以下示例包含为访问权限级别创建 .yaml 文件时可以指定的所有属性。仅当您正在使用 gcloud
命令行工具创建或修改访问权限级别时,才需要 .yaml 文件。
虽然您可以在 members
属性中添加身份信息,但 Google
我们建议您不要这样做请参阅入站流量和出站流量中的 identities
规则来说明
边界以相互通信。
# Attributes can be included in any order in the condition
- devicePolicy:
# Must include at least one of the following:
allowedEncryptionStatuses:
# Must include at least one of the following:
- ENCRYPTION_UNSUPPORTED
- ENCRYPTED
- UNENCRYPTED
osConstraints:
# Must include at least one of the following:
- osType: DESKTOP_CHROME_OS
minimumVersion: 11316.165.0
# minimumVersion must be formatted as x.x.x
requireVerifiedChromeOs: true
- osType: DESKTOP_MAC
- osType: DESKTOP_WINDOWS
# minimumVersion is not required
requireScreenlock: true
# requireScreenlock defaults to false if not included
requireAdminApproval: true
# requireAdminApproval defaults to false if not included
requireCorpOwned: true
# requireCorpOwned defaults to false if not included
ipSubnetworks:
# Must include one or more IPv4 and IPv6 CIDRs
- 252.0.2.0/24
- 2001:db8::/32
regions:
# Must include one or more regions as ISO 3166-1 alpha-2 codes
- US
- CH
- SG
requiredAccessLevels:
# Must include one or more existing access levels
# Must be formatted as accessPolicies/policy-name/accessLevels/level-name
- accessPolicies/247332951433/accessLevels/Device_Trust
members:
# Must include one or more valid IAM users or service accounts
- user:exampleuser@example.com
- serviceAccount:exampleaccount@example.iam.gserviceaccount.com
negate: true
# negate is not required and can only be included with other attributes
# If negate is included, none of the attributes included in the condition
# can be true for the condition to be met.
# You can include more than one condition in the .yaml file
- ipSubnetworks:
- 176.0.2.0/24