- NAME
-
- gcloud iam principal-access-boundary-policies update - update PrincipalAccessBoundaryPolicy instance
- SYNOPSIS
-
-
gcloud iam principal-access-boundary-policies update
(PRINCIPAL_ACCESS_BOUNDARY_POLICY
:--location
=LOCATION
--organization
=ORGANIZATION
) [--async
] [--display-name
=DISPLAY_NAME
] [--etag
=ETAG
] [--annotations
=[ANNOTATIONS
,…] |--update-annotations
=[UPDATE_ANNOTATIONS
,…]--clear-annotations
|--remove-annotations
=[__REMOVE_ANNOTATIONS,…]] [--details-enforcement-version
=DETAILS_ENFORCEMENT_VERSION
--details-rules
=[description
=DESCRIPTION
],[effect
=EFFECT
],[resources
=RESOURCES
] |--add-details-rules
=[description
=DESCRIPTION
],[effect
=EFFECT
],[resources
=RESOURCES
]--clear-details-rules
|--remove-details-rules
=[description
=DESCRIPTION
],[effect
=EFFECT
],[resources
=RESOURCES
]] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
- Update PrincipalAccessBoundaryPolicy instance.
- EXAMPLES
-
To update display name of
my-policy
in organization123
, run:gcloud iam principal-access-boundary-policies update my-policy --organization=123 --location=global --display-name=new-display-name
- POSITIONAL ARGUMENTS
-
-
PrincipalAccessBoundaryPolicy resource - Identifier. The resource name of the
principal access boundary policy.
The following format is supported:
organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}
The arguments in this group can be used to specify the attributes of this resource.This must be specified.
PRINCIPAL_ACCESS_BOUNDARY_POLICY
-
ID of the principalAccessBoundaryPolicy or fully qualified identifier for the
principalAccessBoundaryPolicy.
To set the
principal_access_boundary_policy
attribute:-
provide the argument
principal_access_boundary_policy
on the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--location
=LOCATION
-
The location id of the principalAccessBoundaryPolicy resource.
To set the
location
attribute:-
provide the argument
principal_access_boundary_policy
on the command line with a fully specified name; -
provide the argument
--location
on the command line.
-
provide the argument
--organization
=ORGANIZATION
-
The organization id of the principalAccessBoundaryPolicy resource.
To set the
organization
attribute:-
provide the argument
principal_access_boundary_policy
on the command line with a fully specified name; -
provide the argument
--organization
on the command line.
-
provide the argument
-
PrincipalAccessBoundaryPolicy resource - Identifier. The resource name of the
principal access boundary policy.
- FLAGS
-
--async
- Return immediately, without waiting for the operation in progress to complete.
--display-name
=DISPLAY_NAME
- The description of the principal access boundary policy. Must be less than or equal to 63 characters.
--etag
=ETAG
- The etag for the principal access boundary. If this is provided on update, it must match the server's etag.
-
Update annotations.
At most one of these can be specified:
--annotations
=[ANNOTATIONS
,…]-
Set annotations to new value. User defined annotations. See https://google.aip.dev/148#annotations
for more details such as format and size limitations.
KEY
-
Sets
KEY
value. VALUE
-
Sets
VALUE
value.
Shorthand Example:
--annotations=string=string
JSON Example:
--annotations='{"string": "string"}'
File Example:
--annotations=path_to_file.(yaml|json)
--update-annotations
=[UPDATE_ANNOTATIONS
,…]-
Update annotations value or add key value pair. User defined annotations. See https://google.aip.dev/148#annotations
for more details such as format and size limitations.
KEY
-
Sets
KEY
value. VALUE
-
Sets
VALUE
value.
Shorthand Example:
--update-annotations=string=string
JSON Example:
--update-annotations='{"string": "string"}'
File Example:
--update-annotations=path_to_file.(yaml|json)
-
At most one of these can be specified:
--clear-annotations
- Clear annotations value and set to empty map.
--remove-annotations
=[__REMOVE_ANNOTATIONS,…]- Remove existing value from map annotations.
-
Principal access boundary policy details
--details-enforcement-version
=DETAILS_ENFORCEMENT_VERSION
- The version number that indicates which Google Cloud services are included in the enforcement (e.g. "latest", "1", …). If empty, the PAB policy version will be set to the current latest version, and this version won't get updated when new versions are released.
-
Update details_rules.
At most one of these can be specified:
--details-rules
=[description
=DESCRIPTION
],[effect
=EFFECT
],[resources
=RESOURCES
]-
Set details_rules to new value. A list of principal access boundary policy
rules. The number of rules in a policy is limited to 500.
description
- The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.
effect
- The access relationship of principals to the resources in this rule.
resources
-
A list of Cloud Resource Manager resources. The resource and all the descendants
are included. The number of resources in a policy is limited to 500 across all
rules.
The following resource types are supported:
-
Organizations, such as
//cloudresourcemanager.googleapis.com/organizations/123
. -
Folders, such as
//cloudresourcemanager.googleapis.com/folders/123
. -
Projects, such as
//cloudresourcemanager.googleapis.com/projects/123
or//cloudresourcemanager.googleapis.com/projects/my-project-id
.
-
Organizations, such as
Shorthand Example:
--details-rules=description=string,effect=string,resources=["string"] --details-rules=description=string,effect=string,resources=["string"]
JSON Example:
--details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'
File Example:
--details-rules=path_to_file.(yaml|json)
--add-details-rules
=[description
=DESCRIPTION
],[effect
=EFFECT
],[resources
=RESOURCES
]-
Add new value to details_rules list. A list of principal access boundary policy
rules. The number of rules in a policy is limited to 500.
description
- The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.
effect
- The access relationship of principals to the resources in this rule.
resources
-
A list of Cloud Resource Manager resources. The resource and all the descendants
are included. The number of resources in a policy is limited to 500 across all
rules.
The following resource types are supported:
-
Organizations, such as
//cloudresourcemanager.googleapis.com/organizations/123
. -
Folders, such as
//cloudresourcemanager.googleapis.com/folders/123
. -
Projects, such as
//cloudresourcemanager.googleapis.com/projects/123
or//cloudresourcemanager.googleapis.com/projects/my-project-id
.
-
Organizations, such as
Shorthand Example:
--add-details-rules=description=string,effect=string,resources=["string"] --add-details-rules=description=string,effect=string,resources=["string"]
JSON Example:
--add-details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'
File Example:
--add-details-rules=path_to_file.(yaml|json)
-
At most one of these can be specified:
--clear-details-rules
- Clear details_rules value and set to empty list.
--remove-details-rules
=[description
=DESCRIPTION
],[effect
=EFFECT
],[resources
=RESOURCES
]-
Remove existing value from details_rules list. A list of principal access
boundary policy rules. The number of rules in a policy is limited to 500.
description
- The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.
effect
- The access relationship of principals to the resources in this rule.
resources
-
A list of Cloud Resource Manager resources. The resource and all the descendants
are included. The number of resources in a policy is limited to 500 across all
rules.
The following resource types are supported:
-
Organizations, such as
//cloudresourcemanager.googleapis.com/organizations/123
. -
Folders, such as
//cloudresourcemanager.googleapis.com/folders/123
. -
Projects, such as
//cloudresourcemanager.googleapis.com/projects/123
or//cloudresourcemanager.googleapis.com/projects/my-project-id
.
-
Organizations, such as
Shorthand Example:
--remove-details-rules=description=string,effect=string,resources=["string"] --remove-details-rules=description=string,effect=string,resources=["string"]
JSON Example:
--remove-details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'
File Example:
--remove-details-rules=path_to_file.(yaml|json)
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - API REFERENCE
-
This command uses the
iam/v3
API. The full documentation for this API can be found at: https://cloud.google.com/iam/ - NOTES
-
This variant is also available:
gcloud beta iam principal-access-boundary-policies update
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-10 UTC.