Class: Google::Cloud::Iap::V1::AttributePropagationSettings

Inherits:

Object

Object
Google::Cloud::Iap::V1::AttributePropagationSettings

show all

Extended by:: Protobuf::MessageExts::ClassMethods

Includes:: Protobuf::MessageExts

Defined in:: proto_docs/google/cloud/iap/v1/service.rb

Overview

Configuration for propagating attributes to applications protected by IAP.

Defined Under Namespace

Modules: OutputCredentials

Instance Attribute Summary collapse

#enable ⇒ ::Boolean
Optional.
#expression ⇒ ::String
Optional.
#output_credentials ⇒ ::Array<::Google::Cloud::Iap::V1::AttributePropagationSettings::OutputCredentials>
Optional.

Instance Attribute Details

#enable ⇒ `::Boolean`

Returns Optional. Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.

Returns:

(::Boolean) —
Optional. Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.

# File 'proto_docs/google/cloud/iap/v1/service.rb', line 462

class AttributePropagationSettings
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Supported output credentials for attribute propagation. Each output
  # credential maps to a "field" in the response. For example, selecting JWT
  # will propagate all attributes in the IAP JWT, header in the headers, etc.
  module OutputCredentials
    # An output credential is required.
    OUTPUT_CREDENTIALS_UNSPECIFIED = 0

    # Propagate attributes in the headers with "x-goog-iap-attr-" prefix.
    HEADER = 1

    # Propagate attributes in the JWT of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    JWT = 2

    # Propagate attributes in the RCToken of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    RCTOKEN = 3
  end
end

#expression ⇒ `::String`

Returns Optional. Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes. The following functions are supported:

filter <list>.filter(<iter_var>, <predicate>): Returns a subset of <list> where <predicate> is true for every item.
in <var> in <list>: Returns true if <list> contains <var>.
selectByName <list>.selectByName(<string>): Returns the attribute in <list> with the given <string> name, otherwise returns empty.
emitAs <attribute>.emitAs(<string>): Sets the <attribute> name field to the given <string> for propagation in selected output credentials.
strict <attribute>.strict(): Ignores the x-goog-iap-attr- prefix for the provided <attribute> when propagating with the HEADER output credential, such as request headers.
append <target_list>.append(<attribute>) OR <target_list>.append(<list>): Appends the provided <attribute> or <list> to the end of <target_list>.

Example expression: attributes.saml_attributes.filter(x, x.name in ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict()).

Returns:

(::String) —
Optional. Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes. The following functions are supported:
- filter <list>.filter(<iter_var>, <predicate>): Returns a subset of <list> where <predicate> is true for every item.
- in <var> in <list>: Returns true if <list> contains <var>.
- selectByName <list>.selectByName(<string>): Returns the attribute in <list> with the given <string> name, otherwise returns empty.
- emitAs <attribute>.emitAs(<string>): Sets the <attribute> name field to the given <string> for propagation in selected output credentials.
- strict <attribute>.strict(): Ignores the x-goog-iap-attr- prefix for the provided <attribute> when propagating with the HEADER output credential, such as request headers.
- append <target_list>.append(<attribute>) OR <target_list>.append(<list>): Appends the provided <attribute> or <list> to the end of <target_list>.
Example expression: attributes.saml_attributes.filter(x, x.name in ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict())

# File 'proto_docs/google/cloud/iap/v1/service.rb', line 462

class AttributePropagationSettings
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Supported output credentials for attribute propagation. Each output
  # credential maps to a "field" in the response. For example, selecting JWT
  # will propagate all attributes in the IAP JWT, header in the headers, etc.
  module OutputCredentials
    # An output credential is required.
    OUTPUT_CREDENTIALS_UNSPECIFIED = 0

    # Propagate attributes in the headers with "x-goog-iap-attr-" prefix.
    HEADER = 1

    # Propagate attributes in the JWT of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    JWT = 2

    # Propagate attributes in the RCToken of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    RCTOKEN = 3
  end
end

#output_credentials ⇒ `::Array<::Google::Cloud::Iap::V1::AttributePropagationSettings::OutputCredentials>`

Returns Optional. Which output credentials attributes selected by the CEL expression should be propagated in. All attributes will be fully duplicated in each selected output credential.

Returns:

(::Array<::Google::Cloud::Iap::V1::AttributePropagationSettings::OutputCredentials>) —
Optional. Which output credentials attributes selected by the CEL expression should be propagated in. All attributes will be fully duplicated in each selected output credential.

# File 'proto_docs/google/cloud/iap/v1/service.rb', line 462

class AttributePropagationSettings
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Supported output credentials for attribute propagation. Each output
  # credential maps to a "field" in the response. For example, selecting JWT
  # will propagate all attributes in the IAP JWT, header in the headers, etc.
  module OutputCredentials
    # An output credential is required.
    OUTPUT_CREDENTIALS_UNSPECIFIED = 0

    # Propagate attributes in the headers with "x-goog-iap-attr-" prefix.
    HEADER = 1

    # Propagate attributes in the JWT of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    JWT = 2

    # Propagate attributes in the RCToken of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    RCTOKEN = 3
  end
end

Class: Google::Cloud::Iap::V1::AttributePropagationSettings

Overview

Defined Under Namespace

Instance Attribute Summary collapse

Instance Attribute Details

#enable ⇒ ::Boolean

#expression ⇒ ::String

#output_credentials ⇒ ::Array<::Google::Cloud::Iap::V1::AttributePropagationSettings::OutputCredentials>

#enable ⇒ `::Boolean`

#expression ⇒ `::String`

#output_credentials ⇒ `::Array<::Google::Cloud::Iap::V1::AttributePropagationSettings::OutputCredentials>`