AttributePropagationSettings(
mapping=None, *, ignore_unknown_fields=False, **kwargs
)
Configuration for propagating attributes to applications protected by IAP.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
Attributes | |
---|---|
Name | Description |
expression |
str
Raw string CEL expression. Must return a list of attributes. Maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes :
attributes.saml_attributes ,
attributes.iap_attributes . Limited functions are
supported:
- filter: ->
returns a subset of where is
true for every item.
- in: in -> returns true if
contains
- selectByName: ->
returns the attribute in with the given
name, otherwise returns empty.
- emitAs: -> sets the
name field to the given for
propagation in selected output credentials.
- strict: -> ignore the
x-goog-iap-attr- prefix for the provided
when propagating via the HEADER
output credential, i.e. request headers.
- append: OR
-> append the provided
or onto the end of
.
Example expression:
attributes.saml_attributes.filter(x, x.name in ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict())
This field is a member of oneof _ _expression .
|
output_credentials |
MutableSequence[google.cloud.iap_v1.types.AttributePropagationSettings.OutputCredentials]
Which output credentials attributes selected by the CEL expression should be propagated in. All attributes will be fully duplicated in each selected output credential. |
enable |
bool
Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials. This field is a member of oneof _ _enable .
|
Classes
OutputCredentials
OutputCredentials(value)
Supported output credentials for attribute propagation. Each output credential maps to a "field" in the response. For example, selecting JWT will propagate all attributes in the IAP JWT, header in the headers, etc.
Values:
OUTPUT_CREDENTIALS_UNSPECIFIED (0):
No output credential. This is an unsupported
default.
HEADER (1):
Propagate attributes in the headers with
"x-goog-iap-attr-" prefix.
JWT (2):
Propagate attributes in the JWT of the form:
"additional_claims": { "my_attribute": ["value1", "value2"] }
RCTOKEN (3):
Propagate attributes in the RCToken of the form:
"additional_claims": { "my_attribute": ["value1", "value2"] }