mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-09 10:56:49 +00:00
136 lines
5.7 KiB
Text
136 lines
5.7 KiB
Text
NAME
|
|
gcloud access-approval settings update - update Access Approval settings
|
|
|
|
SYNOPSIS
|
|
gcloud access-approval settings update
|
|
[--active_key_version=ACTIVE_KEY_VERSION]
|
|
[--enrolled_services=ENROLLED_SERVICES]
|
|
[--notification_emails=NOTIFICATION_EMAILS]
|
|
[--notification_pubsub_topic=NOTIFICATION_PUBSUB_TOPIC]
|
|
[--prefer_no_broad_approval_requests=PREFER_NO_BROAD_APPROVAL_REQUESTS]
|
|
[--preferred_request_expiration_days=PREFERRED_REQUEST_EXPIRATION_DAYS]
|
|
[--request_scope_max_width_preference=REQUEST_SCOPE_MAX_WIDTH_PREFERENCE]
|
|
[--require_customer_visible_justification=REQUIRE_CUSTOMER_VISIBLE_JUSTIFICATION]
|
|
[--folder=FOLDER | --organization=ORGANIZATION | --project=PROJECT]
|
|
[GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
Update the Access Approval settings associated with a project, a folder, or
|
|
organization. Partial updates are supported (for example, you can update
|
|
the notification emails without modifying the enrolled services).
|
|
|
|
EXAMPLES
|
|
Update notification emails associated with project p1, run:
|
|
|
|
$ gcloud access-approval settings update --project=p1 \
|
|
--notification_emails='foo@example.com, bar@example.com'
|
|
|
|
Enable Access Approval enforcement for folder f1:
|
|
|
|
$ gcloud access-approval settings update --folder=f1 \
|
|
--enrolled_services=all
|
|
|
|
Enable Access Approval enforcement for organization org1 for only Cloud
|
|
Storage and Compute products and set the notification emails at the same
|
|
time:
|
|
|
|
$ gcloud access-approval settings update --organization=org1 \
|
|
--enrolled_services='storage.googleapis.com,compute.googleapis.c\
|
|
om' --notification_emails='security_team@example.com'
|
|
|
|
Update active key version for project p1:
|
|
|
|
$ gcloud access-approval settings update --project=p1 \
|
|
--active_key_version='projects/p1/locations/global/keyRings/sign\
|
|
ing-keys/cryptoKeys/signing-key/cryptoKeyVersions/1'
|
|
|
|
Update preferred request expiration days for project p1:
|
|
|
|
$ gcloud access-approval settings update --project=p1 \
|
|
--preferred_request_expiration_days=5
|
|
|
|
Enable prefer no broad approval requests for project p1:
|
|
|
|
$ gcloud access-approval settings update --project=p1 \
|
|
--prefer_no_broad_approval_requests=true
|
|
|
|
Update notification pubsub topic for project p1:
|
|
|
|
$ gcloud access-approval settings update --project=p1 \
|
|
--notification_pubsub_topic='exampleTopic'
|
|
|
|
Update request scope max width preference for project p1:
|
|
|
|
$ gcloud access-approval settings update --project=p1 \
|
|
--request_scope_max_width_preference=PROJECT
|
|
|
|
FLAGS
|
|
--active_key_version=ACTIVE_KEY_VERSION
|
|
The asymmetric crypto key version to use for signing approval requests.
|
|
Use '' to remove the custom signing key.
|
|
|
|
--enrolled_services=ENROLLED_SERVICES
|
|
Comma-separated list of services to enroll for Access Approval or 'all'
|
|
for all supported services. Note for project and folder enrollments,
|
|
only 'all' is supported. Use '' to clear all enrolled services.
|
|
|
|
--notification_emails=NOTIFICATION_EMAILS
|
|
Comma-separated list of email addresses to which notifications relating
|
|
to approval requests should be sent or '' to clear all saved
|
|
notification emails.
|
|
|
|
--notification_pubsub_topic=NOTIFICATION_PUBSUB_TOPIC
|
|
The pubsub topic to publish notifications to when approval requests are
|
|
made.
|
|
|
|
--prefer_no_broad_approval_requests=PREFER_NO_BROAD_APPROVAL_REQUESTS
|
|
If set to true it will communicate the preference to Google personnel
|
|
to request access with as targeted a resource scope as possible.
|
|
|
|
--preferred_request_expiration_days=PREFERRED_REQUEST_EXPIRATION_DAYS
|
|
The default expiration time for approval requests. This value must be
|
|
between 1 and 30. Note that this can be overridden at time of Approval
|
|
Request creation and modified by the customer at approval time.
|
|
|
|
--request_scope_max_width_preference=REQUEST_SCOPE_MAX_WIDTH_PREFERENCE
|
|
The preference for the broadest scope of access for access requests
|
|
without a specific method. REQUEST_SCOPE_MAX_WIDTH_PREFERENCE must be
|
|
one of: ORGANIZATION, FOLDER, PROJECT.
|
|
|
|
--require_customer_visible_justification=REQUIRE_CUSTOMER_VISIBLE_JUSTIFICATION
|
|
The preference to configure if a customer visible justification (i.e.
|
|
Vector Case) is required for a Googler to create an Access Ticket to
|
|
send to the customer when attempting to access customer resources.
|
|
|
|
At most one of these can be specified:
|
|
|
|
--folder=FOLDER
|
|
Folder number. Only one of --project, --folder, or --organization can
|
|
be provided. If none are provided then it uses config property
|
|
[core/project].
|
|
|
|
--organization=ORGANIZATION
|
|
Organization number. Either --project, --folder, or --organization
|
|
must be provided. If none are provided then it uses config property
|
|
[core/project].
|
|
|
|
--project=PROJECT
|
|
Project number or id. Only one of --project, --folder, or
|
|
--organization can be provided. If none are provided then it uses
|
|
config property [core/project].
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
NOTES
|
|
These variants are also available:
|
|
|
|
$ gcloud alpha access-approval settings update
|
|
|
|
$ gcloud beta access-approval settings update
|
|
|