Skip to main content
← back to extensions

@swamp/gcp/accesscontextmanager

v2026.04.23.1

Google Cloud accesscontextmanager infrastructure models

Repository

https://github.com/systeminit/swamp-extensions

Platforms

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

Labels

gcpgoogle-cloudaccesscontextmanagercloudinfrastructure

Contents

models

Quality score

Verified by Swamp

How well-documented and verifiable this extension is.

100%

Grade A

  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • At least one platform tag (or universal)1/1earned
  • Two or more platform tags (or universal)1/1earned
  • License declared1/1earned
  • Verified public repository2/2earned

Install

$ swamp extension pull @swamp/gcp/accesscontextmanager

@swamp/gcp/accesscontextmanager/accesspoliciesv2026.04.23.1accesspolicies.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
parent?stringRequired. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`
scopes?arrayThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in
title?stringRequired. Human readable title. Does not affect behavior.
createCreate a accessPolicies
getGet a accessPolicies
ArgumentTypeDescription
identifierstringThe name of the accessPolicies
updateUpdate accessPolicies attributes
deleteDelete the accessPolicies
ArgumentTypeDescription
identifierstringThe name of the accessPolicies
syncSync accessPolicies state from GCP

Resources

state(infinite)— `AccessPolicy` is a container for `AccessLevels` (which define the necessary ...
@swamp/gcp/accesscontextmanager/accesspolicies-accesslevelsv2026.04.23.1accesspolicies_accesslevels.ts

Global Arguments

ArgumentTypeDescription
basic?object`BasicLevel` is an `AccessLevel` using a set of recommended features.
custom?object`CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. See CEL spec at: https://github.com/google/cel-spec
description?stringDescription of the `AccessLevel` and its use. Does not affect behavior.
name?stringIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
title?stringHuman readable title. Must be unique within the Policy.
parent?stringThe parent resource name (e.g., projects/my-project/locations/us-central1, organizations/123, folders/456)
createCreate a accessLevels
getGet a accessLevels
ArgumentTypeDescription
identifierstringThe name of the accessLevels
updateUpdate accessLevels attributes
deleteDelete the accessLevels
ArgumentTypeDescription
identifierstringThe name of the accessLevels
syncSync accessLevels state from GCP
replace_allreplace all
ArgumentTypeDescription
accessLevels?any
etag?any

Resources

state(infinite)— An `AccessLevel` is a label that can be applied to requests to Google Cloud s...
@swamp/gcp/accesscontextmanager/accesspolicies-authorizedorgsdescsv2026.04.23.1accesspolicies_authorizedorgsdescs.ts

Global Arguments

ArgumentTypeDescription
assetType?enumThe asset type of this authorized orgs desc. Valid values are `ASSET_TYPE_DEVICE`, and `ASSET_TYPE_CREDENTIAL_STRENGTH`.
authorizationDirection?enumThe direction of the authorization relationship between this organization and the organizations listed in the `orgs` field. The valid values for this field include the following: `AUTHORIZATION_DIRECTION_FROM`: Allows this organization to evaluate traffic in the organizations listed in the `orgs` field. `AUTHORIZATION_DIRECTION_TO`: Allows the organizations listed in the `orgs` field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organ
authorizationType?enumA granular control type for authorization levels. Valid value is `AUTHORIZATION_TYPE_TRUST`.
name?stringIdentifier. Resource name for the `AuthorizedOrgsDesc`. Format: `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. The `authorized_orgs_desc` component must begin with a letter, followed by alphanumeric characters or `_`. After you create an `AuthorizedOrgsDesc`, you cannot change its `name`.
orgs?arrayThe list of organization ids in this AuthorizedOrgsDesc. Format: `organizations/` Example: `organizations/123456`
parent?stringThe parent resource name (e.g., projects/my-project/locations/us-central1, organizations/123, folders/456)
createCreate a authorizedOrgsDescs
getGet a authorizedOrgsDescs
ArgumentTypeDescription
identifierstringThe name of the authorizedOrgsDescs
updateUpdate authorizedOrgsDescs attributes
deleteDelete the authorizedOrgsDescs
ArgumentTypeDescription
identifierstringThe name of the authorizedOrgsDescs
syncSync authorizedOrgsDescs state from GCP

Resources

state(infinite)— `AuthorizedOrgsDesc` contains data for an organization's authorization policy.
@swamp/gcp/accesscontextmanager/accesspolicies-serviceperimetersv2026.04.23.1accesspolicies_serviceperimeters.ts

Global Arguments

ArgumentTypeDescription
description?stringDescription of the `ServicePerimeter` and its use. Does not affect behavior.
name?stringIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
perimeterType?enumPerimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
spec?object`ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Perimeter configuration.
status?object`ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Perimeter configuration.
title?stringHuman readable title. Must be unique within the Policy.
useExplicitDryRunSpec?booleanUse explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done
parent?stringThe parent resource name (e.g., projects/my-project/locations/us-central1, organizations/123, folders/456)
createCreate a servicePerimeters
getGet a servicePerimeters
ArgumentTypeDescription
identifierstringThe name of the servicePerimeters
updateUpdate servicePerimeters attributes
deleteDelete the servicePerimeters
ArgumentTypeDescription
identifierstringThe name of the servicePerimeters
syncSync servicePerimeters state from GCP
commitcommit
ArgumentTypeDescription
etag?any
replace_allreplace all
ArgumentTypeDescription
etag?any
servicePerimeters?any

Resources

state(infinite)— `ServicePerimeter` describes a set of Google Cloud resources which can freely...
@swamp/gcp/accesscontextmanager/gcpuseraccessbindingsv2026.04.23.1gcpuseraccessbindings.ts

Global Arguments

ArgumentTypeDescription
accessLevels?arrayOptional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
dryRunAccessLevels?arrayOptional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
groupKey?stringOptional. Immutable. Google Group id whose users are subject to this binding\
name?stringImmutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
restrictedClientApplications?arrayOptional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.
scopedAccessSettings?arrayOptional. A list of scoped access settings that set this binding's restrictions on a subset of applications. This field cannot be set if restricted_client_applications is set.
sessionSettings?objectStores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings.
parent?stringThe parent resource name (e.g., projects/my-project/locations/us-central1, organizations/123, folders/456)
createCreate a gcpUserAccessBindings
getGet a gcpUserAccessBindings
ArgumentTypeDescription
identifierstringThe name of the gcpUserAccessBindings
updateUpdate gcpUserAccessBindings attributes
deleteDelete the gcpUserAccessBindings
ArgumentTypeDescription
identifierstringThe name of the gcpUserAccessBindings
syncSync gcpUserAccessBindings state from GCP

Resources

state(infinite)— Restricts access to Cloud Console and Google Cloud APIs for a set of users us...
@swamp/gcp/accesscontextmanager/permissionsv2026.04.23.1permissions.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
getGet a permissions
ArgumentTypeDescription
identifierstringThe name of the permissions
syncSync permissions state from GCP

Resources

state(infinite)— Lists all supported permissions in VPCSC Granular Controls.
@swamp/gcp/accesscontextmanager/servicesv2026.04.23.1services.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
getGet a services
ArgumentTypeDescription
identifierstringThe name of the services
syncSync services state from GCP

Resources

state(infinite)— `SupportedService` specifies the VPC Service Controls and its properties.