hashicorp · megan07 · Nov 18, 2019 · Nov 16, 2019
diff --git a/google/resource_access_context_manager_access_level.go b/google/resource_access_context_manager_access_level.go
@@ -127,6 +127,16 @@ Format: "major.minor.patch" such as "10.5.301", "9.2.1".`,
 														},
 													},
 												},
+												"require_admin_approval": {
+													Type:        schema.TypeBool,
+													Optional:    true,
+													Description: `Whether the device needs to be approved by the customer admin.`,
+												},
+												"require_corp_owned": {
+													Type:        schema.TypeBool,
+													Optional:    true,
+													Description: `Whether the device needs to be corp owned.`,
+												},
 												"require_screen_lock": {
 													Type:     schema.TypeBool,
 													Optional: true,
@@ -511,6 +521,10 @@ func flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicy(v interfa
 		flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicyAllowedDeviceManagementLevels(original["allowedDeviceManagementLevels"], d)
 	transformed["os_constraints"] =
 		flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicyOsConstraints(original["osConstraints"], d)
+	transformed["require_admin_approval"] =
+		flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireAdminApproval(original["requireAdminApproval"], d)
+	transformed["require_corp_owned"] =
+		flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireCorpOwned(original["requireCorpOwned"], d)
 	return []interface{}{transformed}
 }
 func flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireScreenLock(v interface{}, d *schema.ResourceData) interface{} {
@@ -552,6 +566,14 @@ func flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicyOsConstrai
 	return v
 }
 
+func flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireAdminApproval(v interface{}, d *schema.ResourceData) interface{} {
+	return v
+}
+
+func flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireCorpOwned(v interface{}, d *schema.ResourceData) interface{} {
+	return v
+}
+
 func flattenAccessContextManagerAccessLevelName(v interface{}, d *schema.ResourceData) interface{} {
 	return v
 }
@@ -697,6 +719,20 @@ func expandAccessContextManagerAccessLevelBasicConditionsDevicePolicy(v interfac
 		transformed["osConstraints"] = transformedOsConstraints
 	}
 
+	transformedRequireAdminApproval, err := expandAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireAdminApproval(original["require_admin_approval"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedRequireAdminApproval); val.IsValid() && !isEmptyValue(val) {
+		transformed["requireAdminApproval"] = transformedRequireAdminApproval
+	}
+
+	transformedRequireCorpOwned, err := expandAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireCorpOwned(original["require_corp_owned"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedRequireCorpOwned); val.IsValid() && !isEmptyValue(val) {
+		transformed["requireCorpOwned"] = transformedRequireCorpOwned
+	}
+
 	return transformed, nil
 }
 
@@ -749,6 +785,14 @@ func expandAccessContextManagerAccessLevelBasicConditionsDevicePolicyOsConstrain
 	return v, nil
 }
 
+func expandAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireAdminApproval(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireCorpOwned(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandAccessContextManagerAccessLevelParent(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }

diff --git a/google/resource_access_context_manager_access_level_test.go b/google/resource_access_context_manager_access_level_test.go
@@ -145,6 +145,8 @@ resource "google_access_context_manager_access_level" "test-access" {
       negate = false
       device_policy {
         require_screen_lock = false
+        require_admin_approval = false
+        require_corp_owned = true
         os_constraints {
           os_type = "DESKTOP_CHROME_OS"
         }

diff --git a/website/docs/r/access_context_manager_access_level.html.markdown b/website/docs/r/access_context_manager_access_level.html.markdown
@@ -174,6 +174,14 @@ The `device_policy` block supports:
   A list of allowed OS versions.
   An empty list allows all types and all versions.  Structure is documented below.
 
+* `require_admin_approval` -
+  (Optional)
+  Whether the device needs to be approved by the customer admin.
+
+* `require_corp_owned` -
+  (Optional)
+  Whether the device needs to be corp owned.
+
 
 The `os_constraints` block supports: