Class: Google::Apis::ComputeAlpha::SecurityPolicyRule
- Inherits:
-
Object
- Object
- Google::Apis::ComputeAlpha::SecurityPolicyRule
- Includes:
- Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
- Defined in:
- lib/google/apis/compute_alpha/classes.rb,
lib/google/apis/compute_alpha/representations.rb,
lib/google/apis/compute_alpha/representations.rb
Overview
Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).
Instance Attribute Summary collapse
-
#action ⇒ String
The Action to perform when the rule is matched.
-
#description ⇒ String
An optional description of this resource.
-
#direction ⇒ String
The direction in which this rule applies.
-
#enable_logging ⇒ Boolean
(also: #enable_logging?)
Denotes whether to enable logging for a particular rule.
-
#header_action ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleHttpHeaderAction
Optional, additional actions that are performed on headers.
-
#kind ⇒ String
[Output only] Type of the resource.
-
#match ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleMatcher
Represents a match condition that incoming traffic is evaluated against.
-
#network_match ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleNetworkMatcher
A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies.
-
#preconfigured_waf_config ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRulePreconfiguredWafConfig
Preconfigured WAF configuration to be applied for the rule.
-
#preview ⇒ Boolean
(also: #preview?)
If set to true, the specified action is not enforced.
-
#priority ⇒ Fixnum
An integer indicating the priority of a rule in the list.
-
#rate_limit_options ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleRateLimitOptions
Must be specified if the action is "rate_based_ban" or "throttle".
-
#redirect_options ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleRedirectOptions
Parameters defining the redirect action.
-
#redirect_target ⇒ String
This must be specified for redirect actions.
-
#rule_managed_protection_tier ⇒ String
[Output Only] The minimum managed protection tier required for this rule.
-
#rule_number ⇒ Fixnum
Identifier for the rule.
-
#rule_tuple_count ⇒ Fixnum
[Output Only] Calculation of the complexity of a single firewall security policy rule.
-
#target_resources ⇒ Array<String>
A list of network resource URLs to which this rule applies.
-
#target_service_accounts ⇒ Array<String>
A list of service accounts indicating the sets of instances that are applied with this rule.
Instance Method Summary collapse
-
#initialize(**args) ⇒ SecurityPolicyRule
constructor
A new instance of SecurityPolicyRule.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ SecurityPolicyRule
Returns a new instance of SecurityPolicyRule.
40517 40518 40519 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40517 def initialize(**args) update!(**args) end |
Instance Attribute Details
#action ⇒ String
The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(): deny access to target, returns the HTTP response code specified (valid values are 403, 404, and 502).
- rate_based_ban: limit client traffic to the configured threshold and ban the
client if the traffic exceeds the threshold. Configure parameters for this
action in RateLimitOptions. Requires rate_limit_options to be set. - redirect:
redirect to a different target. This can either be an internal reCAPTCHA
redirect, or an external URL-based redirect via a 302 response. Parameters for
this action can be configured via redirectOptions. - throttle: limit client
traffic to the configured threshold. Configure parameters for this action in
rateLimitOptions. Requires rate_limit_options to be set for this.
Corresponds to the JSON property
action
40382 40383 40384 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40382 def action @action end |
#description ⇒ String
An optional description of this resource. Provide this property when you
create the resource.
Corresponds to the JSON property description
40388 40389 40390 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40388 def description @description end |
#direction ⇒ String
The direction in which this rule applies. This field may only be specified
when versioned_expr is set to FIREWALL.
Corresponds to the JSON property direction
40394 40395 40396 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40394 def direction @direction end |
#enable_logging ⇒ Boolean Also known as: enable_logging?
Denotes whether to enable logging for a particular rule. If logging is enabled,
logs will be exported to the configured export destination in Stackdriver.
Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging
on "goto_next" rules. This field may only be specified when the versioned_expr
is set to FIREWALL.
Corresponds to the JSON property enableLogging
40403 40404 40405 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40403 def enable_logging @enable_logging end |
#header_action ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleHttpHeaderAction
Optional, additional actions that are performed on headers.
Corresponds to the JSON property headerAction
40409 40410 40411 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40409 def header_action @header_action end |
#kind ⇒ String
[Output only] Type of the resource. Always compute#securityPolicyRule for
security policy rules
Corresponds to the JSON property kind
40415 40416 40417 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40415 def kind @kind end |
#match ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleMatcher
Represents a match condition that incoming traffic is evaluated against.
Exactly one field must be specified.
Corresponds to the JSON property match
40421 40422 40423 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40421 def match @match end |
#network_match ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleNetworkMatcher
A match condition that incoming packets are evaluated against for
CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding '
action' is enforced. The match criteria for a rule consists of built-in match
fields (like 'srcIpRanges') and potentially multiple user-defined match fields
('userDefinedFields'). Field values may be extracted directly from the packet
or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in
every packet (e.g. 'srcPorts'). A user-defined field is only present if the
base header is found in the packet and the entire field is in bounds. Each
match field may specify which values can match it, listing one or more ranges,
prefixes, or exact values that are considered a match for the field. A field
value must be present in order to match a specified match field. If no match
values are specified for a match field, then any field value is considered to
match it, and it's not required to be present. For a packet to match a rule,
all specified match fields must match the corresponding field values derived
from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.
51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-
0x1fff" The above match condition matches packets with a source IP in 192.0.2.
0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset"
with a value between 1 and 0x1fff inclusive.
Corresponds to the JSON property networkMatch
40444 40445 40446 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40444 def network_match @network_match end |
#preconfigured_waf_config ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRulePreconfiguredWafConfig
Preconfigured WAF configuration to be applied for the rule. If the rule does
not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is
not used, this field will have no effect.
Corresponds to the JSON property preconfiguredWafConfig
40451 40452 40453 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40451 def preconfigured_waf_config @preconfigured_waf_config end |
#preview ⇒ Boolean Also known as: preview?
If set to true, the specified action is not enforced.
Corresponds to the JSON property preview
40456 40457 40458 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40456 def preview @preview end |
#priority ⇒ Fixnum
An integer indicating the priority of a rule in the list. The priority must be
a positive value between 0 and 2147483647. Rules are evaluated from highest to
lowest priority where 0 is the highest priority and 2147483647 is the lowest
priority.
Corresponds to the JSON property priority
40465 40466 40467 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40465 def priority @priority end |
#rate_limit_options ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleRateLimitOptions
Must be specified if the action is "rate_based_ban" or "throttle". Cannot be
specified for any other actions.
Corresponds to the JSON property rateLimitOptions
40471 40472 40473 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40471 def @rate_limit_options end |
#redirect_options ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleRedirectOptions
Parameters defining the redirect action. Cannot be specified for any other
actions.
Corresponds to the JSON property redirectOptions
40477 40478 40479 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40477 def @redirect_options end |
#redirect_target ⇒ String
This must be specified for redirect actions. Cannot be specified for any other
actions.
Corresponds to the JSON property redirectTarget
40483 40484 40485 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40483 def redirect_target @redirect_target end |
#rule_managed_protection_tier ⇒ String
[Output Only] The minimum managed protection tier required for this rule.
Corresponds to the JSON property ruleManagedProtectionTier
40488 40489 40490 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40488 def rule_managed_protection_tier @rule_managed_protection_tier end |
#rule_number ⇒ Fixnum
Identifier for the rule. This is only unique within the given security policy.
This can only be set during rule creation, if rule number is not specified it
will be generated by the server.
Corresponds to the JSON property ruleNumber
40495 40496 40497 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40495 def rule_number @rule_number end |
#rule_tuple_count ⇒ Fixnum
[Output Only] Calculation of the complexity of a single firewall security
policy rule.
Corresponds to the JSON property ruleTupleCount
40501 40502 40503 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40501 def rule_tuple_count @rule_tuple_count end |
#target_resources ⇒ Array<String>
A list of network resource URLs to which this rule applies. This field allows
you to control which network's VMs get this rule. If this field is left blank,
all VMs within the organization will receive the rule. This field may only be
specified when versioned_expr is set to FIREWALL.
Corresponds to the JSON property targetResources
40509 40510 40511 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40509 def target_resources @target_resources end |
#target_service_accounts ⇒ Array<String>
A list of service accounts indicating the sets of instances that are applied
with this rule.
Corresponds to the JSON property targetServiceAccounts
40515 40516 40517 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40515 def target_service_accounts @target_service_accounts end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
40522 40523 40524 40525 40526 40527 40528 40529 40530 40531 40532 40533 40534 40535 40536 40537 40538 40539 40540 40541 40542 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 40522 def update!(**args) @action = args[:action] if args.key?(:action) @description = args[:description] if args.key?(:description) @direction = args[:direction] if args.key?(:direction) @enable_logging = args[:enable_logging] if args.key?(:enable_logging) @header_action = args[:header_action] if args.key?(:header_action) @kind = args[:kind] if args.key?(:kind) @match = args[:match] if args.key?(:match) @network_match = args[:network_match] if args.key?(:network_match) @preconfigured_waf_config = args[:preconfigured_waf_config] if args.key?(:preconfigured_waf_config) @preview = args[:preview] if args.key?(:preview) @priority = args[:priority] if args.key?(:priority) @rate_limit_options = args[:rate_limit_options] if args.key?(:rate_limit_options) @redirect_options = args[:redirect_options] if args.key?(:redirect_options) @redirect_target = args[:redirect_target] if args.key?(:redirect_target) @rule_managed_protection_tier = args[:rule_managed_protection_tier] if args.key?(:rule_managed_protection_tier) @rule_number = args[:rule_number] if args.key?(:rule_number) @rule_tuple_count = args[:rule_tuple_count] if args.key?(:rule_tuple_count) @target_resources = args[:target_resources] if args.key?(:target_resources) @target_service_accounts = args[:target_service_accounts] if args.key?(:target_service_accounts) end |