gcloud beta iam principal-access-boundary-policies update

NAME
gcloud beta iam principal-access-boundary-policies update - update PrincipalAccessBoundaryPolicy instance
SYNOPSIS
gcloud beta iam principal-access-boundary-policies update (PRINCIPAL_ACCESS_BOUNDARY_POLICY : --location=LOCATION --organization=ORGANIZATION) [--async] [--display-name=DISPLAY_NAME] [--etag=ETAG] [--annotations=[ANNOTATIONS,…]     | --update-annotations=[UPDATE_ANNOTATIONS,…] --clear-annotations     | --remove-annotations=[__REMOVE_ANNOTATIONS,…]] [--details-enforcement-version=DETAILS_ENFORCEMENT_VERSION --details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]     | --add-details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES] --clear-details-rules     | --remove-details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(BETA) Update PrincipalAccessBoundaryPolicy instance.
EXAMPLES
To update display name of my-policy in organization 123, run:
gcloud beta iam principal-access-boundary-policies update my-policy --organization=123 --location=global --display-name=new-display-name
POSITIONAL ARGUMENTS
PrincipalAccessBoundaryPolicy resource - Identifier. The resource name of the principal access boundary policy.

The following format is supported: organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id} The arguments in this group can be used to specify the attributes of this resource.

This must be specified.

PRINCIPAL_ACCESS_BOUNDARY_POLICY
ID of the principalAccessBoundaryPolicy or fully qualified identifier for the principalAccessBoundaryPolicy.

To set the principal_access_boundary_policy attribute:

  • provide the argument principal_access_boundary_policy on the command line.

This positional argument must be specified if any of the other arguments in this group are specified.

--location=LOCATION
The location id of the principalAccessBoundaryPolicy resource.

To set the location attribute:

  • provide the argument principal_access_boundary_policy on the command line with a fully specified name;
  • provide the argument --location on the command line.
--organization=ORGANIZATION
The organization id of the principalAccessBoundaryPolicy resource.

To set the organization attribute:

  • provide the argument principal_access_boundary_policy on the command line with a fully specified name;
  • provide the argument --organization on the command line.
FLAGS
--async
Return immediately, without waiting for the operation in progress to complete.
--display-name=DISPLAY_NAME
The description of the principal access boundary policy. Must be less than or equal to 63 characters.
--etag=ETAG
The etag for the principal access boundary. If this is provided on update, it must match the server's etag.
Update annotations.

At most one of these can be specified:

--annotations=[ANNOTATIONS,…]
Set annotations to new value. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations.
KEY
Sets KEY value.
VALUE
Sets VALUE value.
Shorthand Example:
--annotations=string=string

JSON Example:

--annotations='{"string": "string"}'

File Example:

--annotations=path_to_file.(yaml|json)
--update-annotations=[UPDATE_ANNOTATIONS,…]
Update annotations value or add key value pair. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations.
KEY
Sets KEY value.
VALUE
Sets VALUE value.
Shorthand Example:
--update-annotations=string=string

JSON Example:

--update-annotations='{"string": "string"}'

File Example:

--update-annotations=path_to_file.(yaml|json)
At most one of these can be specified:
--clear-annotations
Clear annotations value and set to empty map.
--remove-annotations=[__REMOVE_ANNOTATIONS,…]
Remove existing value from map annotations.
Principal access boundary policy details
--details-enforcement-version=DETAILS_ENFORCEMENT_VERSION
The version number that indicates which Google Cloud services are included in the enforcement (e.g. "latest", "1", …). If empty, the PAB policy version will be set to the current latest version, and this version won't get updated when new versions are released.
Update details_rules.

At most one of these can be specified:

--details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
Set details_rules to new value. A list of principal access boundary policy rules. The number of rules in a policy is limited to 500.
description
The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.
effect
The access relationship of principals to the resources in this rule.
resources
A list of Cloud Resource Manager resources. The resource and all the descendants are included. The number of resources in a policy is limited to 500 across all rules.

The following resource types are supported:

  • Organizations, such as //cloudresourcemanager.googleapis.com/organizations/123.
  • Folders, such as //cloudresourcemanager.googleapis.com/folders/123.
  • Projects, such as //cloudresourcemanager.googleapis.com/projects/123 or //cloudresourcemanager.googleapis.com/projects/my-project-id.
Shorthand Example:
--details-rules=description=string,effect=string,resources=["string"] --details-rules=description=string,effect=string,resources=["string"]

JSON Example:

--details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

File Example:

--details-rules=path_to_file.(yaml|json)
--add-details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
Add new value to details_rules list. A list of principal access boundary policy rules. The number of rules in a policy is limited to 500.
description
The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.
effect
The access relationship of principals to the resources in this rule.
resources
A list of Cloud Resource Manager resources. The resource and all the descendants are included. The number of resources in a policy is limited to 500 across all rules.

The following resource types are supported:

  • Organizations, such as //cloudresourcemanager.googleapis.com/organizations/123.
  • Folders, such as //cloudresourcemanager.googleapis.com/folders/123.
  • Projects, such as //cloudresourcemanager.googleapis.com/projects/123 or //cloudresourcemanager.googleapis.com/projects/my-project-id.
Shorthand Example:
--add-details-rules=description=string,effect=string,resources=["string"] --add-details-rules=description=string,effect=string,resources=["string"]

JSON Example:

--add-details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

File Example:

--add-details-rules=path_to_file.(yaml|json)
At most one of these can be specified:
--clear-details-rules
Clear details_rules value and set to empty list.
--remove-details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
Remove existing value from details_rules list. A list of principal access boundary policy rules. The number of rules in a policy is limited to 500.
description
The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.
effect
The access relationship of principals to the resources in this rule.
resources
A list of Cloud Resource Manager resources. The resource and all the descendants are included. The number of resources in a policy is limited to 500 across all rules.

The following resource types are supported:

  • Organizations, such as //cloudresourcemanager.googleapis.com/organizations/123.
  • Folders, such as //cloudresourcemanager.googleapis.com/folders/123.
  • Projects, such as //cloudresourcemanager.googleapis.com/projects/123 or //cloudresourcemanager.googleapis.com/projects/my-project-id.
Shorthand Example:
--remove-details-rules=description=string,effect=string,resources=["string"] --remove-details-rules=description=string,effect=string,resources=["string"]

JSON Example:

--remove-details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

File Example:

--remove-details-rules=path_to_file.(yaml|json)
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE
This command uses the iam/v3beta API. The full documentation for this API can be found at: https://cloud.google.com/iam/
NOTES
This command is currently in beta and might change without notice. This variant is also available:
gcloud iam principal-access-boundary-policies update