Reference documentation and code samples for the Network Security V1 API class Google::Cloud::NetworkSecurity::V1::AuthzPolicy.
AuthzPolicy is a resource that allows to forward traffic to a
callout backend designed to scan the traffic for security purposes.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#action
def action() -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction-
(::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction) —
Required. Can be one of
ALLOW,DENY,CUSTOM.When the action is
CUSTOM,customProvidermust be specified.When the action is
ALLOW, only requests matching the policy will be allowed.When the action is
DENY, only requests matching the policy will be denied.When a request arrives, the policies are evaluated in the following order:
If there is a
CUSTOMpolicy that matches the request, theCUSTOMpolicy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.If there are any
DENYpolicies that match the request, the request is denied.If there are no
ALLOWpolicies for the resource or if any of theALLOWpolicies match the request, the request is allowed.Else the request is denied by default if none of the configured AuthzPolicies with
ALLOWaction match the request.
#action=
def action=(value) -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction-
value (::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction) —
Required. Can be one of
ALLOW,DENY,CUSTOM.When the action is
CUSTOM,customProvidermust be specified.When the action is
ALLOW, only requests matching the policy will be allowed.When the action is
DENY, only requests matching the policy will be denied.When a request arrives, the policies are evaluated in the following order:
If there is a
CUSTOMpolicy that matches the request, theCUSTOMpolicy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.If there are any
DENYpolicies that match the request, the request is denied.If there are no
ALLOWpolicies for the resource or if any of theALLOWpolicies match the request, the request is allowed.Else the request is denied by default if none of the configured AuthzPolicies with
ALLOWaction match the request.
-
(::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction) —
Required. Can be one of
ALLOW,DENY,CUSTOM.When the action is
CUSTOM,customProvidermust be specified.When the action is
ALLOW, only requests matching the policy will be allowed.When the action is
DENY, only requests matching the policy will be denied.When a request arrives, the policies are evaluated in the following order:
If there is a
CUSTOMpolicy that matches the request, theCUSTOMpolicy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.If there are any
DENYpolicies that match the request, the request is denied.If there are no
ALLOWpolicies for the resource or if any of theALLOWpolicies match the request, the request is allowed.Else the request is denied by default if none of the configured AuthzPolicies with
ALLOWaction match the request.
#create_time
def create_time() -> ::Google::Protobuf::Timestamp- (::Google::Protobuf::Timestamp) — Output only. The timestamp when the resource was created.
#custom_provider
def custom_provider() -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::CustomProvider-
(::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::CustomProvider) — Optional. Required if the action is
CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One ofcloudIaporauthzExtensionmust be specified.
#custom_provider=
def custom_provider=(value) -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::CustomProvider-
value (::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::CustomProvider) — Optional. Required if the action is
CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One ofcloudIaporauthzExtensionmust be specified.
-
(::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::CustomProvider) — Optional. Required if the action is
CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One ofcloudIaporauthzExtensionmust be specified.
#description
def description() -> ::String- (::String) — Optional. A human-readable description of the resource.
#description=
def description=(value) -> ::String- value (::String) — Optional. A human-readable description of the resource.
- (::String) — Optional. A human-readable description of the resource.
#http_rules
def http_rules() -> ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>- (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
#http_rules=
def http_rules=(value) -> ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>- value (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
- (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
#labels
def labels() -> ::Google::Protobuf::Map{::String => ::String}-
(::Google::Protobuf::Map{::String => ::String}) — Optional. Set of labels associated with the
AuthzPolicyresource.The format must comply with the following requirements.
#labels=
def labels=(value) -> ::Google::Protobuf::Map{::String => ::String}-
value (::Google::Protobuf::Map{::String => ::String}) — Optional. Set of labels associated with the
AuthzPolicyresource.The format must comply with the following requirements.
-
(::Google::Protobuf::Map{::String => ::String}) — Optional. Set of labels associated with the
AuthzPolicyresource.The format must comply with the following requirements.
#name
def name() -> ::String-
(::String) — Required. Identifier. Name of the
AuthzPolicyresource in the following format:projects/{project}/locations/{location}/authzPolicies/{authz_policy}.
#name=
def name=(value) -> ::String-
value (::String) — Required. Identifier. Name of the
AuthzPolicyresource in the following format:projects/{project}/locations/{location}/authzPolicies/{authz_policy}.
-
(::String) — Required. Identifier. Name of the
AuthzPolicyresource in the following format:projects/{project}/locations/{location}/authzPolicies/{authz_policy}.
#network_rules
def network_rules() -> ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>- (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization network rules to match against the incoming request. A policy match occurs when at least one network rule matches the request. At least one network rule is required for Allow or Deny Action if no HTTP rules are provided. Network rules are mutually exclusive with HTTP rules. Limited to 5 rules.
#network_rules=
def network_rules=(value) -> ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>- value (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization network rules to match against the incoming request. A policy match occurs when at least one network rule matches the request. At least one network rule is required for Allow or Deny Action if no HTTP rules are provided. Network rules are mutually exclusive with HTTP rules. Limited to 5 rules.
- (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization network rules to match against the incoming request. A policy match occurs when at least one network rule matches the request. At least one network rule is required for Allow or Deny Action if no HTTP rules are provided. Network rules are mutually exclusive with HTTP rules. Limited to 5 rules.
#policy_profile
def policy_profile() -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::PolicyProfile-
(::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::PolicyProfile) — Optional. Immutable. Defines the type of authorization being performed.
If not specified,
REQUEST_AUTHZis applied. This field cannot be changed once AuthzPolicy is created.
#policy_profile=
def policy_profile=(value) -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::PolicyProfile-
value (::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::PolicyProfile) — Optional. Immutable. Defines the type of authorization being performed.
If not specified,
REQUEST_AUTHZis applied. This field cannot be changed once AuthzPolicy is created.
-
(::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::PolicyProfile) — Optional. Immutable. Defines the type of authorization being performed.
If not specified,
REQUEST_AUTHZis applied. This field cannot be changed once AuthzPolicy is created.
#target
def target() -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::Target- (::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::Target) — Required. Specifies the set of resources to which this policy should be applied to.
#target=
def target=(value) -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::Target- value (::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::Target) — Required. Specifies the set of resources to which this policy should be applied to.
- (::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::Target) — Required. Specifies the set of resources to which this policy should be applied to.
#update_time
def update_time() -> ::Google::Protobuf::Timestamp- (::Google::Protobuf::Timestamp) — Output only. The timestamp when the resource was updated.