requireAdminApproval/requireCorpOwned in AccessLevel's devicePolicy

products/accesscontextmanager/api.yaml

@@ -276,6 +276,14 @@ objects:
                           - :DESKTOP_WINDOWS
                           - :DESKTOP_LINUX
                           - :DESKTOP_CHROME_OS
+                  - !ruby/object:Api::Type::Boolean
+                    name: 'requireAdminApproval'
+                    description: |
+                      Whether the device needs to be approved by the customer admin.
+                  - !ruby/object:Api::Type::Boolean
+                    name: 'requireCorpOwned'
+                    description: |
+                      Whether the device needs to be corp owned.
   - !ruby/object:Api::Resource
     name: 'ServicePerimeter'
     # This is an unusual API, so we need to use a few fields to map the methods

third_party/terraform/tests/resource_access_context_manager_access_level_test.go.erb

@@ -146,6 +146,8 @@ resource "google_access_context_manager_access_level" "test-access" {
       negate = false
       device_policy {
         require_screen_lock = false
+        require_admin_approval = false
+        require_corp_owned = true
         os_constraints {
           os_type = "DESKTOP_CHROME_OS"
         }