Class: Google::Cloud::Iap::V1::AttributePropagationSettings

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/iap/v1/service.rb

Overview

Configuration for propagating attributes to applications protected by IAP.

Defined Under Namespace

Modules: OutputCredentials

Instance Attribute Summary collapse

Instance Attribute Details

#enable::Boolean

Returns Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.

Returns:

  • (::Boolean)

    Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.



404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
# File 'proto_docs/google/cloud/iap/v1/service.rb', line 404

class AttributePropagationSettings
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Supported output credentials for attribute propagation. Each output
  # credential maps to a "field" in the response. For example, selecting JWT
  # will propagate all attributes in the IAP JWT, header in the headers, etc.
  module OutputCredentials
    # An output credential is required.
    OUTPUT_CREDENTIALS_UNSPECIFIED = 0

    # Propagate attributes in the headers with "x-goog-iap-attr-" prefix.
    HEADER = 1

    # Propagate attributes in the JWT of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    JWT = 2

    # Propagate attributes in the RCToken of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    RCTOKEN = 3
  end
end

#expression::String

Returns Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes. The following functions are supported:

  • filter <list>.filter(<iter_var>, <predicate>): Returns a subset of <list> where <predicate> is true for every item.

  • in <var> in <list>: Returns true if <list> contains <var>.

  • selectByName <list>.selectByName(<string>): Returns the attribute in <list> with the given <string> name, otherwise returns empty.

  • emitAs <attribute>.emitAs(<string>): Sets the <attribute> name field to the given <string> for propagation in selected output credentials.

  • strict <attribute>.strict(): Ignores the x-goog-iap-attr- prefix for the provided <attribute> when propagating with the HEADER output credential, such as request headers.

  • append <target_list>.append(<attribute>) OR <target_list>.append(<list>): Appends the provided <attribute> or <list> to the end of <target_list>.

Example expression: attributes.saml_attributes.filter(x, x.name in ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict()).

Returns:

  • (::String)

    Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes. The following functions are supported:

    • filter <list>.filter(<iter_var>, <predicate>): Returns a subset of <list> where <predicate> is true for every item.

    • in <var> in <list>: Returns true if <list> contains <var>.

    • selectByName <list>.selectByName(<string>): Returns the attribute in <list> with the given <string> name, otherwise returns empty.

    • emitAs <attribute>.emitAs(<string>): Sets the <attribute> name field to the given <string> for propagation in selected output credentials.

    • strict <attribute>.strict(): Ignores the x-goog-iap-attr- prefix for the provided <attribute> when propagating with the HEADER output credential, such as request headers.

    • append <target_list>.append(<attribute>) OR <target_list>.append(<list>): Appends the provided <attribute> or <list> to the end of <target_list>.

    Example expression: attributes.saml_attributes.filter(x, x.name in ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict())



404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
# File 'proto_docs/google/cloud/iap/v1/service.rb', line 404

class AttributePropagationSettings
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Supported output credentials for attribute propagation. Each output
  # credential maps to a "field" in the response. For example, selecting JWT
  # will propagate all attributes in the IAP JWT, header in the headers, etc.
  module OutputCredentials
    # An output credential is required.
    OUTPUT_CREDENTIALS_UNSPECIFIED = 0

    # Propagate attributes in the headers with "x-goog-iap-attr-" prefix.
    HEADER = 1

    # Propagate attributes in the JWT of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    JWT = 2

    # Propagate attributes in the RCToken of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    RCTOKEN = 3
  end
end

#output_credentials::Array<::Google::Cloud::Iap::V1::AttributePropagationSettings::OutputCredentials>

Returns Which output credentials attributes selected by the CEL expression should be propagated in. All attributes will be fully duplicated in each selected output credential.

Returns:



404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
# File 'proto_docs/google/cloud/iap/v1/service.rb', line 404

class AttributePropagationSettings
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Supported output credentials for attribute propagation. Each output
  # credential maps to a "field" in the response. For example, selecting JWT
  # will propagate all attributes in the IAP JWT, header in the headers, etc.
  module OutputCredentials
    # An output credential is required.
    OUTPUT_CREDENTIALS_UNSPECIFIED = 0

    # Propagate attributes in the headers with "x-goog-iap-attr-" prefix.
    HEADER = 1

    # Propagate attributes in the JWT of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    JWT = 2

    # Propagate attributes in the RCToken of the form: `"additional_claims": {
    # "my_attribute": ["value1", "value2"] }`
    RCTOKEN = 3
  end
end