Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.accesscontextmanager/v1beta.AccessLevel
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Create an Access Level. The longrunning operation from this RPC will have a successful status once the Access Level has propagated to long-lasting storage. Access Levels containing errors will result in an error response for the first error encountered.
Create AccessLevel Resource
new AccessLevel(name: string, args: AccessLevelArgs, opts?: CustomResourceOptions);
@overload
def AccessLevel(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_policy_id: Optional[str] = None,
basic: Optional[BasicLevelArgs] = None,
custom: Optional[CustomLevelArgs] = None,
description: Optional[str] = None,
name: Optional[str] = None,
title: Optional[str] = None)
@overload
def AccessLevel(resource_name: str,
args: AccessLevelArgs,
opts: Optional[ResourceOptions] = None)
func NewAccessLevel(ctx *Context, name string, args AccessLevelArgs, opts ...ResourceOption) (*AccessLevel, error)
public AccessLevel(string name, AccessLevelArgs args, CustomResourceOptions? opts = null)
public AccessLevel(String name, AccessLevelArgs args)
public AccessLevel(String name, AccessLevelArgs args, CustomResourceOptions options)
type: google-native:accesscontextmanager/v1beta:AccessLevel
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessLevelArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessLevelArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessLevelArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessLevelArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessLevelArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AccessLevel Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AccessLevel resource accepts the following input properties:
- Access
Policy stringId - Basic
Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Basic Level A
BasicLevel
composed ofConditions
.- Custom
Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Custom Level A
CustomLevel
written in the Common Expression Language.- Description string
Description of the
AccessLevel
and its use. Does not affect behavior.- Name string
Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
.- Title string
Human readable title. Must be unique within the Policy.
- Access
Policy stringId - Basic
Basic
Level Args A
BasicLevel
composed ofConditions
.- Custom
Custom
Level Args A
CustomLevel
written in the Common Expression Language.- Description string
Description of the
AccessLevel
and its use. Does not affect behavior.- Name string
Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
.- Title string
Human readable title. Must be unique within the Policy.
- access
Policy StringId - basic
Basic
Level A
BasicLevel
composed ofConditions
.- custom
Custom
Level A
CustomLevel
written in the Common Expression Language.- description String
Description of the
AccessLevel
and its use. Does not affect behavior.- name String
Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
.- title String
Human readable title. Must be unique within the Policy.
- access
Policy stringId - basic
Basic
Level A
BasicLevel
composed ofConditions
.- custom
Custom
Level A
CustomLevel
written in the Common Expression Language.- description string
Description of the
AccessLevel
and its use. Does not affect behavior.- name string
Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
.- title string
Human readable title. Must be unique within the Policy.
- access_
policy_ strid - basic
Basic
Level Args A
BasicLevel
composed ofConditions
.- custom
Custom
Level Args A
CustomLevel
written in the Common Expression Language.- description str
Description of the
AccessLevel
and its use. Does not affect behavior.- name str
Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
.- title str
Human readable title. Must be unique within the Policy.
- access
Policy StringId - basic Property Map
A
BasicLevel
composed ofConditions
.- custom Property Map
A
CustomLevel
written in the Common Expression Language.- description String
Description of the
AccessLevel
and its use. Does not affect behavior.- name String
Resource name for the
AccessLevel
. Format:accessPolicies/{access_policy}/accessLevels/{access_level}
. Theaccess_level
component must begin with a letter, followed by alphanumeric characters or_
. Its maximum length is 50 characters. After you create anAccessLevel
, you cannot change itsname
.- title String
Human readable title. Must be unique within the Policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessLevel resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Supporting Types
BasicLevel, BasicLevelArgs
- Conditions
List<Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Condition> A list of requirements for the
AccessLevel
to be granted.- Combining
Function Pulumi.Google Native. Access Context Manager. V1Beta. Basic Level Combining Function How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
- Conditions []Condition
A list of requirements for the
AccessLevel
to be granted.- Combining
Function BasicLevel Combining Function How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
- conditions List<Condition>
A list of requirements for the
AccessLevel
to be granted.- combining
Function BasicLevel Combining Function How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
- conditions Condition[]
A list of requirements for the
AccessLevel
to be granted.- combining
Function BasicLevel Combining Function How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
- conditions Sequence[Condition]
A list of requirements for the
AccessLevel
to be granted.- combining_
function BasicLevel Combining Function How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
- conditions List<Property Map>
A list of requirements for the
AccessLevel
to be granted.- combining
Function "AND" | "OR" How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.
BasicLevelCombiningFunction, BasicLevelCombiningFunctionArgs
- And
- AND
All
Conditions
must be true for theBasicLevel
to be true. - Or
- OR
If at least one
Condition
is true, then theBasicLevel
is true.
- Basic
Level Combining Function And - AND
All
Conditions
must be true for theBasicLevel
to be true. - Basic
Level Combining Function Or - OR
If at least one
Condition
is true, then theBasicLevel
is true.
- And
- AND
All
Conditions
must be true for theBasicLevel
to be true. - Or
- OR
If at least one
Condition
is true, then theBasicLevel
is true.
- And
- AND
All
Conditions
must be true for theBasicLevel
to be true. - Or
- OR
If at least one
Condition
is true, then theBasicLevel
is true.
- AND_
- AND
All
Conditions
must be true for theBasicLevel
to be true. - OR_
- OR
If at least one
Condition
is true, then theBasicLevel
is true.
- "AND"
- AND
All
Conditions
must be true for theBasicLevel
to be true. - "OR"
- OR
If at least one
Condition
is true, then theBasicLevel
is true.
BasicLevelResponse, BasicLevelResponseArgs
- Combining
Function string How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.- Conditions
List<Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Condition Response> A list of requirements for the
AccessLevel
to be granted.
- Combining
Function string How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.- Conditions
[]Condition
Response A list of requirements for the
AccessLevel
to be granted.
- combining
Function String How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.- conditions
List<Condition
Response> A list of requirements for the
AccessLevel
to be granted.
- combining
Function string How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.- conditions
Condition
Response[] A list of requirements for the
AccessLevel
to be granted.
- combining_
function str How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.- conditions
Sequence[Condition
Response] A list of requirements for the
AccessLevel
to be granted.
- combining
Function String How the
conditions
list should be combined to determine if a request is granted thisAccessLevel
. If AND is used, eachCondition
inconditions
must be satisfied for theAccessLevel
to be applied. If OR is used, at least oneCondition
inconditions
must be satisfied for theAccessLevel
to be applied. Default behavior is AND.- conditions List<Property Map>
A list of requirements for the
AccessLevel
to be granted.
Condition, ConditionArgs
- Device
Policy Pulumi.Google Native. Access Context Manager. V1Beta. Inputs. Device Policy Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- Ip
Subnetworks List<string> CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- Members List<string>
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- Negate bool
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- Regions List<string>
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- Required
Access List<string>Levels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- Device
Policy DevicePolicy Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- Ip
Subnetworks []string CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- Members []string
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- Negate bool
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- Regions []string
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- Required
Access []stringLevels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy DevicePolicy Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks List<String> CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members List<String>
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- negate Boolean
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- regions List<String>
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access List<String>Levels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy DevicePolicy Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks string[] CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members string[]
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- negate boolean
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- regions string[]
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access string[]Levels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device_
policy DevicePolicy Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip_
subnetworks Sequence[str] CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members Sequence[str]
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- negate bool
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- regions Sequence[str]
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required_
access_ Sequence[str]levels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy Property Map Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks List<String> CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members List<String>
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- negate Boolean
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- regions List<String>
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access List<String>Levels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
ConditionResponse, ConditionResponseArgs
- Device
Policy Pulumi.Google Native. Access Context Manager. V1Beta. Inputs. Device Policy Response Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- Ip
Subnetworks List<string> CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- Members List<string>
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- Negate bool
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- Regions List<string>
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- Required
Access List<string>Levels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- Device
Policy DevicePolicy Response Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- Ip
Subnetworks []string CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- Members []string
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- Negate bool
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- Regions []string
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- Required
Access []stringLevels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy DevicePolicy Response Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks List<String> CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members List<String>
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- negate Boolean
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- regions List<String>
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access List<String>Levels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy DevicePolicy Response Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks string[] CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members string[]
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- negate boolean
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- regions string[]
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access string[]Levels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device_
policy DevicePolicy Response Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip_
subnetworks Sequence[str] CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members Sequence[str]
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- negate bool
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- regions Sequence[str]
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required_
access_ Sequence[str]levels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
- device
Policy Property Map Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
- ip
Subnetworks List<String> CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
- members List<String>
The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax:
user:{emailid}
serviceAccount:{emailid}
If not specified, a request may come from any user.- negate Boolean
Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
- regions List<String>
The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
- required
Access List<String>Levels A list of other access levels defined in the same
Policy
, referenced by resource name. Referencing anAccessLevel
which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
CustomLevel, CustomLevelArgs
- Expr
Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Expr A Cloud CEL expression evaluating to a boolean.
- expr Property Map
A Cloud CEL expression evaluating to a boolean.
CustomLevelResponse, CustomLevelResponseArgs
- Expr
Pulumi.
Google Native. Access Context Manager. V1Beta. Inputs. Expr Response A Cloud CEL expression evaluating to a boolean.
- Expr
Expr
Response A Cloud CEL expression evaluating to a boolean.
- expr
Expr
Response A Cloud CEL expression evaluating to a boolean.
- expr
Expr
Response A Cloud CEL expression evaluating to a boolean.
- expr
Expr
Response A Cloud CEL expression evaluating to a boolean.
- expr Property Map
A Cloud CEL expression evaluating to a boolean.
DevicePolicy, DevicePolicyArgs
- Allowed
Device List<Pulumi.Management Levels Google Native. Access Context Manager. V1Beta. Device Policy Allowed Device Management Levels Item> Allowed device management levels, an empty list allows all management levels.
- Allowed
Encryption List<Pulumi.Statuses Google Native. Access Context Manager. V1Beta. Device Policy Allowed Encryption Statuses Item> Allowed encryptions statuses, an empty list allows all statuses.
- Os
Constraints List<Pulumi.Google Native. Access Context Manager. V1Beta. Inputs. Os Constraint> Allowed OS versions, an empty list allows all types and all versions.
- Require
Admin boolApproval Whether the device needs to be approved by the customer admin.
- Require
Corp boolOwned Whether the device needs to be corp owned.
- Require
Screenlock bool Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- Allowed
Device []DeviceManagement Levels Policy Allowed Device Management Levels Item Allowed device management levels, an empty list allows all management levels.
- Allowed
Encryption []DeviceStatuses Policy Allowed Encryption Statuses Item Allowed encryptions statuses, an empty list allows all statuses.
- Os
Constraints []OsConstraint Allowed OS versions, an empty list allows all types and all versions.
- Require
Admin boolApproval Whether the device needs to be approved by the customer admin.
- Require
Corp boolOwned Whether the device needs to be corp owned.
- Require
Screenlock bool Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device List<DeviceManagement Levels Policy Allowed Device Management Levels Item> Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption List<DeviceStatuses Policy Allowed Encryption Statuses Item> Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints List<OsConstraint> Allowed OS versions, an empty list allows all types and all versions.
- require
Admin BooleanApproval Whether the device needs to be approved by the customer admin.
- require
Corp BooleanOwned Whether the device needs to be corp owned.
- require
Screenlock Boolean Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device DeviceManagement Levels Policy Allowed Device Management Levels Item[] Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption DeviceStatuses Policy Allowed Encryption Statuses Item[] Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints OsConstraint[] Allowed OS versions, an empty list allows all types and all versions.
- require
Admin booleanApproval Whether the device needs to be approved by the customer admin.
- require
Corp booleanOwned Whether the device needs to be corp owned.
- require
Screenlock boolean Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed_
device_ Sequence[Devicemanagement_ levels Policy Allowed Device Management Levels Item] Allowed device management levels, an empty list allows all management levels.
- allowed_
encryption_ Sequence[Devicestatuses Policy Allowed Encryption Statuses Item] Allowed encryptions statuses, an empty list allows all statuses.
- os_
constraints Sequence[OsConstraint] Allowed OS versions, an empty list allows all types and all versions.
- require_
admin_ boolapproval Whether the device needs to be approved by the customer admin.
- require_
corp_ boolowned Whether the device needs to be corp owned.
- require_
screenlock bool Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device List<"MANAGEMENT_UNSPECIFIED" | "NONE" | "BASIC" | "COMPLETE">Management Levels Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption List<"ENCRYPTION_UNSPECIFIED" | "ENCRYPTION_UNSUPPORTED" | "UNENCRYPTED" | "ENCRYPTED">Statuses Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints List<Property Map> Allowed OS versions, an empty list allows all types and all versions.
- require
Admin BooleanApproval Whether the device needs to be approved by the customer admin.
- require
Corp BooleanOwned Whether the device needs to be corp owned.
- require
Screenlock Boolean Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
DevicePolicyAllowedDeviceManagementLevelsItem, DevicePolicyAllowedDeviceManagementLevelsItemArgs
- Management
Unspecified - MANAGEMENT_UNSPECIFIED
The device's management level is not specified or not known.
- None
- NONE
The device is not managed.
- Basic
- BASIC
Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- Complete
- COMPLETE
Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
- Device
Policy Allowed Device Management Levels Item Management Unspecified - MANAGEMENT_UNSPECIFIED
The device's management level is not specified or not known.
- Device
Policy Allowed Device Management Levels Item None - NONE
The device is not managed.
- Device
Policy Allowed Device Management Levels Item Basic - BASIC
Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- Device
Policy Allowed Device Management Levels Item Complete - COMPLETE
Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
- Management
Unspecified - MANAGEMENT_UNSPECIFIED
The device's management level is not specified or not known.
- None
- NONE
The device is not managed.
- Basic
- BASIC
Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- Complete
- COMPLETE
Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
- Management
Unspecified - MANAGEMENT_UNSPECIFIED
The device's management level is not specified or not known.
- None
- NONE
The device is not managed.
- Basic
- BASIC
Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- Complete
- COMPLETE
Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
- MANAGEMENT_UNSPECIFIED
- MANAGEMENT_UNSPECIFIED
The device's management level is not specified or not known.
- NONE
- NONE
The device is not managed.
- BASIC
- BASIC
Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- COMPLETE
- COMPLETE
Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
- "MANAGEMENT_UNSPECIFIED"
- MANAGEMENT_UNSPECIFIED
The device's management level is not specified or not known.
- "NONE"
- NONE
The device is not managed.
- "BASIC"
- BASIC
Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.
- "COMPLETE"
- COMPLETE
Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
DevicePolicyAllowedEncryptionStatusesItem, DevicePolicyAllowedEncryptionStatusesItemArgs
- Encryption
Unspecified - ENCRYPTION_UNSPECIFIED
The encryption status of the device is not specified or not known.
- Encryption
Unsupported - ENCRYPTION_UNSUPPORTED
The device does not support encryption.
- Unencrypted
- UNENCRYPTED
The device supports encryption, but is currently unencrypted.
- Encrypted
- ENCRYPTED
The device is encrypted.
- Device
Policy Allowed Encryption Statuses Item Encryption Unspecified - ENCRYPTION_UNSPECIFIED
The encryption status of the device is not specified or not known.
- Device
Policy Allowed Encryption Statuses Item Encryption Unsupported - ENCRYPTION_UNSUPPORTED
The device does not support encryption.
- Device
Policy Allowed Encryption Statuses Item Unencrypted - UNENCRYPTED
The device supports encryption, but is currently unencrypted.
- Device
Policy Allowed Encryption Statuses Item Encrypted - ENCRYPTED
The device is encrypted.
- Encryption
Unspecified - ENCRYPTION_UNSPECIFIED
The encryption status of the device is not specified or not known.
- Encryption
Unsupported - ENCRYPTION_UNSUPPORTED
The device does not support encryption.
- Unencrypted
- UNENCRYPTED
The device supports encryption, but is currently unencrypted.
- Encrypted
- ENCRYPTED
The device is encrypted.
- Encryption
Unspecified - ENCRYPTION_UNSPECIFIED
The encryption status of the device is not specified or not known.
- Encryption
Unsupported - ENCRYPTION_UNSUPPORTED
The device does not support encryption.
- Unencrypted
- UNENCRYPTED
The device supports encryption, but is currently unencrypted.
- Encrypted
- ENCRYPTED
The device is encrypted.
- ENCRYPTION_UNSPECIFIED
- ENCRYPTION_UNSPECIFIED
The encryption status of the device is not specified or not known.
- ENCRYPTION_UNSUPPORTED
- ENCRYPTION_UNSUPPORTED
The device does not support encryption.
- UNENCRYPTED
- UNENCRYPTED
The device supports encryption, but is currently unencrypted.
- ENCRYPTED
- ENCRYPTED
The device is encrypted.
- "ENCRYPTION_UNSPECIFIED"
- ENCRYPTION_UNSPECIFIED
The encryption status of the device is not specified or not known.
- "ENCRYPTION_UNSUPPORTED"
- ENCRYPTION_UNSUPPORTED
The device does not support encryption.
- "UNENCRYPTED"
- UNENCRYPTED
The device supports encryption, but is currently unencrypted.
- "ENCRYPTED"
- ENCRYPTED
The device is encrypted.
DevicePolicyResponse, DevicePolicyResponseArgs
- Allowed
Device List<string>Management Levels Allowed device management levels, an empty list allows all management levels.
- Allowed
Encryption List<string>Statuses Allowed encryptions statuses, an empty list allows all statuses.
- Os
Constraints List<Pulumi.Google Native. Access Context Manager. V1Beta. Inputs. Os Constraint Response> Allowed OS versions, an empty list allows all types and all versions.
- Require
Admin boolApproval Whether the device needs to be approved by the customer admin.
- Require
Corp boolOwned Whether the device needs to be corp owned.
- Require
Screenlock bool Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- Allowed
Device []stringManagement Levels Allowed device management levels, an empty list allows all management levels.
- Allowed
Encryption []stringStatuses Allowed encryptions statuses, an empty list allows all statuses.
- Os
Constraints []OsConstraint Response Allowed OS versions, an empty list allows all types and all versions.
- Require
Admin boolApproval Whether the device needs to be approved by the customer admin.
- Require
Corp boolOwned Whether the device needs to be corp owned.
- Require
Screenlock bool Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device List<String>Management Levels Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption List<String>Statuses Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints List<OsConstraint Response> Allowed OS versions, an empty list allows all types and all versions.
- require
Admin BooleanApproval Whether the device needs to be approved by the customer admin.
- require
Corp BooleanOwned Whether the device needs to be corp owned.
- require
Screenlock Boolean Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device string[]Management Levels Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption string[]Statuses Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints OsConstraint Response[] Allowed OS versions, an empty list allows all types and all versions.
- require
Admin booleanApproval Whether the device needs to be approved by the customer admin.
- require
Corp booleanOwned Whether the device needs to be corp owned.
- require
Screenlock boolean Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed_
device_ Sequence[str]management_ levels Allowed device management levels, an empty list allows all management levels.
- allowed_
encryption_ Sequence[str]statuses Allowed encryptions statuses, an empty list allows all statuses.
- os_
constraints Sequence[OsConstraint Response] Allowed OS versions, an empty list allows all types and all versions.
- require_
admin_ boolapproval Whether the device needs to be approved by the customer admin.
- require_
corp_ boolowned Whether the device needs to be corp owned.
- require_
screenlock bool Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
- allowed
Device List<String>Management Levels Allowed device management levels, an empty list allows all management levels.
- allowed
Encryption List<String>Statuses Allowed encryptions statuses, an empty list allows all statuses.
- os
Constraints List<Property Map> Allowed OS versions, an empty list allows all types and all versions.
- require
Admin BooleanApproval Whether the device needs to be approved by the customer admin.
- require
Corp BooleanOwned Whether the device needs to be corp owned.
- require
Screenlock Boolean Whether or not screenlock is required for the DevicePolicy to be true. Defaults to
false
.
Expr, ExprArgs
- Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
Textual representation of an expression in Common Expression Language syntax.
- Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
Textual representation of an expression in Common Expression Language syntax.
- Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
Textual representation of an expression in Common Expression Language syntax.
- location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
Textual representation of an expression in Common Expression Language syntax.
- location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
Textual representation of an expression in Common Expression Language syntax.
- location str
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
Textual representation of an expression in Common Expression Language syntax.
- location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ExprResponse, ExprResponseArgs
- Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
Textual representation of an expression in Common Expression Language syntax.
- Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
Textual representation of an expression in Common Expression Language syntax.
- Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
Textual representation of an expression in Common Expression Language syntax.
- location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
Textual representation of an expression in Common Expression Language syntax.
- location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
Textual representation of an expression in Common Expression Language syntax.
- location str
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
Textual representation of an expression in Common Expression Language syntax.
- location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
OsConstraint, OsConstraintArgs
- Os
Type Pulumi.Google Native. Access Context Manager. V1Beta. Os Constraint Os Type The allowed OS type.
- Minimum
Version string The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- Require
Verified boolChrome Os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- Os
Type OsConstraint Os Type The allowed OS type.
- Minimum
Version string The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- Require
Verified boolChrome Os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- os
Type OsConstraint Os Type The allowed OS type.
- minimum
Version String The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- require
Verified BooleanChrome Os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- os
Type OsConstraint Os Type The allowed OS type.
- minimum
Version string The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- require
Verified booleanChrome Os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- os_
type OsConstraint Os Type The allowed OS type.
- minimum_
version str The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- require_
verified_ boolchrome_ os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- os
Type "OS_UNSPECIFIED" | "DESKTOP_MAC" | "DESKTOP_WINDOWS" | "DESKTOP_LINUX" | "DESKTOP_CHROME_OS" | "ANDROID" | "IOS" The allowed OS type.
- minimum
Version String The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- require
Verified BooleanChrome Os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
OsConstraintOsType, OsConstraintOsTypeArgs
- Os
Unspecified - OS_UNSPECIFIED
The operating system of the device is not specified or not known.
- Desktop
Mac - DESKTOP_MAC
A desktop Mac operating system.
- Desktop
Windows - DESKTOP_WINDOWS
A desktop Windows operating system.
- Desktop
Linux - DESKTOP_LINUX
A desktop Linux operating system.
- Desktop
Chrome Os - DESKTOP_CHROME_OS
A desktop ChromeOS operating system.
- Android
- ANDROID
An Android operating system.
- Ios
- IOS
An iOS operating system.
- Os
Constraint Os Type Os Unspecified - OS_UNSPECIFIED
The operating system of the device is not specified or not known.
- Os
Constraint Os Type Desktop Mac - DESKTOP_MAC
A desktop Mac operating system.
- Os
Constraint Os Type Desktop Windows - DESKTOP_WINDOWS
A desktop Windows operating system.
- Os
Constraint Os Type Desktop Linux - DESKTOP_LINUX
A desktop Linux operating system.
- Os
Constraint Os Type Desktop Chrome Os - DESKTOP_CHROME_OS
A desktop ChromeOS operating system.
- Os
Constraint Os Type Android - ANDROID
An Android operating system.
- Os
Constraint Os Type Ios - IOS
An iOS operating system.
- Os
Unspecified - OS_UNSPECIFIED
The operating system of the device is not specified or not known.
- Desktop
Mac - DESKTOP_MAC
A desktop Mac operating system.
- Desktop
Windows - DESKTOP_WINDOWS
A desktop Windows operating system.
- Desktop
Linux - DESKTOP_LINUX
A desktop Linux operating system.
- Desktop
Chrome Os - DESKTOP_CHROME_OS
A desktop ChromeOS operating system.
- Android
- ANDROID
An Android operating system.
- Ios
- IOS
An iOS operating system.
- Os
Unspecified - OS_UNSPECIFIED
The operating system of the device is not specified or not known.
- Desktop
Mac - DESKTOP_MAC
A desktop Mac operating system.
- Desktop
Windows - DESKTOP_WINDOWS
A desktop Windows operating system.
- Desktop
Linux - DESKTOP_LINUX
A desktop Linux operating system.
- Desktop
Chrome Os - DESKTOP_CHROME_OS
A desktop ChromeOS operating system.
- Android
- ANDROID
An Android operating system.
- Ios
- IOS
An iOS operating system.
- OS_UNSPECIFIED
- OS_UNSPECIFIED
The operating system of the device is not specified or not known.
- DESKTOP_MAC
- DESKTOP_MAC
A desktop Mac operating system.
- DESKTOP_WINDOWS
- DESKTOP_WINDOWS
A desktop Windows operating system.
- DESKTOP_LINUX
- DESKTOP_LINUX
A desktop Linux operating system.
- DESKTOP_CHROME_OS
- DESKTOP_CHROME_OS
A desktop ChromeOS operating system.
- ANDROID
- ANDROID
An Android operating system.
- IOS
- IOS
An iOS operating system.
- "OS_UNSPECIFIED"
- OS_UNSPECIFIED
The operating system of the device is not specified or not known.
- "DESKTOP_MAC"
- DESKTOP_MAC
A desktop Mac operating system.
- "DESKTOP_WINDOWS"
- DESKTOP_WINDOWS
A desktop Windows operating system.
- "DESKTOP_LINUX"
- DESKTOP_LINUX
A desktop Linux operating system.
- "DESKTOP_CHROME_OS"
- DESKTOP_CHROME_OS
A desktop ChromeOS operating system.
- "ANDROID"
- ANDROID
An Android operating system.
- "IOS"
- IOS
An iOS operating system.
OsConstraintResponse, OsConstraintResponseArgs
- Minimum
Version string The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- Os
Type string The allowed OS type.
- Require
Verified boolChrome Os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- Minimum
Version string The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- Os
Type string The allowed OS type.
- Require
Verified boolChrome Os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- minimum
Version String The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- os
Type String The allowed OS type.
- require
Verified BooleanChrome Os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- minimum
Version string The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- os
Type string The allowed OS type.
- require
Verified booleanChrome Os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- minimum_
version str The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- os_
type str The allowed OS type.
- require_
verified_ boolchrome_ os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
- minimum
Version String The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format:
"major.minor.patch"
. Examples:"10.5.301"
,"9.2.1"
.- os
Type String The allowed OS type.
- require
Verified BooleanChrome Os Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.