File: //snap/google-cloud-cli/current/lib/surface/scc/postures/update.yaml
- release_tracks: [ALPHA, GA]
help_text:
brief: Update the given Cloud Security Command Center (SCC) posture.
description: |
Update a Cloud Security Command Center (SCC) posture.
Fields specified in update-mask flag are updated. Updatable fields are state, description and policy_sets.
State of the posture can't be updated along with update of other fields.
An empty or "*" as field mask will result in update of policy_sets and description.
In case of the update of policy_sets, the value mentioned in the update posture request overwrites the exisiting value of policy_sets.
Valid state transitions are:
a) ACTIVE to DRAFT
b) ACTIVE to DEPRECATED
c) DRAFT to ACTIVE
d) DEPRECATED to ACTIVE
The update operation will result in the update of the revision-id specified in the request, unless the posture revision is currently deployed on a workload.
A new revision is created for an already deployed posture revision.
examples: |
Update the revision-id `abcdefgh` of the posture named `foo-posture` in the organization `organizations/123/locations/global`:
Change State to ACTIVE.
$ {command} organizations/123/locations/global/postures/foo-posture --posture-from-file=update_posture.yaml --revision-id=abcdefgh update_mask=state
Contents of update_posture.yaml are |
name: organizations/123/locations/global/postures/foo-posture
state: ACTIVE
Update the revision-id `abcdefgh` of the posture named `foo-posture` in the organization `organizations/123/locations/global`:
Change description and policy_sets to the values mentioned in update_posture.yaml
$ {command} organizations/123/locations/global/postures/foo-posture --posture-from-file=update_posture.yaml --revision-id=abcdefgh update_mask=description,policy_sets
Contents of update_posture.yaml are |
name: organizations/123/locations/global/postures/foo-posture
description: updated description
policy_sets:
- policy_set_id: newPolicySet1
policies:
- policy_id: newPolicy
constraint:
org_policy_canned_constraint:
canned_constraint_id: storage.uniformBucketLevelAccess
policy_rules:
enforce: false
- policy_set_id: PolicySet2
policies:
- policy_id: Policy3
constraint:
org_policy_custom_constraint:
custom_constraint:
name: organizations/9454078371/customConstraints/custom.newConstraint
resource_types: container.$$UNIVERSE_DOMAIN$$/NodePool
method_types: UPDATE
condition: resource.management.autoUpgrade == false
action_type: ALLOW
policy_rules:
enforce: true
request:
collection: securityposture.organizations.locations.postures
api_version: v1alpha
method: patch
GA:
api_version: v1
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.scc.resources:posture
help_text: |
Arguments and flags that specify the Posture instance to be updated.
params:
- arg_name: posture-from-file
api_field: posture
required: true
type: "googlecloudsdk.calliope.arg_parsers:FileContents:"
processor: googlecloudsdk.core.yaml:load
help_text: |
Path of the file containing the details of the field to be updated. Contents include the name of the
posture to be updated and value of the fields to be updated.
- arg_name: revision-id
api_field: revisionId
required: true
help_text: |
Revision ID of the posture to be updated. The same revision ID will be updated in case the posture
revision is not deployed on any workload. A new revision will be created for a deployed
posture.
- arg_name: update-mask
api_field: updateMask
help_text: |
Comma separated string containing list of fields to be updated.
async:
collection: securityposture.organizations.locations.operations
output:
format: yaml