Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.accesscontextmanager/v1beta.AccessLevel
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Create an Access Level. The longrunning operation from this RPC will have a successful status once the Access Level has propagated to long-lasting storage. Access Levels containing errors will result in an error response for the first error encountered.
Create AccessLevel Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessLevel(name: string, args: AccessLevelArgs, opts?: CustomResourceOptions);
@overload
def AccessLevel(resource_name: str,
args: AccessLevelArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccessLevel(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_policy_id: Optional[str] = None,
basic: Optional[BasicLevelArgs] = None,
custom: Optional[CustomLevelArgs] = None,
description: Optional[str] = None,
name: Optional[str] = None,
title: Optional[str] = None)
func NewAccessLevel(ctx *Context, name string, args AccessLevelArgs, opts ...ResourceOption) (*AccessLevel, error)
public AccessLevel(string name, AccessLevelArgs args, CustomResourceOptions? opts = null)
public AccessLevel(String name, AccessLevelArgs args)
public AccessLevel(String name, AccessLevelArgs args, CustomResourceOptions options)
type: google-native:accesscontextmanager/v1beta:AccessLevel
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessLevelArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessLevelArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessLevelArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessLevelArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessLevelArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var google_nativeAccessLevelResource = new GoogleNative.AccessContextManager.V1Beta.AccessLevel("google-nativeAccessLevelResource", new()
{
AccessPolicyId = "string",
Basic = new GoogleNative.AccessContextManager.V1Beta.Inputs.BasicLevelArgs
{
Conditions = new[]
{
new GoogleNative.AccessContextManager.V1Beta.Inputs.ConditionArgs
{
DevicePolicy = new GoogleNative.AccessContextManager.V1Beta.Inputs.DevicePolicyArgs
{
AllowedDeviceManagementLevels = new[]
{
GoogleNative.AccessContextManager.V1Beta.DevicePolicyAllowedDeviceManagementLevelsItem.ManagementUnspecified,
},
AllowedEncryptionStatuses = new[]
{
GoogleNative.AccessContextManager.V1Beta.DevicePolicyAllowedEncryptionStatusesItem.EncryptionUnspecified,
},
OsConstraints = new[]
{
new GoogleNative.AccessContextManager.V1Beta.Inputs.OsConstraintArgs
{
OsType = GoogleNative.AccessContextManager.V1Beta.OsConstraintOsType.OsUnspecified,
MinimumVersion = "string",
RequireVerifiedChromeOs = false,
},
},
RequireAdminApproval = false,
RequireCorpOwned = false,
RequireScreenlock = false,
},
IpSubnetworks = new[]
{
"string",
},
Members = new[]
{
"string",
},
Negate = false,
Regions = new[]
{
"string",
},
RequiredAccessLevels = new[]
{
"string",
},
},
},
CombiningFunction = GoogleNative.AccessContextManager.V1Beta.BasicLevelCombiningFunction.And,
},
Custom = new GoogleNative.AccessContextManager.V1Beta.Inputs.CustomLevelArgs
{
Expr = new GoogleNative.AccessContextManager.V1Beta.Inputs.ExprArgs
{
Description = "string",
Expression = "string",
Location = "string",
Title = "string",
},
},
Description = "string",
Name = "string",
Title = "string",
});
example, err := accesscontextmanagerv1beta.NewAccessLevel(ctx, "google-nativeAccessLevelResource", &accesscontextmanagerv1beta.AccessLevelArgs{
AccessPolicyId: pulumi.String("string"),
Basic: &accesscontextmanager.BasicLevelArgs{
Conditions: accesscontextmanager.ConditionArray{
&accesscontextmanager.ConditionArgs{
DevicePolicy: &accesscontextmanager.DevicePolicyArgs{
AllowedDeviceManagementLevels: accesscontextmanager.DevicePolicyAllowedDeviceManagementLevelsItemArray{
accesscontextmanagerv1beta.DevicePolicyAllowedDeviceManagementLevelsItemManagementUnspecified,
},
AllowedEncryptionStatuses: accesscontextmanager.DevicePolicyAllowedEncryptionStatusesItemArray{
accesscontextmanagerv1beta.DevicePolicyAllowedEncryptionStatusesItemEncryptionUnspecified,
},
OsConstraints: accesscontextmanager.OsConstraintArray{
&accesscontextmanager.OsConstraintArgs{
OsType: accesscontextmanagerv1beta.OsConstraintOsTypeOsUnspecified,
MinimumVersion: pulumi.String("string"),
RequireVerifiedChromeOs: pulumi.Bool(false),
},
},
RequireAdminApproval: pulumi.Bool(false),
RequireCorpOwned: pulumi.Bool(false),
RequireScreenlock: pulumi.Bool(false),
},
IpSubnetworks: pulumi.StringArray{
pulumi.String("string"),
},
Members: pulumi.StringArray{
pulumi.String("string"),
},
Negate: pulumi.Bool(false),
Regions: pulumi.StringArray{
pulumi.String("string"),
},
RequiredAccessLevels: pulumi.StringArray{
pulumi.String("string"),
},
},
},
CombiningFunction: accesscontextmanagerv1beta.BasicLevelCombiningFunctionAnd,
},
Custom: &accesscontextmanager.CustomLevelArgs{
Expr: &accesscontextmanager.ExprArgs{
Description: pulumi.String("string"),
Expression: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Name: pulumi.String("string"),
Title: pulumi.String("string"),
})
var google_nativeAccessLevelResource = new AccessLevel("google-nativeAccessLevelResource", AccessLevelArgs.builder()
.accessPolicyId("string")
.basic(BasicLevelArgs.builder()
.conditions(ConditionArgs.builder()
.devicePolicy(DevicePolicyArgs.builder()
.allowedDeviceManagementLevels("MANAGEMENT_UNSPECIFIED")
.allowedEncryptionStatuses("ENCRYPTION_UNSPECIFIED")
.osConstraints(OsConstraintArgs.builder()
.osType("OS_UNSPECIFIED")
.minimumVersion("string")
.requireVerifiedChromeOs(false)
.build())
.requireAdminApproval(false)
.requireCorpOwned(false)
.requireScreenlock(false)
.build())
.ipSubnetworks("string")
.members("string")
.negate(false)
.regions("string")
.requiredAccessLevels("string")
.build())
.combiningFunction("AND")
.build())
.custom(CustomLevelArgs.builder()
.expr(ExprArgs.builder()
.description("string")
.expression("string")
.location("string")
.title("string")
.build())
.build())
.description("string")
.name("string")
.title("string")
.build());
google_native_access_level_resource = google_native.accesscontextmanager.v1beta.AccessLevel("google-nativeAccessLevelResource",
access_policy_id="string",
basic={
"conditions": [{
"device_policy": {
"allowed_device_management_levels": [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedDeviceManagementLevelsItem.MANAGEMENT_UNSPECIFIED],
"allowed_encryption_statuses": [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedEncryptionStatusesItem.ENCRYPTION_UNSPECIFIED],
"os_constraints": [{
"os_type": google_native.accesscontextmanager.v1beta.OsConstraintOsType.OS_UNSPECIFIED,
"minimum_version": "string",
"require_verified_chrome_os": False,
}],
"require_admin_approval": False,
"require_corp_owned": False,
"require_screenlock": False,
},
"ip_subnetworks": ["string"],
"members": ["string"],
"negate": False,
"regions": ["string"],
"required_access_levels": ["string"],
}],
"combining_function": google_native.accesscontextmanager.v1beta.BasicLevelCombiningFunction.AND_,
},
custom={
"expr": {
"description": "string",
"expression": "string",
"location": "string",
"title": "string",
},
},
description="string",
name="string",
title="string")
const google_nativeAccessLevelResource = new google_native.accesscontextmanager.v1beta.AccessLevel("google-nativeAccessLevelResource", {
accessPolicyId: "string",
basic: {
conditions: [{
devicePolicy: {
allowedDeviceManagementLevels: [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedDeviceManagementLevelsItem.ManagementUnspecified],
allowedEncryptionStatuses: [google_native.accesscontextmanager.v1beta.DevicePolicyAllowedEncryptionStatusesItem.EncryptionUnspecified],
osConstraints: [{
osType: google_native.accesscontextmanager.v1beta.OsConstraintOsType.OsUnspecified,
minimumVersion: "string",
requireVerifiedChromeOs: false,
}],
requireAdminApproval: false,
requireCorpOwned: false,
requireScreenlock: false,
},
ipSubnetworks: ["string"],
members: ["string"],
negate: false,
regions: ["string"],
requiredAccessLevels: ["string"],
}],
combiningFunction: google_native.accesscontextmanager.v1beta.BasicLevelCombiningFunction.And,
},
custom: {
expr: {
description: "string",
expression: "string",
location: "string",
title: "string",
},
},
description: "string",
name: "string",
title: "string",
});
type: google-native:accesscontextmanager/v1beta:AccessLevel
properties:
accessPolicyId: string
basic:
combiningFunction: AND
conditions:
- devicePolicy:
allowedDeviceManagementLevels:
- MANAGEMENT_UNSPECIFIED
allowedEncryptionStatuses:
- ENCRYPTION_UNSPECIFIED
osConstraints:
- minimumVersion: string
osType: OS_UNSPECIFIED
requireVerifiedChromeOs: false
requireAdminApproval: false
requireCorpOwned: false
requireScreenlock: false
ipSubnetworks:
- string
members:
- string
negate: false
regions:
- string
requiredAccessLevels:
- string
custom:
expr:
description: string
expression: string
location: string
title: string
description: string
name: string
title: string
AccessLevel Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccessLevel resource accepts the following input properties:
- Access
Policy stringId - Basic
Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Basic Level - A
BasicLevel
composed ofConditions
. - Custom
Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Custom Level - A
CustomLevel
written in the Common Expression Language. - Description string
- Description of the
AccessLevel
and its use. Does not affect behavior. - Name string
- Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
. - Title string
- Human readable title. Must be unique within the Policy.
- Access
Policy stringId - Basic
Basic
Level Args - A
BasicLevel
composed ofConditions
. - Custom
Custom
Level Args - A
CustomLevel
written in the Common Expression Language. - Description string
- Description of the
AccessLevel
and its use. Does not affect behavior. - Name string
- Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
. - Title string
- Human readable title. Must be unique within the Policy.
- access
Policy StringId - basic
Basic
Level - A
BasicLevel
composed ofConditions
. - custom
Custom
Level - A
CustomLevel
written in the Common Expression Language. - description String
- Description of the
AccessLevel
and its use. Does not affect behavior. - name String
- Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
. - title String
- Human readable title. Must be unique within the Policy.
- access
Policy stringId - basic
Basic
Level - A
BasicLevel
composed ofConditions
. - custom
Custom
Level - A
CustomLevel
written in the Common Expression Language. - description string
- Description of the
AccessLevel
and its use. Does not affect behavior. - name string
- Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
. - title string
- Human readable title. Must be unique within the Policy.
- access_
policy_ strid - basic
Basic
Level Args - A
BasicLevel
composed ofConditions
. - custom
Custom
Level Args - A
CustomLevel
written in the Common Expression Language. - description str
- Description of the
AccessLevel
and its use. Does not affect behavior. - name str
- Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
. - title str
- Human readable title. Must be unique within the Policy.
- access
Policy StringId - basic Property Map
- A
BasicLevel
composed ofConditions
. - custom Property Map
- A
CustomLevel
written in the Common Expression Language. - description String
- Description of the
AccessLevel
and its use. Does not affect behavior. - name String
- Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
. - title String
- Human readable title. Must be unique within the Policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessLevel resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Supporting Types
BasicLevel, BasicLevelArgs
- Conditions
List<Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Condition> - A list of requirements for the
AccessLevel
to be granted. - Combining
Function Pulumi.Google Native. Access Context Manager. V1Beta. Basic Level Combining Function - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
- Conditions []Condition
- A list of requirements for the
AccessLevel
to be granted. - Combining
Function BasicLevel Combining Function - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
- conditions List<Condition>
- A list of requirements for the
AccessLevel
to be granted. - combining
Function BasicLevel Combining Function - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
- conditions Condition[]
- A list of requirements for the
AccessLevel
to be granted. - combining
Function BasicLevel Combining Function - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
- conditions Sequence[Condition]
- A list of requirements for the
AccessLevel
to be granted. - combining_
function BasicLevel Combining Function - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
- conditions List<Property Map>
- A list of requirements for the
AccessLevel
to be granted. - combining
Function "AND" | "OR" - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
BasicLevelCombiningFunction, BasicLevelCombiningFunctionArgs
- And
- ANDAll
Conditions
must be true for theBasicLevel
to be true. - Or
- ORIf at least one
Condition
is true, then theBasicLevel
is true.
- Basic
Level Combining Function And - ANDAll
Conditions
must be true for theBasicLevel
to be true. - Basic
Level Combining Function Or - ORIf at least one
Condition
is true, then theBasicLevel
is true.
- And
- ANDAll
Conditions
must be true for theBasicLevel
to be true. - Or
- ORIf at least one
Condition
is true, then theBasicLevel
is true.
- And
- ANDAll
Conditions
must be true for theBasicLevel
to be true. - Or
- ORIf at least one
Condition
is true, then theBasicLevel
is true.
- AND_
- ANDAll
Conditions
must be true for theBasicLevel
to be true. - OR_
- ORIf at least one
Condition
is true, then theBasicLevel
is true.
- "AND"
- ANDAll
Conditions
must be true for theBasicLevel
to be true. - "OR"
- ORIf at least one
Condition
is true, then theBasicLevel
is true.
BasicLevelResponse, BasicLevelResponseArgs
- Combining
Function string - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND. - Conditions
List<Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Condition Response> - A list of requirements for the
AccessLevel
to be granted.
- Combining
Function string - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND. - Conditions
[]Condition
Response - A list of requirements for the
AccessLevel
to be granted.
- combining
Function String - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND. - conditions
List<Condition
Response> - A list of requirements for the
AccessLevel
to be granted.
- combining
Function string - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND. - conditions
Condition
Response[] - A list of requirements for the
AccessLevel
to be granted.
- combining_
function str - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND. - conditions
Sequence[Condition
Response] - A list of requirements for the
AccessLevel
to be granted.
- combining
Function String - How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND. - conditions List<Property Map>
- A list of requirements for the
AccessLevel
to be granted.
Condition, ConditionArgs
- Device
Policy Pulumi.Google Native. Access Context Manager. V1Beta. Inputs. Device Policy - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- Ip
Subnetworks List<string> - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- Members List<string>
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - Negate bool
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- Regions List<string>
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- Required
Access List<string>Levels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- Device
Policy DevicePolicy - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- Ip
Subnetworks []string - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- Members []string
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - Negate bool
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- Regions []string
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- Required
Access []stringLevels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy DevicePolicy - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks List<String> - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members List<String>
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - negate Boolean
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- regions List<String>
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access List<String>Levels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy DevicePolicy - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks string[] - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members string[]
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - negate boolean
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- regions string[]
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access string[]Levels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device_
policy DevicePolicy - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip_
subnetworks Sequence[str] - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members Sequence[str]
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - negate bool
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- regions Sequence[str]
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required_
access_ Sequence[str]levels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy Property Map - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks List<String> - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members List<String>
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - negate Boolean
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- regions List<String>
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access List<String>Levels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
ConditionResponse, ConditionResponseArgs
- Device
Policy Pulumi.Google Native. Access Context Manager. V1Beta. Inputs. Device Policy Response - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- Ip
Subnetworks List<string> - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- Members List<string>
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - Negate bool
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- Regions List<string>
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- Required
Access List<string>Levels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- Device
Policy DevicePolicy Response - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- Ip
Subnetworks []string - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- Members []string
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - Negate bool
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- Regions []string
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- Required
Access []stringLevels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy DevicePolicy Response - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks List<String> - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members List<String>
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - negate Boolean
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- regions List<String>
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access List<String>Levels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy DevicePolicy Response - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks string[] - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members string[]
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - negate boolean
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- regions string[]
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access string[]Levels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device_
policy DevicePolicy Response - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip_
subnetworks Sequence[str] - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members Sequence[str]
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - negate bool
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- regions Sequence[str]
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required_
access_ Sequence[str]levels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy Property Map - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks List<String> - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members List<String>
- The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user. - negate Boolean
- Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
- regions List<String>
- The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access List<String>Levels - A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
CustomLevel, CustomLevelArgs
- Expr
Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Expr - A Cloud CEL expression evaluating to a boolean.
- expr Property Map
- A Cloud CEL expression evaluating to a boolean.
CustomLevelResponse, CustomLevelResponseArgs
- Expr
Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Expr Response - A Cloud CEL expression evaluating to a boolean.
- Expr
Expr
Response - A Cloud CEL expression evaluating to a boolean.
- expr
Expr
Response - A Cloud CEL expression evaluating to a boolean.
- expr
Expr
Response - A Cloud CEL expression evaluating to a boolean.
- expr
Expr
Response - A Cloud CEL expression evaluating to a boolean.
- expr Property Map
- A Cloud CEL expression evaluating to a boolean.
DevicePolicy, DevicePolicyArgs
- Allowed
Device List<Pulumi.Management Levels Google Native. Access Context Manager. V1Beta. Device Policy Allowed Device Management Levels Item> - Allowed device management levels, an empty list allows all management levels.
- Allowed
Encryption List<Pulumi.Statuses Google Native. Access Context Manager. V1Beta. Device Policy Allowed Encryption Statuses Item> - Allowed encryptions statuses, an empty list allows all statuses.
- Os
Constraints List<Pulumi.Google Native. Access Context Manager. V1Beta. Inputs. Os Constraint> - Allowed OS versions, an empty list allows all types and all versions.
- Require
Admin boolApproval - Whether the device needs to be approved by the customer admin.
- Require
Corp boolOwned - Whether the device needs to be corp owned.
- Require
Screenlock bool - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- Allowed
Device []DeviceManagement Levels Policy Allowed Device Management Levels Item - Allowed device management levels, an empty list allows all management levels.
- Allowed
Encryption []DeviceStatuses Policy Allowed Encryption Statuses Item - Allowed encryptions statuses, an empty list allows all statuses.
- Os
Constraints []OsConstraint - Allowed OS versions, an empty list allows all types and all versions.
- Require
Admin boolApproval - Whether the device needs to be approved by the customer admin.
- Require
Corp boolOwned - Whether the device needs to be corp owned.
- Require
Screenlock bool - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device List<DeviceManagement Levels Policy Allowed Device Management Levels Item> - Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption List<DeviceStatuses Policy Allowed Encryption Statuses Item> - Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints List<OsConstraint> - Allowed OS versions, an empty list allows all types and all versions.
- require
Admin BooleanApproval - Whether the device needs to be approved by the customer admin.
- require
Corp BooleanOwned - Whether the device needs to be corp owned.
- require
Screenlock Boolean - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device DeviceManagement Levels Policy Allowed Device Management Levels Item[] - Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption DeviceStatuses Policy Allowed Encryption Statuses Item[] - Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints OsConstraint[] - Allowed OS versions, an empty list allows all types and all versions.
- require
Admin booleanApproval - Whether the device needs to be approved by the customer admin.
- require
Corp booleanOwned - Whether the device needs to be corp owned.
- require
Screenlock boolean - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed_
device_ Sequence[Devicemanagement_ levels Policy Allowed Device Management Levels Item] - Allowed device management levels, an empty list allows all management levels.
- allowed_
encryption_ Sequence[Devicestatuses Policy Allowed Encryption Statuses Item] - Allowed encryptions statuses, an empty list allows all statuses.
- os_
constraints Sequence[OsConstraint] - Allowed OS versions, an empty list allows all types and all versions.
- require_
admin_ boolapproval - Whether the device needs to be approved by the customer admin.
- require_
corp_ boolowned - Whether the device needs to be corp owned.
- require_
screenlock bool - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device List<"MANAGEMENT_UNSPECIFIED" | "NONE" | "BASIC" | "COMPLETE">Management Levels - Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption List<"ENCRYPTION_UNSPECIFIED" | "ENCRYPTION_UNSUPPORTED" | "UNENCRYPTED" | "ENCRYPTED">Statuses - Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints List<Property Map> - Allowed OS versions, an empty list allows all types and all versions.
- require
Admin BooleanApproval - Whether the device needs to be approved by the customer admin.
- require
Corp BooleanOwned - Whether the device needs to be corp owned.
- require
Screenlock Boolean - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
DevicePolicyAllowedDeviceManagementLevelsItem, DevicePolicyAllowedDeviceManagementLevelsItemArgs
- Management
Unspecified - MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
- None
- NONEThe device is not managed.
- Basic
- BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- Complete
- COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
- Device
Policy Allowed Device Management Levels Item Management Unspecified - MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
- Device
Policy Allowed Device Management Levels Item None - NONEThe device is not managed.
- Device
Policy Allowed Device Management Levels Item Basic - BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- Device
Policy Allowed Device Management Levels Item Complete - COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
- Management
Unspecified - MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
- None
- NONEThe device is not managed.
- Basic
- BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- Complete
- COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
- Management
Unspecified - MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
- None
- NONEThe device is not managed.
- Basic
- BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- Complete
- COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
- MANAGEMENT_UNSPECIFIED
- MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
- NONE
- NONEThe device is not managed.
- BASIC
- BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- COMPLETE
- COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
- "MANAGEMENT_UNSPECIFIED"
- MANAGEMENT_UNSPECIFIEDThe device's management level is not specified or not known.
- "NONE"
- NONEThe device is not managed.
- "BASIC"
- BASICBasic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- "COMPLETE"
- COMPLETEComplete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
DevicePolicyAllowedEncryptionStatusesItem, DevicePolicyAllowedEncryptionStatusesItemArgs
- Encryption
Unspecified - ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
- Encryption
Unsupported - ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
- Unencrypted
- UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
- Encrypted
- ENCRYPTEDThe device is encrypted.
- Device
Policy Allowed Encryption Statuses Item Encryption Unspecified - ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
- Device
Policy Allowed Encryption Statuses Item Encryption Unsupported - ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
- Device
Policy Allowed Encryption Statuses Item Unencrypted - UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
- Device
Policy Allowed Encryption Statuses Item Encrypted - ENCRYPTEDThe device is encrypted.
- Encryption
Unspecified - ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
- Encryption
Unsupported - ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
- Unencrypted
- UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
- Encrypted
- ENCRYPTEDThe device is encrypted.
- Encryption
Unspecified - ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
- Encryption
Unsupported - ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
- Unencrypted
- UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
- Encrypted
- ENCRYPTEDThe device is encrypted.
- ENCRYPTION_UNSPECIFIED
- ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
- ENCRYPTION_UNSUPPORTED
- ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
- UNENCRYPTED
- UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
- ENCRYPTED
- ENCRYPTEDThe device is encrypted.
- "ENCRYPTION_UNSPECIFIED"
- ENCRYPTION_UNSPECIFIEDThe encryption status of the device is not specified or not known.
- "ENCRYPTION_UNSUPPORTED"
- ENCRYPTION_UNSUPPORTEDThe device does not support encryption.
- "UNENCRYPTED"
- UNENCRYPTEDThe device supports encryption, but is currently unencrypted.
- "ENCRYPTED"
- ENCRYPTEDThe device is encrypted.
DevicePolicyResponse, DevicePolicyResponseArgs
- Allowed
Device List<string>Management Levels - Allowed device management levels, an empty list allows all management levels.
- Allowed
Encryption List<string>Statuses - Allowed encryptions statuses, an empty list allows all statuses.
- Os
Constraints List<Pulumi.Google Native. Access Context Manager. V1Beta. Inputs. Os Constraint Response> - Allowed OS versions, an empty list allows all types and all versions.
- Require
Admin boolApproval - Whether the device needs to be approved by the customer admin.
- Require
Corp boolOwned - Whether the device needs to be corp owned.
- Require
Screenlock bool - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- Allowed
Device []stringManagement Levels - Allowed device management levels, an empty list allows all management levels.
- Allowed
Encryption []stringStatuses - Allowed encryptions statuses, an empty list allows all statuses.
- Os
Constraints []OsConstraint Response - Allowed OS versions, an empty list allows all types and all versions.
- Require
Admin boolApproval - Whether the device needs to be approved by the customer admin.
- Require
Corp boolOwned - Whether the device needs to be corp owned.
- Require
Screenlock bool - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device List<String>Management Levels - Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption List<String>Statuses - Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints List<OsConstraint Response> - Allowed OS versions, an empty list allows all types and all versions.
- require
Admin BooleanApproval - Whether the device needs to be approved by the customer admin.
- require
Corp BooleanOwned - Whether the device needs to be corp owned.
- require
Screenlock Boolean - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device string[]Management Levels - Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption string[]Statuses - Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints OsConstraint Response[] - Allowed OS versions, an empty list allows all types and all versions.
- require
Admin booleanApproval - Whether the device needs to be approved by the customer admin.
- require
Corp booleanOwned - Whether the device needs to be corp owned.
- require
Screenlock boolean - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed_
device_ Sequence[str]management_ levels - Allowed device management levels, an empty list allows all management levels.
- allowed_
encryption_ Sequence[str]statuses - Allowed encryptions statuses, an empty list allows all statuses.
- os_
constraints Sequence[OsConstraint Response] - Allowed OS versions, an empty list allows all types and all versions.
- require_
admin_ boolapproval - Whether the device needs to be approved by the customer admin.
- require_
corp_ boolowned - Whether the device needs to be corp owned.
- require_
screenlock bool - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device List<String>Management Levels - Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption List<String>Statuses - Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints List<Property Map> - Allowed OS versions, an empty list allows all types and all versions.
- require
Admin BooleanApproval - Whether the device needs to be approved by the customer admin.
- require
Corp BooleanOwned - Whether the device needs to be corp owned.
- require
Screenlock Boolean - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
Expr, ExprArgs
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ExprResponse, ExprResponseArgs
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
OsConstraint, OsConstraintArgs
- Os
Type Pulumi.Google Native. Access Context Manager. V1Beta. Os Constraint Os Type - The allowed OS type.
- Minimum
Version string - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - Require
Verified boolChrome Os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- Os
Type OsConstraint Os Type - The allowed OS type.
- Minimum
Version string - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - Require
Verified boolChrome Os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- os
Type OsConstraint Os Type - The allowed OS type.
- minimum
Version String - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - require
Verified BooleanChrome Os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- os
Type OsConstraint Os Type - The allowed OS type.
- minimum
Version string - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - require
Verified booleanChrome Os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- os_
type OsConstraint Os Type - The allowed OS type.
- minimum_
version str - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - require_
verified_ boolchrome_ os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- os
Type "OS_UNSPECIFIED" | "DESKTOP_MAC" | "DESKTOP_WINDOWS" | "DESKTOP_LINUX" | "DESKTOP_CHROME_OS" | "ANDROID" | "IOS" - The allowed OS type.
- minimum
Version String - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - require
Verified BooleanChrome Os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
OsConstraintOsType, OsConstraintOsTypeArgs
- Os
Unspecified - OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
- Desktop
Mac - DESKTOP_MACA desktop Mac operating system.
- Desktop
Windows - DESKTOP_WINDOWSA desktop Windows operating system.
- Desktop
Linux - DESKTOP_LINUXA desktop Linux operating system.
- Desktop
Chrome Os - DESKTOP_CHROME_OSA desktop ChromeOS operating system.
- Android
- ANDROIDAn Android operating system.
- Ios
- IOSAn iOS operating system.
- Os
Constraint Os Type Os Unspecified - OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
- Os
Constraint Os Type Desktop Mac - DESKTOP_MACA desktop Mac operating system.
- Os
Constraint Os Type Desktop Windows - DESKTOP_WINDOWSA desktop Windows operating system.
- Os
Constraint Os Type Desktop Linux - DESKTOP_LINUXA desktop Linux operating system.
- Os
Constraint Os Type Desktop Chrome Os - DESKTOP_CHROME_OSA desktop ChromeOS operating system.
- Os
Constraint Os Type Android - ANDROIDAn Android operating system.
- Os
Constraint Os Type Ios - IOSAn iOS operating system.
- Os
Unspecified - OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
- Desktop
Mac - DESKTOP_MACA desktop Mac operating system.
- Desktop
Windows - DESKTOP_WINDOWSA desktop Windows operating system.
- Desktop
Linux - DESKTOP_LINUXA desktop Linux operating system.
- Desktop
Chrome Os - DESKTOP_CHROME_OSA desktop ChromeOS operating system.
- Android
- ANDROIDAn Android operating system.
- Ios
- IOSAn iOS operating system.
- Os
Unspecified - OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
- Desktop
Mac - DESKTOP_MACA desktop Mac operating system.
- Desktop
Windows - DESKTOP_WINDOWSA desktop Windows operating system.
- Desktop
Linux - DESKTOP_LINUXA desktop Linux operating system.
- Desktop
Chrome Os - DESKTOP_CHROME_OSA desktop ChromeOS operating system.
- Android
- ANDROIDAn Android operating system.
- Ios
- IOSAn iOS operating system.
- OS_UNSPECIFIED
- OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
- DESKTOP_MAC
- DESKTOP_MACA desktop Mac operating system.
- DESKTOP_WINDOWS
- DESKTOP_WINDOWSA desktop Windows operating system.
- DESKTOP_LINUX
- DESKTOP_LINUXA desktop Linux operating system.
- DESKTOP_CHROME_OS
- DESKTOP_CHROME_OSA desktop ChromeOS operating system.
- ANDROID
- ANDROIDAn Android operating system.
- IOS
- IOSAn iOS operating system.
- "OS_UNSPECIFIED"
- OS_UNSPECIFIEDThe operating system of the device is not specified or not known.
- "DESKTOP_MAC"
- DESKTOP_MACA desktop Mac operating system.
- "DESKTOP_WINDOWS"
- DESKTOP_WINDOWSA desktop Windows operating system.
- "DESKTOP_LINUX"
- DESKTOP_LINUXA desktop Linux operating system.
- "DESKTOP_CHROME_OS"
- DESKTOP_CHROME_OSA desktop ChromeOS operating system.
- "ANDROID"
- ANDROIDAn Android operating system.
- "IOS"
- IOSAn iOS operating system.
OsConstraintResponse, OsConstraintResponseArgs
- Minimum
Version string - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - Os
Type string - The allowed OS type.
- Require
Verified boolChrome Os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- Minimum
Version string - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - Os
Type string - The allowed OS type.
- Require
Verified boolChrome Os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- minimum
Version String - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - os
Type String - The allowed OS type.
- require
Verified BooleanChrome Os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- minimum
Version string - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - os
Type string - The allowed OS type.
- require
Verified booleanChrome Os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- minimum_
version str - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - os_
type str - The allowed OS type.
- require_
verified_ boolchrome_ os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- minimum
Version String - The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
. - os
Type String - The allowed OS type.
- require
Verified BooleanChrome Os - Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.