Class: Google::Apis::NetworksecurityV1::AuthzPolicy
- Inherits:
-
Object
- Object
- Google::Apis::NetworksecurityV1::AuthzPolicy
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- lib/google/apis/networksecurity_v1/classes.rb,
lib/google/apis/networksecurity_v1/representations.rb,
lib/google/apis/networksecurity_v1/representations.rb
Overview
AuthzPolicy
is a resource that allows to forward traffic to a callout
backend designed to scan the traffic for security purposes.
Instance Attribute Summary collapse
-
#action ⇒ String
Required.
-
#create_time ⇒ String
Output only.
-
#custom_provider ⇒ Google::Apis::NetworksecurityV1::AuthzPolicyCustomProvider
Allows delegating authorization decisions to Cloud IAP or to Service Extensions.
-
#description ⇒ String
Optional.
-
#http_rules ⇒ Array<Google::Apis::NetworksecurityV1::AuthzPolicyAuthzRule>
Optional.
-
#labels ⇒ Hash<String,String>
Optional.
-
#name ⇒ String
Required.
-
#target ⇒ Google::Apis::NetworksecurityV1::AuthzPolicyTarget
Specifies the set of targets to which this policy should be applied to.
-
#update_time ⇒ String
Output only.
Instance Method Summary collapse
-
#initialize(**args) ⇒ AuthzPolicy
constructor
A new instance of AuthzPolicy.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ AuthzPolicy
Returns a new instance of AuthzPolicy.
265 266 267 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 265 def initialize(**args) update!(**args) end |
Instance Attribute Details
#action ⇒ String
Required. Can be one of ALLOW
, DENY
, CUSTOM
. When the action is CUSTOM
,
customProvider
must be specified. When the action is ALLOW
, only requests
matching the policy will be allowed. When the action is DENY
, only requests
matching the policy will be denied. When a request arrives, the policies are
evaluated in the following order: 1. If there is a CUSTOM
policy that
matches the request, the CUSTOM
policy is evaluated using the custom
authorization providers and the request is denied if the provider rejects the
request. 2. If there are any DENY
policies that match the request, the
request is denied. 3. If there are no ALLOW
policies for the resource or if
any of the ALLOW
policies match the request, the request is allowed. 4. Else
the request is denied by default if none of the configured AuthzPolicies with
ALLOW
action match the request.
Corresponds to the JSON property action
216 217 218 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 216 def action @action end |
#create_time ⇒ String
Output only. The timestamp when the resource was created.
Corresponds to the JSON property createTime
221 222 223 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 221 def create_time @create_time end |
#custom_provider ⇒ Google::Apis::NetworksecurityV1::AuthzPolicyCustomProvider
Allows delegating authorization decisions to Cloud IAP or to Service
Extensions.
Corresponds to the JSON property customProvider
227 228 229 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 227 def custom_provider @custom_provider end |
#description ⇒ String
Optional. A human-readable description of the resource.
Corresponds to the JSON property description
232 233 234 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 232 def description @description end |
#http_rules ⇒ Array<Google::Apis::NetworksecurityV1::AuthzPolicyAuthzRule>
Optional. A list of authorization HTTP rules to match against the incoming
request. A policy match occurs when at least one HTTP rule matches the request
or when no HTTP rules are specified in the policy. At least one HTTP Rule is
required for Allow or Deny Action. Limited to 5 rules.
Corresponds to the JSON property httpRules
240 241 242 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 240 def http_rules @http_rules end |
#labels ⇒ Hash<String,String>
Optional. Set of labels associated with the AuthzPolicy
resource. The format
must comply with the following requirements.
Corresponds to the JSON property labels
247 248 249 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 247 def labels @labels end |
#name ⇒ String
Required. Identifier. Name of the AuthzPolicy
resource in the following
format: projects/
project/locations/
location/authzPolicies/
authz_policy`.
Corresponds to the JSON property
name`
253 254 255 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 253 def name @name end |
#target ⇒ Google::Apis::NetworksecurityV1::AuthzPolicyTarget
Specifies the set of targets to which this policy should be applied to.
Corresponds to the JSON property target
258 259 260 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 258 def target @target end |
#update_time ⇒ String
Output only. The timestamp when the resource was updated.
Corresponds to the JSON property updateTime
263 264 265 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 263 def update_time @update_time end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
270 271 272 273 274 275 276 277 278 279 280 |
# File 'lib/google/apis/networksecurity_v1/classes.rb', line 270 def update!(**args) @action = args[:action] if args.key?(:action) @create_time = args[:create_time] if args.key?(:create_time) @custom_provider = args[:custom_provider] if args.key?(:custom_provider) @description = args[:description] if args.key?(:description) @http_rules = args[:http_rules] if args.key?(:http_rules) @labels = args[:labels] if args.key?(:labels) @name = args[:name] if args.key?(:name) @target = args[:target] if args.key?(:target) @update_time = args[:update_time] if args.key?(:update_time) end |