mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 10:35:03 +00:00
171 lines
7 KiB
Text
171 lines
7 KiB
Text
NAME
|
|
gcloud access-context-manager cloud-bindings update - update a existing
|
|
cloud access binding under an organization
|
|
|
|
SYNOPSIS
|
|
gcloud access-context-manager cloud-bindings update
|
|
(--binding=BINDING : --organization=ORGANIZATION) [--append]
|
|
[--binding-file=YAML_FILE] [--dry-run-level=[DRY_RUN_LEVEL,...]]
|
|
[--level=[LEVEL,...]] [--session-length=SESSION_LENGTH]
|
|
[--session-reauth-method=SESSION_REAUTH_METHOD; default="login"]
|
|
[GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
Update an existing cloud access binding. You can update the level, dry run
|
|
level, session settings, and scoped access settings. They cannot all be
|
|
empty.
|
|
|
|
EXAMPLES
|
|
To update an existing cloud access binding, run:
|
|
|
|
$ gcloud access-context-manager cloud-bindings update \
|
|
--binding=my-binding-id \
|
|
--level=accessPolicies/123/accessLevels/new-abc
|
|
|
|
To remove level and add dry run level, run:
|
|
|
|
$ gcloud access-context-manager cloud-bindings update \
|
|
--binding=my-binding-id --level= \
|
|
--dry-run-level=accessPolicies/123/accessLevels/new-def
|
|
|
|
To replace scoped access settings with a new list, run:
|
|
|
|
$ gcloud access-context-manager cloud-bindings update \
|
|
--binding=my-binding-id --binding-file='binding.yaml'
|
|
|
|
To append scoped access settings to the existing list, run:
|
|
|
|
$ gcloud access-context-manager cloud-bindings update \
|
|
--binding=my-binding-id --binding-file='binding.yaml' --append
|
|
|
|
Note this is only possible for scoped access settings that exclusively hold
|
|
session settings (i.e. no access levels).
|
|
|
|
To update session settings, run:
|
|
|
|
$ gcloud access-context-manager cloud-bindings update \
|
|
--binding=my-binding-id --session-length=2h
|
|
|
|
To update the session reauth method you must also specify --session-length
|
|
(this can be the existing value if you only want to modify the reauth
|
|
method), run:
|
|
|
|
$ gcloud access-context-manager cloud-bindings update \
|
|
--binding=my-binding-id --session-length=2h \
|
|
--session-reauth-method=login
|
|
|
|
To disable session settings, set --session-length=0, for example:
|
|
|
|
$ gcloud access-context-manager cloud-bindings update \
|
|
--binding=my-binding-id --session-length=0
|
|
|
|
REQUIRED FLAGS
|
|
Cloud access binding resource - The cloud access binding you want to
|
|
update. The arguments in this group can be used to specify the attributes
|
|
of this resource.
|
|
|
|
This must be specified.
|
|
|
|
--binding=BINDING
|
|
ID of the cloud-access-binding or fully qualified identifier for the
|
|
cloud-access-binding.
|
|
|
|
To set the binding attribute:
|
|
▸ provide the argument --binding on the command line.
|
|
|
|
This flag argument must be specified if any of the other arguments in
|
|
this group are specified.
|
|
|
|
--organization=ORGANIZATION
|
|
The ID of the organization.
|
|
|
|
To set the organization attribute:
|
|
▸ provide the argument --binding on the command line with a fully
|
|
specified name;
|
|
▸ provide the argument --organization on the command line;
|
|
▸ set the property access_context_manager/organization.
|
|
|
|
OPTIONAL FLAGS
|
|
--append
|
|
When true, append the ScopedAccessSettings in --binding-file to the
|
|
existing ScopedAccessSettings on the binding. When false, the existing
|
|
binding's ScopedAccessSettings will be overwritten. Defaults to false.
|
|
You may only append ScopedAccessSettings that exclusively hold session
|
|
settings (i.e no access levels).
|
|
|
|
--binding-file=YAML_FILE
|
|
Path to the file that contains a Google Cloud Platform user access
|
|
binding.
|
|
|
|
This file contains a YAML-compliant object representing a
|
|
GcpUserAccessBinding (as described in the API reference) containing
|
|
ScopedAccessSettings only. No other binding fields are allowed.
|
|
|
|
The file content replaces the corresponding fields in the existing
|
|
binding. Unless --append is specified. See --append help text for more
|
|
details.
|
|
|
|
--dry-run-level=[DRY_RUN_LEVEL,...]
|
|
The dry run access level that replaces the existing dry run level for
|
|
the given binding. The input must be the full identifier of an access
|
|
level, such as accessPolicies/123/accessLevels/new-def.
|
|
|
|
--level=[LEVEL,...]
|
|
The access level that replaces the existing level for the given
|
|
binding. The input must be the full identifier of an access level, such
|
|
as accessPolicies/123/accessLevels/new-abc.
|
|
|
|
--session-length=SESSION_LENGTH
|
|
The maximum lifetime of a user session provided as an ISO 8601 duration
|
|
string. Must be at least one hour or zero, and no more than twenty-four
|
|
hours. Granularity is limited to seconds.
|
|
|
|
When --session-length=0 users in the group attached to this binding
|
|
will have infinite session length, effectively disabling the session
|
|
settings.
|
|
|
|
A session begins after a user signs in successfully. If a user signs
|
|
out before the end of the session lifetime, a new login creates a new
|
|
session with a fresh lifetime. When a session expires, the user is
|
|
asked to reauthenticate in accordance with session-reauth-method.
|
|
|
|
Setting --session-reauth-method when --session-length is empty raises
|
|
an error. Cannot set --session-length on restricted client
|
|
applications; please use scoped access settings.
|
|
|
|
--session-reauth-method=SESSION_REAUTH_METHOD; default="login"
|
|
Specifies the security check a user must undergo when their session
|
|
expires. Defaults to --session-reauth-method=LOGIN if unspecified and
|
|
--session-length is set. Cannot be used when --session-length is empty
|
|
or 0. SESSION_REAUTH_METHOD must be one of:
|
|
|
|
login
|
|
The user will be prompted to perform regular login. Users who are
|
|
enrolled in two-step verification and haven't chosen to "Remember
|
|
this computer" will be prompted for their second factor.
|
|
|
|
password
|
|
The user will only be required to enter their password.
|
|
|
|
security-key
|
|
The user will be prompted to autheticate using their security key.
|
|
If no security key has been configured, the LOGIN method is used.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
API REFERENCE
|
|
This command uses the accesscontextmanager/v1 API. The full documentation
|
|
for this API can be found at:
|
|
https://cloud.google.com/access-context-manager/docs/reference/rest/
|
|
|
|
NOTES
|
|
This variant is also available:
|
|
|
|
$ gcloud alpha access-context-manager cloud-bindings update
|
|
|