gcloud scc postures update - update the given Cloud Security Command Center posture

gcloud scc postures update(POSTURE :--location=LOCATION--organization=ORGANIZATION)--posture-from-file=PATH_TO_FILE--revision-id=REVISION_ID[--async][--update-mask=UPDATE_MASK][GCLOUD_WIDE_FLAG …]

Fields specified in update-mask flag are updated. Updatable fields are state,description and policy_sets. State of the posture can't be updated along withupdate of other fields. An empty or "" as field mask will result in updateof policy_sets and description. In case of the update of policy_sets, the valuementioned in the update posture request overwrites the exisiting value ofpolicy_sets.

Valid state transitions are: a) ACTIVE to DRAFT b) ACTIVE to DEPRECATED c) DRAFTto ACTIVE d) DEPRECATED to ACTIVE

The update operation will result in the update of the revision-id specified inthe request, unless the posture revision is currently deployed on a workload. Anew revision is created for an already deployed posture revision.

gcloudsccposturesupdateorganizations/123/locations/global/postures/foo-posture--posture-from-file=update_posture.yaml--revision-id=abcdefghupdate_mask=state

Contentsofupdate_posture.yamlare|name:organizations/123/locations/global/postures/foo-posturestate:ACTIVE

Update the revision-idabcdefgh of the posture namedfoo-posture in the organizationorganizations/123/locations/global: Change description andpolicy_sets to the values mentioned in update_posture.yaml

gcloudsccposturesupdateorganizations/123/locations/global/postures/foo-posture--posture-from-file=update_posture.yaml--revision-id=abcdefghupdate_mask=description,policy_sets

Contentsofupdate_posture.yamlare|name:organizations/123/locations/global/postures/foo-posturedescription:updateddescriptionpolicy_sets:-policy_set_id:newPolicySet1policies:-policy_id:newPolicyconstraint:org_policy_canned_constraint:canned_constraint_id:storage.uniformBucketLevelAccesspolicy_rules:enforce:false-policy_set_id:PolicySet2policies:-policy_id:Policy3constraint:org_policy_custom_constraint:custom_constraint:name:organizations/9454078371/customConstraints/custom.newConstraintresource_types:container.$$UNIVERSE_DOMAIN$$/NodePoolmethod_types:UPDATEcondition:resource.management.autoUpgrade==falseaction_type:ALLOWpolicy_rules:enforce:true

Posture resource - Arguments and flags that specify the Posture instance to beupdated. The arguments in this group can be used to specify the attributes ofthis resource.

This must be specified.

POSTURE

ID of the posture or fully qualified identifier for the posture.

To set theposture attribute:

• provide the argumentposture on the command line.

This positional argument must be specified if any of the other arguments in thisgroup are specified.

--location=LOCATION

ID of the location where the resource exists (for example, global).To set thelocation attribute:

• provide the argumentposture on the command line with a fullyspecified name;
• provide the argument--location on the command line.

--organization=ORGANIZATION

ID of the organization which is the parent of the resource.To set theorganization attribute:

• provide the argumentposture on the command line with a fullyspecified name;
• provide the argument--organization on the command line.

--posture-from-file=PATH_TO_FILE

Path of the file containing the details of the field to be updated. Contentsinclude the name of the posture to be updated and value of the fields to beupdated. Use a full or relative path to a local file containing the value ofposture.

--revision-id=REVISION_ID

Revision ID of the posture to be updated. The same revision ID will be updatedin case the posture revision is not deployed on any workload. A new revisionwill be created for a deployed posture.

--async

Return immediately, without waiting for the operation in progress to complete.

--update-mask=UPDATE_MASK

Comma separated string containing list of fields to be updated.

Run$gcloud help for details.