AuthzPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)AuthzPolicy is a resource that allows to forward traffic to a
callout backend designed to scan the traffic for security purposes.
Attributes |
|
|---|---|
| Name | Description |
name |
str
Required. Identifier. Name of the AuthzPolicy resource
in the following format:
projects/{project}/locations/{location}/authzPolicies/{authz_policy}.
|
create_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The timestamp when the resource was created. |
update_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The timestamp when the resource was updated. |
description |
str
Optional. A human-readable description of the resource. |
labels |
MutableMapping[str, str]
Optional. Set of labels associated with the AuthzPolicy
resource.
The format must comply with `the following
requirements `__.
|
target |
google.cloud.network_security_v1alpha1.types.AuthzPolicy.Target
Required. Specifies the set of resources to which this policy should be applied to. |
http_rules |
MutableSequence[google.cloud.network_security_v1alpha1.types.AuthzPolicy.AuthzRule]
Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules. |
action |
google.cloud.network_security_v1alpha1.types.AuthzPolicy.AuthzAction
Required. Can be one of ALLOW, DENY, CUSTOM.
When the action is CUSTOM, customProvider must be
specified.
When the action is ALLOW, only requests matching the
policy will be allowed.
When the action is DENY, only requests matching the
policy will be denied.
When a request arrives, the policies are evaluated in the
following order:
1. If there is a CUSTOM policy that matches the request,
the CUSTOM policy is evaluated using the custom
authorization providers and the request is denied if the
provider rejects the request.
2. If there are any DENY policies that match the
request, the request is denied.
3. If there are no ALLOW policies for the resource or if
any of the ALLOW policies match the request, the
request is allowed.
4. Else the request is denied by default if none of the
configured AuthzPolicies with ALLOW action match the
request.
|
custom_provider |
google.cloud.network_security_v1alpha1.types.AuthzPolicy.CustomProvider
Optional. Required if the action is CUSTOM. Allows
delegating authorization decisions to Cloud IAP or to
Service Extensions. One of cloudIap or
authzExtension must be specified.
|
Classes
AuthzAction
AuthzAction(value)The action to be applied to this policy. Valid values are ALLOW,
DENY, CUSTOM.
AuthzRule
AuthzRule(mapping=None, *, ignore_unknown_fields=False, **kwargs)Conditions to match against the incoming request.
CustomProvider
CustomProvider(mapping=None, *, ignore_unknown_fields=False, **kwargs)Allows delegating authorization decisions to Cloud IAP or to Service Extensions.
LabelsEntry
LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)The abstract base class for a message.
| Parameters | |
|---|---|
| Name | Description |
kwargs |
dict
Keys and values corresponding to the fields of the message. |
mapping |
Union[dict,
A dictionary or message to be used to determine the values for this message. |
ignore_unknown_fields |
Optional(bool)
If True, do not raise errors for unknown fields. Only applied if |
LoadBalancingScheme
LoadBalancingScheme(value)Load balancing schemes supported by the AuthzPolicy resource.
The valid values are INTERNAL_MANAGED and EXTERNAL_MANAGED.
For more information, refer to Backend services
overview <https://cloud.google.com/load-balancing/docs/backend-service>__.
Target
Target(mapping=None, *, ignore_unknown_fields=False, **kwargs)Specifies the set of targets to which this policy should be applied to.