101 lines
4.3 KiB
YAML
101 lines
4.3 KiB
YAML
- release_tracks: [ALPHA, GA]
|
|
help_text:
|
|
brief: Update the given Cloud Security Command Center (SCC) posture.
|
|
description: |
|
|
Update a Cloud Security Command Center (SCC) posture.
|
|
|
|
Fields specified in update-mask flag are updated. Updatable fields are state, description and policy_sets.
|
|
State of the posture can't be updated along with update of other fields.
|
|
An empty or "*" as field mask will result in update of policy_sets and description.
|
|
In case of the update of policy_sets, the value mentioned in the update posture request overwrites the exisiting value of policy_sets.
|
|
|
|
Valid state transitions are:
|
|
a) ACTIVE to DRAFT
|
|
b) ACTIVE to DEPRECATED
|
|
c) DRAFT to ACTIVE
|
|
d) DEPRECATED to ACTIVE
|
|
|
|
The update operation will result in the update of the revision-id specified in the request, unless the posture revision is currently deployed on a workload.
|
|
A new revision is created for an already deployed posture revision.
|
|
|
|
examples: |
|
|
Update the revision-id `abcdefgh` of the posture named `foo-posture` in the organization `organizations/123/locations/global`:
|
|
Change State to ACTIVE.
|
|
$ {command} organizations/123/locations/global/postures/foo-posture --posture-from-file=update_posture.yaml --revision-id=abcdefgh update_mask=state
|
|
|
|
Contents of update_posture.yaml are |
|
|
name: organizations/123/locations/global/postures/foo-posture
|
|
state: ACTIVE
|
|
|
|
Update the revision-id `abcdefgh` of the posture named `foo-posture` in the organization `organizations/123/locations/global`:
|
|
Change description and policy_sets to the values mentioned in update_posture.yaml
|
|
$ {command} organizations/123/locations/global/postures/foo-posture --posture-from-file=update_posture.yaml --revision-id=abcdefgh update_mask=description,policy_sets
|
|
|
|
Contents of update_posture.yaml are |
|
|
name: organizations/123/locations/global/postures/foo-posture
|
|
description: updated description
|
|
policy_sets:
|
|
- policy_set_id: newPolicySet1
|
|
policies:
|
|
- policy_id: newPolicy
|
|
constraint:
|
|
org_policy_canned_constraint:
|
|
canned_constraint_id: storage.uniformBucketLevelAccess
|
|
policy_rules:
|
|
enforce: false
|
|
- policy_set_id: PolicySet2
|
|
policies:
|
|
- policy_id: Policy3
|
|
constraint:
|
|
org_policy_custom_constraint:
|
|
custom_constraint:
|
|
name: organizations/9454078371/customConstraints/custom.newConstraint
|
|
resource_types: container.$$UNIVERSE_DOMAIN$$/NodePool
|
|
method_types: UPDATE
|
|
condition: resource.management.autoUpgrade == false
|
|
action_type: ALLOW
|
|
policy_rules:
|
|
enforce: true
|
|
|
|
request:
|
|
collection: securityposture.organizations.locations.postures
|
|
api_version: v1alpha
|
|
method: patch
|
|
GA:
|
|
api_version: v1
|
|
|
|
arguments:
|
|
resource:
|
|
spec: !REF googlecloudsdk.command_lib.scc.resources:posture
|
|
help_text: |
|
|
Arguments and flags that specify the Posture instance to be updated.
|
|
|
|
params:
|
|
- arg_name: posture-from-file
|
|
api_field: posture
|
|
required: true
|
|
type: "googlecloudsdk.calliope.arg_parsers:FileContents:"
|
|
processor: googlecloudsdk.core.yaml:load
|
|
help_text: |
|
|
Path of the file containing the details of the field to be updated. Contents include the name of the
|
|
posture to be updated and value of the fields to be updated.
|
|
|
|
- arg_name: revision-id
|
|
api_field: revisionId
|
|
required: true
|
|
help_text: |
|
|
Revision ID of the posture to be updated. The same revision ID will be updated in case the posture
|
|
revision is not deployed on any workload. A new revision will be created for a deployed
|
|
posture.
|
|
|
|
- arg_name: update-mask
|
|
api_field: updateMask
|
|
help_text: |
|
|
Comma separated string containing list of fields to be updated.
|
|
|
|
async:
|
|
collection: securityposture.organizations.locations.operations
|
|
|
|
output:
|
|
format: yaml
|