Skip to content

Commit 6f92b89

Browse files
c2thornc2thorn
authored
go rewrite - acm and apigee (#11087)
1 parent 4910932 commit 6f92b89

File tree

57 files changed

+5740
-61
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

57 files changed

+5740
-61
lines changed

mmv1/products/accesscontextmanager/go_AccessLevel.yaml

+311
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,311 @@
1+
# Copyright 2024 Google Inc.
2+
# Licensed under the Apache License, Version 2.0 (the "License");
3+
# you may not use this file except in compliance with the License.
4+
# You may obtain a copy of the License at
5+
#
6+
# http://www.apache.org/licenses/LICENSE-2.0
7+
#
8+
# Unless required by applicable law or agreed to in writing, software
9+
# distributed under the License is distributed on an "AS IS" BASIS,
10+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11+
# See the License for the specific language governing permissions and
12+
# limitations under the License.
13+
14+
# Warning: This is a temporary file, and should not be edited directly
15+
---
16+
name: 'AccessLevel'
17+
description: |
18+
An AccessLevel is a label that can be applied to requests to GCP services,
19+
along with a list of requirements necessary for the label to be applied.
20+
references:
21+
guides:
22+
'Access Policy Quickstart': 'https://cloud.google.com/access-context-manager/docs/quickstart'
23+
api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.accessLevels'
24+
docs:
25+
warning: |
26+
If you are using User ADCs (Application Default Credentials) with this resource,
27+
you must specify a `billing_project` and set `user_project_override` to true
28+
in the provider configuration. Otherwise the ACM API will return a 403 error.
29+
Your account must have the `serviceusage.services.use` permission on the
30+
`billing_project` you defined.
31+
id_format: '{{name}}'
32+
base_url: ''
33+
self_link: '{{name}}'
34+
create_url: '{{parent}}/accessLevels'
35+
update_verb: 'PATCH'
36+
update_mask: true
37+
import_format:
38+
- '{{name}}'
39+
timeouts:
40+
insert_minutes: 20
41+
update_minutes: 20
42+
delete_minutes: 20
43+
autogen_async: true
44+
async:
45+
type: 'OpAsync'
46+
operation:
47+
base_url: '{{op_id}}'
48+
path: 'name'
49+
wait_ms: 1000
50+
result:
51+
path: 'response'
52+
resource_inside_response: true
53+
error:
54+
path: 'error'
55+
message: 'message'
56+
custom_code:
57+
encoder: 'templates/terraform/encoders/go/access_level_never_send_parent.go.tmpl'
58+
custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_self_link.go.tmpl'
59+
skip_sweeper: true
60+
examples:
61+
- name: 'access_context_manager_access_level_basic'
62+
primary_resource_id: 'access-level'
63+
vars:
64+
access_level_name: 'chromeos_no_lock'
65+
skip_test: true
66+
parameters:
67+
- name: 'parent'
68+
type: String
69+
description: |
70+
The AccessPolicy this AccessLevel lives in.
71+
Format: accessPolicies/{policy_id}
72+
required: true
73+
immutable: true
74+
ignore_read: true
75+
- name: 'name'
76+
type: String
77+
description: |
78+
Resource name for the Access Level. The short_name component must begin
79+
with a letter and only include alphanumeric and '_'.
80+
Format: accessPolicies/{policy_id}/accessLevels/{short_name}
81+
required: true
82+
immutable: true
83+
properties:
84+
- name: 'title'
85+
type: String
86+
description: |
87+
Human readable title. Must be unique within the Policy.
88+
required: true
89+
- name: 'description'
90+
type: String
91+
description: |
92+
Description of the AccessLevel and its use. Does not affect behavior.
93+
- name: 'basic'
94+
type: NestedObject
95+
description: |
96+
A set of predefined conditions for the access level and a combining function.
97+
conflicts:
98+
- custom
99+
properties:
100+
- name: 'combiningFunction'
101+
type: Enum
102+
description: |
103+
How the conditions list should be combined to determine if a request
104+
is granted this AccessLevel. If AND is used, each Condition in
105+
conditions must be satisfied for the AccessLevel to be applied. If
106+
OR is used, at least one Condition in conditions must be satisfied
107+
for the AccessLevel to be applied.
108+
custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl'
109+
default_value: "AND"
110+
enum_values:
111+
- 'AND'
112+
- 'OR'
113+
- name: 'conditions'
114+
type: Array
115+
description: |
116+
A set of requirements for the AccessLevel to be granted.
117+
required: true
118+
item_type:
119+
type: NestedObject
120+
properties:
121+
- name: 'ipSubnetworks'
122+
type: Array
123+
description: |
124+
A list of CIDR block IP subnetwork specification. May be IPv4
125+
or IPv6.
126+
Note that for a CIDR IP address block, the specified IP address
127+
portion must be properly truncated (i.e. all the host bits must
128+
be zero) or the input is considered malformed. For example,
129+
"192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
130+
for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
131+
is not. The originating IP of a request must be in one of the
132+
listed subnets in order for this Condition to be true.
133+
If empty, all IP addresses are allowed.
134+
item_type:
135+
type: String
136+
- name: 'requiredAccessLevels'
137+
type: Array
138+
description: |
139+
A list of other access levels defined in the same Policy,
140+
referenced by resource name. Referencing an AccessLevel which
141+
does not exist is an error. All access levels listed must be
142+
granted for the Condition to be true.
143+
Format: accessPolicies/{policy_id}/accessLevels/{short_name}
144+
item_type:
145+
type: String
146+
- name: 'members'
147+
type: Array
148+
description: |
149+
An allowed list of members (users, service accounts).
150+
Using groups is not supported yet.
151+
152+
The signed-in user originating the request must be a part of one
153+
of the provided members. If not specified, a request may come
154+
from any user (logged in/not logged in, not present in any
155+
groups, etc.).
156+
Formats: `user:{emailid}`, `serviceAccount:{emailid}`
157+
item_type:
158+
type: String
159+
- name: 'negate'
160+
type: Boolean
161+
description: |
162+
Whether to negate the Condition. If true, the Condition becomes
163+
a NAND over its non-empty fields, each field must be false for
164+
the Condition overall to be satisfied. Defaults to false.
165+
- name: 'devicePolicy'
166+
type: NestedObject
167+
description: |
168+
Device specific restrictions, all restrictions must hold for
169+
the Condition to be true. If not specified, all devices are
170+
allowed.
171+
properties:
172+
- name: 'requireScreenLock'
173+
type: Boolean
174+
description: |
175+
Whether or not screenlock is required for the DevicePolicy
176+
to be true. Defaults to false.
177+
api_name: requireScreenlock
178+
- name: 'allowedEncryptionStatuses'
179+
type: Array
180+
description: |
181+
A list of allowed encryptions statuses.
182+
An empty list allows all statuses.
183+
item_type:
184+
type: Enum
185+
description: |
186+
This field only has a name and description because of MM
187+
limitations. It should not appear in downstreams.
188+
enum_values:
189+
- 'ENCRYPTION_UNSPECIFIED'
190+
- 'ENCRYPTION_UNSUPPORTED'
191+
- 'UNENCRYPTED'
192+
- 'ENCRYPTED'
193+
- name: 'allowedDeviceManagementLevels'
194+
type: Array
195+
description: |
196+
A list of allowed device management levels.
197+
An empty list allows all management levels.
198+
item_type:
199+
type: Enum
200+
description: |
201+
This field only has a name and description because of MM
202+
limitations. It should not appear in downstreams.
203+
enum_values:
204+
- 'MANAGEMENT_UNSPECIFIED'
205+
- 'NONE'
206+
- 'BASIC'
207+
- 'COMPLETE'
208+
- name: 'osConstraints'
209+
type: Array
210+
description: |
211+
A list of allowed OS versions.
212+
An empty list allows all types and all versions.
213+
item_type:
214+
type: NestedObject
215+
properties:
216+
- name: 'minimumVersion'
217+
type: String
218+
description: |
219+
The minimum allowed OS version. If not set, any version
220+
of this OS satisfies the constraint.
221+
Format: "major.minor.patch" such as "10.5.301", "9.2.1".
222+
- name: 'requireVerifiedChromeOs'
223+
type: Boolean
224+
description:
225+
If you specify DESKTOP_CHROME_OS for osType, you can
226+
optionally include requireVerifiedChromeOs to require
227+
Chrome Verified Access.
228+
- name: 'osType'
229+
type: Enum
230+
description: |
231+
The operating system type of the device.
232+
required: true
233+
enum_values:
234+
- 'OS_UNSPECIFIED'
235+
- 'DESKTOP_MAC'
236+
- 'DESKTOP_WINDOWS'
237+
- 'DESKTOP_LINUX'
238+
- 'DESKTOP_CHROME_OS'
239+
- 'ANDROID'
240+
- 'IOS'
241+
- name: 'requireAdminApproval'
242+
type: Boolean
243+
description: |
244+
Whether the device needs to be approved by the customer admin.
245+
- name: 'requireCorpOwned'
246+
type: Boolean
247+
description: |
248+
Whether the device needs to be corp owned.
249+
- name: 'regions'
250+
type: Array
251+
description: |
252+
The request must originate from one of the provided
253+
countries/regions.
254+
Format: A valid ISO 3166-1 alpha-2 code.
255+
item_type:
256+
type: String
257+
- name: 'vpcNetworkSources'
258+
type: Array
259+
description: 'The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.'
260+
item_type:
261+
type: NestedObject
262+
properties:
263+
- name: 'vpcSubnetwork'
264+
type: NestedObject
265+
description: 'Sub networks within a VPC network.'
266+
properties:
267+
- name: 'network'
268+
type: String
269+
description: 'Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires `compute.network.get` permission to be granted to caller.'
270+
required: true
271+
- name: 'vpcIpSubnetworks'
272+
type: Array
273+
description: 'CIDR block IP subnetwork specification. Must be IPv4.'
274+
item_type:
275+
type: String
276+
min_size: 1
277+
- name: 'custom'
278+
type: NestedObject
279+
description: |
280+
Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.
281+
See CEL spec at: https://github.com/google/cel-spec.
282+
conflicts:
283+
- basic
284+
properties:
285+
- name: 'expr'
286+
type: NestedObject
287+
description: |
288+
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
289+
This page details the objects and attributes that are used to the build the CEL expressions for
290+
custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
291+
required: true
292+
properties:
293+
- name: 'expression'
294+
type: String
295+
description:
296+
Textual representation of an expression in Common Expression
297+
Language syntax.
298+
required: true
299+
- name: 'title'
300+
type: String
301+
description:
302+
Title for the expression, i.e. a short string describing its
303+
purpose.
304+
- name: 'description'
305+
type: String
306+
description: Description of the expression
307+
- name: 'location'
308+
type: String
309+
description:
310+
String indicating the location of the expression for error
311+
reporting, e.g. a file name and a position in the file

0 commit comments

Comments
 (0)