tessl/pypi-google-cloud-iap
Google Cloud Identity-Aware Proxy API client library for Python
—
Pending
iap-admin.mddocs/
IAP Administration
Comprehensive management of Identity-Aware Proxy settings, access controls, tunnel destination groups, and validation utilities. This service enables programmatic configuration of IAP policies, access restrictions, and security settings for protected resources.
Capabilities
IAP Settings Management
Retrieve and update IAP configuration settings for protected resources, including access controls, application settings, and security policies.
def get_iap_settings(
self,
request: GetIapSettingsRequest,
*,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> IapSettings:
"""
Gets the IAP settings on a particular IAP protected resource.
Args:
request: The request object containing the resource name.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
The current IAP settings for the specified resource.
"""
def update_iap_settings(
self,
request: UpdateIapSettingsRequest,
*,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> IapSettings:
"""
Updates the IAP settings on a particular IAP protected resource.
Args:
request: The request object containing the settings to update.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
The updated IAP settings.
"""Example usage:
from google.cloud.iap import IdentityAwareProxyAdminServiceClient
from google.cloud.iap import GetIapSettingsRequest, UpdateIapSettingsRequest
from google.cloud.iap import IapSettings, AccessSettings, ReauthSettings
from google.protobuf import field_mask_pb2
from google.protobuf import duration_pb2
client = IdentityAwareProxyAdminServiceClient()
# Get current IAP settings
resource_name = "projects/my-project/iap_web/compute/services/my-service"
get_request = GetIapSettingsRequest(name=resource_name)
current_settings = client.get_iap_settings(request=get_request)
# Update reauthentication settings
reauth_settings = ReauthSettings(
method=ReauthSettings.Method.PASSWORD,
max_age=duration_pb2.Duration(seconds=3600), # 1 hour
policy_type=ReauthSettings.PolicyType.MINIMUM
)
access_settings = AccessSettings(reauth_settings=reauth_settings)
updated_settings = IapSettings(
name=resource_name,
access_settings=access_settings
)
# Create update mask to specify which fields to update
update_mask = field_mask_pb2.FieldMask(
paths=["access_settings.reauth_settings"]
)
update_request = UpdateIapSettingsRequest(
iap_settings=updated_settings,
update_mask=update_mask
)
result = client.update_iap_settings(request=update_request)Attribute Expression Validation
Validate IAP attribute expressions before applying them to configurations.
def validate_iap_attribute_expression(
self,
request: ValidateIapAttributeExpressionRequest,
*,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> ValidateIapAttributeExpressionResponse:
"""
Validates that a given CEL expression conforms to IAP restrictions.
Args:
request: The request object containing the expression to validate.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
Empty response indicating validation success or failure.
"""Tunnel Destination Group Management
Manage tunnel destination groups that define sets of destinations accessible through IAP TCP forwarding.
def list_tunnel_dest_groups(
self,
request: ListTunnelDestGroupsRequest,
*,
parent: str = None,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> ListTunnelDestGroupsPager:
"""
Lists the existing TunnelDestGroups.
Args:
request: The request object containing the parent project and location.
parent: The resource path of the parent project and location.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
A pager for iterating through tunnel destination groups.
"""
def create_tunnel_dest_group(
self,
request: CreateTunnelDestGroupRequest,
*,
parent: str = None,
tunnel_dest_group: TunnelDestGroup = None,
tunnel_dest_group_id: str = None,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> TunnelDestGroup:
"""
Creates a new TunnelDestGroup.
Args:
request: The request object.
parent: The resource path of the parent project and location.
tunnel_dest_group: The TunnelDestGroup to create.
tunnel_dest_group_id: The ID to use for the tunnel destination group.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
The created tunnel destination group.
"""
def get_tunnel_dest_group(
self,
request: GetTunnelDestGroupRequest,
*,
name: str = None,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> TunnelDestGroup:
"""
Retrieves an existing TunnelDestGroup.
Args:
request: The request object.
name: The resource name of the tunnel destination group.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
The requested tunnel destination group.
"""
def update_tunnel_dest_group(
self,
request: UpdateTunnelDestGroupRequest,
*,
tunnel_dest_group: TunnelDestGroup = None,
update_mask: field_mask_pb2.FieldMask = None,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> TunnelDestGroup:
"""
Updates an existing TunnelDestGroup.
Args:
request: The request object.
tunnel_dest_group: The TunnelDestGroup to update.
update_mask: Field mask to specify which fields to update.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
The updated tunnel destination group.
"""
def delete_tunnel_dest_group(
self,
request: DeleteTunnelDestGroupRequest,
*,
name: str = None,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> None:
"""
Deletes a TunnelDestGroup.
Args:
request: The request object.
name: The resource name of the tunnel destination group to delete.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
"""Example usage:
from google.cloud.iap import IdentityAwareProxyAdminServiceClient
from google.cloud.iap import (
ListTunnelDestGroupsRequest,
CreateTunnelDestGroupRequest,
TunnelDestGroup
)
client = IdentityAwareProxyAdminServiceClient()
parent = "projects/my-project/locations/global"
# List existing tunnel destination groups
list_request = ListTunnelDestGroupsRequest(parent=parent)
for group in client.list_tunnel_dest_groups(request=list_request):
print(f"Tunnel group: {group.name}")
print(f"CIDRs: {group.cidrs}")
print(f"FQDNs: {group.fqdns}")
# Create a new tunnel destination group
new_group = TunnelDestGroup(
cidrs=["10.0.0.0/24", "192.168.1.0/24"],
fqdns=["internal.example.com", "db.example.com"]
)
create_request = CreateTunnelDestGroupRequest(
parent=parent,
tunnel_dest_group=new_group,
tunnel_dest_group_id="my-tunnel-group"
)
created_group = client.create_tunnel_dest_group(request=create_request)
print(f"Created tunnel group: {created_group.name}")Types
Request Types
class GetIapSettingsRequest:
"""Request message for GetIapSettings."""
name: str # Resource name
class UpdateIapSettingsRequest:
"""Request message for UpdateIapSettings."""
iap_settings: IapSettings
update_mask: field_mask_pb2.FieldMask
class ValidateIapAttributeExpressionRequest:
"""Request message for ValidateIapAttributeExpression."""
name: str # Resource name
expression: str # CEL expression to validate
class ListTunnelDestGroupsRequest:
"""Request message for ListTunnelDestGroups."""
parent: str # Parent project and location
page_size: int # Maximum number of results per page
page_token: str # Token for next page
class CreateTunnelDestGroupRequest:
"""Request message for CreateTunnelDestGroup."""
parent: str
tunnel_dest_group: TunnelDestGroup
tunnel_dest_group_id: str
class GetTunnelDestGroupRequest:
"""Request message for GetTunnelDestGroup."""
name: str # Resource name
class UpdateTunnelDestGroupRequest:
"""Request message for UpdateTunnelDestGroup."""
tunnel_dest_group: TunnelDestGroup
update_mask: field_mask_pb2.FieldMask
class DeleteTunnelDestGroupRequest:
"""Request message for DeleteTunnelDestGroup."""
name: str # Resource nameResponse Types
class ValidateIapAttributeExpressionResponse:
"""Response message for ValidateIapAttributeExpression (empty)."""
pass
class ListTunnelDestGroupsResponse:
"""Response message for ListTunnelDestGroups."""
tunnel_dest_groups: List[TunnelDestGroup]
next_page_token: strConfiguration Detail Types
class GcipSettings:
"""GCIP tenant configuration."""
tenant_ids: List[str]
login_page_uri: wrappers_pb2.StringValue
class CorsSettings:
"""CORS configuration."""
allow_http_options: wrappers_pb2.BoolValue
class OAuthSettings:
"""OAuth configuration."""
login_hint: wrappers_pb2.StringValue
programmatic_clients: List[str]
class ReauthSettings:
"""Reauthentication configuration."""
method: Method
max_age: duration_pb2.Duration
policy_type: PolicyType
class Method(Enum):
METHOD_UNSPECIFIED = 0
LOGIN = 1
PASSWORD = 2
SECURE_KEY = 3
ENROLLED_SECOND_FACTORS = 4
class PolicyType(Enum):
POLICY_TYPE_UNSPECIFIED = 0
MINIMUM = 1
DEFAULT = 2
class AllowedDomainsSettings:
"""Domain restriction settings."""
enable: bool # Optional
domains: List[str]
class WorkforceIdentitySettings:
"""Workforce identity configuration."""
workforce_pools: List[str]
oauth2: OAuth2
class OAuth2:
"""OAuth 2.0 settings."""
client_id: str
client_secret: str # Input only
client_secret_sha256: str # Output only
class CsmSettings:
"""Service mesh configuration."""
rctoken_aud: wrappers_pb2.StringValue
class AccessDeniedPageSettings:
"""Custom access denied page configuration."""
access_denied_page_uri: wrappers_pb2.StringValue
generate_troubleshooting_uri: wrappers_pb2.BoolValue
remediation_token_generation_enabled: wrappers_pb2.BoolValue # Optional
class AttributePropagationSettings:
"""Attribute propagation configuration."""
expression: str # Optional CEL expression
output_credentials: List[OutputCredentials]
enable: bool # Optional
class OutputCredentials(Enum):
OUTPUT_CREDENTIALS_UNSPECIFIED = 0
HEADER = 1
JWT = 2
RCTOKEN = 3Path Helper Methods
@staticmethod
def tunnel_dest_group_path(project: str, location: str, dest_group: str) -> str:
"""Return a fully-qualified tunnel_dest_group string."""
@staticmethod
def parse_tunnel_dest_group_path(path: str) -> Dict[str, str]:
"""Parse a tunnel_dest_group path into its component segments."""
@staticmethod
def tunnel_location_path(project: str, location: str) -> str:
"""Return a fully-qualified tunnel_location string."""
@staticmethod
def parse_tunnel_location_path(path: str) -> Dict[str, str]:
"""Parse a tunnel_location path into its component segments."""
@staticmethod
def common_project_path(project: str) -> str:
"""Return a fully-qualified project string."""
@staticmethod
def parse_common_project_path(path: str) -> Dict[str, str]:
"""Parse a project path into its component segments."""
@staticmethod
def common_location_path(project: str, location: str) -> str:
"""Return a fully-qualified location string."""
@staticmethod
def parse_common_location_path(path: str) -> Dict[str, str]:
"""Parse a location path into its component segments."""Pager Classes
ListTunnelDestGroupsPager
class ListTunnelDestGroupsPager:
"""A pager for iterating through list_tunnel_dest_groups requests."""
@property
def pages(self):
"""Iterator of pages in the response."""
def __iter__(self):
"""Iterator over TunnelDestGroup resources."""
def __getattr__(self, name):
"""Access to response attributes."""ListTunnelDestGroupsAsyncPager
class ListTunnelDestGroupsAsyncPager:
"""Async pager for iterating through list_tunnel_dest_groups requests."""
@property
def pages(self):
"""AsyncIterator of pages in the response."""
def __aiter__(self):
"""AsyncIterator over TunnelDestGroup resources."""Install with Tessl CLI
npx tessl i tessl/pypi-google-cloud-iap