Package-level declarations
Types
An AccessLevel is a label that can be applied to requests to GCP services, along with a list of requirements necessary for the label to be applied. To get more information about AccessLevel, see:
An AccessLevel is a label that can be applied to requests to GCP services, along with a list of requirements necessary for the label to be applied. To get more information about AccessLevel, see:
Builder for AccessLevelArgs.
Allows configuring a single access level condition to be appended to an access level's conditions. This resource is intended to be used in cases where it is not possible to compile a full list of conditions to include in a gcp.accesscontextmanager.AccessLevel resource, to enable them to be added separately.
Allows configuring a single access level condition to be appended to an access level's conditions. This resource is intended to be used in cases where it is not possible to compile a full list of conditions to include in a gcp.accesscontextmanager.AccessLevel resource, to enable them to be added separately.
Builder for AccessLevelConditionArgs.
Builder for AccessLevelCondition.
Builder for AccessLevel.
Replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically. This is a bulk edit of all Access Levels and may override existing Access Levels created by gcp.accesscontextmanager.AccessLevel, thus causing a permadiff if used alongside gcp.accesscontextmanager.AccessLevel on the same parent. To get more information about AccessLevels, see:
Replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically. This is a bulk edit of all Access Levels and may override existing Access Levels created by gcp.accesscontextmanager.AccessLevel, thus causing a permadiff if used alongside gcp.accesscontextmanager.AccessLevel on the same parent. To get more information about AccessLevels, see:
Builder for AccessLevelsArgs.
Builder for AccessLevels.
AccessPolicy is a container for AccessLevels (which define the necessary attributes to use GCP services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization. To get more information about AccessPolicy, see:
AccessPolicy is a container for AccessLevels (which define the necessary attributes to use GCP services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization. To get more information about AccessPolicy, see:
Builder for AccessPolicyArgs.
Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
Builder for AccessPolicyIamBindingArgs.
Builder for AccessPolicyIamBinding.
Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
Builder for AccessPolicyIamMemberArgs.
Builder for AccessPolicyIamMember.
Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
Builder for AccessPolicyIamPolicyArgs.
Builder for AccessPolicyIamPolicy.
Builder for AccessPolicy.
An authorized organizations description describes a list of organizations (1) that have been authorized to use certain asset (for example, device) data owned by different organizations at the enforcement points, or (2) with certain asset (for example, device) have been authorized to access the resources in another organization at the enforcement points. To get more information about AuthorizedOrgsDesc, see:
An authorized organizations description describes a list of organizations (1) that have been authorized to use certain asset (for example, device) data owned by different organizations at the enforcement points, or (2) with certain asset (for example, device) have been authorized to access the resources in another organization at the enforcement points. To get more information about AuthorizedOrgsDesc, see:
Builder for AuthorizedOrgsDescArgs.
Builder for AuthorizedOrgsDesc.
This resource has been deprecated, please refer to ServicePerimeterEgressPolicy. To get more information about EgressPolicy, see:
This resource has been deprecated, please refer to ServicePerimeterEgressPolicy. To get more information about EgressPolicy, see:
Builder for EgressPolicyArgs.
Builder for EgressPolicy.
Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access. To get more information about GcpUserAccessBinding, see:
Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access. To get more information about GcpUserAccessBinding, see:
Builder for GcpUserAccessBindingArgs.
Builder for GcpUserAccessBinding.
This resource has been deprecated, please refer to ServicePerimeterIngressPolicy. To get more information about IngressPolicy, see:
This resource has been deprecated, please refer to ServicePerimeterIngressPolicy. To get more information about IngressPolicy, see:
Builder for IngressPolicyArgs.
Builder for IngressPolicy.
ServicePerimeter describes a set of GCP resources which can freely import and export data amongst themselves, but not export outside of the ServicePerimeter. If a request with a source within this ServicePerimeter has a target outside of the ServicePerimeter, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter
ServicePerimeter describes a set of GCP resources which can freely import and export data amongst themselves, but not export outside of the ServicePerimeter. If a request with a source within this ServicePerimeter has a target outside of the ServicePerimeter, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter
Builder for ServicePerimeterArgs.
EgressPolicies match requests based on egressFrom and egressTo stanzas. For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). To get more information about ServicePerimeterEgressPolicy, see:
EgressPolicies match requests based on egressFrom and egressTo stanzas. For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). To get more information about ServicePerimeterEgressPolicy, see:
Builder for ServicePerimeterEgressPolicyArgs.
Builder for ServicePerimeterEgressPolicy.
IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. For example, access from the internet can be allowed either based on an AccessLevel or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required. Individual ingress policies can be limited by restricting which services and/ or actions they match using the ingressTo field. To get more information about ServicePerimeterIngressPolicy, see:
IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. For example, access from the internet can be allowed either based on an AccessLevel or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required. Individual ingress policies can be limited by restricting which services and/ or actions they match using the ingressTo field. To get more information about ServicePerimeterIngressPolicy, see:
Builder for ServicePerimeterIngressPolicyArgs.
Builder for ServicePerimeterIngressPolicy.
Allows configuring a single GCP resource that should be inside of a service perimeter. This resource is intended to be used in cases where it is not possible to compile a full list of projects to include in a gcp.accesscontextmanager.ServicePerimeter resource, to enable them to be added separately.
Allows configuring a single GCP resource that should be inside of a service perimeter. This resource is intended to be used in cases where it is not possible to compile a full list of projects to include in a gcp.accesscontextmanager.ServicePerimeter resource, to enable them to be added separately.
Builder for ServicePerimeterResourceArgs.
Builder for ServicePerimeter.
Builder for ServicePerimeterResource.
Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically. This is a bulk edit of all Service Perimeters and may override existing Service Perimeters created by gcp.accesscontextmanager.ServicePerimeter, thus causing a permadiff if used alongside gcp.accesscontextmanager.ServicePerimeter on the same parent. To get more information about ServicePerimeters, see:
Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically. This is a bulk edit of all Service Perimeters and may override existing Service Perimeters created by gcp.accesscontextmanager.ServicePerimeter, thus causing a permadiff if used alongside gcp.accesscontextmanager.ServicePerimeter on the same parent. To get more information about ServicePerimeters, see:
Builder for ServicePerimetersArgs.
Builder for ServicePerimeters.