Cloud Identity-Aware Proxy v1 API - Class AttributePropagationSettings (2.3.0)

Reference documentation and code samples for the Cloud Identity-Aware Proxy v1 API class AttributePropagationSettings.

Configuration for propagating attributes to applications protected by IAP.

Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.

Raw string CEL expression. Must return a list of attributes. Maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes. Limited functions are supported:

• filter: <list>.filter(<iter_var>, <predicate>) -> returns a subset of <list> where <predicate> is true for every item.
• in: <var> in <list> -> returns true if <list> contains <var>
• selectByName: <list>.selectByName(<string>) -> returns the attribute in <list> with the given <string> name, otherwise returns empty.
• emitAs: <attribute>.emitAs(<string>) -> sets the <attribute> name field to the given <string> for propagation in selected output credentials.
• strict: <attribute>.strict() -> ignore the x-goog-iap-attr- prefix for the provided <attribute> when propagating via the HEADER output credential, i.e. request headers.
• append: <target_list>.append(<attribute>) OR <target_list>.append(<list>) -> append the provided <attribute> or <list> onto the end of <target_list>.

Example expression: attributes.saml_attributes.filter(x, x.name in ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict())

Gets whether the "enable" field is set

Gets whether the "expression" field is set

Which output credentials attributes selected by the CEL expression should be propagated in. All attributes will be fully duplicated in each selected output credential.