gcloud alpha access-approval settings update

NAME
gcloud alpha access-approval settings update - update Access Approval settings
SYNOPSIS
gcloud alpha access-approval settings update [--active_key_version=ACTIVE_KEY_VERSION] [--enrolled_services=ENROLLED_SERVICES] [--notification_emails=NOTIFICATION_EMAILS] [--notification_pubsub_topic=NOTIFICATION_PUBSUB_TOPIC] [--prefer_no_broad_approval_requests=PREFER_NO_BROAD_APPROVAL_REQUESTS] [--preferred_request_expiration_days=PREFERRED_REQUEST_EXPIRATION_DAYS] [--request_scope_max_width_preference=REQUEST_SCOPE_MAX_WIDTH_PREFERENCE] [--require_customer_visible_justification=REQUIRE_CUSTOMER_VISIBLE_JUSTIFICATION] [--folder=FOLDER     | --organization=ORGANIZATION     | --project=PROJECT] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Update the Access Approval settings associated with a project, a folder, or organization. Partial updates are supported (for example, you can update the notification emails without modifying the enrolled services).
EXAMPLES
Update notification emails associated with project p1, run:
gcloud alpha access-approval settings update --project=p1 --notification_emails='[email protected], [email protected]'

Enable Access Approval enforcement for folder f1:

gcloud alpha access-approval settings update --folder=f1 --enrolled_services=all

Enable Access Approval enforcement for organization org1 for only Cloud Storage and Compute products and set the notification emails at the same time:

gcloud alpha access-approval settings update --organization=org1 --enrolled_services='storage.googleapis.com,compute.googleapis.com' --notification_emails='[email protected]'

Update active key version for project p1:

gcloud alpha access-approval settings update --project=p1 --active_key_version='projects/p1/locations/global/keyRings/signing-keys/cryptoKeys/signing-key/cryptoKeyVersions/1'

Update preferred request expiration days for project p1:

gcloud alpha access-approval settings update --project=p1 --preferred_request_expiration_days=5

Enable prefer no broad approval requests for project p1:

gcloud alpha access-approval settings update --project=p1 --prefer_no_broad_approval_requests=true

Update notification pubsub topic for project p1:

gcloud alpha access-approval settings update --project=p1 --notification_pubsub_topic='exampleTopic'

Update request scope max width preference for project p1:

gcloud alpha access-approval settings update --project=p1 --request_scope_max_width_preference=PROJECT
FLAGS
--active_key_version=ACTIVE_KEY_VERSION
The asymmetric crypto key version to use for signing approval requests. Use '' to remove the custom signing key.
--enrolled_services=ENROLLED_SERVICES
Comma-separated list of services to enroll for Access Approval or 'all' for all supported services. Note for project and folder enrollments, only 'all' is supported. Use '' to clear all enrolled services.
--notification_emails=NOTIFICATION_EMAILS
Comma-separated list of email addresses to which notifications relating to approval requests should be sent or '' to clear all saved notification emails.
--notification_pubsub_topic=NOTIFICATION_PUBSUB_TOPIC
The pubsub topic to publish notifications to when approval requests are made.
--prefer_no_broad_approval_requests=PREFER_NO_BROAD_APPROVAL_REQUESTS
If set to true it will communicate the preference to Google personnel to request access with as targeted a resource scope as possible.
--preferred_request_expiration_days=PREFERRED_REQUEST_EXPIRATION_DAYS
The default expiration time for approval requests. This value must be between 1 and 30. Note that this can be overridden at time of Approval Request creation and modified by the customer at approval time.
--request_scope_max_width_preference=REQUEST_SCOPE_MAX_WIDTH_PREFERENCE
The preference for the broadest scope of access for access requests without a specific method. REQUEST_SCOPE_MAX_WIDTH_PREFERENCE must be one of: ORGANIZATION, FOLDER, PROJECT.
--require_customer_visible_justification=REQUIRE_CUSTOMER_VISIBLE_JUSTIFICATION
The preference to configure if a customer visible justification (i.e. Vector Case) is required for a Googler to create an Access Ticket to send to the customer when attempting to access customer resources.
At most one of these can be specified:
--folder=FOLDER
Folder number. Only one of --project, --folder, or --organization can be provided. If none are provided then it uses config property [core/project].
--organization=ORGANIZATION
Organization number. Either --project, --folder, or --organization must be provided. If none are provided then it uses config property [core/project].
--project=PROJECT
Project number or id. Only one of --project, --folder, or --organization can be provided. If none are provided then it uses config property [core/project].
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
gcloud access-approval settings update
gcloud beta access-approval settings update