액세스 수준의 YAML 예

다음 예에는 액세스 수준의 .yaml 파일을 만들 때 지정할 수 있는 모든 속성이 포함되어 있습니다. .yaml 파일은 gcloud 명령줄 도구를 사용하여 액세스 수준을 만들거나 수정하는 경우에만 필요합니다.

members 속성에 ID를 포함할 수 있지만 권장되지 않습니다. 경계가 서로 통신하도록 허용하는 방법은 인그레스 및 이그레스 규칙identities를 참조하세요.

# Attributes can be included in any order in the condition - devicePolicy:   # Must include at least one of the following:     allowedEncryptionStatuses:     # Must include at least one of the following:       - ENCRYPTION_UNSUPPORTED       - ENCRYPTED       - UNENCRYPTED     osConstraints:     # Must include at least one of the following:       - osType: DESKTOP_CHROME_OS         minimumVersion: 11316.165.0         # minimumVersion must be formatted as x.x.x         requireVerifiedChromeOs: true       - osType: DESKTOP_MAC       - osType: DESKTOP_WINDOWS         # minimumVersion is not required     requireScreenlock: true     # requireScreenlock defaults to false if not included     requireAdminApproval: true     # requireAdminApproval defaults to false if not included     requireCorpOwned: true     # requireCorpOwned defaults to false if not included   ipSubnetworks:   # Must include one or more IPv4 and IPv6 CIDRs     - 252.0.2.0/24     - 2001:db8::/32   regions:   # Must include one or more regions as ISO 3166-1 alpha-2 codes     - US     - CH     - SG   requiredAccessLevels:   # Must include one or more existing access levels   # Must be formatted as accessPolicies/policy-name/accessLevels/level-name     - accessPolicies/247332951433/accessLevels/Device_Trust   members:   # Must include one or more valid IAM users or service accounts     - user:[email protected]     - serviceAccount:exampleaccount@example.iam.gserviceaccount.com   negate: true   # negate is not required and can only be included with other attributes   # If negate is included, none of the attributes included in the condition   # can be true for the condition to be met.  # You can include more than one condition in the .yaml file - ipSubnetworks:     - 176.0.2.0/24