1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. chronicle
  5. DataAccessScope
Google Cloud v8.18.0 published on Tuesday, Feb 4, 2025 by Pulumi

gcp.chronicle.DataAccessScope

Explore with Pulumi AI

gcp logo
Google Cloud v8.18.0 published on Tuesday, Feb 4, 2025 by Pulumi

    Example Usage

    Chronicle Dataaccessscope With Logtype

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const example = new gcp.chronicle.DataAccessScope("example", {
        location: "us",
        instance: "00000000-0000-0000-0000-000000000000",
        dataAccessScopeId: "scope-id",
        description: "scope-description",
        allowedDataAccessLabels: [
            {
                logType: "GCP_CLOUDAUDIT",
            },
            {
                logType: "GITHUB",
            },
        ],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    example = gcp.chronicle.DataAccessScope("example",
        location="us",
        instance="00000000-0000-0000-0000-000000000000",
        data_access_scope_id="scope-id",
        description="scope-description",
        allowed_data_access_labels=[
            {
                "log_type": "GCP_CLOUDAUDIT",
            },
            {
                "log_type": "GITHUB",
            },
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/chronicle"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := chronicle.NewDataAccessScope(ctx, "example", &chronicle.DataAccessScopeArgs{
    			Location:          pulumi.String("us"),
    			Instance:          pulumi.String("00000000-0000-0000-0000-000000000000"),
    			DataAccessScopeId: pulumi.String("scope-id"),
    			Description:       pulumi.String("scope-description"),
    			AllowedDataAccessLabels: chronicle.DataAccessScopeAllowedDataAccessLabelArray{
    				&chronicle.DataAccessScopeAllowedDataAccessLabelArgs{
    					LogType: pulumi.String("GCP_CLOUDAUDIT"),
    				},
    				&chronicle.DataAccessScopeAllowedDataAccessLabelArgs{
    					LogType: pulumi.String("GITHUB"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Gcp.Chronicle.DataAccessScope("example", new()
        {
            Location = "us",
            Instance = "00000000-0000-0000-0000-000000000000",
            DataAccessScopeId = "scope-id",
            Description = "scope-description",
            AllowedDataAccessLabels = new[]
            {
                new Gcp.Chronicle.Inputs.DataAccessScopeAllowedDataAccessLabelArgs
                {
                    LogType = "GCP_CLOUDAUDIT",
                },
                new Gcp.Chronicle.Inputs.DataAccessScopeAllowedDataAccessLabelArgs
                {
                    LogType = "GITHUB",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.chronicle.DataAccessScope;
    import com.pulumi.gcp.chronicle.DataAccessScopeArgs;
    import com.pulumi.gcp.chronicle.inputs.DataAccessScopeAllowedDataAccessLabelArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataAccessScope("example", DataAccessScopeArgs.builder()
                .location("us")
                .instance("00000000-0000-0000-0000-000000000000")
                .dataAccessScopeId("scope-id")
                .description("scope-description")
                .allowedDataAccessLabels(            
                    DataAccessScopeAllowedDataAccessLabelArgs.builder()
                        .logType("GCP_CLOUDAUDIT")
                        .build(),
                    DataAccessScopeAllowedDataAccessLabelArgs.builder()
                        .logType("GITHUB")
                        .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: gcp:chronicle:DataAccessScope
        properties:
          location: us
          instance: 00000000-0000-0000-0000-000000000000
          dataAccessScopeId: scope-id
          description: scope-description
          allowedDataAccessLabels:
            - logType: GCP_CLOUDAUDIT
            - logType: GITHUB
    

    Chronicle Dataaccessscope With Dataaccesslabel

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const customDataAccessLabel = new gcp.chronicle.DataAccessLabel("custom_data_access_label", {
        location: "us",
        instance: "00000000-0000-0000-0000-000000000000",
        dataAccessLabelId: "label-id",
        udmQuery: "principal.hostname=\"google.com\"",
    });
    const example = new gcp.chronicle.DataAccessScope("example", {
        location: "us",
        instance: "00000000-0000-0000-0000-000000000000",
        dataAccessScopeId: "scope-id",
        description: "scope-description",
        allowedDataAccessLabels: [{
            dataAccessLabel: googleChronicleDataAccessLabel.customDataAccessLabel.dataAccessLabelId,
        }],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    custom_data_access_label = gcp.chronicle.DataAccessLabel("custom_data_access_label",
        location="us",
        instance="00000000-0000-0000-0000-000000000000",
        data_access_label_id="label-id",
        udm_query="principal.hostname=\"google.com\"")
    example = gcp.chronicle.DataAccessScope("example",
        location="us",
        instance="00000000-0000-0000-0000-000000000000",
        data_access_scope_id="scope-id",
        description="scope-description",
        allowed_data_access_labels=[{
            "data_access_label": google_chronicle_data_access_label["customDataAccessLabel"]["dataAccessLabelId"],
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/chronicle"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := chronicle.NewDataAccessLabel(ctx, "custom_data_access_label", &chronicle.DataAccessLabelArgs{
    			Location:          pulumi.String("us"),
    			Instance:          pulumi.String("00000000-0000-0000-0000-000000000000"),
    			DataAccessLabelId: pulumi.String("label-id"),
    			UdmQuery:          pulumi.String("principal.hostname=\"google.com\""),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = chronicle.NewDataAccessScope(ctx, "example", &chronicle.DataAccessScopeArgs{
    			Location:          pulumi.String("us"),
    			Instance:          pulumi.String("00000000-0000-0000-0000-000000000000"),
    			DataAccessScopeId: pulumi.String("scope-id"),
    			Description:       pulumi.String("scope-description"),
    			AllowedDataAccessLabels: chronicle.DataAccessScopeAllowedDataAccessLabelArray{
    				&chronicle.DataAccessScopeAllowedDataAccessLabelArgs{
    					DataAccessLabel: pulumi.Any(googleChronicleDataAccessLabel.CustomDataAccessLabel.DataAccessLabelId),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var customDataAccessLabel = new Gcp.Chronicle.DataAccessLabel("custom_data_access_label", new()
        {
            Location = "us",
            Instance = "00000000-0000-0000-0000-000000000000",
            DataAccessLabelId = "label-id",
            UdmQuery = "principal.hostname=\"google.com\"",
        });
    
        var example = new Gcp.Chronicle.DataAccessScope("example", new()
        {
            Location = "us",
            Instance = "00000000-0000-0000-0000-000000000000",
            DataAccessScopeId = "scope-id",
            Description = "scope-description",
            AllowedDataAccessLabels = new[]
            {
                new Gcp.Chronicle.Inputs.DataAccessScopeAllowedDataAccessLabelArgs
                {
                    DataAccessLabel = googleChronicleDataAccessLabel.CustomDataAccessLabel.DataAccessLabelId,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.chronicle.DataAccessLabel;
    import com.pulumi.gcp.chronicle.DataAccessLabelArgs;
    import com.pulumi.gcp.chronicle.DataAccessScope;
    import com.pulumi.gcp.chronicle.DataAccessScopeArgs;
    import com.pulumi.gcp.chronicle.inputs.DataAccessScopeAllowedDataAccessLabelArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var customDataAccessLabel = new DataAccessLabel("customDataAccessLabel", DataAccessLabelArgs.builder()
                .location("us")
                .instance("00000000-0000-0000-0000-000000000000")
                .dataAccessLabelId("label-id")
                .udmQuery("principal.hostname=\"google.com\"")
                .build());
    
            var example = new DataAccessScope("example", DataAccessScopeArgs.builder()
                .location("us")
                .instance("00000000-0000-0000-0000-000000000000")
                .dataAccessScopeId("scope-id")
                .description("scope-description")
                .allowedDataAccessLabels(DataAccessScopeAllowedDataAccessLabelArgs.builder()
                    .dataAccessLabel(googleChronicleDataAccessLabel.customDataAccessLabel().dataAccessLabelId())
                    .build())
                .build());
    
        }
    }
    
    resources:
      customDataAccessLabel:
        type: gcp:chronicle:DataAccessLabel
        name: custom_data_access_label
        properties:
          location: us
          instance: 00000000-0000-0000-0000-000000000000
          dataAccessLabelId: label-id
          udmQuery: principal.hostname="google.com"
      example:
        type: gcp:chronicle:DataAccessScope
        properties:
          location: us
          instance: 00000000-0000-0000-0000-000000000000
          dataAccessScopeId: scope-id
          description: scope-description
          allowedDataAccessLabels:
            - dataAccessLabel: ${googleChronicleDataAccessLabel.customDataAccessLabel.dataAccessLabelId}
    

    Chronicle Dataaccessscope With Asset Namespace

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const example = new gcp.chronicle.DataAccessScope("example", {
        location: "us",
        instance: "00000000-0000-0000-0000-000000000000",
        dataAccessScopeId: "scope-id",
        description: "scope-description",
        allowedDataAccessLabels: [{
            assetNamespace: "my-namespace",
        }],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    example = gcp.chronicle.DataAccessScope("example",
        location="us",
        instance="00000000-0000-0000-0000-000000000000",
        data_access_scope_id="scope-id",
        description="scope-description",
        allowed_data_access_labels=[{
            "asset_namespace": "my-namespace",
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/chronicle"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := chronicle.NewDataAccessScope(ctx, "example", &chronicle.DataAccessScopeArgs{
    			Location:          pulumi.String("us"),
    			Instance:          pulumi.String("00000000-0000-0000-0000-000000000000"),
    			DataAccessScopeId: pulumi.String("scope-id"),
    			Description:       pulumi.String("scope-description"),
    			AllowedDataAccessLabels: chronicle.DataAccessScopeAllowedDataAccessLabelArray{
    				&chronicle.DataAccessScopeAllowedDataAccessLabelArgs{
    					AssetNamespace: pulumi.String("my-namespace"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Gcp.Chronicle.DataAccessScope("example", new()
        {
            Location = "us",
            Instance = "00000000-0000-0000-0000-000000000000",
            DataAccessScopeId = "scope-id",
            Description = "scope-description",
            AllowedDataAccessLabels = new[]
            {
                new Gcp.Chronicle.Inputs.DataAccessScopeAllowedDataAccessLabelArgs
                {
                    AssetNamespace = "my-namespace",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.chronicle.DataAccessScope;
    import com.pulumi.gcp.chronicle.DataAccessScopeArgs;
    import com.pulumi.gcp.chronicle.inputs.DataAccessScopeAllowedDataAccessLabelArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataAccessScope("example", DataAccessScopeArgs.builder()
                .location("us")
                .instance("00000000-0000-0000-0000-000000000000")
                .dataAccessScopeId("scope-id")
                .description("scope-description")
                .allowedDataAccessLabels(DataAccessScopeAllowedDataAccessLabelArgs.builder()
                    .assetNamespace("my-namespace")
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: gcp:chronicle:DataAccessScope
        properties:
          location: us
          instance: 00000000-0000-0000-0000-000000000000
          dataAccessScopeId: scope-id
          description: scope-description
          allowedDataAccessLabels:
            - assetNamespace: my-namespace
    

    Chronicle Dataaccessscope With Ingestion Label

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const example = new gcp.chronicle.DataAccessScope("example", {
        location: "us",
        instance: "00000000-0000-0000-0000-000000000000",
        dataAccessScopeId: "scope-id",
        description: "scope-description",
        allowedDataAccessLabels: [{
            ingestionLabel: {
                ingestionLabelKey: "ingestion_key",
                ingestionLabelValue: "ingestion_value",
            },
        }],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    example = gcp.chronicle.DataAccessScope("example",
        location="us",
        instance="00000000-0000-0000-0000-000000000000",
        data_access_scope_id="scope-id",
        description="scope-description",
        allowed_data_access_labels=[{
            "ingestion_label": {
                "ingestion_label_key": "ingestion_key",
                "ingestion_label_value": "ingestion_value",
            },
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/chronicle"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := chronicle.NewDataAccessScope(ctx, "example", &chronicle.DataAccessScopeArgs{
    			Location:          pulumi.String("us"),
    			Instance:          pulumi.String("00000000-0000-0000-0000-000000000000"),
    			DataAccessScopeId: pulumi.String("scope-id"),
    			Description:       pulumi.String("scope-description"),
    			AllowedDataAccessLabels: chronicle.DataAccessScopeAllowedDataAccessLabelArray{
    				&chronicle.DataAccessScopeAllowedDataAccessLabelArgs{
    					IngestionLabel: &chronicle.DataAccessScopeAllowedDataAccessLabelIngestionLabelArgs{
    						IngestionLabelKey:   pulumi.String("ingestion_key"),
    						IngestionLabelValue: pulumi.String("ingestion_value"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Gcp.Chronicle.DataAccessScope("example", new()
        {
            Location = "us",
            Instance = "00000000-0000-0000-0000-000000000000",
            DataAccessScopeId = "scope-id",
            Description = "scope-description",
            AllowedDataAccessLabels = new[]
            {
                new Gcp.Chronicle.Inputs.DataAccessScopeAllowedDataAccessLabelArgs
                {
                    IngestionLabel = new Gcp.Chronicle.Inputs.DataAccessScopeAllowedDataAccessLabelIngestionLabelArgs
                    {
                        IngestionLabelKey = "ingestion_key",
                        IngestionLabelValue = "ingestion_value",
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.chronicle.DataAccessScope;
    import com.pulumi.gcp.chronicle.DataAccessScopeArgs;
    import com.pulumi.gcp.chronicle.inputs.DataAccessScopeAllowedDataAccessLabelArgs;
    import com.pulumi.gcp.chronicle.inputs.DataAccessScopeAllowedDataAccessLabelIngestionLabelArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new DataAccessScope("example", DataAccessScopeArgs.builder()
                .location("us")
                .instance("00000000-0000-0000-0000-000000000000")
                .dataAccessScopeId("scope-id")
                .description("scope-description")
                .allowedDataAccessLabels(DataAccessScopeAllowedDataAccessLabelArgs.builder()
                    .ingestionLabel(DataAccessScopeAllowedDataAccessLabelIngestionLabelArgs.builder()
                        .ingestionLabelKey("ingestion_key")
                        .ingestionLabelValue("ingestion_value")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: gcp:chronicle:DataAccessScope
        properties:
          location: us
          instance: 00000000-0000-0000-0000-000000000000
          dataAccessScopeId: scope-id
          description: scope-description
          allowedDataAccessLabels:
            - ingestionLabel:
                ingestionLabelKey: ingestion_key
                ingestionLabelValue: ingestion_value
    

    Chronicle Dataaccessscope With Denied Labels

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const customDataAccessLabel = new gcp.chronicle.DataAccessLabel("custom_data_access_label", {
        location: "us",
        instance: "00000000-0000-0000-0000-000000000000",
        dataAccessLabelId: "label-id",
        udmQuery: "principal.hostname=\"google.com\"",
    });
    const example = new gcp.chronicle.DataAccessScope("example", {
        location: "us",
        instance: "00000000-0000-0000-0000-000000000000",
        dataAccessScopeId: "scope-id",
        description: "scope-description",
        allowAll: true,
        deniedDataAccessLabels: [
            {
                logType: "GCP_CLOUDAUDIT",
            },
            {
                dataAccessLabel: googleChronicleDataAccessLabel.customDataAccessLabel.dataAccessLabelId,
            },
            {
                ingestionLabel: {
                    ingestionLabelKey: "ingestion_key",
                    ingestionLabelValue: "ingestion_value",
                },
            },
            {
                assetNamespace: "my-namespace",
            },
        ],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    custom_data_access_label = gcp.chronicle.DataAccessLabel("custom_data_access_label",
        location="us",
        instance="00000000-0000-0000-0000-000000000000",
        data_access_label_id="label-id",
        udm_query="principal.hostname=\"google.com\"")
    example = gcp.chronicle.DataAccessScope("example",
        location="us",
        instance="00000000-0000-0000-0000-000000000000",
        data_access_scope_id="scope-id",
        description="scope-description",
        allow_all=True,
        denied_data_access_labels=[
            {
                "log_type": "GCP_CLOUDAUDIT",
            },
            {
                "data_access_label": google_chronicle_data_access_label["customDataAccessLabel"]["dataAccessLabelId"],
            },
            {
                "ingestion_label": {
                    "ingestion_label_key": "ingestion_key",
                    "ingestion_label_value": "ingestion_value",
                },
            },
            {
                "asset_namespace": "my-namespace",
            },
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/chronicle"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := chronicle.NewDataAccessLabel(ctx, "custom_data_access_label", &chronicle.DataAccessLabelArgs{
    			Location:          pulumi.String("us"),
    			Instance:          pulumi.String("00000000-0000-0000-0000-000000000000"),
    			DataAccessLabelId: pulumi.String("label-id"),
    			UdmQuery:          pulumi.String("principal.hostname=\"google.com\""),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = chronicle.NewDataAccessScope(ctx, "example", &chronicle.DataAccessScopeArgs{
    			Location:          pulumi.String("us"),
    			Instance:          pulumi.String("00000000-0000-0000-0000-000000000000"),
    			DataAccessScopeId: pulumi.String("scope-id"),
    			Description:       pulumi.String("scope-description"),
    			AllowAll:          pulumi.Bool(true),
    			DeniedDataAccessLabels: chronicle.DataAccessScopeDeniedDataAccessLabelArray{
    				&chronicle.DataAccessScopeDeniedDataAccessLabelArgs{
    					LogType: pulumi.String("GCP_CLOUDAUDIT"),
    				},
    				&chronicle.DataAccessScopeDeniedDataAccessLabelArgs{
    					DataAccessLabel: pulumi.Any(googleChronicleDataAccessLabel.CustomDataAccessLabel.DataAccessLabelId),
    				},
    				&chronicle.DataAccessScopeDeniedDataAccessLabelArgs{
    					IngestionLabel: &chronicle.DataAccessScopeDeniedDataAccessLabelIngestionLabelArgs{
    						IngestionLabelKey:   pulumi.String("ingestion_key"),
    						IngestionLabelValue: pulumi.String("ingestion_value"),
    					},
    				},
    				&chronicle.DataAccessScopeDeniedDataAccessLabelArgs{
    					AssetNamespace: pulumi.String("my-namespace"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var customDataAccessLabel = new Gcp.Chronicle.DataAccessLabel("custom_data_access_label", new()
        {
            Location = "us",
            Instance = "00000000-0000-0000-0000-000000000000",
            DataAccessLabelId = "label-id",
            UdmQuery = "principal.hostname=\"google.com\"",
        });
    
        var example = new Gcp.Chronicle.DataAccessScope("example", new()
        {
            Location = "us",
            Instance = "00000000-0000-0000-0000-000000000000",
            DataAccessScopeId = "scope-id",
            Description = "scope-description",
            AllowAll = true,
            DeniedDataAccessLabels = new[]
            {
                new Gcp.Chronicle.Inputs.DataAccessScopeDeniedDataAccessLabelArgs
                {
                    LogType = "GCP_CLOUDAUDIT",
                },
                new Gcp.Chronicle.Inputs.DataAccessScopeDeniedDataAccessLabelArgs
                {
                    DataAccessLabel = googleChronicleDataAccessLabel.CustomDataAccessLabel.DataAccessLabelId,
                },
                new Gcp.Chronicle.Inputs.DataAccessScopeDeniedDataAccessLabelArgs
                {
                    IngestionLabel = new Gcp.Chronicle.Inputs.DataAccessScopeDeniedDataAccessLabelIngestionLabelArgs
                    {
                        IngestionLabelKey = "ingestion_key",
                        IngestionLabelValue = "ingestion_value",
                    },
                },
                new Gcp.Chronicle.Inputs.DataAccessScopeDeniedDataAccessLabelArgs
                {
                    AssetNamespace = "my-namespace",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.chronicle.DataAccessLabel;
    import com.pulumi.gcp.chronicle.DataAccessLabelArgs;
    import com.pulumi.gcp.chronicle.DataAccessScope;
    import com.pulumi.gcp.chronicle.DataAccessScopeArgs;
    import com.pulumi.gcp.chronicle.inputs.DataAccessScopeDeniedDataAccessLabelArgs;
    import com.pulumi.gcp.chronicle.inputs.DataAccessScopeDeniedDataAccessLabelIngestionLabelArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var customDataAccessLabel = new DataAccessLabel("customDataAccessLabel", DataAccessLabelArgs.builder()
                .location("us")
                .instance("00000000-0000-0000-0000-000000000000")
                .dataAccessLabelId("label-id")
                .udmQuery("principal.hostname=\"google.com\"")
                .build());
    
            var example = new DataAccessScope("example", DataAccessScopeArgs.builder()
                .location("us")
                .instance("00000000-0000-0000-0000-000000000000")
                .dataAccessScopeId("scope-id")
                .description("scope-description")
                .allowAll(true)
                .deniedDataAccessLabels(            
                    DataAccessScopeDeniedDataAccessLabelArgs.builder()
                        .logType("GCP_CLOUDAUDIT")
                        .build(),
                    DataAccessScopeDeniedDataAccessLabelArgs.builder()
                        .dataAccessLabel(googleChronicleDataAccessLabel.customDataAccessLabel().dataAccessLabelId())
                        .build(),
                    DataAccessScopeDeniedDataAccessLabelArgs.builder()
                        .ingestionLabel(DataAccessScopeDeniedDataAccessLabelIngestionLabelArgs.builder()
                            .ingestionLabelKey("ingestion_key")
                            .ingestionLabelValue("ingestion_value")
                            .build())
                        .build(),
                    DataAccessScopeDeniedDataAccessLabelArgs.builder()
                        .assetNamespace("my-namespace")
                        .build())
                .build());
    
        }
    }
    
    resources:
      customDataAccessLabel:
        type: gcp:chronicle:DataAccessLabel
        name: custom_data_access_label
        properties:
          location: us
          instance: 00000000-0000-0000-0000-000000000000
          dataAccessLabelId: label-id
          udmQuery: principal.hostname="google.com"
      example:
        type: gcp:chronicle:DataAccessScope
        properties:
          location: us
          instance: 00000000-0000-0000-0000-000000000000
          dataAccessScopeId: scope-id
          description: scope-description
          allowAll: true
          deniedDataAccessLabels:
            - logType: GCP_CLOUDAUDIT
            - dataAccessLabel: ${googleChronicleDataAccessLabel.customDataAccessLabel.dataAccessLabelId}
            - ingestionLabel:
                ingestionLabelKey: ingestion_key
                ingestionLabelValue: ingestion_value
            - assetNamespace: my-namespace
    

    Create DataAccessScope Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DataAccessScope(name: string, args: DataAccessScopeArgs, opts?: CustomResourceOptions);
    @overload
    def DataAccessScope(resource_name: str,
                        args: DataAccessScopeArgs,
                        opts: Optional[ResourceOptions] = None)
    
    @overload
    def DataAccessScope(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        data_access_scope_id: Optional[str] = None,
                        instance: Optional[str] = None,
                        location: Optional[str] = None,
                        allow_all: Optional[bool] = None,
                        allowed_data_access_labels: Optional[Sequence[DataAccessScopeAllowedDataAccessLabelArgs]] = None,
                        denied_data_access_labels: Optional[Sequence[DataAccessScopeDeniedDataAccessLabelArgs]] = None,
                        description: Optional[str] = None,
                        project: Optional[str] = None)
    func NewDataAccessScope(ctx *Context, name string, args DataAccessScopeArgs, opts ...ResourceOption) (*DataAccessScope, error)
    public DataAccessScope(string name, DataAccessScopeArgs args, CustomResourceOptions? opts = null)
    public DataAccessScope(String name, DataAccessScopeArgs args)
    public DataAccessScope(String name, DataAccessScopeArgs args, CustomResourceOptions options)
    
    type: gcp:chronicle:DataAccessScope
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DataAccessScopeArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DataAccessScopeArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DataAccessScopeArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DataAccessScopeArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DataAccessScopeArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var dataAccessScopeResource = new Gcp.Chronicle.DataAccessScope("dataAccessScopeResource", new()
    {
        DataAccessScopeId = "string",
        Instance = "string",
        Location = "string",
        AllowAll = false,
        AllowedDataAccessLabels = new[]
        {
            new Gcp.Chronicle.Inputs.DataAccessScopeAllowedDataAccessLabelArgs
            {
                AssetNamespace = "string",
                DataAccessLabel = "string",
                DisplayName = "string",
                IngestionLabel = new Gcp.Chronicle.Inputs.DataAccessScopeAllowedDataAccessLabelIngestionLabelArgs
                {
                    IngestionLabelKey = "string",
                    IngestionLabelValue = "string",
                },
                LogType = "string",
            },
        },
        DeniedDataAccessLabels = new[]
        {
            new Gcp.Chronicle.Inputs.DataAccessScopeDeniedDataAccessLabelArgs
            {
                AssetNamespace = "string",
                DataAccessLabel = "string",
                DisplayName = "string",
                IngestionLabel = new Gcp.Chronicle.Inputs.DataAccessScopeDeniedDataAccessLabelIngestionLabelArgs
                {
                    IngestionLabelKey = "string",
                    IngestionLabelValue = "string",
                },
                LogType = "string",
            },
        },
        Description = "string",
        Project = "string",
    });
    
    example, err := chronicle.NewDataAccessScope(ctx, "dataAccessScopeResource", &chronicle.DataAccessScopeArgs{
    	DataAccessScopeId: pulumi.String("string"),
    	Instance:          pulumi.String("string"),
    	Location:          pulumi.String("string"),
    	AllowAll:          pulumi.Bool(false),
    	AllowedDataAccessLabels: chronicle.DataAccessScopeAllowedDataAccessLabelArray{
    		&chronicle.DataAccessScopeAllowedDataAccessLabelArgs{
    			AssetNamespace:  pulumi.String("string"),
    			DataAccessLabel: pulumi.String("string"),
    			DisplayName:     pulumi.String("string"),
    			IngestionLabel: &chronicle.DataAccessScopeAllowedDataAccessLabelIngestionLabelArgs{
    				IngestionLabelKey:   pulumi.String("string"),
    				IngestionLabelValue: pulumi.String("string"),
    			},
    			LogType: pulumi.String("string"),
    		},
    	},
    	DeniedDataAccessLabels: chronicle.DataAccessScopeDeniedDataAccessLabelArray{
    		&chronicle.DataAccessScopeDeniedDataAccessLabelArgs{
    			AssetNamespace:  pulumi.String("string"),
    			DataAccessLabel: pulumi.String("string"),
    			DisplayName:     pulumi.String("string"),
    			IngestionLabel: &chronicle.DataAccessScopeDeniedDataAccessLabelIngestionLabelArgs{
    				IngestionLabelKey:   pulumi.String("string"),
    				IngestionLabelValue: pulumi.String("string"),
    			},
    			LogType: pulumi.String("string"),
    		},
    	},
    	Description: pulumi.String("string"),
    	Project:     pulumi.String("string"),
    })
    
    var dataAccessScopeResource = new DataAccessScope("dataAccessScopeResource", DataAccessScopeArgs.builder()
        .dataAccessScopeId("string")
        .instance("string")
        .location("string")
        .allowAll(false)
        .allowedDataAccessLabels(DataAccessScopeAllowedDataAccessLabelArgs.builder()
            .assetNamespace("string")
            .dataAccessLabel("string")
            .displayName("string")
            .ingestionLabel(DataAccessScopeAllowedDataAccessLabelIngestionLabelArgs.builder()
                .ingestionLabelKey("string")
                .ingestionLabelValue("string")
                .build())
            .logType("string")
            .build())
        .deniedDataAccessLabels(DataAccessScopeDeniedDataAccessLabelArgs.builder()
            .assetNamespace("string")
            .dataAccessLabel("string")
            .displayName("string")
            .ingestionLabel(DataAccessScopeDeniedDataAccessLabelIngestionLabelArgs.builder()
                .ingestionLabelKey("string")
                .ingestionLabelValue("string")
                .build())
            .logType("string")
            .build())
        .description("string")
        .project("string")
        .build());
    
    data_access_scope_resource = gcp.chronicle.DataAccessScope("dataAccessScopeResource",
        data_access_scope_id="string",
        instance="string",
        location="string",
        allow_all=False,
        allowed_data_access_labels=[{
            "asset_namespace": "string",
            "data_access_label": "string",
            "display_name": "string",
            "ingestion_label": {
                "ingestion_label_key": "string",
                "ingestion_label_value": "string",
            },
            "log_type": "string",
        }],
        denied_data_access_labels=[{
            "asset_namespace": "string",
            "data_access_label": "string",
            "display_name": "string",
            "ingestion_label": {
                "ingestion_label_key": "string",
                "ingestion_label_value": "string",
            },
            "log_type": "string",
        }],
        description="string",
        project="string")
    
    const dataAccessScopeResource = new gcp.chronicle.DataAccessScope("dataAccessScopeResource", {
        dataAccessScopeId: "string",
        instance: "string",
        location: "string",
        allowAll: false,
        allowedDataAccessLabels: [{
            assetNamespace: "string",
            dataAccessLabel: "string",
            displayName: "string",
            ingestionLabel: {
                ingestionLabelKey: "string",
                ingestionLabelValue: "string",
            },
            logType: "string",
        }],
        deniedDataAccessLabels: [{
            assetNamespace: "string",
            dataAccessLabel: "string",
            displayName: "string",
            ingestionLabel: {
                ingestionLabelKey: "string",
                ingestionLabelValue: "string",
            },
            logType: "string",
        }],
        description: "string",
        project: "string",
    });
    
    type: gcp:chronicle:DataAccessScope
    properties:
        allowAll: false
        allowedDataAccessLabels:
            - assetNamespace: string
              dataAccessLabel: string
              displayName: string
              ingestionLabel:
                ingestionLabelKey: string
                ingestionLabelValue: string
              logType: string
        dataAccessScopeId: string
        deniedDataAccessLabels:
            - assetNamespace: string
              dataAccessLabel: string
              displayName: string
              ingestionLabel:
                ingestionLabelKey: string
                ingestionLabelValue: string
              logType: string
        description: string
        instance: string
        location: string
        project: string
    

    DataAccessScope Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The DataAccessScope resource accepts the following input properties:

    DataAccessScopeId string
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    Instance string
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    Location string
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    AllowAll bool
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    AllowedDataAccessLabels List<DataAccessScopeAllowedDataAccessLabel>
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    DeniedDataAccessLabels List<DataAccessScopeDeniedDataAccessLabel>
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    Description string
    Optional. A description of the data access scope for a human reader.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    DataAccessScopeId string
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    Instance string
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    Location string
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    AllowAll bool
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    AllowedDataAccessLabels []DataAccessScopeAllowedDataAccessLabelArgs
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    DeniedDataAccessLabels []DataAccessScopeDeniedDataAccessLabelArgs
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    Description string
    Optional. A description of the data access scope for a human reader.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    dataAccessScopeId String
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    instance String
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    location String
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    allowAll Boolean
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    allowedDataAccessLabels List<DataAccessScopeAllowedDataAccessLabel>
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    deniedDataAccessLabels List<DataAccessScopeDeniedDataAccessLabel>
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    description String
    Optional. A description of the data access scope for a human reader.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    dataAccessScopeId string
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    instance string
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    location string
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    allowAll boolean
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    allowedDataAccessLabels DataAccessScopeAllowedDataAccessLabel[]
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    deniedDataAccessLabels DataAccessScopeDeniedDataAccessLabel[]
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    description string
    Optional. A description of the data access scope for a human reader.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    data_access_scope_id str
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    instance str
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    location str
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    allow_all bool
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    allowed_data_access_labels Sequence[DataAccessScopeAllowedDataAccessLabelArgs]
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    denied_data_access_labels Sequence[DataAccessScopeDeniedDataAccessLabelArgs]
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    description str
    Optional. A description of the data access scope for a human reader.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    dataAccessScopeId String
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    instance String
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    location String
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    allowAll Boolean
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    allowedDataAccessLabels List<Property Map>
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    deniedDataAccessLabels List<Property Map>
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    description String
    Optional. A description of the data access scope for a human reader.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DataAccessScope resource produces the following output properties:

    Author string
    Output only. The user who created the data access scope.
    CreateTime string
    Output only. The time at which the data access scope was created.
    DisplayName string
    Output only. The name to be used for display to customers of the data access scope.
    Id string
    The provider-assigned unique ID for this managed resource.
    LastEditor string
    Output only. The user who last updated the data access scope.
    Name string
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    UpdateTime string
    Output only. The time at which the data access scope was last updated.
    Author string
    Output only. The user who created the data access scope.
    CreateTime string
    Output only. The time at which the data access scope was created.
    DisplayName string
    Output only. The name to be used for display to customers of the data access scope.
    Id string
    The provider-assigned unique ID for this managed resource.
    LastEditor string
    Output only. The user who last updated the data access scope.
    Name string
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    UpdateTime string
    Output only. The time at which the data access scope was last updated.
    author String
    Output only. The user who created the data access scope.
    createTime String
    Output only. The time at which the data access scope was created.
    displayName String
    Output only. The name to be used for display to customers of the data access scope.
    id String
    The provider-assigned unique ID for this managed resource.
    lastEditor String
    Output only. The user who last updated the data access scope.
    name String
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    updateTime String
    Output only. The time at which the data access scope was last updated.
    author string
    Output only. The user who created the data access scope.
    createTime string
    Output only. The time at which the data access scope was created.
    displayName string
    Output only. The name to be used for display to customers of the data access scope.
    id string
    The provider-assigned unique ID for this managed resource.
    lastEditor string
    Output only. The user who last updated the data access scope.
    name string
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    updateTime string
    Output only. The time at which the data access scope was last updated.
    author str
    Output only. The user who created the data access scope.
    create_time str
    Output only. The time at which the data access scope was created.
    display_name str
    Output only. The name to be used for display to customers of the data access scope.
    id str
    The provider-assigned unique ID for this managed resource.
    last_editor str
    Output only. The user who last updated the data access scope.
    name str
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    update_time str
    Output only. The time at which the data access scope was last updated.
    author String
    Output only. The user who created the data access scope.
    createTime String
    Output only. The time at which the data access scope was created.
    displayName String
    Output only. The name to be used for display to customers of the data access scope.
    id String
    The provider-assigned unique ID for this managed resource.
    lastEditor String
    Output only. The user who last updated the data access scope.
    name String
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    updateTime String
    Output only. The time at which the data access scope was last updated.

    Look up Existing DataAccessScope Resource

    Get an existing DataAccessScope resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DataAccessScopeState, opts?: CustomResourceOptions): DataAccessScope
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allow_all: Optional[bool] = None,
            allowed_data_access_labels: Optional[Sequence[DataAccessScopeAllowedDataAccessLabelArgs]] = None,
            author: Optional[str] = None,
            create_time: Optional[str] = None,
            data_access_scope_id: Optional[str] = None,
            denied_data_access_labels: Optional[Sequence[DataAccessScopeDeniedDataAccessLabelArgs]] = None,
            description: Optional[str] = None,
            display_name: Optional[str] = None,
            instance: Optional[str] = None,
            last_editor: Optional[str] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            project: Optional[str] = None,
            update_time: Optional[str] = None) -> DataAccessScope
    func GetDataAccessScope(ctx *Context, name string, id IDInput, state *DataAccessScopeState, opts ...ResourceOption) (*DataAccessScope, error)
    public static DataAccessScope Get(string name, Input<string> id, DataAccessScopeState? state, CustomResourceOptions? opts = null)
    public static DataAccessScope get(String name, Output<String> id, DataAccessScopeState state, CustomResourceOptions options)
    resources:  _:    type: gcp:chronicle:DataAccessScope    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowAll bool
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    AllowedDataAccessLabels List<DataAccessScopeAllowedDataAccessLabel>
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    Author string
    Output only. The user who created the data access scope.
    CreateTime string
    Output only. The time at which the data access scope was created.
    DataAccessScopeId string
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    DeniedDataAccessLabels List<DataAccessScopeDeniedDataAccessLabel>
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    Description string
    Optional. A description of the data access scope for a human reader.
    DisplayName string
    Output only. The name to be used for display to customers of the data access scope.
    Instance string
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    LastEditor string
    Output only. The user who last updated the data access scope.
    Location string
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    Name string
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    UpdateTime string
    Output only. The time at which the data access scope was last updated.
    AllowAll bool
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    AllowedDataAccessLabels []DataAccessScopeAllowedDataAccessLabelArgs
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    Author string
    Output only. The user who created the data access scope.
    CreateTime string
    Output only. The time at which the data access scope was created.
    DataAccessScopeId string
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    DeniedDataAccessLabels []DataAccessScopeDeniedDataAccessLabelArgs
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    Description string
    Optional. A description of the data access scope for a human reader.
    DisplayName string
    Output only. The name to be used for display to customers of the data access scope.
    Instance string
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    LastEditor string
    Output only. The user who last updated the data access scope.
    Location string
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    Name string
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    UpdateTime string
    Output only. The time at which the data access scope was last updated.
    allowAll Boolean
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    allowedDataAccessLabels List<DataAccessScopeAllowedDataAccessLabel>
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    author String
    Output only. The user who created the data access scope.
    createTime String
    Output only. The time at which the data access scope was created.
    dataAccessScopeId String
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    deniedDataAccessLabels List<DataAccessScopeDeniedDataAccessLabel>
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    description String
    Optional. A description of the data access scope for a human reader.
    displayName String
    Output only. The name to be used for display to customers of the data access scope.
    instance String
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    lastEditor String
    Output only. The user who last updated the data access scope.
    location String
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    name String
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    updateTime String
    Output only. The time at which the data access scope was last updated.
    allowAll boolean
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    allowedDataAccessLabels DataAccessScopeAllowedDataAccessLabel[]
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    author string
    Output only. The user who created the data access scope.
    createTime string
    Output only. The time at which the data access scope was created.
    dataAccessScopeId string
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    deniedDataAccessLabels DataAccessScopeDeniedDataAccessLabel[]
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    description string
    Optional. A description of the data access scope for a human reader.
    displayName string
    Output only. The name to be used for display to customers of the data access scope.
    instance string
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    lastEditor string
    Output only. The user who last updated the data access scope.
    location string
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    name string
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    updateTime string
    Output only. The time at which the data access scope was last updated.
    allow_all bool
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    allowed_data_access_labels Sequence[DataAccessScopeAllowedDataAccessLabelArgs]
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    author str
    Output only. The user who created the data access scope.
    create_time str
    Output only. The time at which the data access scope was created.
    data_access_scope_id str
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    denied_data_access_labels Sequence[DataAccessScopeDeniedDataAccessLabelArgs]
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    description str
    Optional. A description of the data access scope for a human reader.
    display_name str
    Output only. The name to be used for display to customers of the data access scope.
    instance str
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    last_editor str
    Output only. The user who last updated the data access scope.
    location str
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    name str
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    update_time str
    Output only. The time at which the data access scope was last updated.
    allowAll Boolean
    Optional. Whether or not the scope allows all labels, allow_all and allowed_data_access_labels are mutually exclusive and one of them must be present. denied_data_access_labels can still be used along with allow_all. When combined with denied_data_access_labels, access will be granted to all data that doesn't have labels mentioned in denied_data_access_labels. E.g.: A customer with scope with denied labels A and B and allow_all will be able to see all data except data labeled with A and data labeled with B and data with labels A and B.
    allowedDataAccessLabels List<Property Map>
    The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. Either allow_all or allowed_data_access_labels needs to be provided. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B). Structure is documented below.
    author String
    Output only. The user who created the data access scope.
    createTime String
    Output only. The time at which the data access scope was created.
    dataAccessScopeId String
    Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122


    deniedDataAccessLabels List<Property Map>
    Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B. Structure is documented below.
    description String
    Optional. A description of the data access scope for a human reader.
    displayName String
    Output only. The name to be used for display to customers of the data access scope.
    instance String
    The unique identifier for the Chronicle instance, which is the same as the customer ID.
    lastEditor String
    Output only. The user who last updated the data access scope.
    location String
    The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
    name String
    The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id}
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    updateTime String
    Output only. The time at which the data access scope was last updated.

    Supporting Types

    DataAccessScopeAllowedDataAccessLabel, DataAccessScopeAllowedDataAccessLabelArgs

    AssetNamespace string
    The asset namespace configured in the forwarder of the customer's events.
    DataAccessLabel string
    The name of the data access label.
    DisplayName string
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    IngestionLabel DataAccessScopeAllowedDataAccessLabelIngestionLabel
    Representation of an ingestion label type. Structure is documented below.
    LogType string
    The name of the log type.
    AssetNamespace string
    The asset namespace configured in the forwarder of the customer's events.
    DataAccessLabel string
    The name of the data access label.
    DisplayName string
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    IngestionLabel DataAccessScopeAllowedDataAccessLabelIngestionLabel
    Representation of an ingestion label type. Structure is documented below.
    LogType string
    The name of the log type.
    assetNamespace String
    The asset namespace configured in the forwarder of the customer's events.
    dataAccessLabel String
    The name of the data access label.
    displayName String
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    ingestionLabel DataAccessScopeAllowedDataAccessLabelIngestionLabel
    Representation of an ingestion label type. Structure is documented below.
    logType String
    The name of the log type.
    assetNamespace string
    The asset namespace configured in the forwarder of the customer's events.
    dataAccessLabel string
    The name of the data access label.
    displayName string
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    ingestionLabel DataAccessScopeAllowedDataAccessLabelIngestionLabel
    Representation of an ingestion label type. Structure is documented below.
    logType string
    The name of the log type.
    asset_namespace str
    The asset namespace configured in the forwarder of the customer's events.
    data_access_label str
    The name of the data access label.
    display_name str
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    ingestion_label DataAccessScopeAllowedDataAccessLabelIngestionLabel
    Representation of an ingestion label type. Structure is documented below.
    log_type str
    The name of the log type.
    assetNamespace String
    The asset namespace configured in the forwarder of the customer's events.
    dataAccessLabel String
    The name of the data access label.
    displayName String
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    ingestionLabel Property Map
    Representation of an ingestion label type. Structure is documented below.
    logType String
    The name of the log type.

    DataAccessScopeAllowedDataAccessLabelIngestionLabel, DataAccessScopeAllowedDataAccessLabelIngestionLabelArgs

    IngestionLabelKey string
    Required. The key of the ingestion label. Always required.
    IngestionLabelValue string
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.
    IngestionLabelKey string
    Required. The key of the ingestion label. Always required.
    IngestionLabelValue string
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.
    ingestionLabelKey String
    Required. The key of the ingestion label. Always required.
    ingestionLabelValue String
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.
    ingestionLabelKey string
    Required. The key of the ingestion label. Always required.
    ingestionLabelValue string
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.
    ingestion_label_key str
    Required. The key of the ingestion label. Always required.
    ingestion_label_value str
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.
    ingestionLabelKey String
    Required. The key of the ingestion label. Always required.
    ingestionLabelValue String
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.

    DataAccessScopeDeniedDataAccessLabel, DataAccessScopeDeniedDataAccessLabelArgs

    AssetNamespace string
    The asset namespace configured in the forwarder of the customer's events.
    DataAccessLabel string
    The name of the data access label.
    DisplayName string
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    IngestionLabel DataAccessScopeDeniedDataAccessLabelIngestionLabel
    Representation of an ingestion label type. Structure is documented below.
    LogType string
    The name of the log type.
    AssetNamespace string
    The asset namespace configured in the forwarder of the customer's events.
    DataAccessLabel string
    The name of the data access label.
    DisplayName string
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    IngestionLabel DataAccessScopeDeniedDataAccessLabelIngestionLabel
    Representation of an ingestion label type. Structure is documented below.
    LogType string
    The name of the log type.
    assetNamespace String
    The asset namespace configured in the forwarder of the customer's events.
    dataAccessLabel String
    The name of the data access label.
    displayName String
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    ingestionLabel DataAccessScopeDeniedDataAccessLabelIngestionLabel
    Representation of an ingestion label type. Structure is documented below.
    logType String
    The name of the log type.
    assetNamespace string
    The asset namespace configured in the forwarder of the customer's events.
    dataAccessLabel string
    The name of the data access label.
    displayName string
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    ingestionLabel DataAccessScopeDeniedDataAccessLabelIngestionLabel
    Representation of an ingestion label type. Structure is documented below.
    logType string
    The name of the log type.
    asset_namespace str
    The asset namespace configured in the forwarder of the customer's events.
    data_access_label str
    The name of the data access label.
    display_name str
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    ingestion_label DataAccessScopeDeniedDataAccessLabelIngestionLabel
    Representation of an ingestion label type. Structure is documented below.
    log_type str
    The name of the log type.
    assetNamespace String
    The asset namespace configured in the forwarder of the customer's events.
    dataAccessLabel String
    The name of the data access label.
    displayName String
    (Output) Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
    ingestionLabel Property Map
    Representation of an ingestion label type. Structure is documented below.
    logType String
    The name of the log type.

    DataAccessScopeDeniedDataAccessLabelIngestionLabel, DataAccessScopeDeniedDataAccessLabelIngestionLabelArgs

    IngestionLabelKey string
    Required. The key of the ingestion label. Always required.
    IngestionLabelValue string
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.
    IngestionLabelKey string
    Required. The key of the ingestion label. Always required.
    IngestionLabelValue string
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.
    ingestionLabelKey String
    Required. The key of the ingestion label. Always required.
    ingestionLabelValue String
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.
    ingestionLabelKey string
    Required. The key of the ingestion label. Always required.
    ingestionLabelValue string
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.
    ingestion_label_key str
    Required. The key of the ingestion label. Always required.
    ingestion_label_value str
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.
    ingestionLabelKey String
    Required. The key of the ingestion label. Always required.
    ingestionLabelValue String
    Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.

    Import

    DataAccessScope can be imported using any of these accepted formats:

    • projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessScopes/{{data_access_scope_id}}

    • {{project}}/{{location}}/{{instance}}/{{data_access_scope_id}}

    • {{location}}/{{instance}}/{{data_access_scope_id}}

    When using the pulumi import command, DataAccessScope can be imported using one of the formats above. For example:

    $ pulumi import gcp:chronicle/dataAccessScope:DataAccessScope default projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessScopes/{{data_access_scope_id}}
    
    $ pulumi import gcp:chronicle/dataAccessScope:DataAccessScope default {{project}}/{{location}}/{{instance}}/{{data_access_scope_id}}
    
    $ pulumi import gcp:chronicle/dataAccessScope:DataAccessScope default {{location}}/{{instance}}/{{data_access_scope_id}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud v8.18.0 published on Tuesday, Feb 4, 2025 by Pulumi