Class: Google::Apis::ComputeAlpha::SecurityPolicyRule
- Inherits:
-
Object
- Object
- Google::Apis::ComputeAlpha::SecurityPolicyRule
- Includes:
- Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
- Defined in:
- lib/google/apis/compute_alpha/classes.rb,
lib/google/apis/compute_alpha/representations.rb,
lib/google/apis/compute_alpha/representations.rb
Overview
Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).
Instance Attribute Summary collapse
-
#action ⇒ String
The Action to perform when the rule is matched.
-
#description ⇒ String
An optional description of this resource.
-
#direction ⇒ String
The direction in which this rule applies.
-
#enable_logging ⇒ Boolean
(also: #enable_logging?)
Denotes whether to enable logging for a particular rule.
-
#header_action ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleHttpHeaderAction
Optional, additional actions that are performed on headers.
-
#kind ⇒ String
[Output only] Type of the resource.
-
#match ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleMatcher
Represents a match condition that incoming traffic is evaluated against.
-
#network_match ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleNetworkMatcher
Represents a match condition that incoming network traffic is evaluated against.
-
#preconfigured_waf_config ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRulePreconfiguredWafConfig
Preconfigured WAF configuration to be applied for the rule.
-
#preview ⇒ Boolean
(also: #preview?)
If set to true, the specified action is not enforced.
-
#priority ⇒ Fixnum
An integer indicating the priority of a rule in the list.
-
#rate_limit_options ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleRateLimitOptions
Must be specified if the action is "rate_based_ban" or "throttle".
-
#redirect_options ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleRedirectOptions
Parameters defining the redirect action.
-
#redirect_target ⇒ String
This must be specified for redirect actions.
-
#rule_managed_protection_tier ⇒ String
[Output Only] The minimum managed protection tier required for this rule.
-
#rule_number ⇒ Fixnum
Identifier for the rule.
-
#rule_tuple_count ⇒ Fixnum
[Output Only] Calculation of the complexity of a single firewall security policy rule.
-
#target_resources ⇒ Array<String>
A list of network resource URLs to which this rule applies.
-
#target_service_accounts ⇒ Array<String>
A list of service accounts indicating the sets of instances that are applied with this rule.
Instance Method Summary collapse
-
#initialize(**args) ⇒ SecurityPolicyRule
constructor
A new instance of SecurityPolicyRule.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ SecurityPolicyRule
Returns a new instance of SecurityPolicyRule.
42575 42576 42577 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42575 def initialize(**args) update!(**args) end |
Instance Attribute Details
#action ⇒ String
The Action to perform when the rule is matched. The following are the valid
actions: - allow: allow access to target. - deny(STATUS): deny access to
target, returns the HTTP response code specified. Valid values for STATUS
are 403, 404, and 502. - rate_based_ban: limit client traffic to the
configured threshold and ban the client if the traffic exceeds the threshold.
Configure parameters for this action in RateLimitOptions. Requires
rate_limit_options to be set. - redirect: redirect to a different target. This
can either be an internal reCAPTCHA redirect, or an external URL-based
redirect via a 302 response. Parameters for this action can be configured via
redirectOptions. This action is only supported in Global Security Policies of
type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold.
Configure parameters for this action in rateLimitOptions. Requires
rate_limit_options to be set for this.
Corresponds to the JSON property action
42454 42455 42456 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42454 def action @action end |
#description ⇒ String
An optional description of this resource. Provide this property when you
create the resource.
Corresponds to the JSON property description
42460 42461 42462 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42460 def description @description end |
#direction ⇒ String
The direction in which this rule applies. This field may only be specified
when versioned_expr is set to FIREWALL.
Corresponds to the JSON property direction
42466 42467 42468 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42466 def direction @direction end |
#enable_logging ⇒ Boolean Also known as: enable_logging?
Denotes whether to enable logging for a particular rule. If logging is enabled,
logs will be exported to the configured export destination in Stackdriver.
Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging
on "goto_next" rules. This field may only be specified when the versioned_expr
is set to FIREWALL.
Corresponds to the JSON property enableLogging
42475 42476 42477 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42475 def enable_logging @enable_logging end |
#header_action ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleHttpHeaderAction
Optional, additional actions that are performed on headers. This field is only
supported in Global Security Policies of type CLOUD_ARMOR.
Corresponds to the JSON property headerAction
42482 42483 42484 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42482 def header_action @header_action end |
#kind ⇒ String
[Output only] Type of the resource. Always compute#securityPolicyRule for
security policy rules
Corresponds to the JSON property kind
42488 42489 42490 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42488 def kind @kind end |
#match ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleMatcher
Represents a match condition that incoming traffic is evaluated against.
Exactly one field must be specified.
Corresponds to the JSON property match
42494 42495 42496 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42494 def match @match end |
#network_match ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleNetworkMatcher
Represents a match condition that incoming network traffic is evaluated
against.
Corresponds to the JSON property networkMatch
42500 42501 42502 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42500 def network_match @network_match end |
#preconfigured_waf_config ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRulePreconfiguredWafConfig
Preconfigured WAF configuration to be applied for the rule. If the rule does
not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is
not used, this field will have no effect.
Corresponds to the JSON property preconfiguredWafConfig
42507 42508 42509 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42507 def preconfigured_waf_config @preconfigured_waf_config end |
#preview ⇒ Boolean Also known as: preview?
If set to true, the specified action is not enforced.
Corresponds to the JSON property preview
42512 42513 42514 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42512 def preview @preview end |
#priority ⇒ Fixnum
An integer indicating the priority of a rule in the list. The priority must be
a positive value between 0 and 2147483647. Rules are evaluated from highest to
lowest priority where 0 is the highest priority and 2147483647 is the lowest
priority.
Corresponds to the JSON property priority
42521 42522 42523 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42521 def priority @priority end |
#rate_limit_options ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleRateLimitOptions
Must be specified if the action is "rate_based_ban" or "throttle". Cannot be
specified for any other actions.
Corresponds to the JSON property rateLimitOptions
42527 42528 42529 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42527 def @rate_limit_options end |
#redirect_options ⇒ Google::Apis::ComputeAlpha::SecurityPolicyRuleRedirectOptions
Parameters defining the redirect action. Cannot be specified for any other
actions. This field is only supported in Global Security Policies of type
CLOUD_ARMOR.
Corresponds to the JSON property redirectOptions
42534 42535 42536 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42534 def @redirect_options end |
#redirect_target ⇒ String
This must be specified for redirect actions. Cannot be specified for any other
actions.
Corresponds to the JSON property redirectTarget
42540 42541 42542 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42540 def redirect_target @redirect_target end |
#rule_managed_protection_tier ⇒ String
[Output Only] The minimum managed protection tier required for this rule. [
Deprecated] Use requiredManagedProtectionTiers instead.
Corresponds to the JSON property ruleManagedProtectionTier
42546 42547 42548 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42546 def rule_managed_protection_tier @rule_managed_protection_tier end |
#rule_number ⇒ Fixnum
Identifier for the rule. This is only unique within the given security policy.
This can only be set during rule creation, if rule number is not specified it
will be generated by the server.
Corresponds to the JSON property ruleNumber
42553 42554 42555 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42553 def rule_number @rule_number end |
#rule_tuple_count ⇒ Fixnum
[Output Only] Calculation of the complexity of a single firewall security
policy rule.
Corresponds to the JSON property ruleTupleCount
42559 42560 42561 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42559 def rule_tuple_count @rule_tuple_count end |
#target_resources ⇒ Array<String>
A list of network resource URLs to which this rule applies. This field allows
you to control which network's VMs get this rule. If this field is left blank,
all VMs within the organization will receive the rule. This field may only be
specified when versioned_expr is set to FIREWALL.
Corresponds to the JSON property targetResources
42567 42568 42569 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42567 def target_resources @target_resources end |
#target_service_accounts ⇒ Array<String>
A list of service accounts indicating the sets of instances that are applied
with this rule.
Corresponds to the JSON property targetServiceAccounts
42573 42574 42575 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42573 def target_service_accounts @target_service_accounts end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
42580 42581 42582 42583 42584 42585 42586 42587 42588 42589 42590 42591 42592 42593 42594 42595 42596 42597 42598 42599 42600 |
# File 'lib/google/apis/compute_alpha/classes.rb', line 42580 def update!(**args) @action = args[:action] if args.key?(:action) @description = args[:description] if args.key?(:description) @direction = args[:direction] if args.key?(:direction) @enable_logging = args[:enable_logging] if args.key?(:enable_logging) @header_action = args[:header_action] if args.key?(:header_action) @kind = args[:kind] if args.key?(:kind) @match = args[:match] if args.key?(:match) @network_match = args[:network_match] if args.key?(:network_match) @preconfigured_waf_config = args[:preconfigured_waf_config] if args.key?(:preconfigured_waf_config) @preview = args[:preview] if args.key?(:preview) @priority = args[:priority] if args.key?(:priority) @rate_limit_options = args[:rate_limit_options] if args.key?(:rate_limit_options) @redirect_options = args[:redirect_options] if args.key?(:redirect_options) @redirect_target = args[:redirect_target] if args.key?(:redirect_target) @rule_managed_protection_tier = args[:rule_managed_protection_tier] if args.key?(:rule_managed_protection_tier) @rule_number = args[:rule_number] if args.key?(:rule_number) @rule_tuple_count = args[:rule_tuple_count] if args.key?(:rule_tuple_count) @target_resources = args[:target_resources] if args.key?(:target_resources) @target_service_accounts = args[:target_service_accounts] if args.key?(:target_service_accounts) end |