NAME
    gcloud compute org-security-policies rules update - update a Compute Engine
        security policy rule

SYNOPSIS
    gcloud compute org-security-policies rules update PRIORITY
        --security-policy=SECURITY_POLICY [--action=ACTION] [--cloud-armor]
        [--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,...]]
        [--direction=DIRECTION] [--[no-]enable-logging]
        [--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY]
        [--organization=ORGANIZATION] [--[no-]preview]
        [--target-resources=[TARGET_RESOURCES,...]]
        [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
        [--expression=EXPRESSION | --src-ip-ranges=[SRC_IP_RANGE,...]]
        [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    gcloud compute org-security-policies rules update is used to update
    organization security policy rules.

EXAMPLES
    To update a rule with priority 10 in an organization security policy with
    ID 123456789 to change the action to allow and description to
    new-example-rule, run:

        $ gcloud compute org-security-policies rules update 10 \
            --security-policy=123456789 --action=allow \
            --description=new-example-rule

POSITIONAL ARGUMENTS
     PRIORITY
        Priority of the security policy rule to update.

REQUIRED FLAGS
     --security-policy=SECURITY_POLICY
        short name of the security policy into which the rule should be
        updated.

OPTIONAL FLAGS
     --action=ACTION
        Action to take if the request matches the match condition. ACTION must
        be one of:

         allow
            Allows the request from HTTP(S) Load Balancing.
         deny
            (DEPRECATED) Only used for Hierarchical Firewalls.
         deny-403
            Denies the request from HTTP(S) Load Balancing, with an HTTP
            response status code of 403.
         deny-404
            Denies the request from HTTP(S) Load Balancing, with an HTTP
            response status code of 404.
         deny-502
            Denies the request from HTTP(S) Load Balancing, with an HTTP
            response status code of 502.
         goto-next
            Defers enforcement to the next policy in the hierarchy.
         redirect
            Redirects the request from HTTP(S) Load Balancing, based on
            redirect options.

     --cloud-armor
        Specified for Hierarchical Cloud Armor rules.

     --description=DESCRIPTION
        An optional, textual description for the rule.

     --dest-ip-ranges=[DEST_IP_RANGE,...]
        Destination IP ranges to match for this rule. Can only be specified if
        DIRECTION is egress.

     --direction=DIRECTION
        Direction of the traffic the rule is applied. The default is to apply
        on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS.

     --[no-]enable-logging
        Use this flag to enable logging of connections that allowed or denied
        by this rule. Use --enable-logging to enable and --no-enable-logging to
        disable.

     --layer4-configs=[LAYER4_CONFIG,...]
        A list of destination protocols and ports to which the firewall rule
        will apply.

     --new-priority=NEW_PRIORITY
        New priority for the rule to update. Valid in [0, 65535].

     --organization=ORGANIZATION
        Organization which the organization security policy belongs to. Must be
        set if SECURITY_POLICY is short name.

     --[no-]preview
        If specified, the action will not be enforced. Use --preview to enable
        and --no-preview to disable.

     --target-resources=[TARGET_RESOURCES,...]
        List of URLs of target resources to which the rule is applied.

     --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
        List of target service accounts for the rule.

     Security policy rule matcher.

     At most one of these can be specified:

       --expression=EXPRESSION
          The Cloud Armor rules language expression to match for this rule.

       --src-ip-ranges=[SRC_IP_RANGE,...]
          The source IPs/IP ranges to match for this rule. To match all IPs
          specify *.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    These variants are also available:

        $ gcloud alpha compute org-security-policies rules update

        $ gcloud beta compute org-security-policies rules update

