Metadata of Access Context Manager’s Long Running Operations.
An AccessLevel is a label that can be applied to requests to Google Cloud
services, along with a list of requirements necessary for the label to be
applied.
AccessPolicy is a container for AccessLevels (which define the necessary
attributes to use Google Cloud services) and ServicePerimeters (which
define regions of services able to freely pass data within a perimeter). An
access policy is globally visible within an organization, and the
restrictions it specifies apply to all projects within an organization.
BasicLevel is an AccessLevel using a set of recommended features.
A request to commit dry-run specs in all [Service Perimeters]
[google.identity.accesscontextmanager.v1.ServicePerimeter] belonging to
an [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
A response to CommitServicePerimetersRequest. This will be put inside of
Operation.response field.
A condition necessary for an AccessLevel to be granted. The Condition is an
AND over its fields. So a Condition is true if: 1) the request IP is from one
of the listed subnetworks AND 2) the originating device complies with the
listed device policy AND 3) all listed access levels are granted AND 4) the
request was sent at a time allowed by the DateTimeRestriction.
A request to create an AccessLevel.
Request of [CreateGcpUserAccessBinding]
[google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding].
A request to create a ServicePerimeter.
CustomLevel is an
AccessLevel using the Cloud Common Expression Language
to represent the necessary conditions for the level to apply to a request.
See CEL spec at:
https://github.com/google/cel-specA request to delete an AccessLevel.
A request to delete an AccessPolicy.
Request of [DeleteGcpUserAccessBinding]
[google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding].
A request to delete a ServicePerimeter.
DevicePolicy specifies device specific restrictions necessary to acquire a
given access level. A DevicePolicy specifies requirements for requests from
devices to be granted access levels, it does not do any enforcement on the
device. DevicePolicy acts as an AND over all specified fields, and each
repeated field is an OR over its elements. Any unset fields are ignored. For
example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
true for requests originating from encrypted Linux desktops and encrypted
Windows desktops.
Restricts access to Cloud Console and Google Cloud APIs for a set of users
using Context-Aware Access.
Currently, a completed operation means nothing. In the future, this metadata
and a completed operation may indicate that the binding has taken effect and
is affecting access decisions for all users.
A request to get a particular AccessLevel.
A request to get a particular AccessPolicy.
Request of [GetGcpUserAccessBinding]
[google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding].
A request to get a particular ServicePerimeter.
A request to list all AccessLevels in an AccessPolicy.
A response to ListAccessLevelsRequest.
A request to list all AccessPolicies for a container.
A response to ListAccessPoliciesRequest.
Request of [ListGcpUserAccessBindings]
[google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
Response of [ListGcpUserAccessBindings]
[google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
A request to list all ServicePerimeters in an AccessPolicy.
A response to ListServicePerimetersRequest.
A restriction on the OS type and version of devices making requests.
A request to replace all existing Access Levels in an Access Policy with
the Access Levels provided. This is done atomically.
A response to ReplaceAccessLevelsRequest. This will be put inside of
Operation.response field.
A request to replace all existing Service Perimeters in an Access Policy
with the Service Perimeters provided. This is done atomically.
A response to ReplaceServicePerimetersRequest. This will be put inside of
Operation.response field.
ServicePerimeter describes a set of Google Cloud resources which can freely
import and export data amongst themselves, but not export outside of the
ServicePerimeter. If a request with a source within this ServicePerimeter
has a target outside of the ServicePerimeter, the request will be blocked.
Otherwise the request is allowed. There are two types of Service Perimeter -
Regular and Bridge. Regular Service Perimeters cannot overlap, a single
Google Cloud project can only belong to a single regular Service Perimeter.
Service Perimeter Bridges can contain only Google Cloud projects as members,
a single Google Cloud project may belong to multiple Service Perimeter
Bridges.
ServicePerimeterConfig specifies a set of Google Cloud resources that
describe specific Service Perimeter configuration.
A request to update an AccessLevel.
A request to update an AccessPolicy.
Request of [UpdateGcpUserAccessBinding]
[google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding].
A request to update a ServicePerimeter.