AttributePropagationSettings(
mapping=None, *, ignore_unknown_fields=False, **kwargs
)Configuration for propagating attributes to applications protected by IAP.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
Attributes | |
|---|---|
| Name | Description |
expression |
str
Raw string CEL expression. Must return a list of attributes. Maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes:
attributes.saml_attributes,
attributes.iap_attributes. Limited functions are
supported:
- filter: ->
returns a subset of in: in -> returns true if selectByName: ->
returns the attribute in emitAs: -> sets the
strict: -> ignore the
x-goog-iap-attr- prefix for the provided
HEADER
output credential, i.e. request headers.
- append: OR
attributes.saml_attributes.filter(x, x.name in ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict())
This field is a member of oneof_ _expression.
|
output_credentials |
MutableSequence[google.cloud.iap_v1.types.AttributePropagationSettings.OutputCredentials]
Which output credentials attributes selected by the CEL expression should be propagated in. All attributes will be fully duplicated in each selected output credential. |
enable |
bool
Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials. This field is a member of oneof_ _enable.
|
Classes
OutputCredentials
OutputCredentials(value)Supported output credentials for attribute propagation. Each output credential maps to a "field" in the response. For example, selecting JWT will propagate all attributes in the IAP JWT, header in the headers, etc.