gcloud alpha sql instances patch

NAME
gcloud alpha sql instances patch - updates the settings of a Cloud SQL instance
SYNOPSIS
gcloud alpha sql instances patch INSTANCE [--activation-policy=ACTIVATION_POLICY] [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME] [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] [--availability-type=AVAILABILITY_TYPE] [--clear-failover-dr-replica-name] [--clear-password-policy] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--database-version=DATABASE_VERSION] [--[no-]deletion-protection] [--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE] [--deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE] [--deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME] [--diff] [--edition=EDITION] [--[no-]enable-bin-log] [--[no-]enable-data-cache] [--[no-]enable-database-replication] [--[no-]enable-dataplex-integration] [--[no-]enable-google-ml-integration] [--[no-]enable-google-private-path] [--enable-password-policy] [--enable-point-in-time-recovery] [--failover-dr-replica-name=FAILOVER_DR_REPLICA_NAME] [--follow-gae-app=FOLLOW_GAE_APP] [--[no-]insights-config-query-insights-enabled] [--insights-config-query-plans-per-minute=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE] [--insights-config-query-string-length=INSIGHTS_CONFIG_QUERY_STRING_LENGTH] [--[no-]insights-config-record-application-tags] [--[no-]insights-config-record-client-address] [--maintenance-release-channel=MAINTENANCE_RELEASE_CHANNEL] [--maintenance-version=MAINTENANCE_VERSION] [--maintenance-window-any] [--maintenance-window-day=MAINTENANCE_WINDOW_DAY] [--maintenance-window-hour=MAINTENANCE_WINDOW_HOUR] [--memory=MEMORY] [--network=NETWORK] [--password-policy-complexity=PASSWORD_POLICY_COMPLEXITY] [--[no-]password-policy-disallow-username-substring] [--password-policy-min-length=PASSWORD_POLICY_MIN_LENGTH] [--password-policy-password-change-interval=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL] [--password-policy-reuse-interval=PASSWORD_POLICY_REUSE_INTERVAL] [--pricing-plan=PRICING_PLAN, -p PRICING_PLAN] [--[no-]recreate-replicas-on-primary-crash] [--remove-deny-maintenance-period] [--replication=REPLICATION] [--replication-lag-max-seconds-for-recreate=REPLICATION_LAG_MAX_SECONDS_FOR_RECREATE] [--[no-]require-ssl] [--simulate-maintenance-event] [--ssl-mode=SSL_MODE] [--[no-]storage-auto-increase] [--storage-auto-increase-limit=STORAGE_AUTO_INCREASE_LIMIT] [--storage-size=STORAGE_SIZE] [--switch-transaction-logs-to-cloud-storage] [--threads-per-core=THREADS_PER_CORE] [--tier=TIER, -t TIER] [--time-zone=TIME_ZONE] [--update-labels=[KEY=VALUE,…]] [--upgrade-sql-network-architecture] [--allowed-psc-projects=PROJECT,[PROJECT,…]     | --clear-allowed-psc-projects] [--authorized-gae-apps=APP,[APP,…]     | --clear-gae-apps] [--authorized-networks=NETWORK,[NETWORK,…]     | --clear-authorized-networks] [--clear-database-flags     | --database-flags=FLAG=VALUE,[FLAG=VALUE,…]] [--clear-labels     | --remove-labels=[KEY,…]] [--clear-psc-auto-connections     | --psc-auto-connections=[network=NETWORK],[project=PROJECT]] [--gce-zone=GCE_ZONE     | --secondary-zone=SECONDARY_ZONE --zone=ZONE] [--no-backup     | --backup-location=BACKUP_LOCATION --backup-start-time=BACKUP_START_TIME --retained-backups-count=RETAINED_BACKUPS_COUNT --retained-transaction-log-days=RETAINED_TRANSACTION_LOG_DAYS] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Updates the settings of a Cloud SQL instance.
POSITIONAL ARGUMENTS
INSTANCE
Cloud SQL instance ID.
FLAGS
--activation-policy=ACTIVATION_POLICY
Activation policy for this instance. This specifies when the instance should be activated and is applicable only when the instance state is RUNNABLE. The default is always. More information on activation policies can be found here: https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never.
--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN
Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances.
--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME
The name of the IP range allocated for a Cloud SQL instance with private network connectivity. For example: 'google-managed-services-default'. If set, the instance IP is created in the allocated range represented by this name.
--[no-]assign-ip
Assign a public IP address to the instance. This is a public, externally available IPv4 address that you can use to connect to your instance when properly authorized. Use --assign-ip to enable and --no-assign-ip to disable.
--async
Return immediately, without waiting for the operation in progress to complete.
--audit-bucket-path=AUDIT_BUCKET_PATH
The location, as a Cloud Storage bucket, to which audit files are uploaded. The URI is in the form gs://bucketName/folderName. Only available for SQL Server instances.
--audit-retention-interval=AUDIT_RETENTION_INTERVAL
The number of days for audit log retention on disk, for example, 3dfor 3 days. Only available for SQL Server instances.
--audit-upload-interval=AUDIT_UPLOAD_INTERVAL
How often to upload audit logs (audit files), for example, 30mfor 30 minutes. Only available for SQL Server instances.
--availability-type=AVAILABILITY_TYPE
Specifies level of availability. AVAILABILITY_TYPE must be one of:
regional
Provides high availability and is recommended for production instances; instance automatically fails over to another zone within your selected region.
zonal
Provides no failover capability. This is the default.
--clear-failover-dr-replica-name
Clear the DR replica setting for the primary instance. Flag is only available for MySQL.
--clear-password-policy
Clear the existing password policy. This flag is only available for Postgres.
--connector-enforcement=CONNECTOR_ENFORCEMENT
Cloud SQL Connector enforcement mode. It determines how Cloud SQL Connectors are used in the connection. See the list of modes here. CONNECTOR_ENFORCEMENT must be one of:
CONNECTOR_ENFORCEMENT_UNSPECIFIED
The requirement for Cloud SQL connectors is unknown.
NOT_REQUIRED
Does not require Cloud SQL connectors.
REQUIRED
Requires all connections to use Cloud SQL connectors, including the Cloud SQL Auth Proxy and Cloud SQL Java, Python, and Go connectors. Note: This disables all existing authorized networks.
--cpu=CPU
Whole number value indicating how many cores are desired in the machine. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted.
--database-version=DATABASE_VERSION
The database engine type and versions. If left unspecified, no changes occur. See the list of database versions at https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/SqlDatabaseVersion.
--[no-]deletion-protection
Enable deletion protection on a Cloud SQL instance. Use --deletion-protection to enable and --no-deletion-protection to disable.
--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE
Date when the deny maintenance period ends, that is 2021-01-10.
--deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE
Date when the deny maintenance period begins, that is 2020-11-01.
--deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME
Time when the deny maintenance period starts or ends, that is 05:00:00.
--diff
Show what changed as a result of the update.
--edition=EDITION
Specifies the edition of Cloud SQL instance. EDITION must be one of: enterprise, enterprise-plus.
--[no-]enable-bin-log
Allows for data recovery from a specific point in time, down to a fraction of a second. Must have automatic backups enabled to use. Make sure storage can support at least 7 days of logs. Use --enable-bin-log to enable and --no-enable-bin-log to disable.
--[no-]enable-data-cache
Enable use of data cache for accelerated read performance. This flag is only available for Enterprise_Plus edition instances. Use --enable-data-cache to enable and --no-enable-data-cache to disable.
--[no-]enable-database-replication
Enable database replication. Applicable only for read replica instance(s). WARNING: Instance will be restarted. Use --enable-database-replication to enable and --no-enable-database-replication to disable.
--[no-]enable-dataplex-integration
Enable Dataplex integration for Google Cloud SQL. Use --enable-dataplex-integration to enable and --no-enable-dataplex-integration to disable.
--[no-]enable-google-ml-integration
Enable Vertex AI integration for Google Cloud SQL. Currently, only PostgreSQL is supported. Use --enable-google-ml-integration to enable and --no-enable-google-ml-integration to disable.
--[no-]enable-google-private-path
Enable a private path for Google Cloud services. This flag specifies whether the instance is accessible to internal Google Cloud services such as BigQuery. This is only applicable to MySQL and PostgreSQL instances that don't use public IP. Currently, SQL Server isn't supported. Use --enable-google-private-path to enable and --no-enable-google-private-path to disable.
--enable-password-policy
Enable the password policy, which enforces user password management with the policies configured for the instance. This flag is only available for Postgres.
--enable-point-in-time-recovery
Allows for data recovery from a specific point in time, down to a fraction of a second, via write-ahead logs. Must have automatic backups enabled to use. Make sure storage can support at least 7 days of logs.
--failover-dr-replica-name=FAILOVER_DR_REPLICA_NAME
Set a Disaster Recovery (DR) replica with the specified name for the primary instance. This must be one of the existing cross region replicas of the primary instance. Flag is only available for MySQL.
--follow-gae-app=FOLLOW_GAE_APP
First Generation instances only. The App Engine app this instance should follow. It must be in the same region as the instance. WARNING: Instance may be restarted.
--[no-]insights-config-query-insights-enabled
Enable query insights feature to provide query and query plan analytics.

Use --insights-config-query-insights-enabled to enable and --no-insights-config-query-insights-enabled to disable.

--insights-config-query-plans-per-minute=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE
Number of query plans to sample every minute. Default value is 5. Allowed range: 0 to 20.
--insights-config-query-string-length=INSIGHTS_CONFIG_QUERY_STRING_LENGTH
Query string length in bytes to be stored by the query insights feature. Default length is 1024 bytes. Allowed range: 256 to 4500 bytes.
--[no-]insights-config-record-application-tags
Allow application tags to be recorded by the query insights feature.

Use --insights-config-record-application-tags to enable and --no-insights-config-record-application-tags to disable.

--[no-]insights-config-record-client-address
Allow the client address to be recorded by the query insights feature.

Use --insights-config-record-client-address to enable and --no-insights-config-record-client-address to disable.

--maintenance-release-channel=MAINTENANCE_RELEASE_CHANNEL
Which channel's updates to apply during the maintenance window. If not specified, Cloud SQL chooses the timing of updates to your instance. MAINTENANCE_RELEASE_CHANNEL must be one of:
preview
Preview updates release prior to production updates. You may wish to use the preview channel for dev/test applications so that you can preview their compatibility with your application prior to the production release.
production
Production updates are stable and recommended for applications in production.
week5
week5 updates release after the production updates. Use the week5 channel to receive a 5 week advance notification about the upcoming maintenance, so you can prepare your application for the release.
--maintenance-version=MAINTENANCE_VERSION
The desired maintenance version of the instance.
--maintenance-window-any
Removes the user-specified maintenance window.
--maintenance-window-day=MAINTENANCE_WINDOW_DAY
Day of week for maintenance window, in UTC time zone. MAINTENANCE_WINDOW_DAY must be one of: SUN, MON, TUE, WED, THU, FRI, SAT.
--maintenance-window-hour=MAINTENANCE_WINDOW_HOUR
Hour of day for maintenance window, in UTC time zone.
--memory=MEMORY
Whole number value indicating how much memory is desired in the machine. A size unit should be provided (eg. 3072MiB or 9GiB) - if no units are specified, GiB is assumed. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted.
--network=NETWORK
Network in the current project that the instance will be part of. To specify using a network with a shared VPC, use the full URL of the network. For an example host project, 'testproject', and shared network, 'testsharednetwork', this would use the form: --network=projects/testproject/global/networks/testsharednetwork
--password-policy-complexity=PASSWORD_POLICY_COMPLEXITY
The complexity of the password. This flag is available only for PostgreSQL. PASSWORD_POLICY_COMPLEXITY must be one of:
COMPLEXITY_DEFAULT
A combination of lowercase, uppercase, numeric, and non-alphanumeric characters.
COMPLEXITY_UNSPECIFIED
The default value if COMPLEXITY_DEFAULT is not specified. It implies that complexity check is not enabled.
--[no-]password-policy-disallow-username-substring
Disallow username as a part of the password. Use --password-policy-disallow-username-substring to enable and --no-password-policy-disallow-username-substring to disable.
--password-policy-min-length=PASSWORD_POLICY_MIN_LENGTH
Minimum number of characters allowed in the password.
--password-policy-password-change-interval=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL
Minimum interval after which the password can be changed, for example, 2m for 2 minutes. See <a href="/sdk/gcloud/reference/topic/datetimes"> $ gcloud topic datetimes</a> for information on duration formats. This flag is available only for PostgreSQL.
--password-policy-reuse-interval=PASSWORD_POLICY_REUSE_INTERVAL
Number of previous passwords that cannot be reused. The valid range is 0 to 100.
--pricing-plan=PRICING_PLAN, -p PRICING_PLAN
First Generation instances only. The pricing plan for this instance. PRICING_PLAN must be one of: PER_USE, PACKAGE.
--[no-]recreate-replicas-on-primary-crash
Allow/Disallow replica recreation when a primary MySQL instance operating in reduced durability mode crashes. Not recreating the replicas might lead to data inconsistencies between the primary and its replicas. This setting is only applicable for MySQL instances and is enabled by default. Use --recreate-replicas-on-primary-crash to enable and --no-recreate-replicas-on-primary-crash to disable.
--remove-deny-maintenance-period
Removes the user-specified deny maintenance period.
--replication=REPLICATION
Type of replication this instance uses. The default is synchronous. REPLICATION must be one of: synchronous, asynchronous.
--replication-lag-max-seconds-for-recreate=REPLICATION_LAG_MAX_SECONDS_FOR_RECREATE
Set a maximum replication lag for a MySQL read replica in seconds. If the replica lag exceeds the specified value, the readreplica(s) will be recreated. Min value=300 seconds,Max value=31536000 seconds, default value=31536000 seconds.
--[no-]require-ssl
mysqld should default to 'REQUIRE X509' for users connecting over IP. Use --require-ssl to enable and --no-require-ssl to disable.
--simulate-maintenance-event
Simulate a maintenance event without changing the version. Only applicable to instances that support near-zero downtime planned maintenance.
--ssl-mode=SSL_MODE
Set the SSL mode of the instance. SSL_MODE must be one of:
ALLOW_UNENCRYPTED_AND_ENCRYPTED
Allow non-SSL and SSL connections. For SSL connections, client certificate will not be verified.
ENCRYPTED_ONLY
Only allow connections encrypted with SSL/TLS.
TRUSTED_CLIENT_CERTIFICATE_REQUIRED
Only allow connections encrypted with SSL/TLS and with valid client certificates.
--[no-]storage-auto-increase
Storage size can be increased, but it cannot be decreased; storage increases are permanent for the life of the instance. With this setting enabled, a spike in storage requirements can result in permanently increased storage costs for your instance. However, if an instance runs out of available space, it can result in the instance going offline, dropping existing connections. This setting is enabled by default. Use --storage-auto-increase to enable and --no-storage-auto-increase to disable.
--storage-auto-increase-limit=STORAGE_AUTO_INCREASE_LIMIT
Allows you to set a maximum storage capacity, in GB. Automatic increases to your capacity will stop once this limit has been reached. Default capacity is unlimited.
--storage-size=STORAGE_SIZE
Amount of storage allocated to the instance. Must be an integer number of GB. The default is 10GB. Information on storage limits can be found here: https://cloud.google.com/sql/docs/quotas#storage_limits
--switch-transaction-logs-to-cloud-storage
Switches the location of the transaction logs used for PITR from disk to Cloud Storage.
--threads-per-core=THREADS_PER_CORE
The number of threads per core. The value of this flag can be 1 or 2. To disable SMT, set this flag to 1. Only available in Cloud SQL for SQL Server instances.
--tier=TIER, -t TIER
Machine type for a shared-core instance e.g. db-g1-small. For all other instances, instead of using tiers, customize your instance by specifying its CPU and memory. You can do so with the --cpu and --memory flags. Learn more about how CPU and memory affects pricing: https://cloud.google.com/sql/pricing. WARNING: Instance will be restarted.
--time-zone=TIME_ZONE
Set a non-default time zone. Only available for SQL Server instances.
--update-labels=[KEY=VALUE,…]
List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created.

Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.

--upgrade-sql-network-architecture
Upgrade from old network architecture to new network architecture. The new network architecture offers better isolation, reliability, and faster new feature adoption.
At most one of these can be specified:
--allowed-psc-projects=PROJECT,[PROJECT,…]
A comma-separated list of projects. Each project in this list might be represented by a project number (numeric) or by a project ID (alphanumeric). This allows Private Service Connect connections to be established from specified consumer projects.
--clear-allowed-psc-projects
This will clear the project allowlist of Private Service Connect, disallowing all projects from creating new Private Service Connect bindings to the instance.
At most one of these can be specified:
--authorized-gae-apps=APP,[APP,…]
First Generation instances only. List of project IDs for App Engine applications running in the Standard environment that can access this instance.

The value given for this argument replaces the existing list.

--clear-gae-apps
Specified to clear the list of App Engine apps that can access this instance.
At most one of these can be specified:
--authorized-networks=NETWORK,[NETWORK,…]
The list of external networks that are allowed to connect to the instance. Specified in CIDR notation, also known as 'slash' notation (e.g. 192.168.100.0/24).

The value given for this argument replaces the existing list.

--clear-authorized-networks
Clear the list of external networks that are allowed to connect to the instance.
At most one of these can be specified:
--clear-database-flags
Clear the database flags set on the instance. WARNING: Instance will be restarted.
--database-flags=FLAG=VALUE,[FLAG=VALUE,…]
Comma-separated list of database flags to set on the instance. Use an equals sign to separate flag name and value. Flags without values, like skip_grant_tables, can be written out without a value after, e.g., skip_grant_tables=. Use on/off for booleans. View the Instance Resource API for allowed flags. (e.g., --database-flags max_allowed_packet=55555,skip_grant_tables=,log_output=1)
At most one of these can be specified:
--clear-labels
Remove all labels. If --update-labels is also specified then --clear-labels is applied first.

For example, to remove all labels:

gcloud alpha sql instances patch --clear-labels

To remove all existing labels and create two new labels, foo and baz:

gcloud alpha sql instances patch --clear-labels --update-labels foo=bar,baz=qux
--remove-labels=[KEY,…]
List of label keys to remove. If a label does not exist it is silently ignored. If --update-labels is also specified then --update-labels is applied first.
At most one of these can be specified:
--clear-psc-auto-connections
This removes all connections created automatically. Cloud SQL uses these connections to connect to an instance using Private Service Connect.
--psc-auto-connections=[network=NETWORK],[project=PROJECT]
A comma-separated list of networks or a comma-separated list of network-project pairs. Each project in this list is represented by a project number (numeric) or by a project ID (alphanumeric). This allows Private Service Connect connections to be created automatically for the specified networks. For example, this connection uses "the form psc-auto-connections=network=projects/testproject1/global/networks/testnetwork1" or "the form psc-auto-connections=project=testproject1,network=projects/testproject1/global/networks/testnetwork1". Sets psc_auto_connections value.
network
Required, Sets network value.
project
Sets project value.
Shorthand Example:
--psc-auto-connections=network=string,project=string

JSON Example:

--psc-auto-connections='{"network": "string", "project": "string"}'

File Example:

--psc-auto-connections=path_to_file.(yaml|json)
At most one of these can be specified:
--gce-zone=GCE_ZONE
(DEPRECATED) Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.). WARNING: Instance may be restarted.

Flag --gce-zone is deprecated and will be removed by release 255.0.0. Use --zone instead.

--secondary-zone=SECONDARY_ZONE
Preferred secondary Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.).
--zone=ZONE
Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.). WARNING: Instance may be restarted.
At most one of these can be specified:
--no-backup
Specified if daily backup should be disabled.
--backup-location=BACKUP_LOCATION
Choose where to store your backups. Backups are stored in the closest multi-region location to you by default. Only customize if needed. Specify empty string to revert to default.
--backup-start-time=BACKUP_START_TIME
Start time of daily backups, specified in the HH:MM format, in the UTC timezone.
--retained-backups-count=RETAINED_BACKUPS_COUNT
How many backups to keep. The valid range is between 1 and 365. Default value is 7 for Enterprise edition instances. For Enterprise_Plus, default value is 15. Applicable only if --no-backups is not specified.
--retained-transaction-log-days=RETAINED_TRANSACTION_LOG_DAYS
How many days of transaction logs to keep. The valid range is between 1 and 35. Only use this option when point-in-time recovery is enabled. If logs are stored on disk, storage size for transaction logs could increase when the number of days for log retention increases. For Enterprise, default and max retention values are 7 and 7 respectively. For Enterprise_Plus, default and max retention values are 14 and 35.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
gcloud sql instances patch
gcloud beta sql instances patch