Google Cloud Native v0.32.0, Nov 29 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.accesscontextmanager/v1beta.AccessLevel

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

Create AccessLevel Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AccessLevel(name: string, args: AccessLevelArgs, opts?: CustomResourceOptions);

@overload
def AccessLevel(resource_name: str,
                args: AccessLevelArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def AccessLevel(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                access_policy_id: Optional[str] = None,
                basic: Optional[BasicLevelArgs] = None,
                custom: Optional[CustomLevelArgs] = None,
                description: Optional[str] = None,
                name: Optional[str] = None,
                title: Optional[str] = None)

func NewAccessLevel(ctx *Context, name string, args AccessLevelArgs, opts ...ResourceOption) (*AccessLevel, error)

public AccessLevel(string name, AccessLevelArgs args, CustomResourceOptions? opts = null)

public AccessLevel(String name, AccessLevelArgs args)
public AccessLevel(String name, AccessLevelArgs args, CustomResourceOptions options)

type: google-native:accesscontextmanager/v1beta:AccessLevel
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AccessLevelArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AccessLevelArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AccessLevelArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AccessLevelArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AccessLevelArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var google_nativeAccessLevelResource = new GoogleNative.AccessContextManager.V1Beta.AccessLevel("google-nativeAccessLevelResource", new()
{
    AccessPolicyId = "string",
    Basic = new GoogleNative.AccessContextManager.V1Beta.Inputs.BasicLevelArgs
    {
        Conditions = new[]
        {
            new GoogleNative.AccessContextManager.V1Beta.Inputs.ConditionArgs
            {
                DevicePolicy = new GoogleNative.AccessContextManager.V1Beta.Inputs.DevicePolicyArgs
                {
                    AllowedDeviceManagementLevels = new[]
                    {
                        GoogleNative.AccessContextManager.V1Beta.DevicePolicyAllowedDeviceManagementLevelsItem.ManagementUnspecified,
                    },
                    AllowedEncryptionStatuses = new[]
                    {
                        GoogleNative.AccessContextManager.V1Beta.DevicePolicyAllowedEncryptionStatusesItem.EncryptionUnspecified,
                    },
                    OsConstraints = new[]
                    {
                        new GoogleNative.AccessContextManager.V1Beta.Inputs.OsConstraintArgs
                        {
                            OsType = GoogleNative.AccessContextManager.V1Beta.OsConstraintOsType.OsUnspecified,
                            MinimumVersion = "string",
                            RequireVerifiedChromeOs = false,
                        },
                    },
                    RequireAdminApproval = false,
                    RequireCorpOwned = false,
                    RequireScreenlock = false,
                },
                IpSubnetworks = new[]
                {
                    "string",
                },
                Members = new[]
                {
                    "string",
                },
                Negate = false,
                Regions = new[]
                {
                    "string",
                },
                RequiredAccessLevels = new[]
                {
                    "string",
                },
            },
        },
        CombiningFunction = GoogleNative.AccessContextManager.V1Beta.BasicLevelCombiningFunction.And,
    },
    Custom = new GoogleNative.AccessContextManager.V1Beta.Inputs.CustomLevelArgs
    {
        Expr = new GoogleNative.AccessContextManager.V1Beta.Inputs.ExprArgs
        {
            Description = "string",
            Expression = "string",
            Location = "string",
            Title = "string",
        },
    },
    Description = "string",
    Name = "string",
    Title = "string",
});

example, err := accesscontextmanagerv1beta.NewAccessLevel(ctx, "google-nativeAccessLevelResource", &accesscontextmanagerv1beta.AccessLevelArgs{
	AccessPolicyId: pulumi.String("string"),
	Basic: &accesscontextmanager.BasicLevelArgs{
		Conditions: accesscontextmanager.ConditionArray{
			&accesscontextmanager.ConditionArgs{
				DevicePolicy: &accesscontextmanager.DevicePolicyArgs{
					AllowedDeviceManagementLevels: accesscontextmanager.DevicePolicyAllowedDeviceManagementLevelsItemArray{
						accesscontextmanagerv1beta.DevicePolicyAllowedDeviceManagementLevelsItemManagementUnspecified,
					},
					AllowedEncryptionStatuses: accesscontextmanager.DevicePolicyAllowedEncryptionStatusesItemArray{
						accesscontextmanagerv1beta.DevicePolicyAllowedEncryptionStatusesItemEncryptionUnspecified,
					},
					OsConstraints: accesscontextmanager.OsConstraintArray{
						&accesscontextmanager.OsConstraintArgs{
							OsType:                  accesscontextmanagerv1beta.OsConstraintOsTypeOsUnspecified,
							MinimumVersion:          pulumi.String("string"),
							RequireVerifiedChromeOs: pulumi.Bool(false),
						},
					},
					RequireAdminApproval: pulumi.Bool(false),
					RequireCorpOwned:     pulumi.Bool(false),
					RequireScreenlock:    pulumi.Bool(false),
				},
				IpSubnetworks: pulumi.StringArray{
					pulumi.String("string"),
				},
				Members: pulumi.StringArray{
					pulumi.String("string"),
				},
				Negate: pulumi.Bool(false),
				Regions: pulumi.StringArray{
					pulumi.String("string"),
				},
				RequiredAccessLevels: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
		},
		CombiningFunction: accesscontextmanagerv1beta.BasicLevelCombiningFunctionAnd,
	},
	Custom: &accesscontextmanager.CustomLevelArgs{
		Expr: &accesscontextmanager.ExprArgs{
			Description: pulumi.String("string"),
			Expression:  pulumi.String("string"),
			Location:    pulumi.String("string"),
			Title:       pulumi.String("string"),
		},
	},
	Description: pulumi.String("string"),
	Name:        pulumi.String("string"),
	Title:       pulumi.String("string"),
})

var google_nativeAccessLevelResource = new AccessLevel("google-nativeAccessLevelResource", AccessLevelArgs.builder()
    .accessPolicyId("string")
    .basic(BasicLevelArgs.builder()
        .conditions(ConditionArgs.builder()
            .devicePolicy(DevicePolicyArgs.builder()
                .allowedDeviceManagementLevels("MANAGEMENT_UNSPECIFIED")
                .allowedEncryptionStatuses("ENCRYPTION_UNSPECIFIED")
                .osConstraints(OsConstraintArgs.builder()
                    .osType("OS_UNSPECIFIED")
                    .minimumVersion("string")
                    .requireVerifiedChromeOs(false)
                    .build())
                .requireAdminApproval(false)
                .requireCorpOwned(false)
                .requireScreenlock(false)
                .build())
            .ipSubnetworks("string")
            .members("string")
            .negate(false)
            .regions("string")
            .requiredAccessLevels("string")
            .build())
        .combiningFunction("AND")
        .build())
    .custom(CustomLevelArgs.builder()
        .expr(ExprArgs.builder()
            .description("string")
            .expression("string")
            .location("string")
            .title("string")
            .build())
        .build())
    .description("string")
    .name("string")
    .title("string")
    .build());

google_native_access_level_resource = google_native.accesscontextmanager.v1beta.AccessLevel("google-nativeAccessLevelResource",
    access_policy_id="string",
    basic={
        "conditions": [{
            "device_policy": {
                "allowed_device_management_levels": [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedDeviceManagementLevelsItem.MANAGEMENT_UNSPECIFIED],
                "allowed_encryption_statuses": [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedEncryptionStatusesItem.ENCRYPTION_UNSPECIFIED],
                "os_constraints": [{
                    "os_type": google_native.accesscontextmanager.v1beta.OsConstraintOsType.OS_UNSPECIFIED,
                    "minimum_version": "string",
                    "require_verified_chrome_os": False,
                }],
                "require_admin_approval": False,
                "require_corp_owned": False,
                "require_screenlock": False,
            },
            "ip_subnetworks": ["string"],
            "members": ["string"],
            "negate": False,
            "regions": ["string"],
            "required_access_levels": ["string"],
        }],
        "combining_function": google_native.accesscontextmanager.v1beta.BasicLevelCombiningFunction.AND_,
    },
    custom={
        "expr": {
            "description": "string",
            "expression": "string",
            "location": "string",
            "title": "string",
        },
    },
    description="string",
    name="string",
    title="string")

const google_nativeAccessLevelResource = new google_native.accesscontextmanager.v1beta.AccessLevel("google-nativeAccessLevelResource", {
    accessPolicyId: "string",
    basic: {
        conditions: [{
            devicePolicy: {
                allowedDeviceManagementLevels: [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedDeviceManagementLevelsItem.ManagementUnspecified],
                allowedEncryptionStatuses: [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedEncryptionStatusesItem.EncryptionUnspecified],
                osConstraints: [{
                    osType: google_native.accesscontextmanager.v1beta.OsConstraintOsType.OsUnspecified,
                    minimumVersion: "string",
                    requireVerifiedChromeOs: false,
                }],
                requireAdminApproval: false,
                requireCorpOwned: false,
                requireScreenlock: false,
            },
            ipSubnetworks: ["string"],
            members: ["string"],
            negate: false,
            regions: ["string"],
            requiredAccessLevels: ["string"],
        }],
        combiningFunction: google_native.accesscontextmanager.v1beta.BasicLevelCombiningFunction.And,
    },
    custom: {
        expr: {
            description: "string",
            expression: "string",
            location: "string",
            title: "string",
        },
    },
    description: "string",
    name: "string",
    title: "string",
});

type: google-native:accesscontextmanager/v1beta:AccessLevel
properties:
    accessPolicyId: string
    basic:
        combiningFunction: AND
        conditions:
            - devicePolicy:
                allowedDeviceManagementLevels:
                    - MANAGEMENT_UNSPECIFIED
                allowedEncryptionStatuses:
                    - ENCRYPTION_UNSPECIFIED
                osConstraints:
                    - minimumVersion: string
                      osType: OS_UNSPECIFIED
                      requireVerifiedChromeOs: false
                requireAdminApproval: false
                requireCorpOwned: false
                requireScreenlock: false
              ipSubnetworks:
                - string
              members:
                - string
              negate: false
              regions:
                - string
              requiredAccessLevels:
                - string
    custom:
        expr:
            description: string
            expression: string
            location: string
            title: string
    description: string
    name: string
    title: string

AccessLevel Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AccessLevel resource accepts the following input properties:

AccessPolicyId string
Basic Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.BasicLevel: A BasicLevel composed of Conditions.
Custom Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.CustomLevel: A CustomLevel written in the Common Expression Language.
Description string: Description of the AccessLevel and its use. Does not affect behavior.
Name string: Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
Title string: Human readable title. Must be unique within the Policy.

AccessPolicyId string
Basic BasicLevelArgs: A BasicLevel composed of Conditions.
Custom CustomLevelArgs: A CustomLevel written in the Common Expression Language.
Description string: Description of the AccessLevel and its use. Does not affect behavior.
Name string: Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
Title string: Human readable title. Must be unique within the Policy.

accessPolicyId String
basic BasicLevel: A BasicLevel composed of Conditions.
custom CustomLevel: A CustomLevel written in the Common Expression Language.
description String: Description of the AccessLevel and its use. Does not affect behavior.
name String: Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
title String: Human readable title. Must be unique within the Policy.

accessPolicyId string
basic BasicLevel: A BasicLevel composed of Conditions.
custom CustomLevel: A CustomLevel written in the Common Expression Language.
description string: Description of the AccessLevel and its use. Does not affect behavior.
name string: Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
title string: Human readable title. Must be unique within the Policy.

access_policy_id str
basic BasicLevelArgs: A BasicLevel composed of Conditions.
custom CustomLevelArgs: A CustomLevel written in the Common Expression Language.
description str: Description of the AccessLevel and its use. Does not affect behavior.
name str: Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
title str: Human readable title. Must be unique within the Policy.

accessPolicyId String
basic Property Map: A BasicLevel composed of Conditions.
custom Property Map: A CustomLevel written in the Common Expression Language.
description String: Description of the AccessLevel and its use. Does not affect behavior.
name String: Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
title String: Human readable title. Must be unique within the Policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessLevel resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Supporting Types

BasicLevel, BasicLevelArgs

Conditions List<Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.Condition>: A list of requirements for the AccessLevel to be granted.
CombiningFunction Pulumi.GoogleNative.AccessContextManager.V1Beta.BasicLevelCombiningFunction: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

Conditions []Condition: A list of requirements for the AccessLevel to be granted.
CombiningFunction BasicLevelCombiningFunction: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions List<Condition>: A list of requirements for the AccessLevel to be granted.
combiningFunction BasicLevelCombiningFunction: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions Condition[]: A list of requirements for the AccessLevel to be granted.
combiningFunction BasicLevelCombiningFunction: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions Sequence[Condition]: A list of requirements for the AccessLevel to be granted.
combining_function BasicLevelCombiningFunction: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions List<Property Map>: A list of requirements for the AccessLevel to be granted.
combiningFunction "AND" | "OR": How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

BasicLevelCombiningFunction, BasicLevelCombiningFunctionArgs

And: ANDAll Conditions must be true for the BasicLevel to be true.
Or: ORIf at least one Condition is true, then the BasicLevel is true.

BasicLevelCombiningFunctionAnd: ANDAll Conditions must be true for the BasicLevel to be true.
BasicLevelCombiningFunctionOr: ORIf at least one Condition is true, then the BasicLevel is true.

And: ANDAll Conditions must be true for the BasicLevel to be true.
Or: ORIf at least one Condition is true, then the BasicLevel is true.

And: ANDAll Conditions must be true for the BasicLevel to be true.
Or: ORIf at least one Condition is true, then the BasicLevel is true.

AND_: ANDAll Conditions must be true for the BasicLevel to be true.
OR_: ORIf at least one Condition is true, then the BasicLevel is true.

"AND": ANDAll Conditions must be true for the BasicLevel to be true.
"OR": ORIf at least one Condition is true, then the BasicLevel is true.

BasicLevelResponse, BasicLevelResponseArgs

CombiningFunction string: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
Conditions List<Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.ConditionResponse>: A list of requirements for the AccessLevel to be granted.

CombiningFunction string: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
Conditions []ConditionResponse: A list of requirements for the AccessLevel to be granted.

combiningFunction String: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
conditions List<ConditionResponse>: A list of requirements for the AccessLevel to be granted.

combiningFunction string: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
conditions ConditionResponse[]: A list of requirements for the AccessLevel to be granted.

combining_function str: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
conditions Sequence[ConditionResponse]: A list of requirements for the AccessLevel to be granted.

combiningFunction String: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
conditions List<Property Map>: A list of requirements for the AccessLevel to be granted.

Condition, ConditionArgs

DevicePolicy Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.DevicePolicy: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
IpSubnetworks List<string>: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
Members List<string>: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
Negate bool: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
Regions List<string>: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
RequiredAccessLevels List<string>: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

DevicePolicy DevicePolicy: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
IpSubnetworks []string: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
Members []string: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
Negate bool: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
Regions []string: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
RequiredAccessLevels []string: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy DevicePolicy: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ipSubnetworks List<String>: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
members List<String>: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
negate Boolean: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
regions List<String>: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
requiredAccessLevels List<String>: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy DevicePolicy: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ipSubnetworks string[]: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
members string[]: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
negate boolean: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
regions string[]: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
requiredAccessLevels string[]: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

device_policy DevicePolicy: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ip_subnetworks Sequence[str]: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
members Sequence[str]: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
negate bool: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
regions Sequence[str]: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
required_access_levels Sequence[str]: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy Property Map: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ipSubnetworks List<String>: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
members List<String>: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
negate Boolean: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
regions List<String>: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
requiredAccessLevels List<String>: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

ConditionResponse, ConditionResponseArgs

DevicePolicy Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.DevicePolicyResponse: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
IpSubnetworks List<string>: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
Members List<string>: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
Negate bool: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
Regions List<string>: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
RequiredAccessLevels List<string>: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

DevicePolicy DevicePolicyResponse: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
IpSubnetworks []string: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
Members []string: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
Negate bool: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
Regions []string: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
RequiredAccessLevels []string: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy DevicePolicyResponse: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ipSubnetworks List<String>: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
members List<String>: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
negate Boolean: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
regions List<String>: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
requiredAccessLevels List<String>: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy DevicePolicyResponse: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ipSubnetworks string[]: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
members string[]: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
negate boolean: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
regions string[]: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
requiredAccessLevels string[]: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

device_policy DevicePolicyResponse: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ip_subnetworks Sequence[str]: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
members Sequence[str]: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
negate bool: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
regions Sequence[str]: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
required_access_levels Sequence[str]: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy Property Map: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ipSubnetworks List<String>: CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
members List<String>: The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
negate Boolean: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
regions List<String>: The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
requiredAccessLevels List<String>: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

CustomLevel, CustomLevelArgs

Expr Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.Expr: A Cloud CEL expression evaluating to a boolean.

Expr Expr: A Cloud CEL expression evaluating to a boolean.

expr Expr: A Cloud CEL expression evaluating to a boolean.

expr Expr: A Cloud CEL expression evaluating to a boolean.

expr Expr: A Cloud CEL expression evaluating to a boolean.

expr Property Map: A Cloud CEL expression evaluating to a boolean.

CustomLevelResponse, CustomLevelResponseArgs

Expr Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.ExprResponse: A Cloud CEL expression evaluating to a boolean.

Expr ExprResponse: A Cloud CEL expression evaluating to a boolean.

expr ExprResponse: A Cloud CEL expression evaluating to a boolean.

expr ExprResponse: A Cloud CEL expression evaluating to a boolean.

expr ExprResponse: A Cloud CEL expression evaluating to a boolean.

expr Property Map: A Cloud CEL expression evaluating to a boolean.

DevicePolicy, DevicePolicyArgs

AllowedDeviceManagementLevels List<Pulumi.GoogleNative.AccessContextManager.V1Beta.DevicePolicyAllowedDeviceManagementLevelsItem>: Allowed device management levels, an empty list allows all management levels.
AllowedEncryptionStatuses List<Pulumi.GoogleNative.AccessContextManager.V1Beta.DevicePolicyAllowedEncryptionStatusesItem>: Allowed encryptions statuses, an empty list allows all statuses.
OsConstraints List<Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.OsConstraint>: Allowed OS versions, an empty list allows all types and all versions.
RequireAdminApproval bool: Whether the device needs to be approved by the customer admin.
RequireCorpOwned bool: Whether the device needs to be corp owned.
RequireScreenlock bool: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

AllowedDeviceManagementLevels []DevicePolicyAllowedDeviceManagementLevelsItem: Allowed device management levels, an empty list allows all management levels.
AllowedEncryptionStatuses []DevicePolicyAllowedEncryptionStatusesItem: Allowed encryptions statuses, an empty list allows all statuses.
OsConstraints []OsConstraint: Allowed OS versions, an empty list allows all types and all versions.
RequireAdminApproval bool: Whether the device needs to be approved by the customer admin.
RequireCorpOwned bool: Whether the device needs to be corp owned.
RequireScreenlock bool: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels List<DevicePolicyAllowedDeviceManagementLevelsItem>: Allowed device management levels, an empty list allows all management levels.
allowedEncryptionStatuses List<DevicePolicyAllowedEncryptionStatusesItem>: Allowed encryptions statuses, an empty list allows all statuses.
osConstraints List<OsConstraint>: Allowed OS versions, an empty list allows all types and all versions.
requireAdminApproval Boolean: Whether the device needs to be approved by the customer admin.
requireCorpOwned Boolean: Whether the device needs to be corp owned.
requireScreenlock Boolean: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels DevicePolicyAllowedDeviceManagementLevelsItem[]: Allowed device management levels, an empty list allows all management levels.
allowedEncryptionStatuses DevicePolicyAllowedEncryptionStatusesItem[]: Allowed encryptions statuses, an empty list allows all statuses.
osConstraints OsConstraint[]: Allowed OS versions, an empty list allows all types and all versions.
requireAdminApproval boolean: Whether the device needs to be approved by the customer admin.
requireCorpOwned boolean: Whether the device needs to be corp owned.
requireScreenlock boolean: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowed_device_management_levels Sequence[DevicePolicyAllowedDeviceManagementLevelsItem]: Allowed device management levels, an empty list allows all management levels.
allowed_encryption_statuses Sequence[DevicePolicyAllowedEncryptionStatusesItem]: Allowed encryptions statuses, an empty list allows all statuses.
os_constraints Sequence[OsConstraint]: Allowed OS versions, an empty list allows all types and all versions.
require_admin_approval bool: Whether the device needs to be approved by the customer admin.
require_corp_owned bool: Whether the device needs to be corp owned.
require_screenlock bool: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels List<"MANAGEMENT_UNSPECIFIED" | "NONE" | "BASIC" | "COMPLETE">: Allowed device management levels, an empty list allows all management levels.
allowedEncryptionStatuses List<"ENCRYPTION_UNSPECIFIED" | "ENCRYPTION_UNSUPPORTED" | "UNENCRYPTED" | "ENCRYPTED">: Allowed encryptions statuses, an empty list allows all statuses.
osConstraints List<Property Map>: Allowed OS versions, an empty list allows all types and all versions.
requireAdminApproval Boolean: Whether the device needs to be approved by the customer admin.
requireCorpOwned Boolean: Whether the device needs to be corp owned.
requireScreenlock Boolean: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

DevicePolicyAllowedDeviceManagementLevelsItem, DevicePolicyAllowedDeviceManagementLevelsItemArgs

ManagementUnspecified: MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
None: NONEThe device is not managed.
Basic: BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
Complete: COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

DevicePolicyAllowedDeviceManagementLevelsItemManagementUnspecified: MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
DevicePolicyAllowedDeviceManagementLevelsItemNone: NONEThe device is not managed.
DevicePolicyAllowedDeviceManagementLevelsItemBasic: BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
DevicePolicyAllowedDeviceManagementLevelsItemComplete: COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

ManagementUnspecified: MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
None: NONEThe device is not managed.
Basic: BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
Complete: COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

ManagementUnspecified: MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
None: NONEThe device is not managed.
Basic: BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
Complete: COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

MANAGEMENT_UNSPECIFIED: MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
NONE: NONEThe device is not managed.
BASIC: BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
COMPLETE: COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

"MANAGEMENT_UNSPECIFIED": MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
"NONE": NONEThe device is not managed.
"BASIC": BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
"COMPLETE": COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

DevicePolicyAllowedEncryptionStatusesItem, DevicePolicyAllowedEncryptionStatusesItemArgs

EncryptionUnspecified: ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
EncryptionUnsupported: ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
Unencrypted: UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
Encrypted: ENCRYPTEDThe device is encrypted.

DevicePolicyAllowedEncryptionStatusesItemEncryptionUnspecified: ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
DevicePolicyAllowedEncryptionStatusesItemEncryptionUnsupported: ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
DevicePolicyAllowedEncryptionStatusesItemUnencrypted: UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
DevicePolicyAllowedEncryptionStatusesItemEncrypted: ENCRYPTEDThe device is encrypted.

EncryptionUnspecified: ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
EncryptionUnsupported: ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
Unencrypted: UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
Encrypted: ENCRYPTEDThe device is encrypted.

EncryptionUnspecified: ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
EncryptionUnsupported: ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
Unencrypted: UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
Encrypted: ENCRYPTEDThe device is encrypted.

ENCRYPTION_UNSPECIFIED: ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
ENCRYPTION_UNSUPPORTED: ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
UNENCRYPTED: UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
ENCRYPTED: ENCRYPTEDThe device is encrypted.

"ENCRYPTION_UNSPECIFIED": ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
"ENCRYPTION_UNSUPPORTED": ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
"UNENCRYPTED": UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
"ENCRYPTED": ENCRYPTEDThe device is encrypted.

DevicePolicyResponse, DevicePolicyResponseArgs

AllowedDeviceManagementLevels List<string>: Allowed device management levels, an empty list allows all management levels.
AllowedEncryptionStatuses List<string>: Allowed encryptions statuses, an empty list allows all statuses.
OsConstraints List<Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.OsConstraintResponse>: Allowed OS versions, an empty list allows all types and all versions.
RequireAdminApproval bool: Whether the device needs to be approved by the customer admin.
RequireCorpOwned bool: Whether the device needs to be corp owned.
RequireScreenlock bool: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

AllowedDeviceManagementLevels []string: Allowed device management levels, an empty list allows all management levels.
AllowedEncryptionStatuses []string: Allowed encryptions statuses, an empty list allows all statuses.
OsConstraints []OsConstraintResponse: Allowed OS versions, an empty list allows all types and all versions.
RequireAdminApproval bool: Whether the device needs to be approved by the customer admin.
RequireCorpOwned bool: Whether the device needs to be corp owned.
RequireScreenlock bool: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels List<String>: Allowed device management levels, an empty list allows all management levels.
allowedEncryptionStatuses List<String>: Allowed encryptions statuses, an empty list allows all statuses.
osConstraints List<OsConstraintResponse>: Allowed OS versions, an empty list allows all types and all versions.
requireAdminApproval Boolean: Whether the device needs to be approved by the customer admin.
requireCorpOwned Boolean: Whether the device needs to be corp owned.
requireScreenlock Boolean: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels string[]: Allowed device management levels, an empty list allows all management levels.
allowedEncryptionStatuses string[]: Allowed encryptions statuses, an empty list allows all statuses.
osConstraints OsConstraintResponse[]: Allowed OS versions, an empty list allows all types and all versions.
requireAdminApproval boolean: Whether the device needs to be approved by the customer admin.
requireCorpOwned boolean: Whether the device needs to be corp owned.
requireScreenlock boolean: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowed_device_management_levels Sequence[str]: Allowed device management levels, an empty list allows all management levels.
allowed_encryption_statuses Sequence[str]: Allowed encryptions statuses, an empty list allows all statuses.
os_constraints Sequence[OsConstraintResponse]: Allowed OS versions, an empty list allows all types and all versions.
require_admin_approval bool: Whether the device needs to be approved by the customer admin.
require_corp_owned bool: Whether the device needs to be corp owned.
require_screenlock bool: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels List<String>: Allowed device management levels, an empty list allows all management levels.
allowedEncryptionStatuses List<String>: Allowed encryptions statuses, an empty list allows all statuses.
osConstraints List<Property Map>: Allowed OS versions, an empty list allows all types and all versions.
requireAdminApproval Boolean: Whether the device needs to be approved by the customer admin.
requireCorpOwned Boolean: Whether the device needs to be corp owned.
requireScreenlock Boolean: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

Expr, ExprArgs

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression string: Textual representation of an expression in Common Expression Language syntax.
location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression str: Textual representation of an expression in Common Expression Language syntax.
location str: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title str: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

ExprResponse, ExprResponseArgs

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression string: Textual representation of an expression in Common Expression Language syntax.
location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression str: Textual representation of an expression in Common Expression Language syntax.
location str: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title str: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

OsConstraint, OsConstraintArgs

OsType Pulumi.GoogleNative.AccessContextManager.V1Beta.OsConstraintOsType: The allowed OS type.
MinimumVersion string: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
RequireVerifiedChromeOs bool: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

OsType OsConstraintOsType: The allowed OS type.
MinimumVersion string: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
RequireVerifiedChromeOs bool: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

osType OsConstraintOsType: The allowed OS type.
minimumVersion String: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
requireVerifiedChromeOs Boolean: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

osType OsConstraintOsType: The allowed OS type.
minimumVersion string: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
requireVerifiedChromeOs boolean: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

os_type OsConstraintOsType: The allowed OS type.
minimum_version str: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
require_verified_chrome_os bool: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

osType "OS_UNSPECIFIED" | "DESKTOP_MAC" | "DESKTOP_WINDOWS" | "DESKTOP_LINUX" | "DESKTOP_CHROME_OS" | "ANDROID" | "IOS": The allowed OS type.
minimumVersion String: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
requireVerifiedChromeOs Boolean: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

OsConstraintOsType, OsConstraintOsTypeArgs

OsUnspecified: OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
DesktopMac: DESKTOP_MACA desktop Mac operating system.
DesktopWindows: DESKTOP_WINDOWSA desktop Windows operating system.
DesktopLinux: DESKTOP_LINUXA desktop Linux operating system.
DesktopChromeOs: DESKTOP_CHROME_OSA desktop ChromeOS operating system.
Android: ANDROIDAn Android operating system.
Ios: IOSAn iOS operating system.

OsConstraintOsTypeOsUnspecified: OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
OsConstraintOsTypeDesktopMac: DESKTOP_MACA desktop Mac operating system.
OsConstraintOsTypeDesktopWindows: DESKTOP_WINDOWSA desktop Windows operating system.
OsConstraintOsTypeDesktopLinux: DESKTOP_LINUXA desktop Linux operating system.
OsConstraintOsTypeDesktopChromeOs: DESKTOP_CHROME_OSA desktop ChromeOS operating system.
OsConstraintOsTypeAndroid: ANDROIDAn Android operating system.
OsConstraintOsTypeIos: IOSAn iOS operating system.

OsUnspecified: OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
DesktopMac: DESKTOP_MACA desktop Mac operating system.
DesktopWindows: DESKTOP_WINDOWSA desktop Windows operating system.
DesktopLinux: DESKTOP_LINUXA desktop Linux operating system.
DesktopChromeOs: DESKTOP_CHROME_OSA desktop ChromeOS operating system.
Android: ANDROIDAn Android operating system.
Ios: IOSAn iOS operating system.

OsUnspecified: OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
DesktopMac: DESKTOP_MACA desktop Mac operating system.
DesktopWindows: DESKTOP_WINDOWSA desktop Windows operating system.
DesktopLinux: DESKTOP_LINUXA desktop Linux operating system.
DesktopChromeOs: DESKTOP_CHROME_OSA desktop ChromeOS operating system.
Android: ANDROIDAn Android operating system.
Ios: IOSAn iOS operating system.

OS_UNSPECIFIED: OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
DESKTOP_MAC: DESKTOP_MACA desktop Mac operating system.
DESKTOP_WINDOWS: DESKTOP_WINDOWSA desktop Windows operating system.
DESKTOP_LINUX: DESKTOP_LINUXA desktop Linux operating system.
DESKTOP_CHROME_OS: DESKTOP_CHROME_OSA desktop ChromeOS operating system.
ANDROID: ANDROIDAn Android operating system.
IOS: IOSAn iOS operating system.

"OS_UNSPECIFIED": OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
"DESKTOP_MAC": DESKTOP_MACA desktop Mac operating system.
"DESKTOP_WINDOWS": DESKTOP_WINDOWSA desktop Windows operating system.
"DESKTOP_LINUX": DESKTOP_LINUXA desktop Linux operating system.
"DESKTOP_CHROME_OS": DESKTOP_CHROME_OSA desktop ChromeOS operating system.
"ANDROID": ANDROIDAn Android operating system.
"IOS": IOSAn iOS operating system.

OsConstraintResponse, OsConstraintResponseArgs

MinimumVersion string: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
OsType string: The allowed OS type.
RequireVerifiedChromeOs bool: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

MinimumVersion string: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
OsType string: The allowed OS type.
RequireVerifiedChromeOs bool: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimumVersion String: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
osType String: The allowed OS type.
requireVerifiedChromeOs Boolean: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimumVersion string: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
osType string: The allowed OS type.
requireVerifiedChromeOs boolean: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimum_version str: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
os_type str: The allowed OS type.
require_verified_chrome_os bool: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimumVersion String: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
osType String: The allowed OS type.
requireVerifiedChromeOs Boolean: Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.accesscontextmanager/v1beta.AccessLevel

On this page

On this page

Create AccessLevel Resource

Constructor syntax

Parameters

Constructor example

AccessLevel Resource Properties

Inputs

Outputs

Supporting Types

BasicLevel, BasicLevelArgs

BasicLevelCombiningFunction, BasicLevelCombiningFunctionArgs

BasicLevelResponse, BasicLevelResponseArgs

Condition, ConditionArgs

ConditionResponse, ConditionResponseArgs

CustomLevel, CustomLevelArgs

CustomLevelResponse, CustomLevelResponseArgs

DevicePolicy, DevicePolicyArgs

DevicePolicyAllowedDeviceManagementLevelsItem, DevicePolicyAllowedDeviceManagementLevelsItemArgs

DevicePolicyAllowedEncryptionStatusesItem, DevicePolicyAllowedEncryptionStatusesItemArgs

DevicePolicyResponse, DevicePolicyResponseArgs

Expr, ExprArgs

ExprResponse, ExprResponseArgs

OsConstraint, OsConstraintArgs

OsConstraintOsType, OsConstraintOsTypeArgs

OsConstraintResponse, OsConstraintResponseArgs

Package Details

On this page

On this page