Class: Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1Condition

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
lib/google/apis/cloudasset_v1p5beta1/classes.rb,
lib/google/apis/cloudasset_v1p5beta1/representations.rb,
lib/google/apis/cloudasset_v1p5beta1/representations.rb

Overview

A condition necessary for an AccessLevel to be granted. The Condition is an AND over its fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2) the originating device complies with the listed device policy AND 3) all listed access levels are granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ GoogleIdentityAccesscontextmanagerV1Condition

Returns a new instance of GoogleIdentityAccesscontextmanagerV1Condition.



1245
1246
1247
 
# File 'lib/google/apis/cloudasset_v1p5beta1/classes.rb', line 1245

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#device_policyGoogle::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1DevicePolicy

DevicePolicy specifies device specific restrictions necessary to acquire a given access level. A DevicePolicy specifies requirements for requests from devices to be granted access levels, it does not do any enforcement on the device. DevicePolicy acts as an AND over all specified fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For example, if the proto is os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED, then the DevicePolicy will be true for requests originating from encrypted Linux desktops and encrypted Windows desktops. Corresponds to the JSON property devicePolicy

Returns:



1197
1198
1199
 
# File 'lib/google/apis/cloudasset_v1p5beta1/classes.rb', line 1197

def device_policy
  @device_policy
end

#ip_subnetworksArray<String>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed. Corresponds to the JSON property ipSubnetworks

Returns:

  • (Array<String>) 


1208
1209
1210
 
# File 'lib/google/apis/cloudasset_v1p5beta1/classes.rb', line 1208

def ip_subnetworks
  @ip_subnetworks
end

#membersArray<String>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:emailid`serviceAccount:`emailid If not specified, a request may come from any user. Corresponds to the JSON property members

Returns:

  • (Array<String>) 


1215
1216
1217
 
# File 'lib/google/apis/cloudasset_v1p5beta1/classes.rb', line 1215

def members
  @members
end

#negateBoolean Also known as: negate?

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false. Corresponds to the JSON property negate

Returns:

  • (Boolean) 


1222
1223
1224
 
# File 'lib/google/apis/cloudasset_v1p5beta1/classes.rb', line 1222

def negate
  @negate
end

#regionsArray<String>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes. Corresponds to the JSON property regions

Returns:

  • (Array<String>) 


1229
1230
1231
 
# File 'lib/google/apis/cloudasset_v1p5beta1/classes.rb', line 1229

def regions
  @regions
end

#required_access_levelsArray<String>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME" Corresponds to the JSON property requiredAccessLevels

Returns:

  • (Array<String>) 


1237
1238
1239
 
# File 'lib/google/apis/cloudasset_v1p5beta1/classes.rb', line 1237

def required_access_levels
  @required_access_levels
end

#vpc_network_sourcesArray<Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1VpcNetworkSource>

The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks. Corresponds to the JSON property vpcNetworkSources

Returns:



1243
1244
1245
 
# File 'lib/google/apis/cloudasset_v1p5beta1/classes.rb', line 1243

def vpc_network_sources
  @vpc_network_sources
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1250
1251
1252
1253
1254
1255
1256
1257
1258
 
# File 'lib/google/apis/cloudasset_v1p5beta1/classes.rb', line 1250

def update!(**args)
  @device_policy = args[:device_policy] if args.key?(:device_policy)
  @ip_subnetworks = args[:ip_subnetworks] if args.key?(:ip_subnetworks)
  @members = args[:members] if args.key?(:members)
  @negate = args[:negate] if args.key?(:negate)
  @regions = args[:regions] if args.key?(:regions)
  @required_access_levels = args[:required_access_levels] if args.key?(:required_access_levels)
  @vpc_network_sources = args[:vpc_network_sources] if args.key?(:vpc_network_sources)
end