本节介绍了如何使用命令行工具创建角色。

要使用 gcloud 命令行工具创建角色，请执行以下操作：

• 下载角色定义 YAML 文件。

• 针对每个项目运行以下命令。

如果只有一个项目而必须在其中创建所有网络、存储和服务引擎对象，则在同一项目中创建所有角色。

$ gcloud iam roles create avi.se --project se-project --file service_engine_project_role.yaml
Created role [avi.se].
description: Access to resources required for operations on Service Engines and Virtual
  Services
etag: B********k=
includedPermissions:
- compute.addresses.create
- compute.addresses.delete
- compute.addresses.get
- compute.addresses.list
- compute.addresses.use
- compute.disks.create
- compute.forwardingRules.create
- compute.forwardingRules.delete
- compute.forwardingRules.list
- compute.globalOperations.get
- compute.images.create
- compute.images.delete
- compute.images.list
- compute.images.useReadOnly
- compute.instances.create
- compute.instances.delete
- compute.instances.get
- compute.instances.list
- compute.instances.setLabels
- compute.instances.setMetadata
- compute.instances.setTags
- compute.instances.use
- compute.instances.updateNetworkInterface
- compute.regionOperations.get
- compute.regions.get
- compute.regions.list
- compute.targetPools.addInstance
- compute.targetPools.create
- compute.targetPools.delete
- compute.targetPools.get
- compute.targetPools.list
- compute.targetPools.removeInstance
- compute.targetPools.use
- compute.zoneOperations.get
- compute.zones.list
name: projects/se-project/roles/avi.se
stage: ALPHA
title: AVI Service Engine Project Role

$ gcloud iam roles create avi.network --project network-project --file network_project_role.yaml

Note: permissions [compute.subnetworks.get, compute.subnetworks.list]
are in 'TESTING' stage which means the functionality is not mature and
 they can go away in the future. This can break your workflows, so do
not use them in production systems!

Are you sure you want to make this change? (Y/n)?  y

Created role [avi.network].
description: Access to resources required for operations in Network Project
etag: B*******k4=
includedPermissions:
- compute.networks.get
- compute.networks.list
- compute.networks.updatePolicy
- compute.regions.get
- compute.routes.create
- compute.routes.delete
- compute.routes.list
- compute.subnetworks.get
- compute.subnetworks.list
- compute.subnetworks.use
name: projects/network-project/roles/avi.network
stage: ALPHA
title: AVI Network Project Role

$ gcloud iam roles create avi.storage --project storage-project --file storage_project_role.yaml

Created role avi.storage.
description: Access to resources required for operations on GCS Buckets and Objects
etag: B*******g=
includedPermissions:

storage.buckets.create
storage.buckets.delete
storage.objects.create
storage.objects.delete
storage.objects.list
name: projects/storage-project/roles/avi.storage
stage: ALPHA
title: AVI Storage Project Role