AttributePropagationSettings(
mapping=None, *, ignore_unknown_fields=False, **kwargs
)
Configuration for propagating attributes to applications protected by IAP.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
Attributes | |
---|---|
Name | Description |
expression |
str
Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes :
attributes.saml_attributes ,
attributes.iap_attributes . The following functions are
supported:
- filter :
Returns a subset of where is
true for every item.
- in in : Returns true if
contains .
- selectByName : Returns
the attribute in with the given
name, otherwise returns empty.
- emitAs : Sets the
name field to the given for
propagation in selected output credentials.
- strict : Ignores the
x-goog-iap-attr- prefix for the provided
when propagating with the HEADER
output credential, such as request headers.
- append OR
: Appends the provided
or to the end of
.
Example expression:
attributes.saml_attributes.filter(x, x.name in ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict())
This field is a member of oneof _ _expression .
|
output_credentials |
MutableSequence[google.cloud.iap_v1.types.AttributePropagationSettings.OutputCredentials]
Which output credentials attributes selected by the CEL expression should be propagated in. All attributes will be fully duplicated in each selected output credential. |
enable |
bool
Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials. This field is a member of oneof _ _enable .
|
Classes
OutputCredentials
OutputCredentials(value)
Supported output credentials for attribute propagation. Each output credential maps to a "field" in the response. For example, selecting JWT will propagate all attributes in the IAP JWT, header in the headers, etc.
Values:
OUTPUT_CREDENTIALS_UNSPECIFIED (0):
An output credential is required.
HEADER (1):
Propagate attributes in the headers with
"x-goog-iap-attr-" prefix.
JWT (2):
Propagate attributes in the JWT of the form:
"additional_claims": { "my_attribute": ["value1", "value2"] }
RCTOKEN (3):
Propagate attributes in the RCToken of the form:
"additional_claims": { "my_attribute": ["value1", "value2"] }