.
--description=DESCRIPTION- A description of the expression. This is a longer text which describes theexpression.
- The condition to lint. It must have an
- Exactly one of these must be specified:
- OPTIONAL FLAGS
--resource-name=RESOURCE_NAME- The full resource name of the policy containing the condition to lint. Seehttps://cloud.google.com/apis/design/resource_namesfor details.
To get a URI from most list commands in gcloud, pass the --uri flag. Forexample:
gcloudcomputeinstanceslist--projectprj--urihttps://www.googleapis.com/compute/v1/projects/prj/zones/us-east1-c/instances/i1https://www.googleapis.com/compute/v1/projects/prj/zones/us-east1-d/instances/i2
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$gcloud helpfor details. - API REFERENCE
- This command uses the
iam/v1API. The full documentation for thisAPI can be found at:https://cloud.google.com/iam/ - NOTES
- This command is currently in alpha and might change without notice. If thiscommand fails with API permission errors despite specifying the correct project,you might be trying to access an API with an invitation-only early accessallowlist.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-01-21 UTC.