Struct google_accesscontextmanager1::api::Condition

pub struct Condition {
    pub device_policy: Option<DevicePolicy>,
    pub ip_subnetworks: Option<Vec<String>>,
    pub members: Option<Vec<String>>,
    pub negate: Option<bool>,
    pub regions: Option<Vec<String>>,
    pub required_access_levels: Option<Vec<String>>,
}

A condition necessary for an AccessLevel to be granted. The Condition is an AND over its fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2) the originating device complies with the listed device policy AND 3) all listed access levels are granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.

This type is not used in any activity, and only used as part of another schema.

Fields

device_policy: Option<DevicePolicy>

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

ip_subnetworks: Option<Vec<String>>

CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, “192.0.2.0/24” is accepted but “192.0.2.1/24” is not. Similarly, for IPv6, “2001:db8::/32” is accepted whereas “2001:db8::1/32” is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.

members: Option<Vec<String>>

The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: user:{emailid} serviceAccount:{emailid} If not specified, a request may come from any user.

negate: Option<bool>

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

regions: Option<Vec<String>>

The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.

required_access_levels: Option<Vec<String>>

A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: “accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"

Trait Implementations

impl Clone for Condition

fn clone(&self) -> Condition

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Condition

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Condition

fn default() -> Condition

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for Condition

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl Part for Condition

impl Serialize for Condition

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
    __S: Serializer, 

Serialize this value into the given Serde serializer.