Class: Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1Condition
- Inherits:
-
Object
- Object
- Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1Condition
- Includes:
- Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
- Defined in:
- lib/google/apis/cloudasset_v1/classes.rb,
lib/google/apis/cloudasset_v1/representations.rb,
lib/google/apis/cloudasset_v1/representations.rb
Overview
A condition necessary for an AccessLevel to be granted. The Condition is an
AND over its fields. So a Condition is true if: 1) the request IP is from one
of the listed subnetworks AND 2) the originating device complies with the
listed device policy AND 3) all listed access levels are granted AND 4) the
request was sent at a time allowed by the DateTimeRestriction.
Instance Attribute Summary collapse
-
#device_policy ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1DevicePolicy
DevicePolicyspecifies device specific restrictions necessary to acquire a given access level. -
#ip_subnetworks ⇒ Array<String>
CIDR block IP subnetwork specification.
-
#members ⇒ Array<String>
The request must be made by one of the provided user or service accounts.
-
#negate ⇒ Boolean
(also: #negate?)
Whether to negate the Condition.
-
#regions ⇒ Array<String>
The request must originate from one of the provided countries/regions.
-
#required_access_levels ⇒ Array<String>
A list of other access levels defined in the same
Policy, referenced by resource name. -
#vpc_network_sources ⇒ Array<Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1VpcNetworkSource>
The request must originate from one of the provided VPC networks in Google Cloud.
Instance Method Summary collapse
-
#initialize(**args) ⇒ GoogleIdentityAccesscontextmanagerV1Condition
constructor
A new instance of GoogleIdentityAccesscontextmanagerV1Condition.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ GoogleIdentityAccesscontextmanagerV1Condition
Returns a new instance of GoogleIdentityAccesscontextmanagerV1Condition.
2910 2911 2912 |
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 2910 def initialize(**args) update!(**args) end |
Instance Attribute Details
#device_policy ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1DevicePolicy
DevicePolicy specifies device specific restrictions necessary to acquire a
given access level. A DevicePolicy specifies requirements for requests from
devices to be granted access levels, it does not do any enforcement on the
device. DevicePolicy acts as an AND over all specified fields, and each
repeated field is an OR over its elements. Any unset fields are ignored. For
example, if the proto is os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX,
encryption_status: ENCRYPTED, then the DevicePolicy will be true for requests
originating from encrypted Linux desktops and encrypted Windows desktops.
Corresponds to the JSON property devicePolicy
2862 2863 2864 |
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 2862 def device_policy @device_policy end |
#ip_subnetworks ⇒ Array<String>
CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a
CIDR IP address block, the specified IP address portion must be properly
truncated (i.e. all the host bits must be zero) or the input is considered
malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not.
Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is
not. The originating IP of a request must be in one of the listed subnets in
order for this Condition to be true. If empty, all IP addresses are allowed.
Corresponds to the JSON property ipSubnetworks
2873 2874 2875 |
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 2873 def ip_subnetworks @ip_subnetworks end |
#members ⇒ Array<String>
The request must be made by one of the provided user or service accounts.
Groups are not supported. Syntax: user:emailid`serviceAccount:`emailid
If not specified, a request may come from any user.
Corresponds to the JSON property members
2880 2881 2882 |
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 2880 def members @members end |
#negate ⇒ Boolean Also known as: negate?
Whether to negate the Condition. If true, the Condition becomes a NAND over
its non-empty fields. Any non-empty field criteria evaluating to false will
result in the Condition to be satisfied. Defaults to false.
Corresponds to the JSON property negate
2887 2888 2889 |
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 2887 def negate @negate end |
#regions ⇒ Array<String>
The request must originate from one of the provided countries/regions. Must be
valid ISO 3166-1 alpha-2 codes.
Corresponds to the JSON property regions
2894 2895 2896 |
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 2894 def regions @regions end |
#required_access_levels ⇒ Array<String>
A list of other access levels defined in the same Policy, referenced by
resource name. Referencing an AccessLevel which does not exist is an error.
All access levels listed must be granted for the Condition to be true. Example:
"accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
Corresponds to the JSON property requiredAccessLevels
2902 2903 2904 |
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 2902 def required_access_levels @required_access_levels end |
#vpc_network_sources ⇒ Array<Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1VpcNetworkSource>
The request must originate from one of the provided VPC networks in Google
Cloud. Cannot specify this field together with ip_subnetworks.
Corresponds to the JSON property vpcNetworkSources
2908 2909 2910 |
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 2908 def vpc_network_sources @vpc_network_sources end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
2915 2916 2917 2918 2919 2920 2921 2922 2923 |
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 2915 def update!(**args) @device_policy = args[:device_policy] if args.key?(:device_policy) @ip_subnetworks = args[:ip_subnetworks] if args.key?(:ip_subnetworks) @members = args[:members] if args.key?(:members) @negate = args[:negate] if args.key?(:negate) @regions = args[:regions] if args.key?(:regions) @required_access_levels = args[:required_access_levels] if args.key?(:required_access_levels) @vpc_network_sources = args[:vpc_network_sources] if args.key?(:vpc_network_sources) end |