このセクションでは、ロールの作成にコマンド ライン ツールを使用する方法について説明します。

gcloud コマンド ライン ツールを使用してロールを作成するには、次の手順を実行します。

• ロール定義の YAML ファイルをダウンロードします。

• プロジェクトごとに次のコマンドを実行します。

すべてのネットワーク、ストレージ、およびサービス エンジン オブジェクトを作成する必要があるプロジェクトが 1 つのみである場合は、同じプロジェクトですべてのロールを作成します。

$ gcloud iam roles create avi.se --project se-project --file service_engine_project_role.yaml
Created role [avi.se].
description: Access to resources required for operations on Service Engines and Virtual
  Services
etag: B********k=
includedPermissions:
- compute.addresses.create
- compute.addresses.delete
- compute.addresses.get
- compute.addresses.list
- compute.addresses.use
- compute.disks.create
- compute.forwardingRules.create
- compute.forwardingRules.delete
- compute.forwardingRules.list
- compute.globalOperations.get
- compute.images.create
- compute.images.delete
- compute.images.list
- compute.images.useReadOnly
- compute.instances.create
- compute.instances.delete
- compute.instances.get
- compute.instances.list
- compute.instances.setLabels
- compute.instances.setMetadata
- compute.instances.setTags
- compute.instances.use
- compute.instances.updateNetworkInterface
- compute.regionOperations.get
- compute.regions.get
- compute.regions.list
- compute.targetPools.addInstance
- compute.targetPools.create
- compute.targetPools.delete
- compute.targetPools.get
- compute.targetPools.list
- compute.targetPools.removeInstance
- compute.targetPools.use
- compute.zoneOperations.get
- compute.zones.list
name: projects/se-project/roles/avi.se
stage: ALPHA
title: AVI Service Engine Project Role

$ gcloud iam roles create avi.network --project network-project --file network_project_role.yaml

Note: permissions [compute.subnetworks.get, compute.subnetworks.list]
are in 'TESTING' stage which means the functionality is not mature and
 they can go away in the future. This can break your workflows, so do
not use them in production systems!

Are you sure you want to make this change? (Y/n)?  y

Created role [avi.network].
description: Access to resources required for operations in Network Project
etag: B*******k4=
includedPermissions:
- compute.networks.get
- compute.networks.list
- compute.networks.updatePolicy
- compute.regions.get
- compute.routes.create
- compute.routes.delete
- compute.routes.list
- compute.subnetworks.get
- compute.subnetworks.list
- compute.subnetworks.use
name: projects/network-project/roles/avi.network
stage: ALPHA
title: AVI Network Project Role

$ gcloud iam roles create avi.storage --project storage-project --file storage_project_role.yaml

Created role avi.storage.
description: Access to resources required for operations on GCS Buckets and Objects
etag: B*******g=
includedPermissions:

storage.buckets.create
storage.buckets.delete
storage.objects.create
storage.objects.delete
storage.objects.list
name: projects/storage-project/roles/avi.storage
stage: ALPHA
title: AVI Storage Project Role