gcloud_beta_access-context-manager_perimeters_update (1)
NAME
- gcloud beta access-context-manager perimeters update - update an existing access zone
SYNOPSIS
-
gcloud beta access-context-manager perimeters update (PERIMETER : --policy=POLICY) [--description=DESCRIPTION] [--title=TITLE] [--type=TYPE] [--add-access-levels=[LEVEL,...] | --clear-access-levels | --remove-access-levels=[LEVEL,...] | --set-access-levels=[LEVEL,...]] [--add-resources=[RESOURCES,...] | --clear-resources | --remove-resources=[RESOURCES,...] | --set-resources=[RESOURCES,...]] [--add-restricted-services=[SERVICE,...] | --clear-restricted-services | --remove-restricted-services=[SERVICE,...] | --set-restricted-services=[SERVICE,...]] [--add-unrestricted-services=[SERVICE,...] | --clear-unrestricted-services | --remove-unrestricted-services=[SERVICE,...] | --set-unrestricted-services=[SERVICE,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) Update an existing access zone.
POSITIONAL ARGUMENTS
-
-
- Perimeter resource - The service perimemter to update. The arguments in this group can be used to specify the attributes of this resource. This must be specified.
-
- PERIMETER
-
ID of the perimeter or fully qualified identifier for the perimeter. This
positional must be specified if any of the other arguments in this group are
specified.
- --policy=POLICY
-
The ID of the access policy.
- Perimeter resource - The service perimemter to update. The arguments in this group can be used to specify the attributes of this resource. This must be specified.
-
FLAGS
-
- --description=DESCRIPTION
-
Long-form description of service perimeter.
- --title=TITLE
-
Short human-readable title of the service perimeter.
- --type=TYPE
-
Type of the perimeter.
A regular perimeter allows resources within this service perimeter to import and export data amongst themselves. A project may belong to at most one regular service perimeter.
A bridge perimeter allows resources in different regular service perimeters to import and export data between each other. A project may belong to multiple bridge service perimeters (only if it also belongs to a regular service perimeter). Both restricted and unrestricted service lists, as well as access level lists, must be empty.
TYPE must be one of: bridge, regular.
-
These flags modify the member access levels of this perimeter. An
intra-perimeter request must satisfy these access levels (for example,
MY_LEVEL; must be in the same access policy as this perimeter) to be
allowed. At most one of these may be specified:
-
- --add-access-levels=[LEVEL,...]
-
Append the given values to the current access levels.
- --clear-access-levels
-
Empty the current access levels.
- --remove-access-levels=[LEVEL,...]
-
Remove the given values from the current access levels.
- --set-access-levels=[LEVEL,...]
-
Completely replace the current access levels with the given values.
-
-
These flags modify the member resources of this perimeter. Resources must be
projects, in the form projects/<projectnumber>. At most one of these may
be specified:
-
- --add-resources=[RESOURCES,...]
-
Append the given values to the current resources.
- --clear-resources
-
Empty the current resources.
- --remove-resources=[RESOURCES,...]
-
Remove the given values from the current resources.
- --set-resources=[RESOURCES,...]
-
Completely replace the current resources with the given values.
-
-
These flags modify the member restricted services of this perimeter. The
perimeter boundary DOES apply to these services (for example,
storage.googleapis.com). A wildcard (*) may be given to denote all
services. If unrestricted services are set, restricted services must be a
wildcard. At most one of these may be specified:
-
- --add-restricted-services=[SERVICE,...]
-
Append the given values to the current restricted services.
- --clear-restricted-services
-
Empty the current restricted services.
- --remove-restricted-services=[SERVICE,...]
-
Remove the given values from the current restricted services.
- --set-restricted-services=[SERVICE,...]
-
Completely replace the current restricted services with the given values.
-
-
These flags modify the member unrestricted services of this perimemter. The
perimeter boundary DOES NOT apply to these services (for example,
storage.googleapis.com). A wildcard (*) may be given to denote all
services. If restricted services are set, unrestricted services must be a
wildcard. At most one of these may be specified:
-
- --add-unrestricted-services=[SERVICE,...]
-
Append the given values to the current unrestricted services.
- --clear-unrestricted-services
-
Empty the current unrestricted services.
- --remove-unrestricted-services=[SERVICE,...]
-
Remove the given values from the current unrestricted services.
- --set-unrestricted-services=[SERVICE,...]
-
Completely replace the current unrestricted services with the given values.
-
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
NOTES
This command is currently in BETA and may change without notice.