All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.accesscontextmanager.kotlin.AccessLevelConditionArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.accesscontextmanager.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.accesscontextmanager.AccessLevelConditionArgs.builder
import com.pulumi.gcp.accesscontextmanager.kotlin.inputs.AccessLevelConditionDevicePolicyArgs
import com.pulumi.gcp.accesscontextmanager.kotlin.inputs.AccessLevelConditionDevicePolicyArgsBuilder
import com.pulumi.gcp.accesscontextmanager.kotlin.inputs.AccessLevelConditionVpcNetworkSourceArgs
import com.pulumi.gcp.accesscontextmanager.kotlin.inputs.AccessLevelConditionVpcNetworkSourceArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName

/**
 * Allows configuring a single access level condition to be appended to an access level's conditions.
 * This resource is intended to be used in cases where it is not possible to compile a full list
 * of conditions to include in a `gcp.accesscontextmanager.AccessLevel` resource,
 * to enable them to be added separately.
 * > **Note:** If this resource is used alongside a `gcp.accesscontextmanager.AccessLevel` resource,
 * the access level resource must have a `lifecycle` block with `ignore_changes = [basic[0].conditions]` so
 * they don't fight over which service accounts should be included.
 * To get more information about AccessLevelCondition, see:
 * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.accessLevels)
 * * How-to Guides
 *     * [Access Policy Quickstart](https://cloud.google.com/access-context-manager/docs/quickstart)
 * > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,
 * you must specify a `billing_project` and set `user_project_override` to true
 * in the provider configuration. Otherwise the ACM API will return a 403 error.
 * Your account must have the `serviceusage.services.use` permission on the
 * `billing_project` you defined.
 * ## Example Usage
 * ### Access Context Manager Access Level Condition Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
 *     parent: "organizations/123456789",
 *     title: "my policy",
 * });
 * const access_level_service_account = new gcp.accesscontextmanager.AccessLevel("access-level-service-account", {
 *     parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,
 *     name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,
 *     title: "chromeos_no_lock",
 *     basic: {
 *         conditions: [{
 *             devicePolicy: {
 *                 requireScreenLock: true,
 *                 osConstraints: [{
 *                     osType: "DESKTOP_CHROME_OS",
 *                 }],
 *             },
 *             regions: [
 *                 "CH",
 *                 "IT",
 *                 "US",
 *             ],
 *         }],
 *     },
 * });
 * const created_later = new gcp.serviceaccount.Account("created-later", {accountId: "my-account-id"});
 * const access_level_conditions = new gcp.accesscontextmanager.AccessLevelCondition("access-level-conditions", {
 *     accessLevel: access_level_service_account.name,
 *     ipSubnetworks: ["192.0.4.0/24"],
 *     members: [
 *         "user:[email protected]",
 *         "user:[email protected]",
 *         pulumi.interpolate`serviceAccount:${created_later.email}`,
 *     ],
 *     negate: false,
 *     devicePolicy: {
 *         requireScreenLock: false,
 *         requireAdminApproval: false,
 *         requireCorpOwned: true,
 *         osConstraints: [{
 *             osType: "DESKTOP_CHROME_OS",
 *         }],
 *     },
 *     regions: [
 *         "IT",
 *         "US",
 *     ],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
 *     parent="organizations/123456789",
 *     title="my policy")
 * access_level_service_account = gcp.accesscontextmanager.AccessLevel("access-level-service-account",
 *     parent=access_policy.name.apply(lambda name: f"accessPolicies/{name}"),
 *     name=access_policy.name.apply(lambda name: f"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
 *     title="chromeos_no_lock",
 *     basic=gcp.accesscontextmanager.AccessLevelBasicArgs(
 *         conditions=[gcp.accesscontextmanager.AccessLevelBasicConditionArgs(
 *             device_policy=gcp.accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs(
 *                 require_screen_lock=True,
 *                 os_constraints=[gcp.accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs(
 *                     os_type="DESKTOP_CHROME_OS",
 *                 )],
 *             ),
 *             regions=[
 *                 "CH",
 *                 "IT",
 *                 "US",
 *             ],
 *         )],
 *     ))
 * created_later = gcp.serviceaccount.Account("created-later", account_id="my-account-id")
 * access_level_conditions = gcp.accesscontextmanager.AccessLevelCondition("access-level-conditions",
 *     access_level=access_level_service_account.name,
 *     ip_subnetworks=["192.0.4.0/24"],
 *     members=[
 *         "user:[email protected]",
 *         "user:[email protected]",
 *         created_later.email.apply(lambda email: f"serviceAccount:{email}"),
 *     ],
 *     negate=False,
 *     device_policy=gcp.accesscontextmanager.AccessLevelConditionDevicePolicyArgs(
 *         require_screen_lock=False,
 *         require_admin_approval=False,
 *         require_corp_owned=True,
 *         os_constraints=[gcp.accesscontextmanager.AccessLevelConditionDevicePolicyOsConstraintArgs(
 *             os_type="DESKTOP_CHROME_OS",
 *         )],
 *     ),
 *     regions=[
 *         "IT",
 *         "US",
 *     ])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
 *     {
 *         Parent = "organizations/123456789",
 *         Title = "my policy",
 *     });
 *     var access_level_service_account = new Gcp.AccessContextManager.AccessLevel("access-level-service-account", new()
 *     {
 *         Parent = access_policy.Name.Apply(name => $"accessPolicies/{name}"),
 *         Name = access_policy.Name.Apply(name => $"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
 *         Title = "chromeos_no_lock",
 *         Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs
 *         {
 *             Conditions = new[]
 *             {
 *                 new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs
 *                 {
 *                     DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs
 *                     {
 *                         RequireScreenLock = true,
 *                         OsConstraints = new[]
 *                         {
 *                             new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs
 *                             {
 *                                 OsType = "DESKTOP_CHROME_OS",
 *                             },
 *                         },
 *                     },
 *                     Regions = new[]
 *                     {
 *                         "CH",
 *                         "IT",
 *                         "US",
 *                     },
 *                 },
 *             },
 *         },
 *     });
 *     var created_later = new Gcp.ServiceAccount.Account("created-later", new()
 *     {
 *         AccountId = "my-account-id",
 *     });
 *     var access_level_conditions = new Gcp.AccessContextManager.AccessLevelCondition("access-level-conditions", new()
 *     {
 *         AccessLevel = access_level_service_account.Name,
 *         IpSubnetworks = new[]
 *         {
 *             "192.0.4.0/24",
 *         },
 *         Members = new[]
 *         {
 *             "user:[email protected]",
 *             "user:[email protected]",
 *             created_later.Email.Apply(email => $"serviceAccount:{email}"),
 *         },
 *         Negate = false,
 *         DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelConditionDevicePolicyArgs
 *         {
 *             RequireScreenLock = false,
 *             RequireAdminApproval = false,
 *             RequireCorpOwned = true,
 *             OsConstraints = new[]
 *             {
 *                 new Gcp.AccessContextManager.Inputs.AccessLevelConditionDevicePolicyOsConstraintArgs
 *                 {
 *                     OsType = "DESKTOP_CHROME_OS",
 *                 },
 *             },
 *         },
 *         Regions = new[]
 *         {
 *             "IT",
 *             "US",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
 * 			Parent: pulumi.String("organizations/123456789"),
 * 			Title:  pulumi.String("my policy"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = accesscontextmanager.NewAccessLevel(ctx, "access-level-service-account", &accesscontextmanager.AccessLevelArgs{
 * 			Parent: access_policy.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("accessPolicies/%v", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Name: access_policy.Name.ApplyT(func(name string) (string, error) {
 * 				return fmt.Sprintf("accessPolicies/%v/accessLevels/chromeos_no_lock", name), nil
 * 			}).(pulumi.StringOutput),
 * 			Title: pulumi.String("chromeos_no_lock"),
 * 			Basic: &accesscontextmanager.AccessLevelBasicArgs{
 * 				Conditions: accesscontextmanager.AccessLevelBasicConditionArray{
 * 					&accesscontextmanager.AccessLevelBasicConditionArgs{
 * 						DevicePolicy: &accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{
 * 							RequireScreenLock: pulumi.Bool(true),
 * 							OsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{
 * 								&accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{
 * 									OsType: pulumi.String("DESKTOP_CHROME_OS"),
 * 								},
 * 							},
 * 						},
 * 						Regions: pulumi.StringArray{
 * 							pulumi.String("CH"),
 * 							pulumi.String("IT"),
 * 							pulumi.String("US"),
 * 						},
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = serviceaccount.NewAccount(ctx, "created-later", &serviceaccount.AccountArgs{
 * 			AccountId: pulumi.String("my-account-id"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = accesscontextmanager.NewAccessLevelCondition(ctx, "access-level-conditions", &accesscontextmanager.AccessLevelConditionArgs{
 * 			AccessLevel: access_level_service_account.Name,
 * 			IpSubnetworks: pulumi.StringArray{
 * 				pulumi.String("192.0.4.0/24"),
 * 			},
 * 			Members: pulumi.StringArray{
 * 				pulumi.String("user:[email protected]"),
 * 				pulumi.String("user:[email protected]"),
 * 				created_later.Email.ApplyT(func(email string) (string, error) {
 * 					return fmt.Sprintf("serviceAccount:%v", email), nil
 * 				}).(pulumi.StringOutput),
 * 			},
 * 			Negate: pulumi.Bool(false),
 * 			DevicePolicy: &accesscontextmanager.AccessLevelConditionDevicePolicyArgs{
 * 				RequireScreenLock:    pulumi.Bool(false),
 * 				RequireAdminApproval: pulumi.Bool(false),
 * 				RequireCorpOwned:     pulumi.Bool(true),
 * 				OsConstraints: accesscontextmanager.AccessLevelConditionDevicePolicyOsConstraintArray{
 * 					&accesscontextmanager.AccessLevelConditionDevicePolicyOsConstraintArgs{
 * 						OsType: pulumi.String("DESKTOP_CHROME_OS"),
 * 					},
 * 				},
 * 			},
 * 			Regions: pulumi.StringArray{
 * 				pulumi.String("IT"),
 * 				pulumi.String("US"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
 * import com.pulumi.gcp.accesscontextmanager.AccessLevel;
 * import com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;
 * import com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;
 * import com.pulumi.gcp.serviceaccount.Account;
 * import com.pulumi.gcp.serviceaccount.AccountArgs;
 * import com.pulumi.gcp.accesscontextmanager.AccessLevelCondition;
 * import com.pulumi.gcp.accesscontextmanager.AccessLevelConditionArgs;
 * import com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelConditionDevicePolicyArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()
 *             .parent("organizations/123456789")
 *             .title("my policy")
 *             .build());
 *         var access_level_service_account = new AccessLevel("access-level-service-account", AccessLevelArgs.builder()
 *             .parent(access_policy.name().applyValue(name -> String.format("accessPolicies/%s", name)))
 *             .name(access_policy.name().applyValue(name -> String.format("accessPolicies/%s/accessLevels/chromeos_no_lock", name)))
 *             .title("chromeos_no_lock")
 *             .basic(AccessLevelBasicArgs.builder()
 *                 .conditions(AccessLevelBasicConditionArgs.builder()
 *                     .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()
 *                         .requireScreenLock(true)
 *                         .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()
 *                             .osType("DESKTOP_CHROME_OS")
 *                             .build())
 *                         .build())
 *                     .regions(
 *                         "CH",
 *                         "IT",
 *                         "US")
 *                     .build())
 *                 .build())
 *             .build());
 *         var created_later = new Account("created-later", AccountArgs.builder()
 *             .accountId("my-account-id")
 *             .build());
 *         var access_level_conditions = new AccessLevelCondition("access-level-conditions", AccessLevelConditionArgs.builder()
 *             .accessLevel(access_level_service_account.name())
 *             .ipSubnetworks("192.0.4.0/24")
 *             .members(
 *                 "user:[email protected]",
 *                 "user:[email protected]",
 *                 created_later.email().applyValue(email -> String.format("serviceAccount:%s", email)))
 *             .negate(false)
 *             .devicePolicy(AccessLevelConditionDevicePolicyArgs.builder()
 *                 .requireScreenLock(false)
 *                 .requireAdminApproval(false)
 *                 .requireCorpOwned(true)
 *                 .osConstraints(AccessLevelConditionDevicePolicyOsConstraintArgs.builder()
 *                     .osType("DESKTOP_CHROME_OS")
 *                     .build())
 *                 .build())
 *             .regions(
 *                 "IT",
 *                 "US")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   access-level-service-account:
 *     type: gcp:accesscontextmanager:AccessLevel
 *     properties:
 *       parent: accessPolicies/${["access-policy"].name}
 *       name: accessPolicies/${["access-policy"].name}/accessLevels/chromeos_no_lock
 *       title: chromeos_no_lock
 *       basic:
 *         conditions:
 *           - devicePolicy:
 *               requireScreenLock: true
 *               osConstraints:
 *                 - osType: DESKTOP_CHROME_OS
 *             regions:
 *               - CH
 *               - IT
 *               - US
 *   created-later:
 *     type: gcp:serviceaccount:Account
 *     properties:
 *       accountId: my-account-id
 *   access-level-conditions:
 *     type: gcp:accesscontextmanager:AccessLevelCondition
 *     properties:
 *       accessLevel: ${["access-level-service-account"].name}
 *       ipSubnetworks:
 *         - 192.0.4.0/24
 *       members:
 *         - user:[email protected]
 *         - user:[email protected]
 *         - serviceAccount:${["created-later"].email}
 *       negate: false
 *       devicePolicy:
 *         requireScreenLock: false
 *         requireAdminApproval: false
 *         requireCorpOwned: true
 *         osConstraints:
 *           - osType: DESKTOP_CHROME_OS
 *       regions:
 *         - IT
 *         - US
 *   access-policy:
 *     type: gcp:accesscontextmanager:AccessPolicy
 *     properties:
 *       parent: organizations/123456789
 *       title: my policy
 * ```
 * 
 * ## Import
 * This resource does not support import.
 * @property accessLevel The name of the Access Level to add this condition to.
 * - - -
 * @property devicePolicy Device specific restrictions, all restrictions must hold for
 * the Condition to be true. If not specified, all devices are
 * allowed.
 * Structure is documented below.
 * @property ipSubnetworks A list of CIDR block IP subnetwork specification. May be IPv4
 * or IPv6.
 * Note that for a CIDR IP address block, the specified IP address
 * portion must be properly truncated (i.e. all the host bits must
 * be zero) or the input is considered malformed. For example,
 * "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
 * for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
 * is not. The originating IP of a request must be in one of the
 * listed subnets in order for this Condition to be true.
 * If empty, all IP addresses are allowed.
 * @property members An allowed list of members (users, service accounts).
 * Using groups is not supported yet.
 * The signed-in user originating the request must be a part of one
 * of the provided members. If not specified, a request may come
 * from any user (logged in/not logged in, not present in any
 * groups, etc.).
 * Formats: `user:{emailid}`, `serviceAccount:{emailid}`
 * @property negate Whether to negate the Condition. If true, the Condition becomes
 * a NAND over its non-empty fields, each field must be false for
 * the Condition overall to be satisfied. Defaults to false.
 * @property regions The request must originate from one of the provided
 * countries/regions.
 * Format: A valid ISO 3166-1 alpha-2 code.
 * @property requiredAccessLevels A list of other access levels defined in the same Policy,
 * referenced by resource name. Referencing an AccessLevel which
 * does not exist is an error. All access levels listed must be
 * granted for the Condition to be true.
 * Format: accessPolicies/{policy_id}/accessLevels/{short_name}
 * @property vpcNetworkSources The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
 * Structure is documented below.
 */
public data class AccessLevelConditionArgs(
    public val accessLevel: Output? = null,
    public val devicePolicy: Output? = null,
    public val ipSubnetworks: Output>? = null,
    public val members: Output>? = null,
    public val negate: Output? = null,
    public val regions: Output>? = null,
    public val requiredAccessLevels: Output>? = null,
    public val vpcNetworkSources: Output>? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.accesscontextmanager.AccessLevelConditionArgs =
        com.pulumi.gcp.accesscontextmanager.AccessLevelConditionArgs.builder()
            .accessLevel(accessLevel?.applyValue({ args0 -> args0 }))
            .devicePolicy(devicePolicy?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .ipSubnetworks(ipSubnetworks?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
            .members(members?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
            .negate(negate?.applyValue({ args0 -> args0 }))
            .regions(regions?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
            .requiredAccessLevels(requiredAccessLevels?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
            .vpcNetworkSources(
                vpcNetworkSources?.applyValue({ args0 ->
                    args0.map({ args0 ->
                        args0.let({ args0 ->
                            args0.toJava()
                        })
                    })
                }),
            ).build()
}

/**
 * Builder for [AccessLevelConditionArgs].
 */
@PulumiTagMarker
public class AccessLevelConditionArgsBuilder internal constructor() {
    private var accessLevel: Output? = null

    private var devicePolicy: Output? = null

    private var ipSubnetworks: Output>? = null

    private var members: Output>? = null

    private var negate: Output? = null

    private var regions: Output>? = null

    private var requiredAccessLevels: Output>? = null

    private var vpcNetworkSources: Output>? = null

    /**
     * @param value The name of the Access Level to add this condition to.
     * - - -
     */
    @JvmName("dgfbtaneikvqyuua")
    public suspend fun accessLevel(`value`: Output) {
        this.accessLevel = value
    }

    /**
     * @param value Device specific restrictions, all restrictions must hold for
     * the Condition to be true. If not specified, all devices are
     * allowed.
     * Structure is documented below.
     */
    @JvmName("agrcvnxgtdjekjta")
    public suspend fun devicePolicy(`value`: Output) {
        this.devicePolicy = value
    }

    /**
     * @param value A list of CIDR block IP subnetwork specification. May be IPv4
     * or IPv6.
     * Note that for a CIDR IP address block, the specified IP address
     * portion must be properly truncated (i.e. all the host bits must
     * be zero) or the input is considered malformed. For example,
     * "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
     * for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
     * is not. The originating IP of a request must be in one of the
     * listed subnets in order for this Condition to be true.
     * If empty, all IP addresses are allowed.
     */
    @JvmName("crxbpmrcglmgoqoq")
    public suspend fun ipSubnetworks(`value`: Output>) {
        this.ipSubnetworks = value
    }

    @JvmName("quqjjlppgwuatwir")
    public suspend fun ipSubnetworks(vararg values: Output) {
        this.ipSubnetworks = Output.all(values.asList())
    }

    /**
     * @param values A list of CIDR block IP subnetwork specification. May be IPv4
     * or IPv6.
     * Note that for a CIDR IP address block, the specified IP address
     * portion must be properly truncated (i.e. all the host bits must
     * be zero) or the input is considered malformed. For example,
     * "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
     * for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
     * is not. The originating IP of a request must be in one of the
     * listed subnets in order for this Condition to be true.
     * If empty, all IP addresses are allowed.
     */
    @JvmName("fsetuuwunhdwixcg")
    public suspend fun ipSubnetworks(values: List>) {
        this.ipSubnetworks = Output.all(values)
    }

    /**
     * @param value An allowed list of members (users, service accounts).
     * Using groups is not supported yet.
     * The signed-in user originating the request must be a part of one
     * of the provided members. If not specified, a request may come
     * from any user (logged in/not logged in, not present in any
     * groups, etc.).
     * Formats: `user:{emailid}`, `serviceAccount:{emailid}`
     */
    @JvmName("qjvjudqfdtccxawo")
    public suspend fun members(`value`: Output>) {
        this.members = value
    }

    @JvmName("dclttxqbtkmkwiwl")
    public suspend fun members(vararg values: Output) {
        this.members = Output.all(values.asList())
    }

    /**
     * @param values An allowed list of members (users, service accounts).
     * Using groups is not supported yet.
     * The signed-in user originating the request must be a part of one
     * of the provided members. If not specified, a request may come
     * from any user (logged in/not logged in, not present in any
     * groups, etc.).
     * Formats: `user:{emailid}`, `serviceAccount:{emailid}`
     */
    @JvmName("uokdtdrtuyaespcj")
    public suspend fun members(values: List>) {
        this.members = Output.all(values)
    }

    /**
     * @param value Whether to negate the Condition. If true, the Condition becomes
     * a NAND over its non-empty fields, each field must be false for
     * the Condition overall to be satisfied. Defaults to false.
     */
    @JvmName("xcoketexnunjpgda")
    public suspend fun negate(`value`: Output) {
        this.negate = value
    }

    /**
     * @param value The request must originate from one of the provided
     * countries/regions.
     * Format: A valid ISO 3166-1 alpha-2 code.
     */
    @JvmName("ucvwbxtymhnhxspp")
    public suspend fun regions(`value`: Output>) {
        this.regions = value
    }

    @JvmName("nqwsdlqkixbnwjbi")
    public suspend fun regions(vararg values: Output) {
        this.regions = Output.all(values.asList())
    }

    /**
     * @param values The request must originate from one of the provided
     * countries/regions.
     * Format: A valid ISO 3166-1 alpha-2 code.
     */
    @JvmName("ifuyycqkajngumga")
    public suspend fun regions(values: List>) {
        this.regions = Output.all(values)
    }

    /**
     * @param value A list of other access levels defined in the same Policy,
     * referenced by resource name. Referencing an AccessLevel which
     * does not exist is an error. All access levels listed must be
     * granted for the Condition to be true.
     * Format: accessPolicies/{policy_id}/accessLevels/{short_name}
     */
    @JvmName("qfmifigbikfacsyt")
    public suspend fun requiredAccessLevels(`value`: Output>) {
        this.requiredAccessLevels = value
    }

    @JvmName("ghvokudtiibfftbx")
    public suspend fun requiredAccessLevels(vararg values: Output) {
        this.requiredAccessLevels = Output.all(values.asList())
    }

    /**
     * @param values A list of other access levels defined in the same Policy,
     * referenced by resource name. Referencing an AccessLevel which
     * does not exist is an error. All access levels listed must be
     * granted for the Condition to be true.
     * Format: accessPolicies/{policy_id}/accessLevels/{short_name}
     */
    @JvmName("tcmpvqsxaotpmesw")
    public suspend fun requiredAccessLevels(values: List>) {
        this.requiredAccessLevels = Output.all(values)
    }

    /**
     * @param value The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
     * Structure is documented below.
     */
    @JvmName("iitjotcxjahbhbxy")
    public suspend fun vpcNetworkSources(`value`: Output>) {
        this.vpcNetworkSources = value
    }

    @JvmName("meathbyqrxhxshfj")
    public suspend fun vpcNetworkSources(vararg values: Output) {
        this.vpcNetworkSources = Output.all(values.asList())
    }

    /**
     * @param values The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
     * Structure is documented below.
     */
    @JvmName("lsjcreyipbbpolma")
    public suspend fun vpcNetworkSources(values: List>) {
        this.vpcNetworkSources = Output.all(values)
    }

    /**
     * @param value The name of the Access Level to add this condition to.
     * - - -
     */
    @JvmName("rqugytdtlqjexqao")
    public suspend fun accessLevel(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.accessLevel = mapped
    }

    /**
     * @param value Device specific restrictions, all restrictions must hold for
     * the Condition to be true. If not specified, all devices are
     * allowed.
     * Structure is documented below.
     */
    @JvmName("ovaqpqhjsfkvqlhq")
    public suspend fun devicePolicy(`value`: AccessLevelConditionDevicePolicyArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.devicePolicy = mapped
    }

    /**
     * @param argument Device specific restrictions, all restrictions must hold for
     * the Condition to be true. If not specified, all devices are
     * allowed.
     * Structure is documented below.
     */
    @JvmName("gswlgvoencwfsxjn")
    public suspend fun devicePolicy(argument: suspend AccessLevelConditionDevicePolicyArgsBuilder.() -> Unit) {
        val toBeMapped = AccessLevelConditionDevicePolicyArgsBuilder().applySuspend {
            argument()
        }.build()
        val mapped = of(toBeMapped)
        this.devicePolicy = mapped
    }

    /**
     * @param value A list of CIDR block IP subnetwork specification. May be IPv4
     * or IPv6.
     * Note that for a CIDR IP address block, the specified IP address
     * portion must be properly truncated (i.e. all the host bits must
     * be zero) or the input is considered malformed. For example,
     * "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
     * for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
     * is not. The originating IP of a request must be in one of the
     * listed subnets in order for this Condition to be true.
     * If empty, all IP addresses are allowed.
     */
    @JvmName("hyraulwmereejevn")
    public suspend fun ipSubnetworks(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.ipSubnetworks = mapped
    }

    /**
     * @param values A list of CIDR block IP subnetwork specification. May be IPv4
     * or IPv6.
     * Note that for a CIDR IP address block, the specified IP address
     * portion must be properly truncated (i.e. all the host bits must
     * be zero) or the input is considered malformed. For example,
     * "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
     * for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
     * is not. The originating IP of a request must be in one of the
     * listed subnets in order for this Condition to be true.
     * If empty, all IP addresses are allowed.
     */
    @JvmName("icvrhlyrlclwdecu")
    public suspend fun ipSubnetworks(vararg values: String) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.ipSubnetworks = mapped
    }

    /**
     * @param value An allowed list of members (users, service accounts).
     * Using groups is not supported yet.
     * The signed-in user originating the request must be a part of one
     * of the provided members. If not specified, a request may come
     * from any user (logged in/not logged in, not present in any
     * groups, etc.).
     * Formats: `user:{emailid}`, `serviceAccount:{emailid}`
     */
    @JvmName("iqgfnfwhngxgvgtx")
    public suspend fun members(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.members = mapped
    }

    /**
     * @param values An allowed list of members (users, service accounts).
     * Using groups is not supported yet.
     * The signed-in user originating the request must be a part of one
     * of the provided members. If not specified, a request may come
     * from any user (logged in/not logged in, not present in any
     * groups, etc.).
     * Formats: `user:{emailid}`, `serviceAccount:{emailid}`
     */
    @JvmName("qmwiandbtknrgwyo")
    public suspend fun members(vararg values: String) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.members = mapped
    }

    /**
     * @param value Whether to negate the Condition. If true, the Condition becomes
     * a NAND over its non-empty fields, each field must be false for
     * the Condition overall to be satisfied. Defaults to false.
     */
    @JvmName("peeoxcrwihuctnnp")
    public suspend fun negate(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.negate = mapped
    }

    /**
     * @param value The request must originate from one of the provided
     * countries/regions.
     * Format: A valid ISO 3166-1 alpha-2 code.
     */
    @JvmName("gegwlammusaoyxmo")
    public suspend fun regions(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.regions = mapped
    }

    /**
     * @param values The request must originate from one of the provided
     * countries/regions.
     * Format: A valid ISO 3166-1 alpha-2 code.
     */
    @JvmName("rofvvbqqtccdmuqy")
    public suspend fun regions(vararg values: String) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.regions = mapped
    }

    /**
     * @param value A list of other access levels defined in the same Policy,
     * referenced by resource name. Referencing an AccessLevel which
     * does not exist is an error. All access levels listed must be
     * granted for the Condition to be true.
     * Format: accessPolicies/{policy_id}/accessLevels/{short_name}
     */
    @JvmName("skhjtdokmxjeticx")
    public suspend fun requiredAccessLevels(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.requiredAccessLevels = mapped
    }

    /**
     * @param values A list of other access levels defined in the same Policy,
     * referenced by resource name. Referencing an AccessLevel which
     * does not exist is an error. All access levels listed must be
     * granted for the Condition to be true.
     * Format: accessPolicies/{policy_id}/accessLevels/{short_name}
     */
    @JvmName("ihorgjgvcqswhpca")
    public suspend fun requiredAccessLevels(vararg values: String) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.requiredAccessLevels = mapped
    }

    /**
     * @param value The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
     * Structure is documented below.
     */
    @JvmName("nxrjupgbwsrpwsxs")
    public suspend fun vpcNetworkSources(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.vpcNetworkSources = mapped
    }

    /**
     * @param argument The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
     * Structure is documented below.
     */
    @JvmName("artjlbasffxobmdh")
    public suspend fun vpcNetworkSources(argument: List Unit>) {
        val toBeMapped = argument.toList().map {
            AccessLevelConditionVpcNetworkSourceArgsBuilder().applySuspend { it() }.build()
        }
        val mapped = of(toBeMapped)
        this.vpcNetworkSources = mapped
    }

    /**
     * @param argument The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
     * Structure is documented below.
     */
    @JvmName("bjbqyelhgnakkbvl")
    public suspend fun vpcNetworkSources(vararg argument: suspend AccessLevelConditionVpcNetworkSourceArgsBuilder.() -> Unit) {
        val toBeMapped = argument.toList().map {
            AccessLevelConditionVpcNetworkSourceArgsBuilder().applySuspend { it() }.build()
        }
        val mapped = of(toBeMapped)
        this.vpcNetworkSources = mapped
    }

    /**
     * @param argument The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
     * Structure is documented below.
     */
    @JvmName("bcmnjuciyjflfxvf")
    public suspend fun vpcNetworkSources(argument: suspend AccessLevelConditionVpcNetworkSourceArgsBuilder.() -> Unit) {
        val toBeMapped = listOf(
            AccessLevelConditionVpcNetworkSourceArgsBuilder().applySuspend {
                argument()
            }.build(),
        )
        val mapped = of(toBeMapped)
        this.vpcNetworkSources = mapped
    }

    /**
     * @param values The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
     * Structure is documented below.
     */
    @JvmName("gyoatyimupdxqarp")
    public suspend fun vpcNetworkSources(vararg values: AccessLevelConditionVpcNetworkSourceArgs) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.vpcNetworkSources = mapped
    }

    internal fun build(): AccessLevelConditionArgs = AccessLevelConditionArgs(
        accessLevel = accessLevel,
        devicePolicy = devicePolicy,
        ipSubnetworks = ipSubnetworks,
        members = members,
        negate = negate,
        regions = regions,
        requiredAccessLevels = requiredAccessLevels,
        vpcNetworkSources = vpcNetworkSources,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy