google-native logo
Google Cloud Native v0.28.0, Feb 2 23

google-native.accesscontextmanager/v1.AccessLevel

Creates an access level. The long-running operation from this RPC has a successful status after the access level propagates to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.

Create AccessLevel Resource

new AccessLevel(name: string, args: AccessLevelArgs, opts?: CustomResourceOptions);
@overload
def AccessLevel(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                access_policy_id: Optional[str] = None,
                basic: Optional[BasicLevelArgs] = None,
                custom: Optional[CustomLevelArgs] = None,
                description: Optional[str] = None,
                name: Optional[str] = None,
                title: Optional[str] = None)
@overload
def AccessLevel(resource_name: str,
                args: AccessLevelArgs,
                opts: Optional[ResourceOptions] = None)
func NewAccessLevel(ctx *Context, name string, args AccessLevelArgs, opts ...ResourceOption) (*AccessLevel, error)
public AccessLevel(string name, AccessLevelArgs args, CustomResourceOptions? opts = null)
public AccessLevel(String name, AccessLevelArgs args)
public AccessLevel(String name, AccessLevelArgs args, CustomResourceOptions options)
type: google-native:accesscontextmanager/v1:AccessLevel
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AccessLevelArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AccessLevelArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessLevelArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessLevelArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AccessLevelArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AccessLevel Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccessLevel resource accepts the following input properties:

AccessPolicyId string
Basic Pulumi.GoogleNative.AccessContextManager.V1.Inputs.BasicLevelArgs

A BasicLevel composed of Conditions.

Custom Pulumi.GoogleNative.AccessContextManager.V1.Inputs.CustomLevelArgs

A CustomLevel written in the Common Expression Language.

Description string

Description of the AccessLevel and its use. Does not affect behavior.

Name string

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

Title string

Human readable title. Must be unique within the Policy.

AccessPolicyId string
Basic BasicLevelArgs

A BasicLevel composed of Conditions.

Custom CustomLevelArgs

A CustomLevel written in the Common Expression Language.

Description string

Description of the AccessLevel and its use. Does not affect behavior.

Name string

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

Title string

Human readable title. Must be unique within the Policy.

accessPolicyId String
basic BasicLevelArgs

A BasicLevel composed of Conditions.

custom CustomLevelArgs

A CustomLevel written in the Common Expression Language.

description String

Description of the AccessLevel and its use. Does not affect behavior.

name String

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

title String

Human readable title. Must be unique within the Policy.

accessPolicyId string
basic BasicLevelArgs

A BasicLevel composed of Conditions.

custom CustomLevelArgs

A CustomLevel written in the Common Expression Language.

description string

Description of the AccessLevel and its use. Does not affect behavior.

name string

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

title string

Human readable title. Must be unique within the Policy.

access_policy_id str
basic BasicLevelArgs

A BasicLevel composed of Conditions.

custom CustomLevelArgs

A CustomLevel written in the Common Expression Language.

description str

Description of the AccessLevel and its use. Does not affect behavior.

name str

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

title str

Human readable title. Must be unique within the Policy.

accessPolicyId String
basic Property Map

A BasicLevel composed of Conditions.

custom Property Map

A CustomLevel written in the Common Expression Language.

description String

Description of the AccessLevel and its use. Does not affect behavior.

name String

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

title String

Human readable title. Must be unique within the Policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessLevel resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Supporting Types

BasicLevel

Conditions List<Pulumi.GoogleNative.AccessContextManager.V1.Inputs.Condition>

A list of requirements for the AccessLevel to be granted.

CombiningFunction Pulumi.GoogleNative.AccessContextManager.V1.BasicLevelCombiningFunction

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

Conditions []Condition

A list of requirements for the AccessLevel to be granted.

CombiningFunction BasicLevelCombiningFunction

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions List<Condition>

A list of requirements for the AccessLevel to be granted.

combiningFunction BasicLevelCombiningFunction

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions Condition[]

A list of requirements for the AccessLevel to be granted.

combiningFunction BasicLevelCombiningFunction

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions Sequence[Condition]

A list of requirements for the AccessLevel to be granted.

combining_function BasicLevelCombiningFunction

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions List<Property Map>

A list of requirements for the AccessLevel to be granted.

combiningFunction "AND" | "OR"

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

BasicLevelCombiningFunction

And
AND

All Conditions must be true for the BasicLevel to be true.

Or
OR

If at least one Condition is true, then the BasicLevel is true.

BasicLevelCombiningFunctionAnd
AND

All Conditions must be true for the BasicLevel to be true.

BasicLevelCombiningFunctionOr
OR

If at least one Condition is true, then the BasicLevel is true.

And
AND

All Conditions must be true for the BasicLevel to be true.

Or
OR

If at least one Condition is true, then the BasicLevel is true.

And
AND

All Conditions must be true for the BasicLevel to be true.

Or
OR

If at least one Condition is true, then the BasicLevel is true.

AND_
AND

All Conditions must be true for the BasicLevel to be true.

OR_
OR

If at least one Condition is true, then the BasicLevel is true.

"AND"
AND

All Conditions must be true for the BasicLevel to be true.

"OR"
OR

If at least one Condition is true, then the BasicLevel is true.

BasicLevelResponse

CombiningFunction string

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

Conditions List<Pulumi.GoogleNative.AccessContextManager.V1.Inputs.ConditionResponse>

A list of requirements for the AccessLevel to be granted.

CombiningFunction string

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

Conditions []ConditionResponse

A list of requirements for the AccessLevel to be granted.

combiningFunction String

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions List<ConditionResponse>

A list of requirements for the AccessLevel to be granted.

combiningFunction string

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions ConditionResponse[]

A list of requirements for the AccessLevel to be granted.

combining_function str

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions Sequence[ConditionResponse]

A list of requirements for the AccessLevel to be granted.

combiningFunction String

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions List<Property Map>

A list of requirements for the AccessLevel to be granted.

Condition

DevicePolicy Pulumi.GoogleNative.AccessContextManager.V1.Inputs.DevicePolicy

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

IpSubnetworks List<string>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

Members List<string>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

Negate bool

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

Regions List<string>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

RequiredAccessLevels List<string>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

DevicePolicy DevicePolicy

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

IpSubnetworks []string

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

Members []string

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

Negate bool

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

Regions []string

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

RequiredAccessLevels []string

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy DevicePolicy

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ipSubnetworks List<String>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members List<String>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate Boolean

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions List<String>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

requiredAccessLevels List<String>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy DevicePolicy

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ipSubnetworks string[]

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members string[]

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate boolean

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions string[]

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

requiredAccessLevels string[]

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

device_policy DevicePolicy

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ip_subnetworks Sequence[str]

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members Sequence[str]

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate bool

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions Sequence[str]

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

required_access_levels Sequence[str]

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy Property Map

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ipSubnetworks List<String>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members List<String>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate Boolean

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions List<String>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

requiredAccessLevels List<String>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

ConditionResponse

DevicePolicy Pulumi.GoogleNative.AccessContextManager.V1.Inputs.DevicePolicyResponse

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

IpSubnetworks List<string>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

Members List<string>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

Negate bool

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

Regions List<string>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

RequiredAccessLevels List<string>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

DevicePolicy DevicePolicyResponse

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

IpSubnetworks []string

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

Members []string

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

Negate bool

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

Regions []string

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

RequiredAccessLevels []string

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy DevicePolicyResponse

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ipSubnetworks List<String>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members List<String>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate Boolean

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions List<String>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

requiredAccessLevels List<String>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy DevicePolicyResponse

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ipSubnetworks string[]

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members string[]

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate boolean

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions string[]

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

requiredAccessLevels string[]

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

device_policy DevicePolicyResponse

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ip_subnetworks Sequence[str]

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members Sequence[str]

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate bool

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions Sequence[str]

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

required_access_levels Sequence[str]

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy Property Map

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ipSubnetworks List<String>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members List<String>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate Boolean

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions List<String>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

requiredAccessLevels List<String>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

CustomLevel

Expr Pulumi.GoogleNative.AccessContextManager.V1.Inputs.Expr

A Cloud CEL expression evaluating to a boolean.

Expr Expr

A Cloud CEL expression evaluating to a boolean.

expr Expr

A Cloud CEL expression evaluating to a boolean.

expr Expr

A Cloud CEL expression evaluating to a boolean.

expr Expr

A Cloud CEL expression evaluating to a boolean.

expr Property Map

A Cloud CEL expression evaluating to a boolean.

CustomLevelResponse

Expr Pulumi.GoogleNative.AccessContextManager.V1.Inputs.ExprResponse

A Cloud CEL expression evaluating to a boolean.

Expr ExprResponse

A Cloud CEL expression evaluating to a boolean.

expr ExprResponse

A Cloud CEL expression evaluating to a boolean.

expr ExprResponse

A Cloud CEL expression evaluating to a boolean.

expr ExprResponse

A Cloud CEL expression evaluating to a boolean.

expr Property Map

A Cloud CEL expression evaluating to a boolean.

DevicePolicy

AllowedDeviceManagementLevels List<Pulumi.GoogleNative.AccessContextManager.V1.DevicePolicyAllowedDeviceManagementLevelsItem>

Allowed device management levels, an empty list allows all management levels.

AllowedEncryptionStatuses List<Pulumi.GoogleNative.AccessContextManager.V1.DevicePolicyAllowedEncryptionStatusesItem>

Allowed encryptions statuses, an empty list allows all statuses.

OsConstraints List<Pulumi.GoogleNative.AccessContextManager.V1.Inputs.OsConstraint>

Allowed OS versions, an empty list allows all types and all versions.

RequireAdminApproval bool

Whether the device needs to be approved by the customer admin.

RequireCorpOwned bool

Whether the device needs to be corp owned.

RequireScreenlock bool

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

AllowedDeviceManagementLevels []DevicePolicyAllowedDeviceManagementLevelsItem

Allowed device management levels, an empty list allows all management levels.

AllowedEncryptionStatuses []DevicePolicyAllowedEncryptionStatusesItem

Allowed encryptions statuses, an empty list allows all statuses.

OsConstraints []OsConstraint

Allowed OS versions, an empty list allows all types and all versions.

RequireAdminApproval bool

Whether the device needs to be approved by the customer admin.

RequireCorpOwned bool

Whether the device needs to be corp owned.

RequireScreenlock bool

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels List<DevicePolicyAllowedDeviceManagementLevelsItem>

Allowed device management levels, an empty list allows all management levels.

allowedEncryptionStatuses List<DevicePolicyAllowedEncryptionStatusesItem>

Allowed encryptions statuses, an empty list allows all statuses.

osConstraints List<OsConstraint>

Allowed OS versions, an empty list allows all types and all versions.

requireAdminApproval Boolean

Whether the device needs to be approved by the customer admin.

requireCorpOwned Boolean

Whether the device needs to be corp owned.

requireScreenlock Boolean

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels DevicePolicyAllowedDeviceManagementLevelsItem[]

Allowed device management levels, an empty list allows all management levels.

allowedEncryptionStatuses DevicePolicyAllowedEncryptionStatusesItem[]

Allowed encryptions statuses, an empty list allows all statuses.

osConstraints OsConstraint[]

Allowed OS versions, an empty list allows all types and all versions.

requireAdminApproval boolean

Whether the device needs to be approved by the customer admin.

requireCorpOwned boolean

Whether the device needs to be corp owned.

requireScreenlock boolean

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowed_device_management_levels Sequence[DevicePolicyAllowedDeviceManagementLevelsItem]

Allowed device management levels, an empty list allows all management levels.

allowed_encryption_statuses Sequence[DevicePolicyAllowedEncryptionStatusesItem]

Allowed encryptions statuses, an empty list allows all statuses.

os_constraints Sequence[OsConstraint]

Allowed OS versions, an empty list allows all types and all versions.

require_admin_approval bool

Whether the device needs to be approved by the customer admin.

require_corp_owned bool

Whether the device needs to be corp owned.

require_screenlock bool

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels List<"MANAGEMENT_UNSPECIFIED" | "NONE" | "BASIC" | "COMPLETE">

Allowed device management levels, an empty list allows all management levels.

allowedEncryptionStatuses List<"ENCRYPTION_UNSPECIFIED" | "ENCRYPTION_UNSUPPORTED" | "UNENCRYPTED" | "ENCRYPTED">

Allowed encryptions statuses, an empty list allows all statuses.

osConstraints List<Property Map>

Allowed OS versions, an empty list allows all types and all versions.

requireAdminApproval Boolean

Whether the device needs to be approved by the customer admin.

requireCorpOwned Boolean

Whether the device needs to be corp owned.

requireScreenlock Boolean

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

DevicePolicyAllowedDeviceManagementLevelsItem

ManagementUnspecified
MANAGEMENT_UNSPECIFIED

The device's management level is not specified or not known.

None
NONE

The device is not managed.

Basic
BASIC

Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.

Complete
COMPLETE

Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

DevicePolicyAllowedDeviceManagementLevelsItemManagementUnspecified
MANAGEMENT_UNSPECIFIED

The device's management level is not specified or not known.

DevicePolicyAllowedDeviceManagementLevelsItemNone
NONE

The device is not managed.

DevicePolicyAllowedDeviceManagementLevelsItemBasic
BASIC

Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.

DevicePolicyAllowedDeviceManagementLevelsItemComplete
COMPLETE

Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

ManagementUnspecified
MANAGEMENT_UNSPECIFIED

The device's management level is not specified or not known.

None
NONE

The device is not managed.

Basic
BASIC

Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.

Complete
COMPLETE

Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

ManagementUnspecified
MANAGEMENT_UNSPECIFIED

The device's management level is not specified or not known.

None
NONE

The device is not managed.

Basic
BASIC

Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.

Complete
COMPLETE

Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

MANAGEMENT_UNSPECIFIED
MANAGEMENT_UNSPECIFIED

The device's management level is not specified or not known.

NONE
NONE

The device is not managed.

BASIC
BASIC

Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.

COMPLETE
COMPLETE

Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

"MANAGEMENT_UNSPECIFIED"
MANAGEMENT_UNSPECIFIED

The device's management level is not specified or not known.

"NONE"
NONE

The device is not managed.

"BASIC"
BASIC

Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.

"COMPLETE"
COMPLETE

Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.

DevicePolicyAllowedEncryptionStatusesItem

EncryptionUnspecified
ENCRYPTION_UNSPECIFIED

The encryption status of the device is not specified or not known.

EncryptionUnsupported
ENCRYPTION_UNSUPPORTED

The device does not support encryption.

Unencrypted
UNENCRYPTED

The device supports encryption, but is currently unencrypted.

Encrypted
ENCRYPTED

The device is encrypted.

DevicePolicyAllowedEncryptionStatusesItemEncryptionUnspecified
ENCRYPTION_UNSPECIFIED

The encryption status of the device is not specified or not known.

DevicePolicyAllowedEncryptionStatusesItemEncryptionUnsupported
ENCRYPTION_UNSUPPORTED

The device does not support encryption.

DevicePolicyAllowedEncryptionStatusesItemUnencrypted
UNENCRYPTED

The device supports encryption, but is currently unencrypted.

DevicePolicyAllowedEncryptionStatusesItemEncrypted
ENCRYPTED

The device is encrypted.

EncryptionUnspecified
ENCRYPTION_UNSPECIFIED

The encryption status of the device is not specified or not known.

EncryptionUnsupported
ENCRYPTION_UNSUPPORTED

The device does not support encryption.

Unencrypted
UNENCRYPTED

The device supports encryption, but is currently unencrypted.

Encrypted
ENCRYPTED

The device is encrypted.

EncryptionUnspecified
ENCRYPTION_UNSPECIFIED

The encryption status of the device is not specified or not known.

EncryptionUnsupported
ENCRYPTION_UNSUPPORTED

The device does not support encryption.

Unencrypted
UNENCRYPTED

The device supports encryption, but is currently unencrypted.

Encrypted
ENCRYPTED

The device is encrypted.

ENCRYPTION_UNSPECIFIED
ENCRYPTION_UNSPECIFIED

The encryption status of the device is not specified or not known.

ENCRYPTION_UNSUPPORTED
ENCRYPTION_UNSUPPORTED

The device does not support encryption.

UNENCRYPTED
UNENCRYPTED

The device supports encryption, but is currently unencrypted.

ENCRYPTED
ENCRYPTED

The device is encrypted.

"ENCRYPTION_UNSPECIFIED"
ENCRYPTION_UNSPECIFIED

The encryption status of the device is not specified or not known.

"ENCRYPTION_UNSUPPORTED"
ENCRYPTION_UNSUPPORTED

The device does not support encryption.

"UNENCRYPTED"
UNENCRYPTED

The device supports encryption, but is currently unencrypted.

"ENCRYPTED"
ENCRYPTED

The device is encrypted.

DevicePolicyResponse

AllowedDeviceManagementLevels List<string>

Allowed device management levels, an empty list allows all management levels.

AllowedEncryptionStatuses List<string>

Allowed encryptions statuses, an empty list allows all statuses.

OsConstraints List<Pulumi.GoogleNative.AccessContextManager.V1.Inputs.OsConstraintResponse>

Allowed OS versions, an empty list allows all types and all versions.

RequireAdminApproval bool

Whether the device needs to be approved by the customer admin.

RequireCorpOwned bool

Whether the device needs to be corp owned.

RequireScreenlock bool

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

AllowedDeviceManagementLevels []string

Allowed device management levels, an empty list allows all management levels.

AllowedEncryptionStatuses []string

Allowed encryptions statuses, an empty list allows all statuses.

OsConstraints []OsConstraintResponse

Allowed OS versions, an empty list allows all types and all versions.

RequireAdminApproval bool

Whether the device needs to be approved by the customer admin.

RequireCorpOwned bool

Whether the device needs to be corp owned.

RequireScreenlock bool

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels List<String>

Allowed device management levels, an empty list allows all management levels.

allowedEncryptionStatuses List<String>

Allowed encryptions statuses, an empty list allows all statuses.

osConstraints List<OsConstraintResponse>

Allowed OS versions, an empty list allows all types and all versions.

requireAdminApproval Boolean

Whether the device needs to be approved by the customer admin.

requireCorpOwned Boolean

Whether the device needs to be corp owned.

requireScreenlock Boolean

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels string[]

Allowed device management levels, an empty list allows all management levels.

allowedEncryptionStatuses string[]

Allowed encryptions statuses, an empty list allows all statuses.

osConstraints OsConstraintResponse[]

Allowed OS versions, an empty list allows all types and all versions.

requireAdminApproval boolean

Whether the device needs to be approved by the customer admin.

requireCorpOwned boolean

Whether the device needs to be corp owned.

requireScreenlock boolean

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowed_device_management_levels Sequence[str]

Allowed device management levels, an empty list allows all management levels.

allowed_encryption_statuses Sequence[str]

Allowed encryptions statuses, an empty list allows all statuses.

os_constraints Sequence[OsConstraintResponse]

Allowed OS versions, an empty list allows all types and all versions.

require_admin_approval bool

Whether the device needs to be approved by the customer admin.

require_corp_owned bool

Whether the device needs to be corp owned.

require_screenlock bool

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels List<String>

Allowed device management levels, an empty list allows all management levels.

allowedEncryptionStatuses List<String>

Allowed encryptions statuses, an empty list allows all statuses.

osConstraints List<Property Map>

Allowed OS versions, an empty list allows all types and all versions.

requireAdminApproval Boolean

Whether the device needs to be approved by the customer admin.

requireCorpOwned Boolean

Whether the device needs to be corp owned.

requireScreenlock Boolean

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

Expr

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression string

Textual representation of an expression in Common Expression Language syntax.

location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression str

Textual representation of an expression in Common Expression Language syntax.

location str

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title str

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

ExprResponse

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression string

Textual representation of an expression in Common Expression Language syntax.

location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression str

Textual representation of an expression in Common Expression Language syntax.

location str

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title str

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

OsConstraint

OsType Pulumi.GoogleNative.AccessContextManager.V1.OsConstraintOsType

The allowed OS type.

MinimumVersion string

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

RequireVerifiedChromeOs bool

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

OsType OsConstraintOsType

The allowed OS type.

MinimumVersion string

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

RequireVerifiedChromeOs bool

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

osType OsConstraintOsType

The allowed OS type.

minimumVersion String

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

requireVerifiedChromeOs Boolean

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

osType OsConstraintOsType

The allowed OS type.

minimumVersion string

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

requireVerifiedChromeOs boolean

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

os_type OsConstraintOsType

The allowed OS type.

minimum_version str

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

require_verified_chrome_os bool

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

osType "OS_UNSPECIFIED" | "DESKTOP_MAC" | "DESKTOP_WINDOWS" | "DESKTOP_LINUX" | "DESKTOP_CHROME_OS" | "ANDROID" | "IOS"

The allowed OS type.

minimumVersion String

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

requireVerifiedChromeOs Boolean

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

OsConstraintOsType

OsUnspecified
OS_UNSPECIFIED

The operating system of the device is not specified or not known.

DesktopMac
DESKTOP_MAC

A desktop Mac operating system.

DesktopWindows
DESKTOP_WINDOWS

A desktop Windows operating system.

DesktopLinux
DESKTOP_LINUX

A desktop Linux operating system.

DesktopChromeOs
DESKTOP_CHROME_OS

A desktop ChromeOS operating system.

Android
ANDROID

An Android operating system.

Ios
IOS

An iOS operating system.

OsConstraintOsTypeOsUnspecified
OS_UNSPECIFIED

The operating system of the device is not specified or not known.

OsConstraintOsTypeDesktopMac
DESKTOP_MAC

A desktop Mac operating system.

OsConstraintOsTypeDesktopWindows
DESKTOP_WINDOWS

A desktop Windows operating system.

OsConstraintOsTypeDesktopLinux
DESKTOP_LINUX

A desktop Linux operating system.

OsConstraintOsTypeDesktopChromeOs
DESKTOP_CHROME_OS

A desktop ChromeOS operating system.

OsConstraintOsTypeAndroid
ANDROID

An Android operating system.

OsConstraintOsTypeIos
IOS

An iOS operating system.

OsUnspecified
OS_UNSPECIFIED

The operating system of the device is not specified or not known.

DesktopMac
DESKTOP_MAC

A desktop Mac operating system.

DesktopWindows
DESKTOP_WINDOWS

A desktop Windows operating system.

DesktopLinux
DESKTOP_LINUX

A desktop Linux operating system.

DesktopChromeOs
DESKTOP_CHROME_OS

A desktop ChromeOS operating system.

Android
ANDROID

An Android operating system.

Ios
IOS

An iOS operating system.

OsUnspecified
OS_UNSPECIFIED

The operating system of the device is not specified or not known.

DesktopMac
DESKTOP_MAC

A desktop Mac operating system.

DesktopWindows
DESKTOP_WINDOWS

A desktop Windows operating system.

DesktopLinux
DESKTOP_LINUX

A desktop Linux operating system.

DesktopChromeOs
DESKTOP_CHROME_OS

A desktop ChromeOS operating system.

Android
ANDROID

An Android operating system.

Ios
IOS

An iOS operating system.

OS_UNSPECIFIED
OS_UNSPECIFIED

The operating system of the device is not specified or not known.

DESKTOP_MAC
DESKTOP_MAC

A desktop Mac operating system.

DESKTOP_WINDOWS
DESKTOP_WINDOWS

A desktop Windows operating system.

DESKTOP_LINUX
DESKTOP_LINUX

A desktop Linux operating system.

DESKTOP_CHROME_OS
DESKTOP_CHROME_OS

A desktop ChromeOS operating system.

ANDROID
ANDROID

An Android operating system.

IOS
IOS

An iOS operating system.

"OS_UNSPECIFIED"
OS_UNSPECIFIED

The operating system of the device is not specified or not known.

"DESKTOP_MAC"
DESKTOP_MAC

A desktop Mac operating system.

"DESKTOP_WINDOWS"
DESKTOP_WINDOWS

A desktop Windows operating system.

"DESKTOP_LINUX"
DESKTOP_LINUX

A desktop Linux operating system.

"DESKTOP_CHROME_OS"
DESKTOP_CHROME_OS

A desktop ChromeOS operating system.

"ANDROID"
ANDROID

An Android operating system.

"IOS"
IOS

An iOS operating system.

OsConstraintResponse

MinimumVersion string

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

OsType string

The allowed OS type.

RequireVerifiedChromeOs bool

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

MinimumVersion string

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

OsType string

The allowed OS type.

RequireVerifiedChromeOs bool

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimumVersion String

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

osType String

The allowed OS type.

requireVerifiedChromeOs Boolean

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimumVersion string

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

osType string

The allowed OS type.

requireVerifiedChromeOs boolean

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimum_version str

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

os_type str

The allowed OS type.

require_verified_chrome_os bool

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimumVersion String

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

osType String

The allowed OS type.

requireVerifiedChromeOs Boolean

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

Package Details

Repository
Google Cloud Native pulumi/pulumi-google-native
License
Apache-2.0