Class: Google::Apis::AccesscontextmanagerV1::Condition
- Inherits:
-
Object
- Object
- Google::Apis::AccesscontextmanagerV1::Condition
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- generated/google/apis/accesscontextmanager_v1/classes.rb,
generated/google/apis/accesscontextmanager_v1/representations.rb,
generated/google/apis/accesscontextmanager_v1/representations.rb
Overview
A condition necessary for an AccessLevel
to be granted. The Condition is an
AND over its fields. So a Condition is true if: 1) the request IP is from one
of the listed subnetworks AND 2) the originating device complies with the
listed device policy AND 3) all listed access levels are granted AND 4) the
request was sent at a time allowed by the DateTimeRestriction.
Instance Attribute Summary collapse
-
#device_policy ⇒ Google::Apis::AccesscontextmanagerV1::DevicePolicy
DevicePolicy
specifies device specific restrictions necessary to acquire a given access level. -
#ip_subnetworks ⇒ Array<String>
CIDR block IP subnetwork specification.
-
#members ⇒ Array<String>
The request must be made by one of the provided user or service accounts.
-
#negate ⇒ Boolean
(also: #negate?)
Whether to negate the Condition.
-
#regions ⇒ Array<String>
The request must originate from one of the provided countries/regions.
-
#required_access_levels ⇒ Array<String>
A list of other access levels defined in the same
Policy
, referenced by resource name.
Instance Method Summary collapse
-
#initialize(**args) ⇒ Condition
constructor
A new instance of Condition.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Core::JsonObjectSupport
Methods included from Core::Hashable
Constructor Details
#initialize(**args) ⇒ Condition
Returns a new instance of Condition.
290 291 292 |
# File 'generated/google/apis/accesscontextmanager_v1/classes.rb', line 290 def initialize(**args) update!(**args) end |
Instance Attribute Details
#device_policy ⇒ Google::Apis::AccesscontextmanagerV1::DevicePolicy
DevicePolicy
specifies device specific restrictions necessary to acquire a
given access level. A DevicePolicy
specifies requirements for requests from
devices to be granted access levels, it does not do any enforcement on the
device. DevicePolicy
acts as an AND over all specified fields, and each
repeated field is an OR over its elements. Any unset fields are ignored. For
example, if the proto is os_type : DESKTOP_WINDOWS, os_type :
DESKTOP_LINUX, encryption_status: ENCRYPTED
, then the DevicePolicy will be
true for requests originating from encrypted Linux desktops and encrypted
Windows desktops.
Corresponds to the JSON property devicePolicy
243 244 245 |
# File 'generated/google/apis/accesscontextmanager_v1/classes.rb', line 243 def device_policy @device_policy end |
#ip_subnetworks ⇒ Array<String>
CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
a CIDR IP address block, the specified IP address portion must be properly
truncated (i.e. all the host bits must be zero) or the input is considered
malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
"2001:db8::1/32" is not. The originating IP of a request must be in one of
the listed subnets in order for this Condition to be true. If empty, all IP
addresses are allowed.
Corresponds to the JSON property ipSubnetworks
255 256 257 |
# File 'generated/google/apis/accesscontextmanager_v1/classes.rb', line 255 def ip_subnetworks @ip_subnetworks end |
#members ⇒ Array<String>
The request must be made by one of the provided user or service
accounts. Groups are not supported.
Syntax:
user:
emailid
`serviceAccount:`emailid
If not specified, a request may come from any user.
Corresponds to the JSON property members
265 266 267 |
# File 'generated/google/apis/accesscontextmanager_v1/classes.rb', line 265 def members @members end |
#negate ⇒ Boolean Also known as: negate?
Whether to negate the Condition. If true, the Condition becomes a NAND over
its non-empty fields, each field must be false for the Condition overall to
be satisfied. Defaults to false.
Corresponds to the JSON property negate
272 273 274 |
# File 'generated/google/apis/accesscontextmanager_v1/classes.rb', line 272 def negate @negate end |
#regions ⇒ Array<String>
The request must originate from one of the provided countries/regions.
Must be valid ISO 3166-1 alpha-2 codes.
Corresponds to the JSON property regions
279 280 281 |
# File 'generated/google/apis/accesscontextmanager_v1/classes.rb', line 279 def regions @regions end |
#required_access_levels ⇒ Array<String>
A list of other access levels defined in the same Policy
, referenced by
resource name. Referencing an AccessLevel
which does not exist is an
error. All access levels listed must be granted for the Condition
to be true. Example:
"accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
Corresponds to the JSON property requiredAccessLevels
288 289 290 |
# File 'generated/google/apis/accesscontextmanager_v1/classes.rb', line 288 def required_access_levels @required_access_levels end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
295 296 297 298 299 300 301 302 |
# File 'generated/google/apis/accesscontextmanager_v1/classes.rb', line 295 def update!(**args) @device_policy = args[:device_policy] if args.key?(:device_policy) @ip_subnetworks = args[:ip_subnetworks] if args.key?(:ip_subnetworks) @members = args[:members] if args.key?(:members) @negate = args[:negate] if args.key?(:negate) @regions = args[:regions] if args.key?(:regions) @required_access_levels = args[:required_access_levels] if args.key?(:required_access_levels) end |