1. Packages
  2. Google Cloud Native
  3. API Docs
  4. accesscontextmanager
  5. accesscontextmanager/v1beta
  6. AccessLevel

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.accesscontextmanager/v1beta.AccessLevel

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Create an Access Level. The longrunning operation from this RPC will have a successful status once the Access Level has propagated to long-lasting storage. Access Levels containing errors will result in an error response for the first error encountered.

    Create AccessLevel Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AccessLevel(name: string, args: AccessLevelArgs, opts?: CustomResourceOptions);
    @overload
    def AccessLevel(resource_name: str,
                    args: AccessLevelArgs,
                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def AccessLevel(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    access_policy_id: Optional[str] = None,
                    basic: Optional[BasicLevelArgs] = None,
                    custom: Optional[CustomLevelArgs] = None,
                    description: Optional[str] = None,
                    name: Optional[str] = None,
                    title: Optional[str] = None)
    func NewAccessLevel(ctx *Context, name string, args AccessLevelArgs, opts ...ResourceOption) (*AccessLevel, error)
    public AccessLevel(string name, AccessLevelArgs args, CustomResourceOptions? opts = null)
    public AccessLevel(String name, AccessLevelArgs args)
    public AccessLevel(String name, AccessLevelArgs args, CustomResourceOptions options)
    
    type: google-native:accesscontextmanager/v1beta:AccessLevel
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AccessLevelArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessLevelArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessLevelArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessLevelArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessLevelArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var google_nativeAccessLevelResource = new GoogleNative.AccessContextManager.V1Beta.AccessLevel("google-nativeAccessLevelResource", new()
    {
        AccessPolicyId = "string",
        Basic = new GoogleNative.AccessContextManager.V1Beta.Inputs.BasicLevelArgs
        {
            Conditions = new[]
            {
                new GoogleNative.AccessContextManager.V1Beta.Inputs.ConditionArgs
                {
                    DevicePolicy = new GoogleNative.AccessContextManager.V1Beta.Inputs.DevicePolicyArgs
                    {
                        AllowedDeviceManagementLevels = new[]
                        {
                            GoogleNative.AccessContextManager.V1Beta.DevicePolicyAllowedDeviceManagementLevelsItem.ManagementUnspecified,
                        },
                        AllowedEncryptionStatuses = new[]
                        {
                            GoogleNative.AccessContextManager.V1Beta.DevicePolicyAllowedEncryptionStatusesItem.EncryptionUnspecified,
                        },
                        OsConstraints = new[]
                        {
                            new GoogleNative.AccessContextManager.V1Beta.Inputs.OsConstraintArgs
                            {
                                OsType = GoogleNative.AccessContextManager.V1Beta.OsConstraintOsType.OsUnspecified,
                                MinimumVersion = "string",
                                RequireVerifiedChromeOs = false,
                            },
                        },
                        RequireAdminApproval = false,
                        RequireCorpOwned = false,
                        RequireScreenlock = false,
                    },
                    IpSubnetworks = new[]
                    {
                        "string",
                    },
                    Members = new[]
                    {
                        "string",
                    },
                    Negate = false,
                    Regions = new[]
                    {
                        "string",
                    },
                    RequiredAccessLevels = new[]
                    {
                        "string",
                    },
                },
            },
            CombiningFunction = GoogleNative.AccessContextManager.V1Beta.BasicLevelCombiningFunction.And,
        },
        Custom = new GoogleNative.AccessContextManager.V1Beta.Inputs.CustomLevelArgs
        {
            Expr = new GoogleNative.AccessContextManager.V1Beta.Inputs.ExprArgs
            {
                Description = "string",
                Expression = "string",
                Location = "string",
                Title = "string",
            },
        },
        Description = "string",
        Name = "string",
        Title = "string",
    });
    
    example, err := accesscontextmanagerv1beta.NewAccessLevel(ctx, "google-nativeAccessLevelResource", &accesscontextmanagerv1beta.AccessLevelArgs{
    	AccessPolicyId: pulumi.String("string"),
    	Basic: &accesscontextmanager.BasicLevelArgs{
    		Conditions: accesscontextmanager.ConditionArray{
    			&accesscontextmanager.ConditionArgs{
    				DevicePolicy: &accesscontextmanager.DevicePolicyArgs{
    					AllowedDeviceManagementLevels: accesscontextmanager.DevicePolicyAllowedDeviceManagementLevelsItemArray{
    						accesscontextmanagerv1beta.DevicePolicyAllowedDeviceManagementLevelsItemManagementUnspecified,
    					},
    					AllowedEncryptionStatuses: accesscontextmanager.DevicePolicyAllowedEncryptionStatusesItemArray{
    						accesscontextmanagerv1beta.DevicePolicyAllowedEncryptionStatusesItemEncryptionUnspecified,
    					},
    					OsConstraints: accesscontextmanager.OsConstraintArray{
    						&accesscontextmanager.OsConstraintArgs{
    							OsType:                  accesscontextmanagerv1beta.OsConstraintOsTypeOsUnspecified,
    							MinimumVersion:          pulumi.String("string"),
    							RequireVerifiedChromeOs: pulumi.Bool(false),
    						},
    					},
    					RequireAdminApproval: pulumi.Bool(false),
    					RequireCorpOwned:     pulumi.Bool(false),
    					RequireScreenlock:    pulumi.Bool(false),
    				},
    				IpSubnetworks: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Members: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Negate: pulumi.Bool(false),
    				Regions: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				RequiredAccessLevels: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    			},
    		},
    		CombiningFunction: accesscontextmanagerv1beta.BasicLevelCombiningFunctionAnd,
    	},
    	Custom: &accesscontextmanager.CustomLevelArgs{
    		Expr: &accesscontextmanager.ExprArgs{
    			Description: pulumi.String("string"),
    			Expression:  pulumi.String("string"),
    			Location:    pulumi.String("string"),
    			Title:       pulumi.String("string"),
    		},
    	},
    	Description: pulumi.String("string"),
    	Name:        pulumi.String("string"),
    	Title:       pulumi.String("string"),
    })
    
    var google_nativeAccessLevelResource = new AccessLevel("google-nativeAccessLevelResource", AccessLevelArgs.builder()
        .accessPolicyId("string")
        .basic(BasicLevelArgs.builder()
            .conditions(ConditionArgs.builder()
                .devicePolicy(DevicePolicyArgs.builder()
                    .allowedDeviceManagementLevels("MANAGEMENT_UNSPECIFIED")
                    .allowedEncryptionStatuses("ENCRYPTION_UNSPECIFIED")
                    .osConstraints(OsConstraintArgs.builder()
                        .osType("OS_UNSPECIFIED")
                        .minimumVersion("string")
                        .requireVerifiedChromeOs(false)
                        .build())
                    .requireAdminApproval(false)
                    .requireCorpOwned(false)
                    .requireScreenlock(false)
                    .build())
                .ipSubnetworks("string")
                .members("string")
                .negate(false)
                .regions("string")
                .requiredAccessLevels("string")
                .build())
            .combiningFunction("AND")
            .build())
        .custom(CustomLevelArgs.builder()
            .expr(ExprArgs.builder()
                .description("string")
                .expression("string")
                .location("string")
                .title("string")
                .build())
            .build())
        .description("string")
        .name("string")
        .title("string")
        .build());
    
    google_native_access_level_resource = google_native.accesscontextmanager.v1beta.AccessLevel("google-nativeAccessLevelResource",
        access_policy_id="string",
        basic={
            "conditions": [{
                "device_policy": {
                    "allowed_device_management_levels": [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedDeviceManagementLevelsItem.MANAGEMENT_UNSPECIFIED],
                    "allowed_encryption_statuses": [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedEncryptionStatusesItem.ENCRYPTION_UNSPECIFIED],
                    "os_constraints": [{
                        "os_type": google_native.accesscontextmanager.v1beta.OsConstraintOsType.OS_UNSPECIFIED,
                        "minimum_version": "string",
                        "require_verified_chrome_os": False,
                    }],
                    "require_admin_approval": False,
                    "require_corp_owned": False,
                    "require_screenlock": False,
                },
                "ip_subnetworks": ["string"],
                "members": ["string"],
                "negate": False,
                "regions": ["string"],
                "required_access_levels": ["string"],
            }],
            "combining_function": google_native.accesscontextmanager.v1beta.BasicLevelCombiningFunction.AND_,
        },
        custom={
            "expr": {
                "description": "string",
                "expression": "string",
                "location": "string",
                "title": "string",
            },
        },
        description="string",
        name="string",
        title="string")
    
    const google_nativeAccessLevelResource = new google_native.accesscontextmanager.v1beta.AccessLevel("google-nativeAccessLevelResource", {
        accessPolicyId: "string",
        basic: {
            conditions: [{
                devicePolicy: {
                    allowedDeviceManagementLevels: [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedDeviceManagementLevelsItem.ManagementUnspecified],
                    allowedEncryptionStatuses: [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedEncryptionStatusesItem.EncryptionUnspecified],
                    osConstraints: [{
                        osType: google_native.accesscontextmanager.v1beta.OsConstraintOsType.OsUnspecified,
                        minimumVersion: "string",
                        requireVerifiedChromeOs: false,
                    }],
                    requireAdminApproval: false,
                    requireCorpOwned: false,
                    requireScreenlock: false,
                },
                ipSubnetworks: ["string"],
                members: ["string"],
                negate: false,
                regions: ["string"],
                requiredAccessLevels: ["string"],
            }],
            combiningFunction: google_native.accesscontextmanager.v1beta.BasicLevelCombiningFunction.And,
        },
        custom: {
            expr: {
                description: "string",
                expression: "string",
                location: "string",
                title: "string",
            },
        },
        description: "string",
        name: "string",
        title: "string",
    });
    
    type: google-native:accesscontextmanager/v1beta:AccessLevel
    properties:
        accessPolicyId: string
        basic:
            combiningFunction: AND
            conditions:
                - devicePolicy:
                    allowedDeviceManagementLevels:
                        - MANAGEMENT_UNSPECIFIED
                    allowedEncryptionStatuses:
                        - ENCRYPTION_UNSPECIFIED
                    osConstraints:
                        - minimumVersion: string
                          osType: OS_UNSPECIFIED
                          requireVerifiedChromeOs: false
                    requireAdminApproval: false
                    requireCorpOwned: false
                    requireScreenlock: false
                  ipSubnetworks:
                    - string
                  members:
                    - string
                  negate: false
                  regions:
                    - string
                  requiredAccessLevels:
                    - string
        custom:
            expr:
                description: string
                expression: string
                location: string
                title: string
        description: string
        name: string
        title: string
    

    AccessLevel Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AccessLevel resource accepts the following input properties:

    AccessPolicyId string
    Basic Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.BasicLevel
    A BasicLevel composed of Conditions.
    Custom Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.CustomLevel
    A CustomLevel written in the Common Expression Language.
    Description string
    Description of the AccessLevel and its use. Does not affect behavior.
    Name string
    Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
    Title string
    Human readable title. Must be unique within the Policy.
    AccessPolicyId string
    Basic BasicLevelArgs
    A BasicLevel composed of Conditions.
    Custom CustomLevelArgs
    A CustomLevel written in the Common Expression Language.
    Description string
    Description of the AccessLevel and its use. Does not affect behavior.
    Name string
    Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
    Title string
    Human readable title. Must be unique within the Policy.
    accessPolicyId String
    basic BasicLevel
    A BasicLevel composed of Conditions.
    custom CustomLevel
    A CustomLevel written in the Common Expression Language.
    description String
    Description of the AccessLevel and its use. Does not affect behavior.
    name String
    Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
    title String
    Human readable title. Must be unique within the Policy.
    accessPolicyId string
    basic BasicLevel
    A BasicLevel composed of Conditions.
    custom CustomLevel
    A CustomLevel written in the Common Expression Language.
    description string
    Description of the AccessLevel and its use. Does not affect behavior.
    name string
    Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
    title string
    Human readable title. Must be unique within the Policy.
    access_policy_id str
    basic BasicLevelArgs
    A BasicLevel composed of Conditions.
    custom CustomLevelArgs
    A CustomLevel written in the Common Expression Language.
    description str
    Description of the AccessLevel and its use. Does not affect behavior.
    name str
    Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
    title str
    Human readable title. Must be unique within the Policy.
    accessPolicyId String
    basic Property Map
    A BasicLevel composed of Conditions.
    custom Property Map
    A CustomLevel written in the Common Expression Language.
    description String
    Description of the AccessLevel and its use. Does not affect behavior.
    name String
    Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
    title String
    Human readable title. Must be unique within the Policy.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessLevel resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    BasicLevel, BasicLevelArgs

    Conditions List<Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.Condition>
    A list of requirements for the AccessLevel to be granted.
    CombiningFunction Pulumi.GoogleNative.AccessContextManager.V1Beta.BasicLevelCombiningFunction
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    Conditions []Condition
    A list of requirements for the AccessLevel to be granted.
    CombiningFunction BasicLevelCombiningFunction
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    conditions List<Condition>
    A list of requirements for the AccessLevel to be granted.
    combiningFunction BasicLevelCombiningFunction
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    conditions Condition[]
    A list of requirements for the AccessLevel to be granted.
    combiningFunction BasicLevelCombiningFunction
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    conditions Sequence[Condition]
    A list of requirements for the AccessLevel to be granted.
    combining_function BasicLevelCombiningFunction
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    conditions List<Property Map>
    A list of requirements for the AccessLevel to be granted.
    combiningFunction "AND" | "OR"
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

    BasicLevelCombiningFunction, BasicLevelCombiningFunctionArgs

    And
    ANDAll Conditions must be true for the BasicLevel to be true.
    Or
    ORIf at least one Condition is true, then the BasicLevel is true.
    BasicLevelCombiningFunctionAnd
    ANDAll Conditions must be true for the BasicLevel to be true.
    BasicLevelCombiningFunctionOr
    ORIf at least one Condition is true, then the BasicLevel is true.
    And
    ANDAll Conditions must be true for the BasicLevel to be true.
    Or
    ORIf at least one Condition is true, then the BasicLevel is true.
    And
    ANDAll Conditions must be true for the BasicLevel to be true.
    Or
    ORIf at least one Condition is true, then the BasicLevel is true.
    AND_
    ANDAll Conditions must be true for the BasicLevel to be true.
    OR_
    ORIf at least one Condition is true, then the BasicLevel is true.
    "AND"
    ANDAll Conditions must be true for the BasicLevel to be true.
    "OR"
    ORIf at least one Condition is true, then the BasicLevel is true.

    BasicLevelResponse, BasicLevelResponseArgs

    CombiningFunction string
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    Conditions List<Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.ConditionResponse>
    A list of requirements for the AccessLevel to be granted.
    CombiningFunction string
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    Conditions []ConditionResponse
    A list of requirements for the AccessLevel to be granted.
    combiningFunction String
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    conditions List<ConditionResponse>
    A list of requirements for the AccessLevel to be granted.
    combiningFunction string
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    conditions ConditionResponse[]
    A list of requirements for the AccessLevel to be granted.
    combining_function str
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    conditions Sequence[ConditionResponse]
    A list of requirements for the AccessLevel to be granted.
    combiningFunction String
    How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.
    conditions List<Property Map>
    A list of requirements for the AccessLevel to be granted.

    Condition, ConditionArgs

    DevicePolicy Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.DevicePolicy
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    IpSubnetworks List<string>
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    Members List<string>
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    Negate bool
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    Regions List<string>
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    RequiredAccessLevels List<string>
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
    DevicePolicy DevicePolicy
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    IpSubnetworks []string
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    Members []string
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    Negate bool
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    Regions []string
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    RequiredAccessLevels []string
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
    devicePolicy DevicePolicy
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    ipSubnetworks List<String>
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    members List<String>
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    negate Boolean
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    regions List<String>
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    requiredAccessLevels List<String>
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
    devicePolicy DevicePolicy
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    ipSubnetworks string[]
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    members string[]
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    negate boolean
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    regions string[]
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    requiredAccessLevels string[]
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
    device_policy DevicePolicy
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    ip_subnetworks Sequence[str]
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    members Sequence[str]
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    negate bool
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    regions Sequence[str]
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    required_access_levels Sequence[str]
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
    devicePolicy Property Map
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    ipSubnetworks List<String>
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    members List<String>
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    negate Boolean
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    regions List<String>
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    requiredAccessLevels List<String>
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

    ConditionResponse, ConditionResponseArgs

    DevicePolicy Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.DevicePolicyResponse
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    IpSubnetworks List<string>
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    Members List<string>
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    Negate bool
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    Regions List<string>
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    RequiredAccessLevels List<string>
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
    DevicePolicy DevicePolicyResponse
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    IpSubnetworks []string
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    Members []string
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    Negate bool
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    Regions []string
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    RequiredAccessLevels []string
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
    devicePolicy DevicePolicyResponse
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    ipSubnetworks List<String>
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    members List<String>
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    negate Boolean
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    regions List<String>
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    requiredAccessLevels List<String>
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
    devicePolicy DevicePolicyResponse
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    ipSubnetworks string[]
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    members string[]
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    negate boolean
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    regions string[]
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    requiredAccessLevels string[]
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
    device_policy DevicePolicyResponse
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    ip_subnetworks Sequence[str]
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    members Sequence[str]
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    negate bool
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    regions Sequence[str]
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    required_access_levels Sequence[str]
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
    devicePolicy Property Map
    Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
    ipSubnetworks List<String>
    CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
    members List<String>
    The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.
    negate Boolean
    Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
    regions List<String>
    The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
    requiredAccessLevels List<String>
    A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

    CustomLevel, CustomLevelArgs

    Expr Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.Expr
    A Cloud CEL expression evaluating to a boolean.
    Expr Expr
    A Cloud CEL expression evaluating to a boolean.
    expr Expr
    A Cloud CEL expression evaluating to a boolean.
    expr Expr
    A Cloud CEL expression evaluating to a boolean.
    expr Expr
    A Cloud CEL expression evaluating to a boolean.
    expr Property Map
    A Cloud CEL expression evaluating to a boolean.

    CustomLevelResponse, CustomLevelResponseArgs

    Expr Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.ExprResponse
    A Cloud CEL expression evaluating to a boolean.
    Expr ExprResponse
    A Cloud CEL expression evaluating to a boolean.
    expr ExprResponse
    A Cloud CEL expression evaluating to a boolean.
    expr ExprResponse
    A Cloud CEL expression evaluating to a boolean.
    expr ExprResponse
    A Cloud CEL expression evaluating to a boolean.
    expr Property Map
    A Cloud CEL expression evaluating to a boolean.

    DevicePolicy, DevicePolicyArgs

    AllowedDeviceManagementLevels List<Pulumi.GoogleNative.AccessContextManager.V1Beta.DevicePolicyAllowedDeviceManagementLevelsItem>
    Allowed device management levels, an empty list allows all management levels.
    AllowedEncryptionStatuses List<Pulumi.GoogleNative.AccessContextManager.V1Beta.DevicePolicyAllowedEncryptionStatusesItem>
    Allowed encryptions statuses, an empty list allows all statuses.
    OsConstraints List<Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.OsConstraint>
    Allowed OS versions, an empty list allows all types and all versions.
    RequireAdminApproval bool
    Whether the device needs to be approved by the customer admin.
    RequireCorpOwned bool
    Whether the device needs to be corp owned.
    RequireScreenlock bool
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.
    AllowedDeviceManagementLevels []DevicePolicyAllowedDeviceManagementLevelsItem
    Allowed device management levels, an empty list allows all management levels.
    AllowedEncryptionStatuses []DevicePolicyAllowedEncryptionStatusesItem
    Allowed encryptions statuses, an empty list allows all statuses.
    OsConstraints []OsConstraint
    Allowed OS versions, an empty list allows all types and all versions.
    RequireAdminApproval bool
    Whether the device needs to be approved by the customer admin.
    RequireCorpOwned bool
    Whether the device needs to be corp owned.
    RequireScreenlock bool
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.
    allowedDeviceManagementLevels List<DevicePolicyAllowedDeviceManagementLevelsItem>
    Allowed device management levels, an empty list allows all management levels.
    allowedEncryptionStatuses List<DevicePolicyAllowedEncryptionStatusesItem>
    Allowed encryptions statuses, an empty list allows all statuses.
    osConstraints List<OsConstraint>
    Allowed OS versions, an empty list allows all types and all versions.
    requireAdminApproval Boolean
    Whether the device needs to be approved by the customer admin.
    requireCorpOwned Boolean
    Whether the device needs to be corp owned.
    requireScreenlock Boolean
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.
    allowedDeviceManagementLevels DevicePolicyAllowedDeviceManagementLevelsItem[]
    Allowed device management levels, an empty list allows all management levels.
    allowedEncryptionStatuses DevicePolicyAllowedEncryptionStatusesItem[]
    Allowed encryptions statuses, an empty list allows all statuses.
    osConstraints OsConstraint[]
    Allowed OS versions, an empty list allows all types and all versions.
    requireAdminApproval boolean
    Whether the device needs to be approved by the customer admin.
    requireCorpOwned boolean
    Whether the device needs to be corp owned.
    requireScreenlock boolean
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.
    allowed_device_management_levels Sequence[DevicePolicyAllowedDeviceManagementLevelsItem]
    Allowed device management levels, an empty list allows all management levels.
    allowed_encryption_statuses Sequence[DevicePolicyAllowedEncryptionStatusesItem]
    Allowed encryptions statuses, an empty list allows all statuses.
    os_constraints Sequence[OsConstraint]
    Allowed OS versions, an empty list allows all types and all versions.
    require_admin_approval bool
    Whether the device needs to be approved by the customer admin.
    require_corp_owned bool
    Whether the device needs to be corp owned.
    require_screenlock bool
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.
    allowedDeviceManagementLevels List<"MANAGEMENT_UNSPECIFIED" | "NONE" | "BASIC" | "COMPLETE">
    Allowed device management levels, an empty list allows all management levels.
    allowedEncryptionStatuses List<"ENCRYPTION_UNSPECIFIED" | "ENCRYPTION_UNSUPPORTED" | "UNENCRYPTED" | "ENCRYPTED">
    Allowed encryptions statuses, an empty list allows all statuses.
    osConstraints List<Property Map>
    Allowed OS versions, an empty list allows all types and all versions.
    requireAdminApproval Boolean
    Whether the device needs to be approved by the customer admin.
    requireCorpOwned Boolean
    Whether the device needs to be corp owned.
    requireScreenlock Boolean
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

    DevicePolicyAllowedDeviceManagementLevelsItem, DevicePolicyAllowedDeviceManagementLevelsItemArgs

    ManagementUnspecified
    MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
    None
    NONEThe device is not managed.
    Basic
    BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
    Complete
    COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
    DevicePolicyAllowedDeviceManagementLevelsItemManagementUnspecified
    MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
    DevicePolicyAllowedDeviceManagementLevelsItemNone
    NONEThe device is not managed.
    DevicePolicyAllowedDeviceManagementLevelsItemBasic
    BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
    DevicePolicyAllowedDeviceManagementLevelsItemComplete
    COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
    ManagementUnspecified
    MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
    None
    NONEThe device is not managed.
    Basic
    BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
    Complete
    COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
    ManagementUnspecified
    MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
    None
    NONEThe device is not managed.
    Basic
    BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
    Complete
    COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
    MANAGEMENT_UNSPECIFIED
    MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
    NONE
    NONEThe device is not managed.
    BASIC
    BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
    COMPLETE
    COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
    "MANAGEMENT_UNSPECIFIED"
    MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
    "NONE"
    NONEThe device is not managed.
    "BASIC"
    BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
    "COMPLETE"
    COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

    DevicePolicyAllowedEncryptionStatusesItem, DevicePolicyAllowedEncryptionStatusesItemArgs

    EncryptionUnspecified
    ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
    EncryptionUnsupported
    ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
    Unencrypted
    UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
    Encrypted
    ENCRYPTEDThe device is encrypted.
    DevicePolicyAllowedEncryptionStatusesItemEncryptionUnspecified
    ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
    DevicePolicyAllowedEncryptionStatusesItemEncryptionUnsupported
    ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
    DevicePolicyAllowedEncryptionStatusesItemUnencrypted
    UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
    DevicePolicyAllowedEncryptionStatusesItemEncrypted
    ENCRYPTEDThe device is encrypted.
    EncryptionUnspecified
    ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
    EncryptionUnsupported
    ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
    Unencrypted
    UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
    Encrypted
    ENCRYPTEDThe device is encrypted.
    EncryptionUnspecified
    ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
    EncryptionUnsupported
    ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
    Unencrypted
    UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
    Encrypted
    ENCRYPTEDThe device is encrypted.
    ENCRYPTION_UNSPECIFIED
    ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
    ENCRYPTION_UNSUPPORTED
    ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
    UNENCRYPTED
    UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
    ENCRYPTED
    ENCRYPTEDThe device is encrypted.
    "ENCRYPTION_UNSPECIFIED"
    ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
    "ENCRYPTION_UNSUPPORTED"
    ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
    "UNENCRYPTED"
    UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
    "ENCRYPTED"
    ENCRYPTEDThe device is encrypted.

    DevicePolicyResponse, DevicePolicyResponseArgs

    AllowedDeviceManagementLevels List<string>
    Allowed device management levels, an empty list allows all management levels.
    AllowedEncryptionStatuses List<string>
    Allowed encryptions statuses, an empty list allows all statuses.
    OsConstraints List<Pulumi.GoogleNative.AccessContextManager.V1Beta.Inputs.OsConstraintResponse>
    Allowed OS versions, an empty list allows all types and all versions.
    RequireAdminApproval bool
    Whether the device needs to be approved by the customer admin.
    RequireCorpOwned bool
    Whether the device needs to be corp owned.
    RequireScreenlock bool
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.
    AllowedDeviceManagementLevels []string
    Allowed device management levels, an empty list allows all management levels.
    AllowedEncryptionStatuses []string
    Allowed encryptions statuses, an empty list allows all statuses.
    OsConstraints []OsConstraintResponse
    Allowed OS versions, an empty list allows all types and all versions.
    RequireAdminApproval bool
    Whether the device needs to be approved by the customer admin.
    RequireCorpOwned bool
    Whether the device needs to be corp owned.
    RequireScreenlock bool
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.
    allowedDeviceManagementLevels List<String>
    Allowed device management levels, an empty list allows all management levels.
    allowedEncryptionStatuses List<String>
    Allowed encryptions statuses, an empty list allows all statuses.
    osConstraints List<OsConstraintResponse>
    Allowed OS versions, an empty list allows all types and all versions.
    requireAdminApproval Boolean
    Whether the device needs to be approved by the customer admin.
    requireCorpOwned Boolean
    Whether the device needs to be corp owned.
    requireScreenlock Boolean
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.
    allowedDeviceManagementLevels string[]
    Allowed device management levels, an empty list allows all management levels.
    allowedEncryptionStatuses string[]
    Allowed encryptions statuses, an empty list allows all statuses.
    osConstraints OsConstraintResponse[]
    Allowed OS versions, an empty list allows all types and all versions.
    requireAdminApproval boolean
    Whether the device needs to be approved by the customer admin.
    requireCorpOwned boolean
    Whether the device needs to be corp owned.
    requireScreenlock boolean
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.
    allowed_device_management_levels Sequence[str]
    Allowed device management levels, an empty list allows all management levels.
    allowed_encryption_statuses Sequence[str]
    Allowed encryptions statuses, an empty list allows all statuses.
    os_constraints Sequence[OsConstraintResponse]
    Allowed OS versions, an empty list allows all types and all versions.
    require_admin_approval bool
    Whether the device needs to be approved by the customer admin.
    require_corp_owned bool
    Whether the device needs to be corp owned.
    require_screenlock bool
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.
    allowedDeviceManagementLevels List<String>
    Allowed device management levels, an empty list allows all management levels.
    allowedEncryptionStatuses List<String>
    Allowed encryptions statuses, an empty list allows all statuses.
    osConstraints List<Property Map>
    Allowed OS versions, an empty list allows all types and all versions.
    requireAdminApproval Boolean
    Whether the device needs to be approved by the customer admin.
    requireCorpOwned Boolean
    Whether the device needs to be corp owned.
    requireScreenlock Boolean
    Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

    Expr, ExprArgs

    Description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    Title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    Description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    Title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description String
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    location String
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title String
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression string
    Textual representation of an expression in Common Expression Language syntax.
    location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description str
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression str
    Textual representation of an expression in Common Expression Language syntax.
    location str
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title str
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description String
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    location String
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title String
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    ExprResponse, ExprResponseArgs

    Description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    Title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    Description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    Title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description String
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    location String
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title String
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description string
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression string
    Textual representation of an expression in Common Expression Language syntax.
    location string
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title string
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description str
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression str
    Textual representation of an expression in Common Expression Language syntax.
    location str
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title str
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    description String
    Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    location String
    Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
    title String
    Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    OsConstraint, OsConstraintArgs

    OsType Pulumi.GoogleNative.AccessContextManager.V1Beta.OsConstraintOsType
    The allowed OS type.
    MinimumVersion string
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    RequireVerifiedChromeOs bool
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
    OsType OsConstraintOsType
    The allowed OS type.
    MinimumVersion string
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    RequireVerifiedChromeOs bool
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
    osType OsConstraintOsType
    The allowed OS type.
    minimumVersion String
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    requireVerifiedChromeOs Boolean
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
    osType OsConstraintOsType
    The allowed OS type.
    minimumVersion string
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    requireVerifiedChromeOs boolean
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
    os_type OsConstraintOsType
    The allowed OS type.
    minimum_version str
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    require_verified_chrome_os bool
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
    osType "OS_UNSPECIFIED" | "DESKTOP_MAC" | "DESKTOP_WINDOWS" | "DESKTOP_LINUX" | "DESKTOP_CHROME_OS" | "ANDROID" | "IOS"
    The allowed OS type.
    minimumVersion String
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    requireVerifiedChromeOs Boolean
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

    OsConstraintOsType, OsConstraintOsTypeArgs

    OsUnspecified
    OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
    DesktopMac
    DESKTOP_MACA desktop Mac operating system.
    DesktopWindows
    DESKTOP_WINDOWSA desktop Windows operating system.
    DesktopLinux
    DESKTOP_LINUXA desktop Linux operating system.
    DesktopChromeOs
    DESKTOP_CHROME_OSA desktop ChromeOS operating system.
    Android
    ANDROIDAn Android operating system.
    Ios
    IOSAn iOS operating system.
    OsConstraintOsTypeOsUnspecified
    OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
    OsConstraintOsTypeDesktopMac
    DESKTOP_MACA desktop Mac operating system.
    OsConstraintOsTypeDesktopWindows
    DESKTOP_WINDOWSA desktop Windows operating system.
    OsConstraintOsTypeDesktopLinux
    DESKTOP_LINUXA desktop Linux operating system.
    OsConstraintOsTypeDesktopChromeOs
    DESKTOP_CHROME_OSA desktop ChromeOS operating system.
    OsConstraintOsTypeAndroid
    ANDROIDAn Android operating system.
    OsConstraintOsTypeIos
    IOSAn iOS operating system.
    OsUnspecified
    OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
    DesktopMac
    DESKTOP_MACA desktop Mac operating system.
    DesktopWindows
    DESKTOP_WINDOWSA desktop Windows operating system.
    DesktopLinux
    DESKTOP_LINUXA desktop Linux operating system.
    DesktopChromeOs
    DESKTOP_CHROME_OSA desktop ChromeOS operating system.
    Android
    ANDROIDAn Android operating system.
    Ios
    IOSAn iOS operating system.
    OsUnspecified
    OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
    DesktopMac
    DESKTOP_MACA desktop Mac operating system.
    DesktopWindows
    DESKTOP_WINDOWSA desktop Windows operating system.
    DesktopLinux
    DESKTOP_LINUXA desktop Linux operating system.
    DesktopChromeOs
    DESKTOP_CHROME_OSA desktop ChromeOS operating system.
    Android
    ANDROIDAn Android operating system.
    Ios
    IOSAn iOS operating system.
    OS_UNSPECIFIED
    OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
    DESKTOP_MAC
    DESKTOP_MACA desktop Mac operating system.
    DESKTOP_WINDOWS
    DESKTOP_WINDOWSA desktop Windows operating system.
    DESKTOP_LINUX
    DESKTOP_LINUXA desktop Linux operating system.
    DESKTOP_CHROME_OS
    DESKTOP_CHROME_OSA desktop ChromeOS operating system.
    ANDROID
    ANDROIDAn Android operating system.
    IOS
    IOSAn iOS operating system.
    "OS_UNSPECIFIED"
    OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
    "DESKTOP_MAC"
    DESKTOP_MACA desktop Mac operating system.
    "DESKTOP_WINDOWS"
    DESKTOP_WINDOWSA desktop Windows operating system.
    "DESKTOP_LINUX"
    DESKTOP_LINUXA desktop Linux operating system.
    "DESKTOP_CHROME_OS"
    DESKTOP_CHROME_OSA desktop ChromeOS operating system.
    "ANDROID"
    ANDROIDAn Android operating system.
    "IOS"
    IOSAn iOS operating system.

    OsConstraintResponse, OsConstraintResponseArgs

    MinimumVersion string
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    OsType string
    The allowed OS type.
    RequireVerifiedChromeOs bool
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
    MinimumVersion string
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    OsType string
    The allowed OS type.
    RequireVerifiedChromeOs bool
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
    minimumVersion String
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    osType String
    The allowed OS type.
    requireVerifiedChromeOs Boolean
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
    minimumVersion string
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    osType string
    The allowed OS type.
    requireVerifiedChromeOs boolean
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
    minimum_version str
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    os_type str
    The allowed OS type.
    require_verified_chrome_os bool
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
    minimumVersion String
    The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".
    osType String
    The allowed OS type.
    requireVerifiedChromeOs Boolean
    Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi