add regions and require_corp_owned to access level module

[daniel-cit]

This PR adds support for:

• regions attribute
• require_corp_owned in device policy attribute

in the the access level module.

[daniel-cit]

Thanks @daniel-cit. Overall LGTM. Can we test this by modifying one of the existing examples?

I think they will need to be new tests so not to conflict with current tests.

I can do a negative regions test if we set the region in the access level to some region without a gcp location like for example PN. It should always fail in the tests

I don't think we will be able to test require_corp_owned because the organization that owns the access level must have an MDM license and we would need a device to be used in the test to originate request to resources inside the perimeter

[bharathkkb]

I can do a negative regions test if we set the region in the access level to some region without a gcp location like for example PN. It should always fail in the tests

Not a blocker, but can't we modify one of the existing tests to include regions and then just assert via gcloud access-context-manager levels describe POLICY_NAME that it applies to that same list like "CH", "IT", "US",?

I don't think we will be able to test require_corp_owned because the organization that owns the access level must have an MDM license and we would need a device to be used in the test to originate request to resources inside the perimeter

Thanks for checking, sgtm.