Console
Start free

gcloud alpha run worker-pools remove-iam-policy-binding

NAME
gcloud alpha run worker-pools remove-iam-policy-binding - remove IAM policy binding of a Cloud Run worker pool
SYNOPSIS
gcloud alpha run worker-pools remove-iam-policy-binding (WORKERPOOL : --region=REGION) --member=PRINCIPAL --role=ROLE [--endpoint-mode=ENDPOINT_MODE] [--all     | --condition=[KEY=VALUE,…]     | --condition-from-file=PATH_TO_FILE] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Remove an IAM policy binding from the IAM policy of a worker pool. One binding consists of a member, and a role.
EXAMPLES
To remove an IAM policy binding for the role of 'roles/run.developer' for the user 'test-user@gmail.com' with worker pool 'my-worker-pool' and region 'us-central1', run: 
gcloud alpha run worker-pools remove-iam-policy-binding my-worker-pool --region='us-central1' --member='user:test-user@gmail.com' --role='roles/run.developer'
 See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types.
POSITIONAL ARGUMENTS
Workerpool resource - The worker pool for which to remove the IAM policy binding. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

This must be specified.
WORKERPOOL
ID of the workerpool or fully qualified identifier for the workerpool.

To set the workerpool attribute:

This positional argument must be specified if any of the other arguments in this group are specified.
--region=REGION
The Cloud Run region. To set the region attribute:
REQUIRED FLAGS
--member=PRINCIPAL
The principal to remove the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.

Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.

Deleted principals have an additional deleted: prefix and a ?uid=UID suffix, where UID is a unique identifier for the principal. Example: deleted:user:test-user@gmail.com?uid=123456789012345678901.

Some resources also accept the following special values:
--role=ROLE
The role to remove the principal from.
OPTIONAL FLAGS
--endpoint-mode=ENDPOINT_MODE
Specifies endpoint mode for a given command. Regional endpoints provide enhanced data residency and reliability by ensuring your request is handled entirely within the specified Google Cloud region. This differs from global endpoints, which may process parts of the request outside the target region. Overrides the default regional/endpoint_mode property value for this command invocation. ENDPOINT_MODE must be one of:
global
(Default) Use global rather than regional endpoints.
regional
Only use regional endpoints. An error will be raised if a regional endpoint is not available for a given command.
regional-preferred
Use regional endpoints when available, otherwise use global endpoints. Recommended for most users.
At most one of these can be specified:
--all
Remove all bindings with this role and principal, irrespective of any conditions.
--condition=[KEY=VALUE,…]
The condition of the binding that you want to remove. When the condition is explicitly specified as None (--condition=None), a binding without a condition is removed. Otherwise, only a binding with a condition that exactly matches the specified condition (including the optional description) is removed. For more on conditions, refer to the conditions overview guide: https://cloud.google.com/iam/docs/conditions-overview When using the --condition flag, include the following key-value pairs:
expression
(Required) Condition expression that evaluates to True or False. This uses a subset of Common Expression Language syntax. If the condition expression includes a comma, use a different delimiter to separate the key-value pairs. Specify the delimiter before listing the key-value pairs. For example, to specify a colon (:) as the delimiter, do the following: --condition=^:^title=TITLE:expression=EXPRESSION. For more information, see https://cloud.google.com/sdk/gcloud/reference/topic/escaping.
title
(Required) A short string describing the purpose of the expression.
description
(Optional) Additional description for the expression.
--condition-from-file=PATH_TO_FILE
Path to a local JSON or YAML file that defines the condition. To see available fields, see the help for --condition. Use a full or relative path to a local file containing the value of condition.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE
This command uses the run/v1 API. The full documentation for this API can be found at: https://cloud.google.com/run/
REGIONAL ENDPOINTS
This command supports regional endpoints. To use regional endpoints for this command, use the --endpoint-mode=regional-preferred flag. To use regional endpoints by default, run $ gcloud config set regional/endpoint_mode regional-preferred.
NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available: 
gcloud run worker-pools remove-iam-policy-binding
 
gcloud beta run worker-pools remove-iam-policy-binding