gcloud access-context-manager perimeters dry-run update - update the dry-run mode configuration for a Service Perimeter

gcloud access-context-manager perimeters dry-run update(PERIMETER :--policy=POLICY)[--async][--etag=etag][--add-access-levels=[ACCESS-LEVELS,…]    |--clear-access-levels    |--remove-access-levels=[ACCESS-LEVELS,…]][--add-resources=[RESOURCES,…]    |--clear-resources    |--remove-resources=[RESOURCES,…]][--add-restricted-services=[RESTRICTED-SERVICES,…]    |--clear-restricted-services    |--remove-restricted-services=[RESTRICTED-SERVICES,…]][--clear-egress-policies    |--set-egress-policies=YAML_FILE][--clear-ingress-policies    |--set-ingress-policies=YAML_FILE][--enable-vpc-accessible-services--add-vpc-allowed-services=[VPC-ALLOWED-SERVICES,…]    |--clear-vpc-allowed-services    |--remove-vpc-allowed-services=[VPC-ALLOWED-SERVICES,…]][GCLOUD_WIDE_FLAG …]

For Service Perimeters with an explicitly defined dry-run mode configuration(i.e. an explicitspec), this operation updates that configurationdirectly, ignoring enforcement mode configuration.

Service Perimeters that do not have explict dry-run mode configuration willinherit the enforcement mode configuration in the dry-run mode. Therefore, thiscommand effectively clones the enforcement mode configuration, then applies theupdate on that configuration, and uses that as the explicit dry-run modeconfiguration.

Perimeter resource - The service perimeter to update. The arguments in thisgroup can be used to specify the attributes of this resource.

This must be specified.

PERIMETER

ID of the perimeter or fully qualified identifier for the perimeter.

To set theperimeter attribute:

• provide the argumentperimeter on the command line.

This positional argument must be specified if any of the other arguments in thisgroup are specified.

--policy=POLICY

The ID of the access policy.

To set thepolicy attribute:

• provide the argumentperimeter on the command line with a fullyspecified name;
• provide the argument--policy on the command line;
• set the propertyaccess_context_manager/policy.

--async

Return immediately, without waiting for the operation in progress to complete.

--etag=etag

The etag for the version of the Access Policy that this operation is to beperformed on. If, at the time of the operation, the etag for the Access Policystored in Access Context Manager is different from the specified etag, then thecommit operation will not be performed and the call will fail. If etag is notprovided, the operation will be performed as if a valid etag is provided.

These flags modify the member Access Level of this Service Perimeter.

At most one of these can be specified:

--add-access-levels=[ACCESS-LEVELS,…]

Append the given values to the current Access Level.

--clear-access-levels

Empty the current Access Level.

--remove-access-levels=[ACCESS-LEVELS,…]

Remove the given values from the current Access Level.

These flags modify the member Resources of this Service Perimeter.

At most one of these can be specified:

--add-resources=[RESOURCES,…]

Append the given values to the current Resources.

--clear-resources

Empty the current Resources.

--remove-resources=[RESOURCES,…]

Remove the given values from the current Resources.

These flags modify the member Restricted Services of this Service Perimeter.

At most one of these can be specified:

--add-restricted-services=[RESTRICTED-SERVICES,…]

Append the given values to the current Restricted Services.

--clear-restricted-services

Empty the current Restricted Services.

--remove-restricted-services=[RESTRICTED-SERVICES,…]

Remove the given values from the current Restricted Services.

These flags modify the enforced EgressPolicies of this ServicePerimeter.

At most one of these can be specified:

--clear-egress-policies

Empties existing enforced Egress Policies.

--set-egress-policies=YAML_FILE

Path to a file containing a list of Egress Policies.

This file contains a list of YAML-compliant objects representing Egress Policiesdescribed in the API reference.

For more information about the alpha version, see:https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimetersFor more information about non-alpha versions, see:https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters

These flags modify the enforced IngressPolicies of this ServicePerimeter.

At most one of these can be specified:

--clear-ingress-policies

Empties existing enforced Ingress Policies.

--set-ingress-policies=YAML_FILE

Path to a file containing a list of Ingress Policies.

This file contains a list of YAML-compliant objects representing IngressPolicies described in the API reference.

For more information about the alpha version, see:https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimetersFor more information about non-alpha versions, see:https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters

Arguments for configuring VPC accessible service restrictions.

--enable-vpc-accessible-services

When specified restrict API calls within the Service Perimeter to the set of vpcallowed services. To disable use '--no-enable-vpc-accessible-services'.

These flags modify the member VPC Allowed Services of this Service Perimeter.

At most one of these can be specified:

--add-vpc-allowed-services=[VPC-ALLOWED-SERVICES,…]

Append the given values to the current VPC Allowed Services.

--clear-vpc-allowed-services

Empty the current VPC Allowed Services.

--remove-vpc-allowed-services=[VPC-ALLOWED-SERVICES,…]

Remove the given values from the current VPC Allowed Services.

Run$gcloud help for details.