public interface AuthzPolicyOrBuilder extends MessageOrBuilderImplements
MessageOrBuilderMethods
containsLabels(String key)
public abstract boolean containsLabels(String key) Optional. Set of labels associated with the AuthzPolicy resource.
The format must comply with the following requirements.
map<string, string> labels = 5 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
key |
String |
| Returns | |
|---|---|
| Type | Description |
boolean |
|
getAction()
public abstract AuthzPolicy.AuthzAction getAction() Required. Can be one of ALLOW, DENY, CUSTOM.
When the action is CUSTOM, customProvider must be specified.
When the action is ALLOW, only requests matching the policy will
be allowed.
When the action is DENY, only requests matching the policy will be
denied.
When a request arrives, the policies are evaluated in the following order:
If there is a
CUSTOMpolicy that matches the request, theCUSTOMpolicy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.If there are any
DENYpolicies that match the request, the request is denied.If there are no
ALLOWpolicies for the resource or if any of theALLOWpolicies match the request, the request is allowed.Else the request is denied by default if none of the configured AuthzPolicies with
ALLOWaction match the request.
.google.cloud.networksecurity.v1.AuthzPolicy.AuthzAction action = 8 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
AuthzPolicy.AuthzAction |
The action. |
getActionValue()
public abstract int getActionValue() Required. Can be one of ALLOW, DENY, CUSTOM.
When the action is CUSTOM, customProvider must be specified.
When the action is ALLOW, only requests matching the policy will
be allowed.
When the action is DENY, only requests matching the policy will be
denied.
When a request arrives, the policies are evaluated in the following order:
If there is a
CUSTOMpolicy that matches the request, theCUSTOMpolicy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.If there are any
DENYpolicies that match the request, the request is denied.If there are no
ALLOWpolicies for the resource or if any of theALLOWpolicies match the request, the request is allowed.Else the request is denied by default if none of the configured AuthzPolicies with
ALLOWaction match the request.
.google.cloud.networksecurity.v1.AuthzPolicy.AuthzAction action = 8 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
int |
The enum numeric value on the wire for action. |
getCreateTime()
public abstract Timestamp getCreateTime()Output only. The timestamp when the resource was created.
.google.protobuf.Timestamp create_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Returns | |
|---|---|
| Type | Description |
Timestamp |
The createTime. |
getCreateTimeOrBuilder()
public abstract TimestampOrBuilder getCreateTimeOrBuilder()Output only. The timestamp when the resource was created.
.google.protobuf.Timestamp create_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Returns | |
|---|---|
| Type | Description |
TimestampOrBuilder |
|
getCustomProvider()
public abstract AuthzPolicy.CustomProvider getCustomProvider() Optional. Required if the action is CUSTOM. Allows delegating
authorization decisions to Cloud IAP or to Service Extensions. One of
cloudIap or authzExtension must be specified.
.google.cloud.networksecurity.v1.AuthzPolicy.CustomProvider custom_provider = 10 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
AuthzPolicy.CustomProvider |
The customProvider. |
getCustomProviderOrBuilder()
public abstract AuthzPolicy.CustomProviderOrBuilder getCustomProviderOrBuilder() Optional. Required if the action is CUSTOM. Allows delegating
authorization decisions to Cloud IAP or to Service Extensions. One of
cloudIap or authzExtension must be specified.
.google.cloud.networksecurity.v1.AuthzPolicy.CustomProvider custom_provider = 10 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
AuthzPolicy.CustomProviderOrBuilder |
|
getDescription()
public abstract String getDescription()Optional. A human-readable description of the resource.
string description = 4 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
String |
The description. |
getDescriptionBytes()
public abstract ByteString getDescriptionBytes()Optional. A human-readable description of the resource.
string description = 4 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
ByteString |
The bytes for description. |
getHttpRules(int index)
public abstract AuthzPolicy.AuthzRule getHttpRules(int index)Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
repeated .google.cloud.networksecurity.v1.AuthzPolicy.AuthzRule http_rules = 7 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
index |
int |
| Returns | |
|---|---|
| Type | Description |
AuthzPolicy.AuthzRule |
|
getHttpRulesCount()
public abstract int getHttpRulesCount()Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
repeated .google.cloud.networksecurity.v1.AuthzPolicy.AuthzRule http_rules = 7 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
int |
|
getHttpRulesList()
public abstract List<AuthzPolicy.AuthzRule> getHttpRulesList()Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
repeated .google.cloud.networksecurity.v1.AuthzPolicy.AuthzRule http_rules = 7 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
List<AuthzRule> |
|
getHttpRulesOrBuilder(int index)
public abstract AuthzPolicy.AuthzRuleOrBuilder getHttpRulesOrBuilder(int index)Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
repeated .google.cloud.networksecurity.v1.AuthzPolicy.AuthzRule http_rules = 7 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
index |
int |
| Returns | |
|---|---|
| Type | Description |
AuthzPolicy.AuthzRuleOrBuilder |
|
getHttpRulesOrBuilderList()
public abstract List<? extends AuthzPolicy.AuthzRuleOrBuilder> getHttpRulesOrBuilderList()Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
repeated .google.cloud.networksecurity.v1.AuthzPolicy.AuthzRule http_rules = 7 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
List<? extends com.google.cloud.networksecurity.v1.AuthzPolicy.AuthzRuleOrBuilder> |
|
getLabels() (deprecated)
public abstract Map<String,String> getLabels()Use #getLabelsMap() instead.
| Returns | |
|---|---|
| Type | Description |
Map<String,String> |
|
getLabelsCount()
public abstract int getLabelsCount() Optional. Set of labels associated with the AuthzPolicy resource.
The format must comply with the following requirements.
map<string, string> labels = 5 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
int |
|
getLabelsMap()
public abstract Map<String,String> getLabelsMap() Optional. Set of labels associated with the AuthzPolicy resource.
The format must comply with the following requirements.
map<string, string> labels = 5 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
Map<String,String> |
|
getLabelsOrDefault(String key, String defaultValue)
public abstract String getLabelsOrDefault(String key, String defaultValue) Optional. Set of labels associated with the AuthzPolicy resource.
The format must comply with the following requirements.
map<string, string> labels = 5 [(.google.api.field_behavior) = OPTIONAL];
| Parameters | |
|---|---|
| Name | Description |
key |
String |
defaultValue |
String |
| Returns | |
|---|---|
| Type | Description |
String |
|
getLabelsOrThrow(String key)
public abstract String getLabelsOrThrow(String key) Optional. Set of labels associated with the AuthzPolicy resource.
The format must comply with the following requirements.
map<string, string> labels = 5 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
key |
String |
| Returns | |
|---|---|
| Type | Description |
String |
|
getName()
public abstract String getName() Required. Identifier. Name of the AuthzPolicy resource in the following
format:
projects/{project}/locations/{location}/authzPolicies/{authz_policy}.
string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IDENTIFIER];
| Returns | |
|---|---|
| Type | Description |
String |
The name. |
getNameBytes()
public abstract ByteString getNameBytes() Required. Identifier. Name of the AuthzPolicy resource in the following
format:
projects/{project}/locations/{location}/authzPolicies/{authz_policy}.
string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IDENTIFIER];
| Returns | |
|---|---|
| Type | Description |
ByteString |
The bytes for name. |
getPolicyProfile()
public abstract AuthzPolicy.PolicyProfile getPolicyProfile() Optional. Immutable. Defines the type of authorization being performed.
If not specified, REQUEST_AUTHZ is applied. This field cannot be changed
once AuthzPolicy is created.
.google.cloud.networksecurity.v1.AuthzPolicy.PolicyProfile policy_profile = 11 [(.google.api.field_behavior) = OPTIONAL, (.google.api.field_behavior) = IMMUTABLE];
| Returns | |
|---|---|
| Type | Description |
AuthzPolicy.PolicyProfile |
The policyProfile. |
getPolicyProfileValue()
public abstract int getPolicyProfileValue() Optional. Immutable. Defines the type of authorization being performed.
If not specified, REQUEST_AUTHZ is applied. This field cannot be changed
once AuthzPolicy is created.
.google.cloud.networksecurity.v1.AuthzPolicy.PolicyProfile policy_profile = 11 [(.google.api.field_behavior) = OPTIONAL, (.google.api.field_behavior) = IMMUTABLE];
| Returns | |
|---|---|
| Type | Description |
int |
The enum numeric value on the wire for policyProfile. |
getTarget()
public abstract AuthzPolicy.Target getTarget()Required. Specifies the set of resources to which this policy should be applied to.
.google.cloud.networksecurity.v1.AuthzPolicy.Target target = 6 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
AuthzPolicy.Target |
The target. |
getTargetOrBuilder()
public abstract AuthzPolicy.TargetOrBuilder getTargetOrBuilder()Required. Specifies the set of resources to which this policy should be applied to.
.google.cloud.networksecurity.v1.AuthzPolicy.Target target = 6 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
AuthzPolicy.TargetOrBuilder |
|
getUpdateTime()
public abstract Timestamp getUpdateTime()Output only. The timestamp when the resource was updated.
.google.protobuf.Timestamp update_time = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Returns | |
|---|---|
| Type | Description |
Timestamp |
The updateTime. |
getUpdateTimeOrBuilder()
public abstract TimestampOrBuilder getUpdateTimeOrBuilder()Output only. The timestamp when the resource was updated.
.google.protobuf.Timestamp update_time = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Returns | |
|---|---|
| Type | Description |
TimestampOrBuilder |
|
hasCreateTime()
public abstract boolean hasCreateTime()Output only. The timestamp when the resource was created.
.google.protobuf.Timestamp create_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Returns | |
|---|---|
| Type | Description |
boolean |
Whether the createTime field is set. |
hasCustomProvider()
public abstract boolean hasCustomProvider() Optional. Required if the action is CUSTOM. Allows delegating
authorization decisions to Cloud IAP or to Service Extensions. One of
cloudIap or authzExtension must be specified.
.google.cloud.networksecurity.v1.AuthzPolicy.CustomProvider custom_provider = 10 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
boolean |
Whether the customProvider field is set. |
hasTarget()
public abstract boolean hasTarget()Required. Specifies the set of resources to which this policy should be applied to.
.google.cloud.networksecurity.v1.AuthzPolicy.Target target = 6 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
boolean |
Whether the target field is set. |
hasUpdateTime()
public abstract boolean hasUpdateTime()Output only. The timestamp when the resource was updated.
.google.protobuf.Timestamp update_time = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Returns | |
|---|---|
| Type | Description |
boolean |
Whether the updateTime field is set. |