Class: Google::Apis::AccesscontextmanagerV1beta::Condition

Inherits:

Object

• Object
• Google::Apis::AccesscontextmanagerV1beta::Condition

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

generated/google/apis/accesscontextmanager_v1beta/classes.rb,
generated/google/apis/accesscontextmanager_v1beta/representations.rb,
generated/google/apis/accesscontextmanager_v1beta/representations.rb

Overview

A condition necessary for an AccessLevel to be granted. The Condition is an AND over its fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2) the originating device complies with the listed device policy AND 3) all listed access levels are granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.

Instance Attribute Summary

• #device_policy ⇒ Google::Apis::AccesscontextmanagerV1beta::DevicePolicy

  DevicePolicy specifies device specific restrictions necessary to acquire a given access level.

• #ip_subnetworks ⇒ Array<String>

  CIDR block IP subnetwork specification.

• #members ⇒ Array<String>

  The signed-in user originating the request must be a part of one of the provided members.

• #negate ⇒ Boolean (also: #negate?)

  Whether to negate the Condition.

• #required_access_levels ⇒ Array<String>

  A list of other access levels defined in the same Policy, referenced by resource name.

Instance Method Summary

• #initialize(**args) ⇒ Condition constructor

  A new instance of Condition.

• #update!(**args) ⇒ Object

  Update properties of this object.

Methods included from Core::JsonObjectSupport

#to_json

Methods included from Core::Hashable

process_value, #to_h

Constructor Details

#initialize(**args) ⇒ Condition

Returns a new instance of Condition

# File 'generated/google/apis/accesscontextmanager_v1beta/classes.rb', line 220

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#device_policy ⇒ Google::Apis::AccesscontextmanagerV1beta::DevicePolicy

DevicePolicy specifies device specific restrictions necessary to acquire a given access level. A DevicePolicy specifies requirements for requests from devices to be granted access levels, it does not do any enforcement on the device. DevicePolicy acts as an AND over all specified fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For example, if the proto is os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED, then the DevicePolicy will be true for requests originating from encrypted Linux desktops and encrypted Windows desktops. Corresponds to the JSON property devicePolicy

Returns:

• (Google::Apis::AccesscontextmanagerV1beta::DevicePolicy)

# File 'generated/google/apis/accesscontextmanager_v1beta/classes.rb', line 177

def device_policy
  @device_policy
end

#ip_subnetworks ⇒ Array<String>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed. Corresponds to the JSON property ipSubnetworks

Returns:

• (Array<String>)

# File 'generated/google/apis/accesscontextmanager_v1beta/classes.rb', line 189

def ip_subnetworks
  @ip_subnetworks
end

#members ⇒ Array<String>

The signed-in user originating the request must be a part of one of the provided members. Syntax: user:emailid `group:`emailid serviceAccount:emailid` If not specified, a request may come from any user (logged in/not logged in, not present in any groups, etc.). Corresponds to the JSON propertymembers`

Returns:

• (Array<String>)

# File 'generated/google/apis/accesscontextmanager_v1beta/classes.rb', line 201

def members
  @members
end

#negate ⇒ Boolean Also known as: negate?

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false. Corresponds to the JSON property negate

Returns:

• (Boolean)

# File 'generated/google/apis/accesscontextmanager_v1beta/classes.rb', line 208

def negate
  @negate
end

#required_access_levels ⇒ Array<String>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME" Corresponds to the JSON property requiredAccessLevels

Returns:

• (Array<String>)

# File 'generated/google/apis/accesscontextmanager_v1beta/classes.rb', line 218

def required_access_levels
  @required_access_levels
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'generated/google/apis/accesscontextmanager_v1beta/classes.rb', line 225

def update!(**args)
  @device_policy = args[:device_policy] if args.key?(:device_policy)
  @ip_subnetworks = args[:ip_subnetworks] if args.key?(:ip_subnetworks)
  @members = args[:members] if args.key?(:members)
  @negate = args[:negate] if args.key?(:negate)
  @required_access_levels = args[:required_access_levels] if args.key?(:required_access_levels)
end