Namespace Google.Apis.CloudIAP.v1.Data

Classes

AccessDeniedPageSettings

Custom content configuration for access denied page. IAP allows customers to define a custom URI to use as the error page when access is denied to users. If IAP prevents access to this page, the default IAP error page will be displayed instead.

AccessSettings

Access related settings for IAP protected apps.

AllowedDomainsSettings

Configuration for IAP allowed domains. Lets you to restrict access to an app and allow access to only the domains that you list.

ApplicationSettings

Wrapper over application specific settings for IAP.

AttributePropagationSettings

Configuration for propagating attributes to applications protected by IAP.

Binding

Associates members, or principals, with a role.

Brand

OAuth brand data. NOTE: Only contains a portion of the data that describes a brand.

CorsSettings

Allows customers to configure HTTP request paths that'll allow HTTP OPTIONS call to bypass authentication and authorization.

CsmSettings

Configuration for RCToken generated for service mesh workloads protected by IAP. RCToken are IAP generated JWTs that can be verified at the application. The RCToken is primarily used for service mesh deployments, and can be scoped to a single mesh by configuring the audience field accordingly.

Empty

A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }

Expr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

GcipSettings

Allows customers to configure tenant_id for GCIP instance per-app.

GetIamPolicyRequest

Request message for GetIamPolicy method.

GetPolicyOptions

Encapsulates settings provided to GetIamPolicy.

IapSettings

The IAP configurable settings.

IdentityAwareProxyClient

Contains the data that describes an Identity Aware Proxy owned client.

ListBrandsResponse

Response message for ListBrands.

ListIdentityAwareProxyClientsResponse

Response message for ListIdentityAwareProxyClients.

ListTunnelDestGroupsResponse

The response from ListTunnelDestGroups.

NextStateOfTags

Used for calculating the next state of tags on the resource being passed for the CheckCustomConstraints RPC call. The detail evaluation of each field is described in go/op-create-update-time-tags and go/tags-in-orgpolicy-requests.

OAuth2

The OAuth 2.0 Settings

OAuthSettings

Configuration for OAuth login&consent flow behavior as well as for OAuth Credentials.

Policy

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation. JSON example:

{
"bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com",
"group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] },
{ "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": {
"title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time
&lt; timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }

YAML example:

bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com -
serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin -
members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable
access description: Does not grant access after Sep 2020 expression: request.time &lt;
timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3

For a description of IAM and its features, see the IAM documentation.

PolicyDelegationSettings

PolicyDelegationConfig allows google-internal teams to use IAP for apps hosted in a tenant project. Using these settings, the app can delegate permission check to happen against the linked customer project. This is only ever supposed to be used by google internal teams, hence the restriction on the proto.

Namespace Google.Apis.CloudIAP.v1.Data

Classes

AccessDeniedPageSettings

AccessSettings

AllowedDomainsSettings

ApplicationSettings

AttributePropagationSettings

Binding

Brand

CorsSettings

CsmSettings

Empty

Expr

GcipSettings

GetIamPolicyRequest

GetPolicyOptions

IapSettings

IdentityAwareProxyClient

ListBrandsResponse

ListIdentityAwareProxyClientsResponse

ListTunnelDestGroupsResponse

NextStateOfTags

OAuth2

OAuthSettings

Policy

PolicyDelegationSettings

PolicyName

ReauthSettings

ResetIdentityAwareProxyClientSecretRequest

Resource

SetIamPolicyRequest

TagsFullState

TagsFullStateForChildResource

TagsPartialState

TestIamPermissionsRequest

TestIamPermissionsResponse

TunnelDestGroup

ValidateIapAttributeExpressionResponse

WorkforceIdentitySettings