NAME
    gcloud iam principal-access-boundary-policies update - update
        PrincipalAccessBoundaryPolicy instance

SYNOPSIS
    gcloud iam principal-access-boundary-policies update
        (PRINCIPAL_ACCESS_BOUNDARY_POLICY
          : --location=LOCATION --organization=ORGANIZATION) [--async]
        [--display-name=DISPLAY_NAME] [--etag=ETAG]
        [--annotations=[ANNOTATIONS,...]
          | --update-annotations=[UPDATE_ANNOTATIONS,...] --clear-annotations
          | --remove-annotations=[__REMOVE_ANNOTATIONS,...]]
        [--details-enforcement-version=DETAILS_ENFORCEMENT_VERSION
          --details-rules=[description=DESCRIPTION],
          [effect=EFFECT],[resources=RESOURCES]
          | --add-details-rules=[description=DESCRIPTION],
          [effect=EFFECT],[resources=RESOURCES] --clear-details-rules
          | --remove-details-rules=[description=DESCRIPTION],
          [effect=EFFECT],[resources=RESOURCES]] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    Update PrincipalAccessBoundaryPolicy instance.

EXAMPLES
    To update display name of my-policy in organization 123, run:

        $ gcloud iam principal-access-boundary-policies update my-policy \
            --organization=123 --location=global \
            --display-name=new-display-name

POSITIONAL ARGUMENTS
     PrincipalAccessBoundaryPolicy resource - Identifier. The resource name of
     the principal access boundary policy.

     The following format is supported:
     organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}
     The arguments in this group can be used to specify the attributes of this
     resource.

     This must be specified.

       PRINCIPAL_ACCESS_BOUNDARY_POLICY
          ID of the principalAccessBoundaryPolicy or fully qualified identifier
          for the principalAccessBoundaryPolicy.

          To set the principal_access_boundary_policy attribute:
          ▸ provide the argument principal_access_boundary_policy on the
            command line.

          This positional argument must be specified if any of the other
          arguments in this group are specified.

       --location=LOCATION
          The location id of the principalAccessBoundaryPolicy resource.

          To set the location attribute:
          ▸ provide the argument principal_access_boundary_policy on the
            command line with a fully specified name;
          ▸ provide the argument --location on the command line.

       --organization=ORGANIZATION
          The organization id of the principalAccessBoundaryPolicy resource.

          To set the organization attribute:
          ▸ provide the argument principal_access_boundary_policy on the
            command line with a fully specified name;
          ▸ provide the argument --organization on the command line.

FLAGS
     --async
        Return immediately, without waiting for the operation in progress to
        complete.

     --display-name=DISPLAY_NAME
        The description of the principal access boundary policy. Must be less
        than or equal to 63 characters.

     --etag=ETAG
        The etag for the principal access boundary. If this is provided on
        update, it must match the server's etag.

     Update annotations.

     At most one of these can be specified:

       --annotations=[ANNOTATIONS,...]
          Set annotations to new value. User defined annotations. See
          https://google.aip.dev/148#annotations for more details such as
          format and size limitations.

           KEY
              Sets KEY value.

           VALUE
              Sets VALUE value.

          Shorthand Example:

              --annotations=string=string

          JSON Example:

              --annotations='{"string": "string"}'

          File Example:

              --annotations=path_to_file.(yaml|json)

       --update-annotations=[UPDATE_ANNOTATIONS,...]
          Update annotations value or add key value pair. User defined
          annotations. See https://google.aip.dev/148#annotations for more
          details such as format and size limitations.

           KEY
              Sets KEY value.

           VALUE
              Sets VALUE value.

          Shorthand Example:

              --update-annotations=string=string

          JSON Example:

              --update-annotations='{"string": "string"}'

          File Example:

              --update-annotations=path_to_file.(yaml|json)

       At most one of these can be specified:

         --clear-annotations
            Clear annotations value and set to empty map.

         --remove-annotations=[__REMOVE_ANNOTATIONS,...]
            Remove existing value from map annotations.

     Principal access boundary policy details

       --details-enforcement-version=DETAILS_ENFORCEMENT_VERSION
          The version number that indicates which Google Cloud services are
          included in the enforcement (e.g. "latest", "1", ...). If empty, the
          PAB policy version will be set to the current latest version, and
          this version won't get updated when new versions are released.

       Update details_rules.

       At most one of these can be specified:

         --details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
            Set details_rules to new value. A list of principal access boundary
            policy rules. The number of rules in a policy is limited to 500.

             description
                The description of the principal access boundary policy rule.
                Must be less than or equal to 256 characters.

             effect
                The access relationship of principals to the resources in this
                rule.

             resources
                A list of Cloud Resource Manager resources. The resource and
                all the descendants are included. The number of resources in a
                policy is limited to 500 across all rules.

                The following resource types are supported:

                ◇ Organizations, such as
                  //cloudresourcemanager.googleapis.com/organizations/123.
                ◇ Folders, such as
                  //cloudresourcemanager.googleapis.com/folders/123.
                ◇ Projects, such as
                  //cloudresourcemanager.googleapis.com/projects/123 or
                  //cloudresourcemanager.googleapis.com/projects/my-project-id.

            Shorthand Example:

                --details-rules=description=string,effect=string,resources=["string"] --details-rules=description=string,effect=string,resources=["string"]

            JSON Example:

                --details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

            File Example:

                --details-rules=path_to_file.(yaml|json)

         --add-details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
            Add new value to details_rules list. A list of principal access
            boundary policy rules. The number of rules in a policy is limited
            to 500.

             description
                The description of the principal access boundary policy rule.
                Must be less than or equal to 256 characters.

             effect
                The access relationship of principals to the resources in this
                rule.

             resources
                A list of Cloud Resource Manager resources. The resource and
                all the descendants are included. The number of resources in a
                policy is limited to 500 across all rules.

                The following resource types are supported:

                ◇ Organizations, such as
                  //cloudresourcemanager.googleapis.com/organizations/123.
                ◇ Folders, such as
                  //cloudresourcemanager.googleapis.com/folders/123.
                ◇ Projects, such as
                  //cloudresourcemanager.googleapis.com/projects/123 or
                  //cloudresourcemanager.googleapis.com/projects/my-project-id.

            Shorthand Example:

                --add-details-rules=description=string,effect=string,resources=["string"] --add-details-rules=description=string,effect=string,resources=["string"]

            JSON Example:

                --add-details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

            File Example:

                --add-details-rules=path_to_file.(yaml|json)

         At most one of these can be specified:

           --clear-details-rules
              Clear details_rules value and set to empty list.

           --remove-details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
              Remove existing value from details_rules list. A list of
              principal access boundary policy rules. The number of rules in a
              policy is limited to 500.

               description
                  The description of the principal access boundary policy rule.
                  Must be less than or equal to 256 characters.

               effect
                  The access relationship of principals to the resources in
                  this rule.

               resources
                  A list of Cloud Resource Manager resources. The resource and
                  all the descendants are included. The number of resources in
                  a policy is limited to 500 across all rules.

                  The following resource types are supported:

                  ▹ Organizations, such as
                    //cloudresourcemanager.googleapis.com/organizations/123.
                  ▹ Folders, such as
                    //cloudresourcemanager.googleapis.com/folders/123.
                  ▹ Projects, such as
                    //cloudresourcemanager.googleapis.com/projects/123 or
                    //cloudresourcemanager.googleapis.com/projects/my-project-id.

              Shorthand Example:

                  --remove-details-rules=description=string,effect=string,resources=["string"] --remove-details-rules=description=string,effect=string,resources=["string"]

              JSON Example:

                  --remove-details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

              File Example:

                  --remove-details-rules=path_to_file.(yaml|json)

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

API REFERENCE
    This command uses the iam/v3 API. The full documentation for this API can
    be found at: https://cloud.google.com/iam/

NOTES
    This variant is also available:

        $ gcloud beta iam principal-access-boundary-policies update

