mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-18 06:47:12 +00:00
gcloud: Wed Nov 13 10:04:10 UTC 2024
This commit is contained in:
parent
7da5872e5c
commit
a63704a3af
252 changed files with 4821 additions and 807 deletions
|
|
@ -4,13 +4,16 @@ NAME
|
|||
|
||||
SYNOPSIS
|
||||
gcloud access-context-manager cloud-bindings update
|
||||
(--binding=BINDING : --organization=ORGANIZATION)
|
||||
(--binding=BINDING : --organization=ORGANIZATION) [--append]
|
||||
[--binding-file=YAML_FILE] [--dry-run-level=[DRY_RUN_LEVEL,...]]
|
||||
[--level=[LEVEL,...]] [GCLOUD_WIDE_FLAG ...]
|
||||
[--level=[LEVEL,...]] [--session-length=SESSION_LENGTH]
|
||||
[--session-reauth-method=SESSION_REAUTH_METHOD; default="login"]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
Update an existing cloud access binding. You can update the level, dry run
|
||||
level and scoped access settings. They can't all be empty.
|
||||
level, session settings, and scoped access settings. They cannot all be
|
||||
empty.
|
||||
|
||||
EXAMPLES
|
||||
To update an existing cloud access binding, run:
|
||||
|
|
@ -25,11 +28,37 @@ EXAMPLES
|
|||
--binding=my-binding-id --level= \
|
||||
--dry-run-level=accessPolicies/123/accessLevels/new-def
|
||||
|
||||
To update scoped access settings, run:
|
||||
To replace scoped access settings with a new list, run:
|
||||
|
||||
$ gcloud access-context-manager cloud-bindings update \
|
||||
--binding=my-binding-id --binding-file='binding.yaml'
|
||||
|
||||
To append scoped access settings to the existing list, run:
|
||||
|
||||
$ gcloud access-context-manager cloud-bindings update \
|
||||
--binding=my-binding-id --binding-file='binding.yaml' --append
|
||||
|
||||
Note this is only possible for scoped access settings that exclusively hold
|
||||
session settings (i.e. no access levels).
|
||||
|
||||
To update session settings, run:
|
||||
|
||||
$ gcloud access-context-manager cloud-bindings update \
|
||||
--binding=my-binding-id --session-length=2h
|
||||
|
||||
To update the session reauth method you must also specify --session-length
|
||||
(this can be the existing value if you only want to modify the reauth
|
||||
method), run:
|
||||
|
||||
$ gcloud access-context-manager cloud-bindings update \
|
||||
--binding=my-binding-id --session-length=2h \
|
||||
--session-reauth-method=login
|
||||
|
||||
To disable session settings, set --session-length=0, for example:
|
||||
|
||||
$ gcloud access-context-manager cloud-bindings update \
|
||||
--binding=my-binding-id --session-length=0
|
||||
|
||||
REQUIRED FLAGS
|
||||
Cloud access binding resource - The cloud access binding you want to
|
||||
update. The arguments in this group can be used to specify the attributes
|
||||
|
|
@ -57,6 +86,13 @@ REQUIRED FLAGS
|
|||
▸ set the property access_context_manager/organization.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--append
|
||||
When true, append the ScopedAccessSettings in --binding-file to the
|
||||
existing ScopedAccessSettings on the binding. When false, the existing
|
||||
binding's ScopedAccessSettings will be overwritten. Defaults to false.
|
||||
You may only append ScopedAccessSettings that exclusively hold session
|
||||
settings (i.e no access levels).
|
||||
|
||||
--binding-file=YAML_FILE
|
||||
Path to the file that contains a Google Cloud Platform user access
|
||||
binding.
|
||||
|
|
@ -66,7 +102,8 @@ OPTIONAL FLAGS
|
|||
ScopedAccessSettings only. No other binding fields are allowed.
|
||||
|
||||
The file content replaces the corresponding fields in the existing
|
||||
binding.
|
||||
binding. Unless --append is specified. See --append help text for more
|
||||
details.
|
||||
|
||||
--dry-run-level=[DRY_RUN_LEVEL,...]
|
||||
The dry run access level that replaces the existing dry run level for
|
||||
|
|
@ -78,6 +115,42 @@ OPTIONAL FLAGS
|
|||
binding. The input must be the full identifier of an access level, such
|
||||
as accessPolicies/123/accessLevels/new-abc.
|
||||
|
||||
--session-length=SESSION_LENGTH
|
||||
The maximum lifetime of a user session provided as an ISO 8601 duration
|
||||
string. Must be at least one hour or zero, and no more than twenty-four
|
||||
hours. Granularity is limited to seconds.
|
||||
|
||||
When --session-length=0 users in the group attached to this binding
|
||||
will have infinite session length, effectively disabling the session
|
||||
settings.
|
||||
|
||||
A session begins after a user signs in successfully. If a user signs
|
||||
out before the end of the session lifetime, a new login creates a new
|
||||
session with a fresh lifetime. When a session expires, the user is
|
||||
asked to reauthenticate in accordance with session-reauth-method.
|
||||
|
||||
Setting --session-reauth-method when --session-length is empty raises
|
||||
an error. Cannot set --session-length on restricted client
|
||||
applications; please use scoped access settings.
|
||||
|
||||
--session-reauth-method=SESSION_REAUTH_METHOD; default="login"
|
||||
Specifies the security check a user must undergo when their session
|
||||
expires. Defaults to --session-reauth-method=LOGIN if unspecified and
|
||||
--session-length is set. Cannot be used when --session-length is empty
|
||||
or 0. SESSION_REAUTH_METHOD must be one of:
|
||||
|
||||
login
|
||||
The user will be prompted to perform regular login. Users who are
|
||||
enrolled in two-step verification and haven't chosen to "Remember
|
||||
this computer" will be prompted for their second factor.
|
||||
|
||||
password
|
||||
The user will only be required to enter their password.
|
||||
|
||||
security-key
|
||||
The user will be prompted to autheticate using their security key.
|
||||
If no security key has been configured, the LOGIN method is used.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue