updateSecuritySettings
Updates the security settings (member restrictions) of a group.
Synopsis
Implements the API documented at https://cloud.google.com/identity/docs/reference/rest/v1/groups/updateSecuritySettings
gsm groupsCi updateSecuritySettings [flags]
Options
--email string Email address of the group.
This may be used instead of the name to do a lookup of the group resource name.
Note that this will cause an additional API call.
--fields string Fields allows partial responses to be retrieved.
See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
-h, --help help for updateSecuritySettings
--name string The resource name of the Group.
Must be of the form groups/{group_id}.
--query string Must be specified in Common Expression Language.
search:
May only contain equality operators on the parent and inclusion operators on labels (e.g., parent == 'customers/{customer_id}' && 'cloudidentity.googleapis.com/groups.discussion_forum' in labels).
updateSecuritySettings:
Member Restriction as defined by CEL expression. Supported restrictions are: member.customer_id and member.type.
Valid values for member.type are 1, 2 and 3. They correspond to USER, SERVICE_ACCOUNT, and GROUP respectively.
The value for member.customer_id only supports groupCustomerId() currently which means the customer id of the group will be used for restriction.
Supported operators are &&, || and ==, corresponding to AND, OR, and EQUAL.
Examples: Allow only service accounts of given customer to be members.
member.type == 2 && member.customer_id == groupCustomerId()
Allow only users or groups to be members.
member.type == 1 || member.type == 3
--updateMask string The fully-qualified names of fields to update.
May only contain the following fields:
- patch:
- displayName
- description
- updateSecuritySettings
- memberRestriction.query (default)
A comma-separated list of fully qualified names of fields. Example: "user.displayName,photo". (default "memberRestriction.query")
Options inherited from parent commands
--compressOutput By default, GSM outputs "pretty" (indented) objects. By setting this flag, GSM's output will be compressed. This may or may not improve performance in scripts.
--config string config file (default is $HOME/.config/gsm/.gsm.yaml)
--delay int This delay (plus a random jitter between 0 and 50) will be applied after every command to avoid reaching quota and rate limits. Set to 0 to disable.
--dwdSubject string Specify a subject used for DWD impersonation (overrides value in config file)
--log string Set the path of the log file. Default is either ~/gsm.log or defined in your config file
--maxElapsedTime int This is the maximum total time that will be spent retrying a request in minutes. (default 15)
--maxRetryInterval int This is the maximum interval that will be used between retry attempts in seconds. (default 320)
--redirectPort int This is the TCP port on which GSM will create web server if you authenticate with a user account for the first time. This is necessary for the OAuth flow. See https://developers.google.com/identity/protocols/oauth2/native-app#redirect-uri_loopback (default 8081)
--retryOn ints Specify the HTTP error code(s) that GSM should retry on. Note that GSM will always retry on HTTP 403 errors that indicate a quota / rate limit error
--streamOutput Setting this flag will cause GSM to output slice values to stdout one by one, instead of one large object
SEE ALSO
- gsm groupsCi - Manage Google Groups with the Cloud Identity API
- gsm groupsCi updateSecuritySettings batch - Batch retrieves groups’ security settings (member restrictions) using a CSV file as input.