class Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1Condition

A condition necessary for an `AccessLevel` to be granted. The Condition is an AND over its fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2) the originating device complies with the listed device policy AND 3) all listed access levels are granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.

Attributes

device_policy[RW]

`DevicePolicy` specifies device specific restrictions necessary to acquire a given access level. A `DevicePolicy` specifies requirements for requests from devices to be granted access levels, it does not do any enforcement on the device. `DevicePolicy` acts as an AND over all specified fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For example, if the proto is ` os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED`, then the DevicePolicy will be true for requests originating from encrypted Linux desktops and encrypted Windows desktops. Corresponds to the JSON property `devicePolicy` @return [Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1DevicePolicy]

ip_subnetworks[RW]

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, “192.0.2.0/24” is accepted but “192.0.2.1/24” is not. Similarly, for IPv6, “2001:db8::/32” is accepted whereas “2001:db8::1/32” is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed. Corresponds to the JSON property `ipSubnetworks` @return [Array<String>]

members[RW]

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: `user:`emailid“ `serviceAccount:`emailid“ If not specified, a request may come from any user. Corresponds to the JSON property `members` @return [Array<String>]

negate[RW]

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false. Corresponds to the JSON property `negate` @return [Boolean]

negate?[RW]

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false. Corresponds to the JSON property `negate` @return [Boolean]

regions[RW]

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes. Corresponds to the JSON property `regions` @return [Array<String>]

required_access_levels[RW]

A list of other access levels defined in the same `Policy`, referenced by resource name. Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: “`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME”` Corresponds to the JSON property `requiredAccessLevels` @return [Array<String>]

Public Class Methods

new(**args) click to toggle source
# File lib/google/apis/cloudasset_v1/classes.rb, line 2094
def initialize(**args)
   update!(**args)
end

Public Instance Methods

update!(**args) click to toggle source

Update properties of this object

# File lib/google/apis/cloudasset_v1/classes.rb, line 2099
def update!(**args)
  @device_policy = args[:device_policy] if args.key?(:device_policy)
  @ip_subnetworks = args[:ip_subnetworks] if args.key?(:ip_subnetworks)
  @members = args[:members] if args.key?(:members)
  @negate = args[:negate] if args.key?(:negate)
  @regions = args[:regions] if args.key?(:regions)
  @required_access_levels = args[:required_access_levels] if args.key?(:required_access_levels)
end