google-native logo
Google Cloud Native v0.28.0, Feb 2 23

google-native.accesscontextmanager/v1.getAccessLevel

Gets an access level based on the resource name.

Using getAccessLevel

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAccessLevel(args: GetAccessLevelArgs, opts?: InvokeOptions): Promise<GetAccessLevelResult>
function getAccessLevelOutput(args: GetAccessLevelOutputArgs, opts?: InvokeOptions): Output<GetAccessLevelResult>
def get_access_level(access_level_format: Optional[str] = None,
                     access_level_id: Optional[str] = None,
                     access_policy_id: Optional[str] = None,
                     opts: Optional[InvokeOptions] = None) -> GetAccessLevelResult
def get_access_level_output(access_level_format: Optional[pulumi.Input[str]] = None,
                     access_level_id: Optional[pulumi.Input[str]] = None,
                     access_policy_id: Optional[pulumi.Input[str]] = None,
                     opts: Optional[InvokeOptions] = None) -> Output[GetAccessLevelResult]
func LookupAccessLevel(ctx *Context, args *LookupAccessLevelArgs, opts ...InvokeOption) (*LookupAccessLevelResult, error)
func LookupAccessLevelOutput(ctx *Context, args *LookupAccessLevelOutputArgs, opts ...InvokeOption) LookupAccessLevelResultOutput

> Note: This function is named LookupAccessLevel in the Go SDK.

public static class GetAccessLevel 
{
    public static Task<GetAccessLevelResult> InvokeAsync(GetAccessLevelArgs args, InvokeOptions? opts = null)
    public static Output<GetAccessLevelResult> Invoke(GetAccessLevelInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAccessLevelResult> getAccessLevel(GetAccessLevelArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: google-native:accesscontextmanager/v1:getAccessLevel
  arguments:
    # arguments dictionary

The following arguments are supported:

getAccessLevel Result

The following output properties are available:

Basic Pulumi.GoogleNative.AccessContextManager.V1.Outputs.BasicLevelResponse

A BasicLevel composed of Conditions.

Custom Pulumi.GoogleNative.AccessContextManager.V1.Outputs.CustomLevelResponse

A CustomLevel written in the Common Expression Language.

Description string

Description of the AccessLevel and its use. Does not affect behavior.

Name string

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

Title string

Human readable title. Must be unique within the Policy.

Basic BasicLevelResponse

A BasicLevel composed of Conditions.

Custom CustomLevelResponse

A CustomLevel written in the Common Expression Language.

Description string

Description of the AccessLevel and its use. Does not affect behavior.

Name string

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

Title string

Human readable title. Must be unique within the Policy.

basic BasicLevelResponse

A BasicLevel composed of Conditions.

custom CustomLevelResponse

A CustomLevel written in the Common Expression Language.

description String

Description of the AccessLevel and its use. Does not affect behavior.

name String

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

title String

Human readable title. Must be unique within the Policy.

basic BasicLevelResponse

A BasicLevel composed of Conditions.

custom CustomLevelResponse

A CustomLevel written in the Common Expression Language.

description string

Description of the AccessLevel and its use. Does not affect behavior.

name string

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

title string

Human readable title. Must be unique within the Policy.

basic BasicLevelResponse

A BasicLevel composed of Conditions.

custom CustomLevelResponse

A CustomLevel written in the Common Expression Language.

description str

Description of the AccessLevel and its use. Does not affect behavior.

name str

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

title str

Human readable title. Must be unique within the Policy.

basic Property Map

A BasicLevel composed of Conditions.

custom Property Map

A CustomLevel written in the Common Expression Language.

description String

Description of the AccessLevel and its use. Does not affect behavior.

name String

Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.

title String

Human readable title. Must be unique within the Policy.

Supporting Types

BasicLevelResponse

CombiningFunction string

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

Conditions List<Pulumi.GoogleNative.AccessContextManager.V1.Inputs.ConditionResponse>

A list of requirements for the AccessLevel to be granted.

CombiningFunction string

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

Conditions []ConditionResponse

A list of requirements for the AccessLevel to be granted.

combiningFunction String

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions List<ConditionResponse>

A list of requirements for the AccessLevel to be granted.

combiningFunction string

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions ConditionResponse[]

A list of requirements for the AccessLevel to be granted.

combining_function str

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions Sequence[ConditionResponse]

A list of requirements for the AccessLevel to be granted.

combiningFunction String

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND.

conditions List<Property Map>

A list of requirements for the AccessLevel to be granted.

ConditionResponse

DevicePolicy Pulumi.GoogleNative.AccessContextManager.V1.Inputs.DevicePolicyResponse

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

IpSubnetworks List<string>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

Members List<string>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

Negate bool

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

Regions List<string>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

RequiredAccessLevels List<string>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

DevicePolicy DevicePolicyResponse

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

IpSubnetworks []string

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

Members []string

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

Negate bool

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

Regions []string

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

RequiredAccessLevels []string

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy DevicePolicyResponse

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ipSubnetworks List<String>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members List<String>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate Boolean

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions List<String>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

requiredAccessLevels List<String>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy DevicePolicyResponse

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ipSubnetworks string[]

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members string[]

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate boolean

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions string[]

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

requiredAccessLevels string[]

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

device_policy DevicePolicyResponse

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ip_subnetworks Sequence[str]

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members Sequence[str]

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate bool

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions Sequence[str]

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

required_access_levels Sequence[str]

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

devicePolicy Property Map

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ipSubnetworks List<String>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members List<String>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate Boolean

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions List<String>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

requiredAccessLevels List<String>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

CustomLevelResponse

Expr Pulumi.GoogleNative.AccessContextManager.V1.Inputs.ExprResponse

A Cloud CEL expression evaluating to a boolean.

Expr ExprResponse

A Cloud CEL expression evaluating to a boolean.

expr ExprResponse

A Cloud CEL expression evaluating to a boolean.

expr ExprResponse

A Cloud CEL expression evaluating to a boolean.

expr ExprResponse

A Cloud CEL expression evaluating to a boolean.

expr Property Map

A Cloud CEL expression evaluating to a boolean.

DevicePolicyResponse

AllowedDeviceManagementLevels List<string>

Allowed device management levels, an empty list allows all management levels.

AllowedEncryptionStatuses List<string>

Allowed encryptions statuses, an empty list allows all statuses.

OsConstraints List<Pulumi.GoogleNative.AccessContextManager.V1.Inputs.OsConstraintResponse>

Allowed OS versions, an empty list allows all types and all versions.

RequireAdminApproval bool

Whether the device needs to be approved by the customer admin.

RequireCorpOwned bool

Whether the device needs to be corp owned.

RequireScreenlock bool

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

AllowedDeviceManagementLevels []string

Allowed device management levels, an empty list allows all management levels.

AllowedEncryptionStatuses []string

Allowed encryptions statuses, an empty list allows all statuses.

OsConstraints []OsConstraintResponse

Allowed OS versions, an empty list allows all types and all versions.

RequireAdminApproval bool

Whether the device needs to be approved by the customer admin.

RequireCorpOwned bool

Whether the device needs to be corp owned.

RequireScreenlock bool

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels List<String>

Allowed device management levels, an empty list allows all management levels.

allowedEncryptionStatuses List<String>

Allowed encryptions statuses, an empty list allows all statuses.

osConstraints List<OsConstraintResponse>

Allowed OS versions, an empty list allows all types and all versions.

requireAdminApproval Boolean

Whether the device needs to be approved by the customer admin.

requireCorpOwned Boolean

Whether the device needs to be corp owned.

requireScreenlock Boolean

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels string[]

Allowed device management levels, an empty list allows all management levels.

allowedEncryptionStatuses string[]

Allowed encryptions statuses, an empty list allows all statuses.

osConstraints OsConstraintResponse[]

Allowed OS versions, an empty list allows all types and all versions.

requireAdminApproval boolean

Whether the device needs to be approved by the customer admin.

requireCorpOwned boolean

Whether the device needs to be corp owned.

requireScreenlock boolean

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowed_device_management_levels Sequence[str]

Allowed device management levels, an empty list allows all management levels.

allowed_encryption_statuses Sequence[str]

Allowed encryptions statuses, an empty list allows all statuses.

os_constraints Sequence[OsConstraintResponse]

Allowed OS versions, an empty list allows all types and all versions.

require_admin_approval bool

Whether the device needs to be approved by the customer admin.

require_corp_owned bool

Whether the device needs to be corp owned.

require_screenlock bool

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

allowedDeviceManagementLevels List<String>

Allowed device management levels, an empty list allows all management levels.

allowedEncryptionStatuses List<String>

Allowed encryptions statuses, an empty list allows all statuses.

osConstraints List<Property Map>

Allowed OS versions, an empty list allows all types and all versions.

requireAdminApproval Boolean

Whether the device needs to be approved by the customer admin.

requireCorpOwned Boolean

Whether the device needs to be corp owned.

requireScreenlock Boolean

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

ExprResponse

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression string

Textual representation of an expression in Common Expression Language syntax.

location string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression str

Textual representation of an expression in Common Expression Language syntax.

location str

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title str

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

location String

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

OsConstraintResponse

MinimumVersion string

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

OsType string

The allowed OS type.

RequireVerifiedChromeOs bool

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

MinimumVersion string

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

OsType string

The allowed OS type.

RequireVerifiedChromeOs bool

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimumVersion String

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

osType String

The allowed OS type.

requireVerifiedChromeOs Boolean

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimumVersion string

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

osType string

The allowed OS type.

requireVerifiedChromeOs boolean

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimum_version str

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

os_type str

The allowed OS type.

require_verified_chrome_os bool

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

minimumVersion String

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch". Examples: "10.5.301", "9.2.1".

osType String

The allowed OS type.

requireVerifiedChromeOs Boolean

Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.

Package Details

Repository
Google Cloud Native pulumi/pulumi-google-native
License
Apache-2.0