.TH "GCLOUD_ACCESS\-CONTEXT\-MANAGER_CLOUD\-BINDINGS_UPDATE" 1



.SH "NAME"
.HP
gcloud access\-context\-manager cloud\-bindings update \- update a existing cloud access binding under an organization



.SH "SYNOPSIS"
.HP
\f5gcloud access\-context\-manager cloud\-bindings update\fR (\fB\-\-binding\fR=\fIBINDING\fR\ :\ \fB\-\-organization\fR=\fIORGANIZATION\fR) [\fB\-\-append\fR] [\fB\-\-binding\-file\fR=\fIYAML_FILE\fR] [\fB\-\-dry\-run\-level\fR=[\fIDRY_RUN_LEVEL\fR,...]] [\fB\-\-level\fR=[\fILEVEL\fR,...]] [\fB\-\-session\-length\fR=\fISESSION_LENGTH\fR] [\fB\-\-session\-reauth\-method\fR=\fISESSION_REAUTH_METHOD\fR;\ default="login"] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

Update an existing cloud access binding. You can update the level, dry run
level, session settings, and scoped access settings. They cannot all be empty.



.SH "EXAMPLES"

To update an existing cloud access binding, run:

.RS 2m
$ gcloud access\-context\-manager cloud\-bindings update \e
    \-\-binding=my\-binding\-id \e
    \-\-level=accessPolicies/123/accessLevels/new\-abc
.RE

To remove level and add dry run level, run:

.RS 2m
$ gcloud access\-context\-manager cloud\-bindings update \e
    \-\-binding=my\-binding\-id \-\-level= \e
    \-\-dry\-run\-level=accessPolicies/123/accessLevels/new\-def
.RE

To replace scoped access settings with a new list, run:

.RS 2m
$ gcloud access\-context\-manager cloud\-bindings update \e
    \-\-binding=my\-binding\-id \-\-binding\-file='binding.yaml'
.RE

To append scoped access settings to the existing list, run:

.RS 2m
$ gcloud access\-context\-manager cloud\-bindings update \e
    \-\-binding=my\-binding\-id \-\-binding\-file='binding.yaml' \-\-append
.RE

Note this is only possible for scoped access settings that exclusively hold
session settings (i.e. no access levels).

To update session settings, run:

.RS 2m
$ gcloud access\-context\-manager cloud\-bindings update \e
    \-\-binding=my\-binding\-id \-\-session\-length=2h
.RE

To update the session reauth method you must also specify \-\-session\-length
(this can be the existing value if you only want to modify the reauth method),
run:

.RS 2m
$ gcloud access\-context\-manager cloud\-bindings update \e
    \-\-binding=my\-binding\-id \-\-session\-length=2h \e
    \-\-session\-reauth\-method=login
.RE

To disable session settings, set \-\-session\-length=0, for example:

.RS 2m
$ gcloud access\-context\-manager cloud\-bindings update \e
    \-\-binding=my\-binding\-id \-\-session\-length=0
.RE



.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m

Cloud access binding resource \- The cloud access binding you want to update.
The arguments in this group can be used to specify the attributes of this
resource.

This must be specified.


.RS 2m
.TP 2m
\fB\-\-binding\fR=\fIBINDING\fR

ID of the cloud\-access\-binding or fully qualified identifier for the
cloud\-access\-binding.

To set the \f5binding\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-binding\fR on the command line.
.RE
.sp

This flag argument must be specified if any of the other arguments in this group
are specified.

.TP 2m
\fB\-\-organization\fR=\fIORGANIZATION\fR

The ID of the organization.


To set the \f5organization\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-binding\fR on the command line with a fully
specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-organization\fR on the command line;
.IP "\(bu" 2m
set the property \f5access_context_manager/organization\fR.
.RE
.sp


.RE
.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m
\fB\-\-append\fR

When true, append the ScopedAccessSettings in \f5\-\-binding\-file\fR to the
existing ScopedAccessSettings on the binding. When false, the existing binding's
ScopedAccessSettings will be overwritten. Defaults to false. You may only append
ScopedAccessSettings that exclusively hold session settings (i.e no access
levels).

.TP 2m
\fB\-\-binding\-file\fR=\fIYAML_FILE\fR

Path to the file that contains a Google Cloud Platform user access binding.

This file contains a YAML\-compliant object representing a GcpUserAccessBinding
(as described in the API reference) containing ScopedAccessSettings only. No
other binding fields are allowed.

The file content replaces the corresponding fields in the existing binding.
Unless \-\-append is specified. See \-\-append help text for more details.

.TP 2m
\fB\-\-dry\-run\-level\fR=[\fIDRY_RUN_LEVEL\fR,...]

The dry run access level that replaces the existing dry run level for the given
binding. The input must be the full identifier of an access level, such as
\f5accessPolicies/123/accessLevels/new\-def\fR.

.TP 2m
\fB\-\-level\fR=[\fILEVEL\fR,...]

The access level that replaces the existing level for the given binding. The
input must be the full identifier of an access level, such as
\f5accessPolicies/123/accessLevels/new\-abc\fR.

.TP 2m
\fB\-\-session\-length\fR=\fISESSION_LENGTH\fR

The maximum lifetime of a user session provided as an ISO 8601 duration string.
Must be at least one hour or zero, and no more than twenty\-four hours.
Granularity is limited to seconds.

When \-\-session\-length=0 users in the group attached to this binding will have
infinite session length, effectively disabling the session settings.

A session begins after a user signs in successfully. If a user signs out before
the end of the session lifetime, a new login creates a new session with a fresh
lifetime. When a session expires, the user is asked to reauthenticate in
accordance with session\-reauth\-method.

Setting \-\-session\-reauth\-method when \-\-session\-length is empty raises an
error. Cannot set \-\-session\-length on restricted client applications; please
use scoped access settings.

.TP 2m
\fB\-\-session\-reauth\-method\fR=\fISESSION_REAUTH_METHOD\fR; default="login"

Specifies the security check a user must undergo when their session expires.
Defaults to \-\-session\-reauth\-method=LOGIN if unspecified and
\-\-session\-length is set. Cannot be used when \-\-session\-length is empty or
0. \fISESSION_REAUTH_METHOD\fR must be one of:

.RS 2m
.TP 2m
\fBlogin\fR
The user will be prompted to perform regular login. Users who are enrolled in
two\-step verification and haven't chosen to "Remember this computer" will be
prompted for their second factor.

.TP 2m
\fBpassword\fR
The user will only be required to enter their password.

.TP 2m
\fBsecurity\-key\fR
The user will be prompted to autheticate using their security key. If no
security key has been configured, the LOGIN method is used.

.RE
.sp



.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "API REFERENCE"

This command uses the \fBaccesscontextmanager/v1\fR API. The full documentation
for this API can be found at:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/



.SH "NOTES"

This variant is also available:

.RS 2m
$ gcloud alpha access\-context\-manager cloud\-bindings update
.RE