Network Security V1 API - Class Google::Cloud::NetworkSecurity::V1::AuthzPolicy (v0.1.0)

Reference documentation and code samples for the Network Security V1 API class Google::Cloud::NetworkSecurity::V1::AuthzPolicy.

AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes.

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#action

def action() -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction
Returns
  • (::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction) —

    Required. Can be one of ALLOW, DENY, CUSTOM.

    When the action is CUSTOM, customProvider must be specified.

    When the action is ALLOW, only requests matching the policy will be allowed.

    When the action is DENY, only requests matching the policy will be denied.

    When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.

    2. If there are any DENY policies that match the request, the request is denied.

    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.

    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.

#action=

def action=(value) -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction
Parameter
  • value (::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction) —

    Required. Can be one of ALLOW, DENY, CUSTOM.

    When the action is CUSTOM, customProvider must be specified.

    When the action is ALLOW, only requests matching the policy will be allowed.

    When the action is DENY, only requests matching the policy will be denied.

    When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.

    2. If there are any DENY policies that match the request, the request is denied.

    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.

    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.

Returns
  • (::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction) —

    Required. Can be one of ALLOW, DENY, CUSTOM.

    When the action is CUSTOM, customProvider must be specified.

    When the action is ALLOW, only requests matching the policy will be allowed.

    When the action is DENY, only requests matching the policy will be denied.

    When a request arrives, the policies are evaluated in the following order:

    1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.

    2. If there are any DENY policies that match the request, the request is denied.

    3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.

    4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.

#create_time

def create_time() -> ::Google::Protobuf::Timestamp
Returns

#custom_provider

def custom_provider() -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::CustomProvider
Returns

#custom_provider=

def custom_provider=(value) -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::CustomProvider
Parameter
Returns

#description

def description() -> ::String
Returns
  • (::String) — Optional. A human-readable description of the resource.

#description=

def description=(value) -> ::String
Parameter
  • value (::String) — Optional. A human-readable description of the resource.
Returns
  • (::String) — Optional. A human-readable description of the resource.

#http_rules

def http_rules() -> ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>
Returns
  • (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.

#http_rules=

def http_rules=(value) -> ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>
Parameter
  • value (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
Returns
  • (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.

#labels

def labels() -> ::Google::Protobuf::Map{::String => ::String}
Returns
  • (::Google::Protobuf::Map{::String => ::String}) — Optional. Set of labels associated with the AuthzPolicy resource.

    The format must comply with the following requirements.

#labels=

def labels=(value) -> ::Google::Protobuf::Map{::String => ::String}
Parameter
  • value (::Google::Protobuf::Map{::String => ::String}) — Optional. Set of labels associated with the AuthzPolicy resource.

    The format must comply with the following requirements.

Returns
  • (::Google::Protobuf::Map{::String => ::String}) — Optional. Set of labels associated with the AuthzPolicy resource.

    The format must comply with the following requirements.

#name

def name() -> ::String
Returns
  • (::String) — Required. Identifier. Name of the AuthzPolicy resource in the following format: projects/{project}/locations/{location}/authzPolicies/{authz_policy}.

#name=

def name=(value) -> ::String
Parameter
  • value (::String) — Required. Identifier. Name of the AuthzPolicy resource in the following format: projects/{project}/locations/{location}/authzPolicies/{authz_policy}.
Returns
  • (::String) — Required. Identifier. Name of the AuthzPolicy resource in the following format: projects/{project}/locations/{location}/authzPolicies/{authz_policy}.

#network_rules

def network_rules() -> ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>
Returns
  • (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization network rules to match against the incoming request. A policy match occurs when at least one network rule matches the request. At least one network rule is required for Allow or Deny Action if no HTTP rules are provided. Network rules are mutually exclusive with HTTP rules. Limited to 5 rules.

#network_rules=

def network_rules=(value) -> ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>
Parameter
  • value (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization network rules to match against the incoming request. A policy match occurs when at least one network rule matches the request. At least one network rule is required for Allow or Deny Action if no HTTP rules are provided. Network rules are mutually exclusive with HTTP rules. Limited to 5 rules.
Returns
  • (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>) — Optional. A list of authorization network rules to match against the incoming request. A policy match occurs when at least one network rule matches the request. At least one network rule is required for Allow or Deny Action if no HTTP rules are provided. Network rules are mutually exclusive with HTTP rules. Limited to 5 rules.

#policy_profile

def policy_profile() -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::PolicyProfile
Returns

#policy_profile=

def policy_profile=(value) -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::PolicyProfile
Parameter
Returns

#target

def target() -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::Target
Returns

#target=

def target=(value) -> ::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::Target
Parameter
Returns

#update_time

def update_time() -> ::Google::Protobuf::Timestamp
Returns