google-apis-networksecurity_v1beta1 0.37.0 → 0.39.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/google/apis/networksecurity_v1beta1/classes.rb +2195 -710
- data/lib/google/apis/networksecurity_v1beta1/gem_version.rb +3 -3
- data/lib/google/apis/networksecurity_v1beta1/representations.rb +644 -0
- data/lib/google/apis/networksecurity_v1beta1/service.rb +2288 -209
- metadata +4 -4
@@ -194,88 +194,68 @@ module Google
|
|
194
194
|
end
|
195
195
|
end
|
196
196
|
|
197
|
-
#
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
def initialize(**args)
|
202
|
-
update!(**args)
|
203
|
-
end
|
204
|
-
|
205
|
-
# Update properties of this object
|
206
|
-
def update!(**args)
|
207
|
-
end
|
208
|
-
end
|
209
|
-
|
210
|
-
# Specification of a TLS certificate provider instance. Workloads may have one
|
211
|
-
# or more CertificateProvider instances (plugins) and one of them is enabled and
|
212
|
-
# configured by specifying this message. Workloads use the values from this
|
213
|
-
# message to locate and load the CertificateProvider instance configuration.
|
214
|
-
class CertificateProviderInstance
|
197
|
+
# `AuthzPolicy` is a resource that allows to forward traffic to a callout
|
198
|
+
# backend designed to scan the traffic for security purposes.
|
199
|
+
class AuthzPolicy
|
215
200
|
include Google::Apis::Core::Hashable
|
216
201
|
|
217
|
-
# Required.
|
218
|
-
#
|
219
|
-
#
|
220
|
-
#
|
202
|
+
# Required. Can be one of `ALLOW`, `DENY`, `CUSTOM`. When the action is `CUSTOM`,
|
203
|
+
# `customProvider` must be specified. When the action is `ALLOW`, only requests
|
204
|
+
# matching the policy will be allowed. When the action is `DENY`, only requests
|
205
|
+
# matching the policy will be denied. When a request arrives, the policies are
|
206
|
+
# evaluated in the following order: 1. If there is a `CUSTOM` policy that
|
207
|
+
# matches the request, the `CUSTOM` policy is evaluated using the custom
|
208
|
+
# authorization providers and the request is denied if the provider rejects the
|
209
|
+
# request. 2. If there are any `DENY` policies that match the request, the
|
210
|
+
# request is denied. 3. If there are no `ALLOW` policies for the resource or if
|
211
|
+
# any of the `ALLOW` policies match the request, the request is allowed. 4. Else
|
212
|
+
# the request is denied by default if none of the configured AuthzPolicies with `
|
213
|
+
# ALLOW` action match the request.
|
214
|
+
# Corresponds to the JSON property `action`
|
221
215
|
# @return [String]
|
222
|
-
attr_accessor :
|
223
|
-
|
224
|
-
def initialize(**args)
|
225
|
-
update!(**args)
|
226
|
-
end
|
227
|
-
|
228
|
-
# Update properties of this object
|
229
|
-
def update!(**args)
|
230
|
-
@plugin_instance = args[:plugin_instance] if args.key?(:plugin_instance)
|
231
|
-
end
|
232
|
-
end
|
233
|
-
|
234
|
-
# ClientTlsPolicy is a resource that specifies how a client should authenticate
|
235
|
-
# connections to backends of a service. This resource itself does not affect
|
236
|
-
# configuration unless it is attached to a backend service resource.
|
237
|
-
class ClientTlsPolicy
|
238
|
-
include Google::Apis::Core::Hashable
|
239
|
-
|
240
|
-
# Specification of certificate provider. Defines the mechanism to obtain the
|
241
|
-
# certificate and private key for peer to peer authentication.
|
242
|
-
# Corresponds to the JSON property `clientCertificate`
|
243
|
-
# @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1CertificateProvider]
|
244
|
-
attr_accessor :client_certificate
|
216
|
+
attr_accessor :action
|
245
217
|
|
246
218
|
# Output only. The timestamp when the resource was created.
|
247
219
|
# Corresponds to the JSON property `createTime`
|
248
220
|
# @return [String]
|
249
221
|
attr_accessor :create_time
|
250
222
|
|
251
|
-
#
|
223
|
+
# Allows delegating authorization decisions to Cloud IAP or to Service
|
224
|
+
# Extensions.
|
225
|
+
# Corresponds to the JSON property `customProvider`
|
226
|
+
# @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProvider]
|
227
|
+
attr_accessor :custom_provider
|
228
|
+
|
229
|
+
# Optional. A human-readable description of the resource.
|
252
230
|
# Corresponds to the JSON property `description`
|
253
231
|
# @return [String]
|
254
232
|
attr_accessor :description
|
255
233
|
|
256
|
-
# Optional.
|
234
|
+
# Optional. A list of authorization HTTP rules to match against the incoming
|
235
|
+
# request. A policy match occurs when at least one HTTP rule matches the request
|
236
|
+
# or when no HTTP rules are specified in the policy. At least one HTTP Rule is
|
237
|
+
# required for Allow or Deny Action. Limited to 5 rules.
|
238
|
+
# Corresponds to the JSON property `httpRules`
|
239
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRule>]
|
240
|
+
attr_accessor :http_rules
|
241
|
+
|
242
|
+
# Optional. Set of labels associated with the `AuthzPolicy` resource. The format
|
243
|
+
# must comply with [the following requirements](/compute/docs/labeling-resources#
|
244
|
+
# requirements).
|
257
245
|
# Corresponds to the JSON property `labels`
|
258
246
|
# @return [Hash<String,String>]
|
259
247
|
attr_accessor :labels
|
260
248
|
|
261
|
-
# Required. Name of the
|
262
|
-
# projects
|
249
|
+
# Required. Identifier. Name of the `AuthzPolicy` resource in the following
|
250
|
+
# format: `projects/`project`/locations/`location`/authzPolicies/`authz_policy``.
|
263
251
|
# Corresponds to the JSON property `name`
|
264
252
|
# @return [String]
|
265
253
|
attr_accessor :name
|
266
254
|
|
267
|
-
#
|
268
|
-
#
|
269
|
-
#
|
270
|
-
|
271
|
-
# @return [Array<Google::Apis::NetworksecurityV1beta1::ValidationCa>]
|
272
|
-
attr_accessor :server_validation_ca
|
273
|
-
|
274
|
-
# Optional. Server Name Indication string to present to the server during TLS
|
275
|
-
# handshake. E.g: "secure.example.com".
|
276
|
-
# Corresponds to the JSON property `sni`
|
277
|
-
# @return [String]
|
278
|
-
attr_accessor :sni
|
255
|
+
# Specifies the set of targets to which this policy should be applied to.
|
256
|
+
# Corresponds to the JSON property `target`
|
257
|
+
# @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyTarget]
|
258
|
+
attr_accessor :target
|
279
259
|
|
280
260
|
# Output only. The timestamp when the resource was updated.
|
281
261
|
# Corresponds to the JSON property `updateTime`
|
@@ -288,39 +268,38 @@ module Google
|
|
288
268
|
|
289
269
|
# Update properties of this object
|
290
270
|
def update!(**args)
|
291
|
-
@
|
271
|
+
@action = args[:action] if args.key?(:action)
|
292
272
|
@create_time = args[:create_time] if args.key?(:create_time)
|
273
|
+
@custom_provider = args[:custom_provider] if args.key?(:custom_provider)
|
293
274
|
@description = args[:description] if args.key?(:description)
|
275
|
+
@http_rules = args[:http_rules] if args.key?(:http_rules)
|
294
276
|
@labels = args[:labels] if args.key?(:labels)
|
295
277
|
@name = args[:name] if args.key?(:name)
|
296
|
-
@
|
297
|
-
@sni = args[:sni] if args.key?(:sni)
|
278
|
+
@target = args[:target] if args.key?(:target)
|
298
279
|
@update_time = args[:update_time] if args.key?(:update_time)
|
299
280
|
end
|
300
281
|
end
|
301
282
|
|
302
|
-
#
|
303
|
-
class
|
283
|
+
# Conditions to match against the incoming request.
|
284
|
+
class AuthzPolicyAuthzRule
|
304
285
|
include Google::Apis::Core::Hashable
|
305
286
|
|
306
|
-
#
|
307
|
-
#
|
308
|
-
#
|
309
|
-
|
310
|
-
# situation where you make an initial request and the request times out. If you
|
311
|
-
# make the request again with the same request ID, the server can check if
|
312
|
-
# original operation with the same request ID was received, and if so, will
|
313
|
-
# ignore the second request. This prevents clients from accidentally creating
|
314
|
-
# duplicate commitments. The request ID must be a valid UUID with the exception
|
315
|
-
# that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
|
316
|
-
# Corresponds to the JSON property `requestId`
|
317
|
-
# @return [String]
|
318
|
-
attr_accessor :request_id
|
287
|
+
# Describes properties of one or more sources of a request.
|
288
|
+
# Corresponds to the JSON property `from`
|
289
|
+
# @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFrom]
|
290
|
+
attr_accessor :from
|
319
291
|
|
320
|
-
#
|
321
|
-
# Corresponds to the JSON property `
|
292
|
+
# Describes properties of one or more targets of a request.
|
293
|
+
# Corresponds to the JSON property `to`
|
294
|
+
# @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleTo]
|
295
|
+
attr_accessor :to
|
296
|
+
|
297
|
+
# Optional. CEL expression that describes the conditions to be satisfied for the
|
298
|
+
# action. The result of the CEL expression is ANDed with the from and to. Refer
|
299
|
+
# to the CEL language reference for a list of available attributes.
|
300
|
+
# Corresponds to the JSON property `when`
|
322
301
|
# @return [String]
|
323
|
-
attr_accessor :
|
302
|
+
attr_accessor :when
|
324
303
|
|
325
304
|
def initialize(**args)
|
326
305
|
update!(**args)
|
@@ -328,38 +307,32 @@ module Google
|
|
328
307
|
|
329
308
|
# Update properties of this object
|
330
309
|
def update!(**args)
|
331
|
-
@
|
332
|
-
@
|
310
|
+
@from = args[:from] if args.key?(:from)
|
311
|
+
@to = args[:to] if args.key?(:to)
|
312
|
+
@when = args[:when] if args.key?(:when)
|
333
313
|
end
|
334
314
|
end
|
335
315
|
|
336
|
-
#
|
337
|
-
class
|
316
|
+
# Describes properties of one or more sources of a request.
|
317
|
+
class AuthzPolicyAuthzRuleFrom
|
338
318
|
include Google::Apis::Core::Hashable
|
339
319
|
|
340
|
-
#
|
341
|
-
#
|
342
|
-
#
|
343
|
-
#
|
344
|
-
#
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
#
|
349
|
-
#
|
350
|
-
#
|
351
|
-
|
352
|
-
|
353
|
-
#
|
354
|
-
#
|
355
|
-
|
356
|
-
# @return [Array<String>]
|
357
|
-
attr_accessor :methods_prop
|
358
|
-
|
359
|
-
# Required. List of destination ports to match. At least one port should match.
|
360
|
-
# Corresponds to the JSON property `ports`
|
361
|
-
# @return [Array<Fixnum>]
|
362
|
-
attr_accessor :ports
|
320
|
+
# Optional. Describes the negated properties of request sources. Matches
|
321
|
+
# requests from sources that do not match the criteria specified in this field.
|
322
|
+
# At least one of sources or notSources must be specified.
|
323
|
+
# Corresponds to the JSON property `notSources`
|
324
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFromRequestSource>]
|
325
|
+
attr_accessor :not_sources
|
326
|
+
|
327
|
+
# Optional. Describes the properties of a request's sources. At least one of
|
328
|
+
# sources or notSources must be specified. Limited to 1 source. A match occurs
|
329
|
+
# when ANY source (in sources or notSources) matches the request. Within a
|
330
|
+
# single source, the match follows AND semantics across fields and OR semantics
|
331
|
+
# within a single field, i.e. a match occurs when ANY principal matches AND ANY
|
332
|
+
# ipBlocks match.
|
333
|
+
# Corresponds to the JSON property `sources`
|
334
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFromRequestSource>]
|
335
|
+
attr_accessor :sources
|
363
336
|
|
364
337
|
def initialize(**args)
|
365
338
|
update!(**args)
|
@@ -367,69 +340,83 @@ module Google
|
|
367
340
|
|
368
341
|
# Update properties of this object
|
369
342
|
def update!(**args)
|
370
|
-
@
|
371
|
-
@
|
372
|
-
@methods_prop = args[:methods_prop] if args.key?(:methods_prop)
|
373
|
-
@ports = args[:ports] if args.key?(:ports)
|
343
|
+
@not_sources = args[:not_sources] if args.key?(:not_sources)
|
344
|
+
@sources = args[:sources] if args.key?(:sources)
|
374
345
|
end
|
375
346
|
end
|
376
347
|
|
377
|
-
#
|
378
|
-
|
379
|
-
# response type of an API method. For instance: service Foo ` rpc Bar(google.
|
380
|
-
# protobuf.Empty) returns (google.protobuf.Empty); `
|
381
|
-
class Empty
|
348
|
+
# Describes the properties of a single source.
|
349
|
+
class AuthzPolicyAuthzRuleFromRequestSource
|
382
350
|
include Google::Apis::Core::Hashable
|
383
351
|
|
352
|
+
# Optional. A list of identities derived from the client's certificate. This
|
353
|
+
# field will not match on a request unless mutual TLS is enabled for the
|
354
|
+
# Forwarding rule or Gateway. Each identity is a string whose value is matched
|
355
|
+
# against the URI SAN, or DNS SAN or the subject field in the client's
|
356
|
+
# certificate. The match can be exact, prefix, suffix or a substring match. One
|
357
|
+
# of exact, prefix, suffix or contains must be specified. Limited to 5
|
358
|
+
# principals.
|
359
|
+
# Corresponds to the JSON property `principals`
|
360
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
|
361
|
+
attr_accessor :principals
|
362
|
+
|
363
|
+
# Optional. A list of resources to match against the resource of the source VM
|
364
|
+
# of a request. Limited to 5 resources.
|
365
|
+
# Corresponds to the JSON property `resources`
|
366
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleRequestResource>]
|
367
|
+
attr_accessor :resources
|
368
|
+
|
384
369
|
def initialize(**args)
|
385
370
|
update!(**args)
|
386
371
|
end
|
387
372
|
|
388
373
|
# Update properties of this object
|
389
374
|
def update!(**args)
|
375
|
+
@principals = args[:principals] if args.key?(:principals)
|
376
|
+
@resources = args[:resources] if args.key?(:resources)
|
390
377
|
end
|
391
378
|
end
|
392
379
|
|
393
|
-
#
|
394
|
-
|
395
|
-
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
396
|
-
# "Summary size limit" description: "Determines if a summary is less than 100
|
397
|
-
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
398
|
-
# Requestor is owner" description: "Determines if requestor is the document
|
399
|
-
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
400
|
-
# Logic): title: "Public documents" description: "Determine whether the document
|
401
|
-
# should be publicly visible" expression: "document.type != 'private' &&
|
402
|
-
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
403
|
-
# string" description: "Create a notification string with a timestamp."
|
404
|
-
# expression: "'New message received at ' + string(document.create_time)" The
|
405
|
-
# exact variables and functions that may be referenced within an expression are
|
406
|
-
# determined by the service that evaluates it. See the service documentation for
|
407
|
-
# additional information.
|
408
|
-
class Expr
|
380
|
+
# Determines how a HTTP header should be matched.
|
381
|
+
class AuthzPolicyAuthzRuleHeaderMatch
|
409
382
|
include Google::Apis::Core::Hashable
|
410
383
|
|
411
|
-
# Optional.
|
412
|
-
#
|
413
|
-
# Corresponds to the JSON property `description`
|
384
|
+
# Optional. Specifies the name of the header in the request.
|
385
|
+
# Corresponds to the JSON property `name`
|
414
386
|
# @return [String]
|
415
|
-
attr_accessor :
|
387
|
+
attr_accessor :name
|
416
388
|
|
417
|
-
#
|
418
|
-
# Corresponds to the JSON property `
|
419
|
-
# @return [
|
420
|
-
attr_accessor :
|
389
|
+
# Determines how a string value should be matched.
|
390
|
+
# Corresponds to the JSON property `value`
|
391
|
+
# @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch]
|
392
|
+
attr_accessor :value
|
421
393
|
|
422
|
-
|
423
|
-
|
424
|
-
|
425
|
-
# @return [String]
|
426
|
-
attr_accessor :location
|
394
|
+
def initialize(**args)
|
395
|
+
update!(**args)
|
396
|
+
end
|
427
397
|
|
428
|
-
#
|
429
|
-
|
430
|
-
|
431
|
-
|
432
|
-
|
398
|
+
# Update properties of this object
|
399
|
+
def update!(**args)
|
400
|
+
@name = args[:name] if args.key?(:name)
|
401
|
+
@value = args[:value] if args.key?(:value)
|
402
|
+
end
|
403
|
+
end
|
404
|
+
|
405
|
+
# Describes the properties of a client VM resource accessing the internal
|
406
|
+
# application load balancers.
|
407
|
+
class AuthzPolicyAuthzRuleRequestResource
|
408
|
+
include Google::Apis::Core::Hashable
|
409
|
+
|
410
|
+
# Determines how a string value should be matched.
|
411
|
+
# Corresponds to the JSON property `iamServiceAccount`
|
412
|
+
# @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch]
|
413
|
+
attr_accessor :iam_service_account
|
414
|
+
|
415
|
+
# Describes a set of resource tag value permanent IDs to match against the
|
416
|
+
# resource manager tags value associated with the source VM of a request.
|
417
|
+
# Corresponds to the JSON property `tagValueIdSet`
|
418
|
+
# @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleRequestResourceTagValueIdSet]
|
419
|
+
attr_accessor :tag_value_id_set
|
433
420
|
|
434
421
|
def initialize(**args)
|
435
422
|
update!(**args)
|
@@ -437,73 +424,72 @@ module Google
|
|
437
424
|
|
438
425
|
# Update properties of this object
|
439
426
|
def update!(**args)
|
440
|
-
@
|
441
|
-
@
|
442
|
-
@location = args[:location] if args.key?(:location)
|
443
|
-
@title = args[:title] if args.key?(:title)
|
427
|
+
@iam_service_account = args[:iam_service_account] if args.key?(:iam_service_account)
|
428
|
+
@tag_value_id_set = args[:tag_value_id_set] if args.key?(:tag_value_id_set)
|
444
429
|
end
|
445
430
|
end
|
446
431
|
|
447
|
-
#
|
448
|
-
|
432
|
+
# Describes a set of resource tag value permanent IDs to match against the
|
433
|
+
# resource manager tags value associated with the source VM of a request.
|
434
|
+
class AuthzPolicyAuthzRuleRequestResourceTagValueIdSet
|
449
435
|
include Google::Apis::Core::Hashable
|
450
436
|
|
451
|
-
#
|
452
|
-
#
|
453
|
-
#
|
454
|
-
#
|
455
|
-
# Corresponds to the JSON property `
|
456
|
-
# @return [Array<
|
457
|
-
attr_accessor :
|
437
|
+
# Required. A list of resource tag value permanent IDs to match against the
|
438
|
+
# resource manager tags value associated with the source VM of a request. The
|
439
|
+
# match follows AND semantics which means all the ids must match. Limited to 5
|
440
|
+
# matches.
|
441
|
+
# Corresponds to the JSON property `ids`
|
442
|
+
# @return [Array<Fixnum>]
|
443
|
+
attr_accessor :ids
|
458
444
|
|
459
|
-
|
460
|
-
|
461
|
-
|
462
|
-
# Corresponds to the JSON property `associations`
|
463
|
-
# @return [Array<Google::Apis::NetworksecurityV1beta1::FirewallEndpointAssociationReference>]
|
464
|
-
attr_accessor :associations
|
445
|
+
def initialize(**args)
|
446
|
+
update!(**args)
|
447
|
+
end
|
465
448
|
|
466
|
-
#
|
467
|
-
|
468
|
-
|
469
|
-
|
449
|
+
# Update properties of this object
|
450
|
+
def update!(**args)
|
451
|
+
@ids = args[:ids] if args.key?(:ids)
|
452
|
+
end
|
453
|
+
end
|
470
454
|
|
471
|
-
|
472
|
-
|
473
|
-
|
474
|
-
attr_accessor :create_time
|
455
|
+
# Determines how a string value should be matched.
|
456
|
+
class AuthzPolicyAuthzRuleStringMatch
|
457
|
+
include Google::Apis::Core::Hashable
|
475
458
|
|
476
|
-
#
|
477
|
-
#
|
459
|
+
# The input string must have the substring specified here. Note: empty contains
|
460
|
+
# match is not allowed, please use regex instead. Examples: * ``abc`` matches
|
461
|
+
# the value ``xyz.abc.def``
|
462
|
+
# Corresponds to the JSON property `contains`
|
478
463
|
# @return [String]
|
479
|
-
attr_accessor :
|
480
|
-
|
481
|
-
# Optional. Labels as key value pairs
|
482
|
-
# Corresponds to the JSON property `labels`
|
483
|
-
# @return [Hash<String,String>]
|
484
|
-
attr_accessor :labels
|
464
|
+
attr_accessor :contains
|
485
465
|
|
486
|
-
#
|
487
|
-
#
|
466
|
+
# The input string must match exactly the string specified here. Examples: * ``
|
467
|
+
# abc`` only matches the value ``abc``.
|
468
|
+
# Corresponds to the JSON property `exact`
|
488
469
|
# @return [String]
|
489
|
-
attr_accessor :
|
470
|
+
attr_accessor :exact
|
490
471
|
|
491
|
-
#
|
492
|
-
#
|
493
|
-
#
|
472
|
+
# If true, indicates the exact/prefix/suffix/contains matching should be case
|
473
|
+
# insensitive. For example, the matcher ``data`` will match both input string ``
|
474
|
+
# Data`` and ``data`` if set to true.
|
475
|
+
# Corresponds to the JSON property `ignoreCase`
|
494
476
|
# @return [Boolean]
|
495
|
-
attr_accessor :
|
496
|
-
alias_method :
|
477
|
+
attr_accessor :ignore_case
|
478
|
+
alias_method :ignore_case?, :ignore_case
|
497
479
|
|
498
|
-
#
|
499
|
-
#
|
480
|
+
# The input string must have the prefix specified here. Note: empty prefix is
|
481
|
+
# not allowed, please use regex instead. Examples: * ``abc`` matches the value ``
|
482
|
+
# abc.xyz``
|
483
|
+
# Corresponds to the JSON property `prefix`
|
500
484
|
# @return [String]
|
501
|
-
attr_accessor :
|
485
|
+
attr_accessor :prefix
|
502
486
|
|
503
|
-
#
|
504
|
-
#
|
487
|
+
# The input string must have the suffix specified here. Note: empty prefix is
|
488
|
+
# not allowed, please use regex instead. Examples: * ``abc`` matches the value ``
|
489
|
+
# xyz.abc``
|
490
|
+
# Corresponds to the JSON property `suffix`
|
505
491
|
# @return [String]
|
506
|
-
attr_accessor :
|
492
|
+
attr_accessor :suffix
|
507
493
|
|
508
494
|
def initialize(**args)
|
509
495
|
update!(**args)
|
@@ -511,76 +497,77 @@ module Google
|
|
511
497
|
|
512
498
|
# Update properties of this object
|
513
499
|
def update!(**args)
|
514
|
-
@
|
515
|
-
@
|
516
|
-
@
|
517
|
-
@
|
518
|
-
@
|
519
|
-
@labels = args[:labels] if args.key?(:labels)
|
520
|
-
@name = args[:name] if args.key?(:name)
|
521
|
-
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
522
|
-
@state = args[:state] if args.key?(:state)
|
523
|
-
@update_time = args[:update_time] if args.key?(:update_time)
|
500
|
+
@contains = args[:contains] if args.key?(:contains)
|
501
|
+
@exact = args[:exact] if args.key?(:exact)
|
502
|
+
@ignore_case = args[:ignore_case] if args.key?(:ignore_case)
|
503
|
+
@prefix = args[:prefix] if args.key?(:prefix)
|
504
|
+
@suffix = args[:suffix] if args.key?(:suffix)
|
524
505
|
end
|
525
506
|
end
|
526
507
|
|
527
|
-
#
|
528
|
-
class
|
508
|
+
# Describes properties of one or more targets of a request.
|
509
|
+
class AuthzPolicyAuthzRuleTo
|
529
510
|
include Google::Apis::Core::Hashable
|
530
511
|
|
531
|
-
#
|
532
|
-
#
|
533
|
-
#
|
534
|
-
|
535
|
-
|
536
|
-
|
537
|
-
|
538
|
-
#
|
539
|
-
#
|
540
|
-
|
541
|
-
|
542
|
-
|
543
|
-
#
|
544
|
-
# Corresponds to the JSON property `
|
545
|
-
# @return [
|
546
|
-
attr_accessor :
|
512
|
+
# Optional. Describes the negated properties of the targets of a request.
|
513
|
+
# Matches requests for operations that do not match the criteria specified in
|
514
|
+
# this field. At least one of operations or notOperations must be specified.
|
515
|
+
# Corresponds to the JSON property `notOperations`
|
516
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperation>]
|
517
|
+
attr_accessor :not_operations
|
518
|
+
|
519
|
+
# Optional. Describes properties of one or more targets of a request. At least
|
520
|
+
# one of operations or notOperations must be specified. Limited to 1 operation.
|
521
|
+
# A match occurs when ANY operation (in operations or notOperations) matches.
|
522
|
+
# Within an operation, the match follows AND semantics across fields and OR
|
523
|
+
# semantics within a field, i.e. a match occurs when ANY path matches AND ANY
|
524
|
+
# header matches and ANY method matches.
|
525
|
+
# Corresponds to the JSON property `operations`
|
526
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperation>]
|
527
|
+
attr_accessor :operations
|
547
528
|
|
548
|
-
|
549
|
-
|
550
|
-
|
551
|
-
attr_accessor :labels
|
529
|
+
def initialize(**args)
|
530
|
+
update!(**args)
|
531
|
+
end
|
552
532
|
|
553
|
-
#
|
554
|
-
|
555
|
-
|
556
|
-
|
533
|
+
# Update properties of this object
|
534
|
+
def update!(**args)
|
535
|
+
@not_operations = args[:not_operations] if args.key?(:not_operations)
|
536
|
+
@operations = args[:operations] if args.key?(:operations)
|
537
|
+
end
|
538
|
+
end
|
557
539
|
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
attr_accessor :network
|
540
|
+
# Describes properties of one or more targets of a request.
|
541
|
+
class AuthzPolicyAuthzRuleToRequestOperation
|
542
|
+
include Google::Apis::Core::Hashable
|
562
543
|
|
563
|
-
#
|
564
|
-
#
|
565
|
-
#
|
566
|
-
|
567
|
-
attr_accessor :reconciling
|
568
|
-
alias_method :reconciling?, :reconciling
|
544
|
+
# Describes a set of HTTP headers to match against.
|
545
|
+
# Corresponds to the JSON property `headerSet`
|
546
|
+
# @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperationHeaderSet]
|
547
|
+
attr_accessor :header_set
|
569
548
|
|
570
|
-
#
|
571
|
-
#
|
572
|
-
#
|
573
|
-
|
549
|
+
# Optional. A list of HTTP Hosts to match against. The match can be one of exact,
|
550
|
+
# prefix, suffix, or contains (substring match). Matches are always case
|
551
|
+
# sensitive unless the ignoreCase is set. Limited to 5 matches.
|
552
|
+
# Corresponds to the JSON property `hosts`
|
553
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
|
554
|
+
attr_accessor :hosts
|
574
555
|
|
575
|
-
# Optional.
|
576
|
-
#
|
577
|
-
#
|
578
|
-
|
556
|
+
# Optional. A list of HTTP methods to match against. Each entry must be a valid
|
557
|
+
# HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only
|
558
|
+
# allows exact match and is always case sensitive.
|
559
|
+
# Corresponds to the JSON property `methods`
|
560
|
+
# @return [Array<String>]
|
561
|
+
attr_accessor :methods_prop
|
579
562
|
|
580
|
-
#
|
581
|
-
#
|
582
|
-
#
|
583
|
-
|
563
|
+
# Optional. A list of paths to match against. The match can be one of exact,
|
564
|
+
# prefix, suffix, or contains (substring match). Matches are always case
|
565
|
+
# sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this
|
566
|
+
# path match includes the query parameters. For gRPC services, this should be a
|
567
|
+
# fully-qualified name of the form /package.service/method.
|
568
|
+
# Corresponds to the JSON property `paths`
|
569
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
|
570
|
+
attr_accessor :paths
|
584
571
|
|
585
572
|
def initialize(**args)
|
586
573
|
update!(**args)
|
@@ -588,35 +575,24 @@ module Google
|
|
588
575
|
|
589
576
|
# Update properties of this object
|
590
577
|
def update!(**args)
|
591
|
-
@
|
592
|
-
@
|
593
|
-
@
|
594
|
-
@
|
595
|
-
@name = args[:name] if args.key?(:name)
|
596
|
-
@network = args[:network] if args.key?(:network)
|
597
|
-
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
598
|
-
@state = args[:state] if args.key?(:state)
|
599
|
-
@tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
|
600
|
-
@update_time = args[:update_time] if args.key?(:update_time)
|
578
|
+
@header_set = args[:header_set] if args.key?(:header_set)
|
579
|
+
@hosts = args[:hosts] if args.key?(:hosts)
|
580
|
+
@methods_prop = args[:methods_prop] if args.key?(:methods_prop)
|
581
|
+
@paths = args[:paths] if args.key?(:paths)
|
601
582
|
end
|
602
583
|
end
|
603
584
|
|
604
|
-
#
|
605
|
-
|
606
|
-
class FirewallEndpointAssociationReference
|
585
|
+
# Describes a set of HTTP headers to match against.
|
586
|
+
class AuthzPolicyAuthzRuleToRequestOperationHeaderSet
|
607
587
|
include Google::Apis::Core::Hashable
|
608
588
|
|
609
|
-
#
|
610
|
-
#
|
611
|
-
#
|
612
|
-
#
|
613
|
-
|
614
|
-
|
615
|
-
|
616
|
-
# networks/`name`.
|
617
|
-
# Corresponds to the JSON property `network`
|
618
|
-
# @return [String]
|
619
|
-
attr_accessor :network
|
589
|
+
# Required. A list of headers to match against in http header. The match can be
|
590
|
+
# one of exact, prefix, suffix, or contains (substring match). The match follows
|
591
|
+
# AND semantics which means all the headers must match. Matches are always case
|
592
|
+
# sensitive unless the ignoreCase is set. Limited to 5 matches.
|
593
|
+
# Corresponds to the JSON property `headers`
|
594
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleHeaderMatch>]
|
595
|
+
attr_accessor :headers
|
620
596
|
|
621
597
|
def initialize(**args)
|
622
598
|
update!(**args)
|
@@ -624,44 +600,29 @@ module Google
|
|
624
600
|
|
625
601
|
# Update properties of this object
|
626
602
|
def update!(**args)
|
627
|
-
@
|
628
|
-
@network = args[:network] if args.key?(:network)
|
603
|
+
@headers = args[:headers] if args.key?(:headers)
|
629
604
|
end
|
630
605
|
end
|
631
606
|
|
632
|
-
#
|
633
|
-
#
|
634
|
-
class
|
607
|
+
# Allows delegating authorization decisions to Cloud IAP or to Service
|
608
|
+
# Extensions.
|
609
|
+
class AuthzPolicyCustomProvider
|
635
610
|
include Google::Apis::Core::Hashable
|
636
611
|
|
637
|
-
#
|
638
|
-
#
|
639
|
-
#
|
640
|
-
|
641
|
-
|
642
|
-
|
643
|
-
#
|
644
|
-
#
|
645
|
-
|
646
|
-
|
647
|
-
#
|
648
|
-
#
|
649
|
-
#
|
650
|
-
|
651
|
-
# Corresponds to the JSON property `name`
|
652
|
-
# @return [String]
|
653
|
-
attr_accessor :name
|
654
|
-
|
655
|
-
# Optional. Name of a TLS Inspection Policy resource that defines how TLS
|
656
|
-
# inspection will be performed for any rule(s) which enables it.
|
657
|
-
# Corresponds to the JSON property `tlsInspectionPolicy`
|
658
|
-
# @return [String]
|
659
|
-
attr_accessor :tls_inspection_policy
|
660
|
-
|
661
|
-
# Output only. The timestamp when the resource was updated.
|
662
|
-
# Corresponds to the JSON property `updateTime`
|
663
|
-
# @return [String]
|
664
|
-
attr_accessor :update_time
|
612
|
+
# Optional. Delegate authorization decision to user authored extension. Only one
|
613
|
+
# of cloudIap or authzExtension can be specified.
|
614
|
+
# Corresponds to the JSON property `authzExtension`
|
615
|
+
# @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProviderAuthzExtension]
|
616
|
+
attr_accessor :authz_extension
|
617
|
+
|
618
|
+
# Optional. Delegates authorization decisions to Cloud IAP. Applicable only for
|
619
|
+
# managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not
|
620
|
+
# compatible with Cloud IAP settings in the BackendService. Enabling IAP in both
|
621
|
+
# places will result in request failure. Ensure that IAP is enabled in either
|
622
|
+
# the AuthzPolicy or the BackendService but not in both places.
|
623
|
+
# Corresponds to the JSON property `cloudIap`
|
624
|
+
# @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProviderCloudIap]
|
625
|
+
attr_accessor :cloud_iap
|
665
626
|
|
666
627
|
def initialize(**args)
|
667
628
|
update!(**args)
|
@@ -669,75 +630,21 @@ module Google
|
|
669
630
|
|
670
631
|
# Update properties of this object
|
671
632
|
def update!(**args)
|
672
|
-
@
|
673
|
-
@
|
674
|
-
@name = args[:name] if args.key?(:name)
|
675
|
-
@tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
|
676
|
-
@update_time = args[:update_time] if args.key?(:update_time)
|
633
|
+
@authz_extension = args[:authz_extension] if args.key?(:authz_extension)
|
634
|
+
@cloud_iap = args[:cloud_iap] if args.key?(:cloud_iap)
|
677
635
|
end
|
678
636
|
end
|
679
637
|
|
680
|
-
#
|
681
|
-
#
|
682
|
-
|
683
|
-
class GatewaySecurityPolicyRule
|
638
|
+
# Optional. Delegate authorization decision to user authored extension. Only one
|
639
|
+
# of cloudIap or authzExtension can be specified.
|
640
|
+
class AuthzPolicyCustomProviderAuthzExtension
|
684
641
|
include Google::Apis::Core::Hashable
|
685
642
|
|
686
|
-
#
|
687
|
-
#
|
688
|
-
#
|
689
|
-
|
690
|
-
|
691
|
-
# Required. Profile which tells what the primitive action should be.
|
692
|
-
# Corresponds to the JSON property `basicProfile`
|
693
|
-
# @return [String]
|
694
|
-
attr_accessor :basic_profile
|
695
|
-
|
696
|
-
# Output only. Time when the rule was created.
|
697
|
-
# Corresponds to the JSON property `createTime`
|
698
|
-
# @return [String]
|
699
|
-
attr_accessor :create_time
|
700
|
-
|
701
|
-
# Optional. Free-text description of the resource.
|
702
|
-
# Corresponds to the JSON property `description`
|
703
|
-
# @return [String]
|
704
|
-
attr_accessor :description
|
705
|
-
|
706
|
-
# Required. Whether the rule is enforced.
|
707
|
-
# Corresponds to the JSON property `enabled`
|
708
|
-
# @return [Boolean]
|
709
|
-
attr_accessor :enabled
|
710
|
-
alias_method :enabled?, :enabled
|
711
|
-
|
712
|
-
# Required. Immutable. Name of the resource. ame is the full resource name so
|
713
|
-
# projects/`project`/locations/`location`/gatewaySecurityPolicies/`
|
714
|
-
# gateway_security_policy`/rules/`rule` rule should match the pattern: (^[a-z]([
|
715
|
-
# a-z0-9-]`0,61`[a-z0-9])?$).
|
716
|
-
# Corresponds to the JSON property `name`
|
717
|
-
# @return [String]
|
718
|
-
attr_accessor :name
|
719
|
-
|
720
|
-
# Required. Priority of the rule. Lower number corresponds to higher precedence.
|
721
|
-
# Corresponds to the JSON property `priority`
|
722
|
-
# @return [Fixnum]
|
723
|
-
attr_accessor :priority
|
724
|
-
|
725
|
-
# Required. CEL expression for matching on session criteria.
|
726
|
-
# Corresponds to the JSON property `sessionMatcher`
|
727
|
-
# @return [String]
|
728
|
-
attr_accessor :session_matcher
|
729
|
-
|
730
|
-
# Optional. Flag to enable TLS inspection of traffic matching on , can only be
|
731
|
-
# true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
|
732
|
-
# Corresponds to the JSON property `tlsInspectionEnabled`
|
733
|
-
# @return [Boolean]
|
734
|
-
attr_accessor :tls_inspection_enabled
|
735
|
-
alias_method :tls_inspection_enabled?, :tls_inspection_enabled
|
736
|
-
|
737
|
-
# Output only. Time when the rule was updated.
|
738
|
-
# Corresponds to the JSON property `updateTime`
|
739
|
-
# @return [String]
|
740
|
-
attr_accessor :update_time
|
643
|
+
# Required. A list of references to authorization extensions that will be
|
644
|
+
# invoked for requests matching this policy. Limited to 1 custom provider.
|
645
|
+
# Corresponds to the JSON property `resources`
|
646
|
+
# @return [Array<String>]
|
647
|
+
attr_accessor :resources
|
741
648
|
|
742
649
|
def initialize(**args)
|
743
650
|
update!(**args)
|
@@ -745,57 +652,45 @@ module Google
|
|
745
652
|
|
746
653
|
# Update properties of this object
|
747
654
|
def update!(**args)
|
748
|
-
@
|
749
|
-
@basic_profile = args[:basic_profile] if args.key?(:basic_profile)
|
750
|
-
@create_time = args[:create_time] if args.key?(:create_time)
|
751
|
-
@description = args[:description] if args.key?(:description)
|
752
|
-
@enabled = args[:enabled] if args.key?(:enabled)
|
753
|
-
@name = args[:name] if args.key?(:name)
|
754
|
-
@priority = args[:priority] if args.key?(:priority)
|
755
|
-
@session_matcher = args[:session_matcher] if args.key?(:session_matcher)
|
756
|
-
@tls_inspection_enabled = args[:tls_inspection_enabled] if args.key?(:tls_inspection_enabled)
|
757
|
-
@update_time = args[:update_time] if args.key?(:update_time)
|
655
|
+
@resources = args[:resources] if args.key?(:resources)
|
758
656
|
end
|
759
657
|
end
|
760
658
|
|
761
|
-
#
|
762
|
-
#
|
763
|
-
|
659
|
+
# Optional. Delegates authorization decisions to Cloud IAP. Applicable only for
|
660
|
+
# managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not
|
661
|
+
# compatible with Cloud IAP settings in the BackendService. Enabling IAP in both
|
662
|
+
# places will result in request failure. Ensure that IAP is enabled in either
|
663
|
+
# the AuthzPolicy or the BackendService but not in both places.
|
664
|
+
class AuthzPolicyCustomProviderCloudIap
|
764
665
|
include Google::Apis::Core::Hashable
|
765
666
|
|
766
|
-
# Specification of a TLS certificate provider instance. Workloads may have one
|
767
|
-
# or more CertificateProvider instances (plugins) and one of them is enabled and
|
768
|
-
# configured by specifying this message. Workloads use the values from this
|
769
|
-
# message to locate and load the CertificateProvider instance configuration.
|
770
|
-
# Corresponds to the JSON property `certificateProviderInstance`
|
771
|
-
# @return [Google::Apis::NetworksecurityV1beta1::CertificateProviderInstance]
|
772
|
-
attr_accessor :certificate_provider_instance
|
773
|
-
|
774
|
-
# Specification of the GRPC Endpoint.
|
775
|
-
# Corresponds to the JSON property `grpcEndpoint`
|
776
|
-
# @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1GrpcEndpoint]
|
777
|
-
attr_accessor :grpc_endpoint
|
778
|
-
|
779
667
|
def initialize(**args)
|
780
668
|
update!(**args)
|
781
669
|
end
|
782
670
|
|
783
671
|
# Update properties of this object
|
784
672
|
def update!(**args)
|
785
|
-
@certificate_provider_instance = args[:certificate_provider_instance] if args.key?(:certificate_provider_instance)
|
786
|
-
@grpc_endpoint = args[:grpc_endpoint] if args.key?(:grpc_endpoint)
|
787
673
|
end
|
788
674
|
end
|
789
675
|
|
790
|
-
#
|
791
|
-
class
|
676
|
+
# Specifies the set of targets to which this policy should be applied to.
|
677
|
+
class AuthzPolicyTarget
|
792
678
|
include Google::Apis::Core::Hashable
|
793
679
|
|
794
|
-
# Required.
|
795
|
-
#
|
796
|
-
#
|
680
|
+
# Required. All gateways and forwarding rules referenced by this policy and
|
681
|
+
# extensions must share the same load balancing scheme. Supported values: `
|
682
|
+
# INTERNAL_MANAGED` and `EXTERNAL_MANAGED`. For more information, refer to [
|
683
|
+
# Backend services overview](https://cloud.google.com/load-balancing/docs/
|
684
|
+
# backend-service).
|
685
|
+
# Corresponds to the JSON property `loadBalancingScheme`
|
797
686
|
# @return [String]
|
798
|
-
attr_accessor :
|
687
|
+
attr_accessor :load_balancing_scheme
|
688
|
+
|
689
|
+
# Required. A list of references to the Forwarding Rules on which this policy
|
690
|
+
# will be applied.
|
691
|
+
# Corresponds to the JSON property `resources`
|
692
|
+
# @return [Array<String>]
|
693
|
+
attr_accessor :resources
|
799
694
|
|
800
695
|
def initialize(**args)
|
801
696
|
update!(**args)
|
@@ -803,69 +698,974 @@ module Google
|
|
803
698
|
|
804
699
|
# Update properties of this object
|
805
700
|
def update!(**args)
|
806
|
-
@
|
701
|
+
@load_balancing_scheme = args[:load_balancing_scheme] if args.key?(:load_balancing_scheme)
|
702
|
+
@resources = args[:resources] if args.key?(:resources)
|
807
703
|
end
|
808
704
|
end
|
809
705
|
|
810
|
-
#
|
811
|
-
|
812
|
-
# from logging. An AuditConfig must have one or more AuditLogConfigs. If there
|
813
|
-
# are AuditConfigs for both `allServices` and a specific service, the union of
|
814
|
-
# the two AuditConfigs is used for that service: the log_types specified in each
|
815
|
-
# AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
|
816
|
-
# exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
|
817
|
-
# service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
|
818
|
-
# exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
|
819
|
-
# ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
|
820
|
-
# "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
|
821
|
-
# , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
|
822
|
-
# this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
|
823
|
-
# exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com`
|
824
|
-
# from DATA_WRITE logging.
|
825
|
-
class GoogleIamV1AuditConfig
|
706
|
+
# The request message for Operations.CancelOperation.
|
707
|
+
class CancelOperationRequest
|
826
708
|
include Google::Apis::Core::Hashable
|
827
709
|
|
828
|
-
# The configuration for logging of each type of permission.
|
829
|
-
# Corresponds to the JSON property `auditLogConfigs`
|
830
|
-
# @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditLogConfig>]
|
831
|
-
attr_accessor :audit_log_configs
|
832
|
-
|
833
|
-
# Specifies a service that will be enabled for audit logging. For example, `
|
834
|
-
# storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
|
835
|
-
# value that covers all services.
|
836
|
-
# Corresponds to the JSON property `service`
|
837
|
-
# @return [String]
|
838
|
-
attr_accessor :service
|
839
|
-
|
840
710
|
def initialize(**args)
|
841
711
|
update!(**args)
|
842
712
|
end
|
843
713
|
|
844
714
|
# Update properties of this object
|
845
715
|
def update!(**args)
|
846
|
-
@audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
|
847
|
-
@service = args[:service] if args.key?(:service)
|
848
716
|
end
|
849
717
|
end
|
850
718
|
|
851
|
-
#
|
852
|
-
#
|
853
|
-
#
|
854
|
-
#
|
855
|
-
|
719
|
+
# Specification of a TLS certificate provider instance. Workloads may have one
|
720
|
+
# or more CertificateProvider instances (plugins) and one of them is enabled and
|
721
|
+
# configured by specifying this message. Workloads use the values from this
|
722
|
+
# message to locate and load the CertificateProvider instance configuration.
|
723
|
+
class CertificateProviderInstance
|
724
|
+
include Google::Apis::Core::Hashable
|
725
|
+
|
726
|
+
# Required. Plugin instance name, used to locate and load CertificateProvider
|
727
|
+
# instance configuration. Set to "google_cloud_private_spiffe" to use
|
728
|
+
# Certificate Authority Service certificate provider instance.
|
729
|
+
# Corresponds to the JSON property `pluginInstance`
|
730
|
+
# @return [String]
|
731
|
+
attr_accessor :plugin_instance
|
732
|
+
|
733
|
+
def initialize(**args)
|
734
|
+
update!(**args)
|
735
|
+
end
|
736
|
+
|
737
|
+
# Update properties of this object
|
738
|
+
def update!(**args)
|
739
|
+
@plugin_instance = args[:plugin_instance] if args.key?(:plugin_instance)
|
740
|
+
end
|
741
|
+
end
|
742
|
+
|
743
|
+
# ClientTlsPolicy is a resource that specifies how a client should authenticate
|
744
|
+
# connections to backends of a service. This resource itself does not affect
|
745
|
+
# configuration unless it is attached to a backend service resource.
|
746
|
+
class ClientTlsPolicy
|
747
|
+
include Google::Apis::Core::Hashable
|
748
|
+
|
749
|
+
# Specification of certificate provider. Defines the mechanism to obtain the
|
750
|
+
# certificate and private key for peer to peer authentication.
|
751
|
+
# Corresponds to the JSON property `clientCertificate`
|
752
|
+
# @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1CertificateProvider]
|
753
|
+
attr_accessor :client_certificate
|
754
|
+
|
755
|
+
# Output only. The timestamp when the resource was created.
|
756
|
+
# Corresponds to the JSON property `createTime`
|
757
|
+
# @return [String]
|
758
|
+
attr_accessor :create_time
|
759
|
+
|
760
|
+
# Optional. Free-text description of the resource.
|
761
|
+
# Corresponds to the JSON property `description`
|
762
|
+
# @return [String]
|
763
|
+
attr_accessor :description
|
764
|
+
|
765
|
+
# Optional. Set of label tags associated with the resource.
|
766
|
+
# Corresponds to the JSON property `labels`
|
767
|
+
# @return [Hash<String,String>]
|
768
|
+
attr_accessor :labels
|
769
|
+
|
770
|
+
# Required. Name of the ClientTlsPolicy resource. It matches the pattern `
|
771
|
+
# projects/*/locations/`location`/clientTlsPolicies/`client_tls_policy``
|
772
|
+
# Corresponds to the JSON property `name`
|
773
|
+
# @return [String]
|
774
|
+
attr_accessor :name
|
775
|
+
|
776
|
+
# Optional. Defines the mechanism to obtain the Certificate Authority
|
777
|
+
# certificate to validate the server certificate. If empty, client does not
|
778
|
+
# validate the server certificate.
|
779
|
+
# Corresponds to the JSON property `serverValidationCa`
|
780
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::ValidationCa>]
|
781
|
+
attr_accessor :server_validation_ca
|
782
|
+
|
783
|
+
# Optional. Server Name Indication string to present to the server during TLS
|
784
|
+
# handshake. E.g: "secure.example.com".
|
785
|
+
# Corresponds to the JSON property `sni`
|
786
|
+
# @return [String]
|
787
|
+
attr_accessor :sni
|
788
|
+
|
789
|
+
# Output only. The timestamp when the resource was updated.
|
790
|
+
# Corresponds to the JSON property `updateTime`
|
791
|
+
# @return [String]
|
792
|
+
attr_accessor :update_time
|
793
|
+
|
794
|
+
def initialize(**args)
|
795
|
+
update!(**args)
|
796
|
+
end
|
797
|
+
|
798
|
+
# Update properties of this object
|
799
|
+
def update!(**args)
|
800
|
+
@client_certificate = args[:client_certificate] if args.key?(:client_certificate)
|
801
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
802
|
+
@description = args[:description] if args.key?(:description)
|
803
|
+
@labels = args[:labels] if args.key?(:labels)
|
804
|
+
@name = args[:name] if args.key?(:name)
|
805
|
+
@server_validation_ca = args[:server_validation_ca] if args.key?(:server_validation_ca)
|
806
|
+
@sni = args[:sni] if args.key?(:sni)
|
807
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
808
|
+
end
|
809
|
+
end
|
810
|
+
|
811
|
+
# Request used by the CloneAddressGroupItems method.
|
812
|
+
class CloneAddressGroupItemsRequest
|
813
|
+
include Google::Apis::Core::Hashable
|
814
|
+
|
815
|
+
# Optional. An optional request ID to identify requests. Specify a unique
|
816
|
+
# request ID so that if you must retry your request, the server will know to
|
817
|
+
# ignore the request if it has already been completed. The server will guarantee
|
818
|
+
# that for at least 60 minutes since the first request. For example, consider a
|
819
|
+
# situation where you make an initial request and the request times out. If you
|
820
|
+
# make the request again with the same request ID, the server can check if
|
821
|
+
# original operation with the same request ID was received, and if so, will
|
822
|
+
# ignore the second request. This prevents clients from accidentally creating
|
823
|
+
# duplicate commitments. The request ID must be a valid UUID with the exception
|
824
|
+
# that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
|
825
|
+
# Corresponds to the JSON property `requestId`
|
826
|
+
# @return [String]
|
827
|
+
attr_accessor :request_id
|
828
|
+
|
829
|
+
# Required. Source address group to clone items from.
|
830
|
+
# Corresponds to the JSON property `sourceAddressGroup`
|
831
|
+
# @return [String]
|
832
|
+
attr_accessor :source_address_group
|
833
|
+
|
834
|
+
def initialize(**args)
|
835
|
+
update!(**args)
|
836
|
+
end
|
837
|
+
|
838
|
+
# Update properties of this object
|
839
|
+
def update!(**args)
|
840
|
+
@request_id = args[:request_id] if args.key?(:request_id)
|
841
|
+
@source_address_group = args[:source_address_group] if args.key?(:source_address_group)
|
842
|
+
end
|
843
|
+
end
|
844
|
+
|
845
|
+
# CustomInterceptProfile defines the Packet Intercept Endpoint Group used to
|
846
|
+
# intercept traffic to a third-party firewall in a Firewall rule.
|
847
|
+
class CustomInterceptProfile
|
848
|
+
include Google::Apis::Core::Hashable
|
849
|
+
|
850
|
+
# Required. The InterceptEndpointGroup to which traffic associated with the SP
|
851
|
+
# should be mirrored.
|
852
|
+
# Corresponds to the JSON property `interceptEndpointGroup`
|
853
|
+
# @return [String]
|
854
|
+
attr_accessor :intercept_endpoint_group
|
855
|
+
|
856
|
+
def initialize(**args)
|
857
|
+
update!(**args)
|
858
|
+
end
|
859
|
+
|
860
|
+
# Update properties of this object
|
861
|
+
def update!(**args)
|
862
|
+
@intercept_endpoint_group = args[:intercept_endpoint_group] if args.key?(:intercept_endpoint_group)
|
863
|
+
end
|
864
|
+
end
|
865
|
+
|
866
|
+
# CustomMirroringProfile defines an action for mirroring traffic to a collector'
|
867
|
+
# s EndpointGroup
|
868
|
+
class CustomMirroringProfile
|
869
|
+
include Google::Apis::Core::Hashable
|
870
|
+
|
871
|
+
# Required. The MirroringEndpointGroup to which traffic associated with the SP
|
872
|
+
# should be mirrored.
|
873
|
+
# Corresponds to the JSON property `mirroringEndpointGroup`
|
874
|
+
# @return [String]
|
875
|
+
attr_accessor :mirroring_endpoint_group
|
876
|
+
|
877
|
+
def initialize(**args)
|
878
|
+
update!(**args)
|
879
|
+
end
|
880
|
+
|
881
|
+
# Update properties of this object
|
882
|
+
def update!(**args)
|
883
|
+
@mirroring_endpoint_group = args[:mirroring_endpoint_group] if args.key?(:mirroring_endpoint_group)
|
884
|
+
end
|
885
|
+
end
|
886
|
+
|
887
|
+
# Specification of traffic destination attributes.
|
888
|
+
class Destination
|
889
|
+
include Google::Apis::Core::Hashable
|
890
|
+
|
891
|
+
# Required. List of host names to match. Matched against the ":authority" header
|
892
|
+
# in http requests. At least one host should match. Each host can be an exact
|
893
|
+
# match, or a prefix match (example "mydomain.*") or a suffix match (example "*.
|
894
|
+
# myorg.com") or a presence (any) match "*".
|
895
|
+
# Corresponds to the JSON property `hosts`
|
896
|
+
# @return [Array<String>]
|
897
|
+
attr_accessor :hosts
|
898
|
+
|
899
|
+
# Specification of HTTP header match attributes.
|
900
|
+
# Corresponds to the JSON property `httpHeaderMatch`
|
901
|
+
# @return [Google::Apis::NetworksecurityV1beta1::HttpHeaderMatch]
|
902
|
+
attr_accessor :http_header_match
|
903
|
+
|
904
|
+
# Optional. A list of HTTP methods to match. At least one method should match.
|
905
|
+
# Should not be set for gRPC services.
|
906
|
+
# Corresponds to the JSON property `methods`
|
907
|
+
# @return [Array<String>]
|
908
|
+
attr_accessor :methods_prop
|
909
|
+
|
910
|
+
# Required. List of destination ports to match. At least one port should match.
|
911
|
+
# Corresponds to the JSON property `ports`
|
912
|
+
# @return [Array<Fixnum>]
|
913
|
+
attr_accessor :ports
|
914
|
+
|
915
|
+
def initialize(**args)
|
916
|
+
update!(**args)
|
917
|
+
end
|
918
|
+
|
919
|
+
# Update properties of this object
|
920
|
+
def update!(**args)
|
921
|
+
@hosts = args[:hosts] if args.key?(:hosts)
|
922
|
+
@http_header_match = args[:http_header_match] if args.key?(:http_header_match)
|
923
|
+
@methods_prop = args[:methods_prop] if args.key?(:methods_prop)
|
924
|
+
@ports = args[:ports] if args.key?(:ports)
|
925
|
+
end
|
926
|
+
end
|
927
|
+
|
928
|
+
# A generic empty message that you can re-use to avoid defining duplicated empty
|
929
|
+
# messages in your APIs. A typical example is to use it as the request or the
|
930
|
+
# response type of an API method. For instance: service Foo ` rpc Bar(google.
|
931
|
+
# protobuf.Empty) returns (google.protobuf.Empty); `
|
932
|
+
class Empty
|
933
|
+
include Google::Apis::Core::Hashable
|
934
|
+
|
935
|
+
def initialize(**args)
|
936
|
+
update!(**args)
|
937
|
+
end
|
938
|
+
|
939
|
+
# Update properties of this object
|
940
|
+
def update!(**args)
|
941
|
+
end
|
942
|
+
end
|
943
|
+
|
944
|
+
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
945
|
+
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
946
|
+
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
947
|
+
# "Summary size limit" description: "Determines if a summary is less than 100
|
948
|
+
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
949
|
+
# Requestor is owner" description: "Determines if requestor is the document
|
950
|
+
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
951
|
+
# Logic): title: "Public documents" description: "Determine whether the document
|
952
|
+
# should be publicly visible" expression: "document.type != 'private' &&
|
953
|
+
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
954
|
+
# string" description: "Create a notification string with a timestamp."
|
955
|
+
# expression: "'New message received at ' + string(document.create_time)" The
|
956
|
+
# exact variables and functions that may be referenced within an expression are
|
957
|
+
# determined by the service that evaluates it. See the service documentation for
|
958
|
+
# additional information.
|
959
|
+
class Expr
|
960
|
+
include Google::Apis::Core::Hashable
|
961
|
+
|
962
|
+
# Optional. Description of the expression. This is a longer text which describes
|
963
|
+
# the expression, e.g. when hovered over it in a UI.
|
964
|
+
# Corresponds to the JSON property `description`
|
965
|
+
# @return [String]
|
966
|
+
attr_accessor :description
|
967
|
+
|
968
|
+
# Textual representation of an expression in Common Expression Language syntax.
|
969
|
+
# Corresponds to the JSON property `expression`
|
970
|
+
# @return [String]
|
971
|
+
attr_accessor :expression
|
972
|
+
|
973
|
+
# Optional. String indicating the location of the expression for error reporting,
|
974
|
+
# e.g. a file name and a position in the file.
|
975
|
+
# Corresponds to the JSON property `location`
|
976
|
+
# @return [String]
|
977
|
+
attr_accessor :location
|
978
|
+
|
979
|
+
# Optional. Title for the expression, i.e. a short string describing its purpose.
|
980
|
+
# This can be used e.g. in UIs which allow to enter the expression.
|
981
|
+
# Corresponds to the JSON property `title`
|
982
|
+
# @return [String]
|
983
|
+
attr_accessor :title
|
984
|
+
|
985
|
+
def initialize(**args)
|
986
|
+
update!(**args)
|
987
|
+
end
|
988
|
+
|
989
|
+
# Update properties of this object
|
990
|
+
def update!(**args)
|
991
|
+
@description = args[:description] if args.key?(:description)
|
992
|
+
@expression = args[:expression] if args.key?(:expression)
|
993
|
+
@location = args[:location] if args.key?(:location)
|
994
|
+
@title = args[:title] if args.key?(:title)
|
995
|
+
end
|
996
|
+
end
|
997
|
+
|
998
|
+
# Message describing Endpoint object
|
999
|
+
class FirewallEndpoint
|
1000
|
+
include Google::Apis::Core::Hashable
|
1001
|
+
|
1002
|
+
# Output only. List of networks that are associated with this endpoint in the
|
1003
|
+
# local zone. This is a projection of the FirewallEndpointAssociations pointing
|
1004
|
+
# at this endpoint. A network will only appear in this list after traffic
|
1005
|
+
# routing is fully configured. Format: projects/`project`/global/networks/`name`.
|
1006
|
+
# Corresponds to the JSON property `associatedNetworks`
|
1007
|
+
# @return [Array<String>]
|
1008
|
+
attr_accessor :associated_networks
|
1009
|
+
|
1010
|
+
# Output only. List of FirewallEndpointAssociations that are associated to this
|
1011
|
+
# endpoint. An association will only appear in this list after traffic routing
|
1012
|
+
# is fully configured.
|
1013
|
+
# Corresponds to the JSON property `associations`
|
1014
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::FirewallEndpointAssociationReference>]
|
1015
|
+
attr_accessor :associations
|
1016
|
+
|
1017
|
+
# Required. Project to bill on endpoint uptime usage.
|
1018
|
+
# Corresponds to the JSON property `billingProjectId`
|
1019
|
+
# @return [String]
|
1020
|
+
attr_accessor :billing_project_id
|
1021
|
+
|
1022
|
+
# Output only. Create time stamp
|
1023
|
+
# Corresponds to the JSON property `createTime`
|
1024
|
+
# @return [String]
|
1025
|
+
attr_accessor :create_time
|
1026
|
+
|
1027
|
+
# Optional. Description of the firewall endpoint. Max length 2048 characters.
|
1028
|
+
# Corresponds to the JSON property `description`
|
1029
|
+
# @return [String]
|
1030
|
+
attr_accessor :description
|
1031
|
+
|
1032
|
+
# Optional. Labels as key value pairs
|
1033
|
+
# Corresponds to the JSON property `labels`
|
1034
|
+
# @return [Hash<String,String>]
|
1035
|
+
attr_accessor :labels
|
1036
|
+
|
1037
|
+
# Immutable. Identifier. name of resource
|
1038
|
+
# Corresponds to the JSON property `name`
|
1039
|
+
# @return [String]
|
1040
|
+
attr_accessor :name
|
1041
|
+
|
1042
|
+
# Output only. Whether reconciling is in progress, recommended per https://
|
1043
|
+
# google.aip.dev/128.
|
1044
|
+
# Corresponds to the JSON property `reconciling`
|
1045
|
+
# @return [Boolean]
|
1046
|
+
attr_accessor :reconciling
|
1047
|
+
alias_method :reconciling?, :reconciling
|
1048
|
+
|
1049
|
+
# Output only. Current state of the endpoint.
|
1050
|
+
# Corresponds to the JSON property `state`
|
1051
|
+
# @return [String]
|
1052
|
+
attr_accessor :state
|
1053
|
+
|
1054
|
+
# Output only. Update time stamp
|
1055
|
+
# Corresponds to the JSON property `updateTime`
|
1056
|
+
# @return [String]
|
1057
|
+
attr_accessor :update_time
|
1058
|
+
|
1059
|
+
def initialize(**args)
|
1060
|
+
update!(**args)
|
1061
|
+
end
|
1062
|
+
|
1063
|
+
# Update properties of this object
|
1064
|
+
def update!(**args)
|
1065
|
+
@associated_networks = args[:associated_networks] if args.key?(:associated_networks)
|
1066
|
+
@associations = args[:associations] if args.key?(:associations)
|
1067
|
+
@billing_project_id = args[:billing_project_id] if args.key?(:billing_project_id)
|
1068
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
1069
|
+
@description = args[:description] if args.key?(:description)
|
1070
|
+
@labels = args[:labels] if args.key?(:labels)
|
1071
|
+
@name = args[:name] if args.key?(:name)
|
1072
|
+
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
1073
|
+
@state = args[:state] if args.key?(:state)
|
1074
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
1075
|
+
end
|
1076
|
+
end
|
1077
|
+
|
1078
|
+
# Message describing Association object
|
1079
|
+
class FirewallEndpointAssociation
|
1080
|
+
include Google::Apis::Core::Hashable
|
1081
|
+
|
1082
|
+
# Output only. Create time stamp
|
1083
|
+
# Corresponds to the JSON property `createTime`
|
1084
|
+
# @return [String]
|
1085
|
+
attr_accessor :create_time
|
1086
|
+
|
1087
|
+
# Optional. Whether the association is disabled. True indicates that traffic won'
|
1088
|
+
# t be intercepted
|
1089
|
+
# Corresponds to the JSON property `disabled`
|
1090
|
+
# @return [Boolean]
|
1091
|
+
attr_accessor :disabled
|
1092
|
+
alias_method :disabled?, :disabled
|
1093
|
+
|
1094
|
+
# Required. The URL of the FirewallEndpoint that is being associated.
|
1095
|
+
# Corresponds to the JSON property `firewallEndpoint`
|
1096
|
+
# @return [String]
|
1097
|
+
attr_accessor :firewall_endpoint
|
1098
|
+
|
1099
|
+
# Optional. Labels as key value pairs
|
1100
|
+
# Corresponds to the JSON property `labels`
|
1101
|
+
# @return [Hash<String,String>]
|
1102
|
+
attr_accessor :labels
|
1103
|
+
|
1104
|
+
# Immutable. Identifier. name of resource
|
1105
|
+
# Corresponds to the JSON property `name`
|
1106
|
+
# @return [String]
|
1107
|
+
attr_accessor :name
|
1108
|
+
|
1109
|
+
# Required. The URL of the network that is being associated.
|
1110
|
+
# Corresponds to the JSON property `network`
|
1111
|
+
# @return [String]
|
1112
|
+
attr_accessor :network
|
1113
|
+
|
1114
|
+
# Output only. Whether reconciling is in progress, recommended per https://
|
1115
|
+
# google.aip.dev/128.
|
1116
|
+
# Corresponds to the JSON property `reconciling`
|
1117
|
+
# @return [Boolean]
|
1118
|
+
attr_accessor :reconciling
|
1119
|
+
alias_method :reconciling?, :reconciling
|
1120
|
+
|
1121
|
+
# Output only. Current state of the association.
|
1122
|
+
# Corresponds to the JSON property `state`
|
1123
|
+
# @return [String]
|
1124
|
+
attr_accessor :state
|
1125
|
+
|
1126
|
+
# Optional. The URL of the TlsInspectionPolicy that is being associated.
|
1127
|
+
# Corresponds to the JSON property `tlsInspectionPolicy`
|
1128
|
+
# @return [String]
|
1129
|
+
attr_accessor :tls_inspection_policy
|
1130
|
+
|
1131
|
+
# Output only. Update time stamp
|
1132
|
+
# Corresponds to the JSON property `updateTime`
|
1133
|
+
# @return [String]
|
1134
|
+
attr_accessor :update_time
|
1135
|
+
|
1136
|
+
def initialize(**args)
|
1137
|
+
update!(**args)
|
1138
|
+
end
|
1139
|
+
|
1140
|
+
# Update properties of this object
|
1141
|
+
def update!(**args)
|
1142
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
1143
|
+
@disabled = args[:disabled] if args.key?(:disabled)
|
1144
|
+
@firewall_endpoint = args[:firewall_endpoint] if args.key?(:firewall_endpoint)
|
1145
|
+
@labels = args[:labels] if args.key?(:labels)
|
1146
|
+
@name = args[:name] if args.key?(:name)
|
1147
|
+
@network = args[:network] if args.key?(:network)
|
1148
|
+
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
1149
|
+
@state = args[:state] if args.key?(:state)
|
1150
|
+
@tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
|
1151
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
1152
|
+
end
|
1153
|
+
end
|
1154
|
+
|
1155
|
+
# This is a subset of the FirewallEndpointAssociation message, containing fields
|
1156
|
+
# to be used by the consumer.
|
1157
|
+
class FirewallEndpointAssociationReference
|
1158
|
+
include Google::Apis::Core::Hashable
|
1159
|
+
|
1160
|
+
# Output only. The resource name of the FirewallEndpointAssociation. Format:
|
1161
|
+
# projects/`project`/locations/`location`/firewallEndpointAssociations/`id`
|
1162
|
+
# Corresponds to the JSON property `name`
|
1163
|
+
# @return [String]
|
1164
|
+
attr_accessor :name
|
1165
|
+
|
1166
|
+
# Output only. The VPC network associated. Format: projects/`project`/global/
|
1167
|
+
# networks/`name`.
|
1168
|
+
# Corresponds to the JSON property `network`
|
1169
|
+
# @return [String]
|
1170
|
+
attr_accessor :network
|
1171
|
+
|
1172
|
+
def initialize(**args)
|
1173
|
+
update!(**args)
|
1174
|
+
end
|
1175
|
+
|
1176
|
+
# Update properties of this object
|
1177
|
+
def update!(**args)
|
1178
|
+
@name = args[:name] if args.key?(:name)
|
1179
|
+
@network = args[:network] if args.key?(:network)
|
1180
|
+
end
|
1181
|
+
end
|
1182
|
+
|
1183
|
+
# The GatewaySecurityPolicy resource contains a collection of
|
1184
|
+
# GatewaySecurityPolicyRules and associated metadata.
|
1185
|
+
class GatewaySecurityPolicy
|
1186
|
+
include Google::Apis::Core::Hashable
|
1187
|
+
|
1188
|
+
# Output only. The timestamp when the resource was created.
|
1189
|
+
# Corresponds to the JSON property `createTime`
|
1190
|
+
# @return [String]
|
1191
|
+
attr_accessor :create_time
|
1192
|
+
|
1193
|
+
# Optional. Free-text description of the resource.
|
1194
|
+
# Corresponds to the JSON property `description`
|
1195
|
+
# @return [String]
|
1196
|
+
attr_accessor :description
|
1197
|
+
|
1198
|
+
# Required. Name of the resource. Name is of the form projects/`project`/
|
1199
|
+
# locations/`location`/gatewaySecurityPolicies/`gateway_security_policy`
|
1200
|
+
# gateway_security_policy should match the pattern:(^[a-z]([a-z0-9-]`0,61`[a-z0-
|
1201
|
+
# 9])?$).
|
1202
|
+
# Corresponds to the JSON property `name`
|
1203
|
+
# @return [String]
|
1204
|
+
attr_accessor :name
|
1205
|
+
|
1206
|
+
# Optional. Name of a TLS Inspection Policy resource that defines how TLS
|
1207
|
+
# inspection will be performed for any rule(s) which enables it.
|
1208
|
+
# Corresponds to the JSON property `tlsInspectionPolicy`
|
1209
|
+
# @return [String]
|
1210
|
+
attr_accessor :tls_inspection_policy
|
1211
|
+
|
1212
|
+
# Output only. The timestamp when the resource was updated.
|
1213
|
+
# Corresponds to the JSON property `updateTime`
|
1214
|
+
# @return [String]
|
1215
|
+
attr_accessor :update_time
|
1216
|
+
|
1217
|
+
def initialize(**args)
|
1218
|
+
update!(**args)
|
1219
|
+
end
|
1220
|
+
|
1221
|
+
# Update properties of this object
|
1222
|
+
def update!(**args)
|
1223
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
1224
|
+
@description = args[:description] if args.key?(:description)
|
1225
|
+
@name = args[:name] if args.key?(:name)
|
1226
|
+
@tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
|
1227
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
1228
|
+
end
|
1229
|
+
end
|
1230
|
+
|
1231
|
+
# The GatewaySecurityPolicyRule resource is in a nested collection within a
|
1232
|
+
# GatewaySecurityPolicy and represents a traffic matching condition and
|
1233
|
+
# associated action to perform.
|
1234
|
+
class GatewaySecurityPolicyRule
|
1235
|
+
include Google::Apis::Core::Hashable
|
1236
|
+
|
1237
|
+
# Optional. CEL expression for matching on L7/application level criteria.
|
1238
|
+
# Corresponds to the JSON property `applicationMatcher`
|
1239
|
+
# @return [String]
|
1240
|
+
attr_accessor :application_matcher
|
1241
|
+
|
1242
|
+
# Required. Profile which tells what the primitive action should be.
|
1243
|
+
# Corresponds to the JSON property `basicProfile`
|
1244
|
+
# @return [String]
|
1245
|
+
attr_accessor :basic_profile
|
1246
|
+
|
1247
|
+
# Output only. Time when the rule was created.
|
1248
|
+
# Corresponds to the JSON property `createTime`
|
1249
|
+
# @return [String]
|
1250
|
+
attr_accessor :create_time
|
1251
|
+
|
1252
|
+
# Optional. Free-text description of the resource.
|
1253
|
+
# Corresponds to the JSON property `description`
|
1254
|
+
# @return [String]
|
1255
|
+
attr_accessor :description
|
1256
|
+
|
1257
|
+
# Required. Whether the rule is enforced.
|
1258
|
+
# Corresponds to the JSON property `enabled`
|
1259
|
+
# @return [Boolean]
|
1260
|
+
attr_accessor :enabled
|
1261
|
+
alias_method :enabled?, :enabled
|
1262
|
+
|
1263
|
+
# Required. Immutable. Name of the resource. ame is the full resource name so
|
1264
|
+
# projects/`project`/locations/`location`/gatewaySecurityPolicies/`
|
1265
|
+
# gateway_security_policy`/rules/`rule` rule should match the pattern: (^[a-z]([
|
1266
|
+
# a-z0-9-]`0,61`[a-z0-9])?$).
|
1267
|
+
# Corresponds to the JSON property `name`
|
1268
|
+
# @return [String]
|
1269
|
+
attr_accessor :name
|
1270
|
+
|
1271
|
+
# Required. Priority of the rule. Lower number corresponds to higher precedence.
|
1272
|
+
# Corresponds to the JSON property `priority`
|
1273
|
+
# @return [Fixnum]
|
1274
|
+
attr_accessor :priority
|
1275
|
+
|
1276
|
+
# Required. CEL expression for matching on session criteria.
|
1277
|
+
# Corresponds to the JSON property `sessionMatcher`
|
1278
|
+
# @return [String]
|
1279
|
+
attr_accessor :session_matcher
|
1280
|
+
|
1281
|
+
# Optional. Flag to enable TLS inspection of traffic matching on , can only be
|
1282
|
+
# true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
|
1283
|
+
# Corresponds to the JSON property `tlsInspectionEnabled`
|
1284
|
+
# @return [Boolean]
|
1285
|
+
attr_accessor :tls_inspection_enabled
|
1286
|
+
alias_method :tls_inspection_enabled?, :tls_inspection_enabled
|
1287
|
+
|
1288
|
+
# Output only. Time when the rule was updated.
|
1289
|
+
# Corresponds to the JSON property `updateTime`
|
1290
|
+
# @return [String]
|
1291
|
+
attr_accessor :update_time
|
1292
|
+
|
1293
|
+
def initialize(**args)
|
1294
|
+
update!(**args)
|
1295
|
+
end
|
1296
|
+
|
1297
|
+
# Update properties of this object
|
1298
|
+
def update!(**args)
|
1299
|
+
@application_matcher = args[:application_matcher] if args.key?(:application_matcher)
|
1300
|
+
@basic_profile = args[:basic_profile] if args.key?(:basic_profile)
|
1301
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
1302
|
+
@description = args[:description] if args.key?(:description)
|
1303
|
+
@enabled = args[:enabled] if args.key?(:enabled)
|
1304
|
+
@name = args[:name] if args.key?(:name)
|
1305
|
+
@priority = args[:priority] if args.key?(:priority)
|
1306
|
+
@session_matcher = args[:session_matcher] if args.key?(:session_matcher)
|
1307
|
+
@tls_inspection_enabled = args[:tls_inspection_enabled] if args.key?(:tls_inspection_enabled)
|
1308
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
1309
|
+
end
|
1310
|
+
end
|
1311
|
+
|
1312
|
+
# Specification of certificate provider. Defines the mechanism to obtain the
|
1313
|
+
# certificate and private key for peer to peer authentication.
|
1314
|
+
class GoogleCloudNetworksecurityV1beta1CertificateProvider
|
1315
|
+
include Google::Apis::Core::Hashable
|
1316
|
+
|
1317
|
+
# Specification of a TLS certificate provider instance. Workloads may have one
|
1318
|
+
# or more CertificateProvider instances (plugins) and one of them is enabled and
|
1319
|
+
# configured by specifying this message. Workloads use the values from this
|
1320
|
+
# message to locate and load the CertificateProvider instance configuration.
|
1321
|
+
# Corresponds to the JSON property `certificateProviderInstance`
|
1322
|
+
# @return [Google::Apis::NetworksecurityV1beta1::CertificateProviderInstance]
|
1323
|
+
attr_accessor :certificate_provider_instance
|
1324
|
+
|
1325
|
+
# Specification of the GRPC Endpoint.
|
1326
|
+
# Corresponds to the JSON property `grpcEndpoint`
|
1327
|
+
# @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1GrpcEndpoint]
|
1328
|
+
attr_accessor :grpc_endpoint
|
1329
|
+
|
1330
|
+
def initialize(**args)
|
1331
|
+
update!(**args)
|
1332
|
+
end
|
1333
|
+
|
1334
|
+
# Update properties of this object
|
1335
|
+
def update!(**args)
|
1336
|
+
@certificate_provider_instance = args[:certificate_provider_instance] if args.key?(:certificate_provider_instance)
|
1337
|
+
@grpc_endpoint = args[:grpc_endpoint] if args.key?(:grpc_endpoint)
|
1338
|
+
end
|
1339
|
+
end
|
1340
|
+
|
1341
|
+
# Specification of the GRPC Endpoint.
|
1342
|
+
class GoogleCloudNetworksecurityV1beta1GrpcEndpoint
|
1343
|
+
include Google::Apis::Core::Hashable
|
1344
|
+
|
1345
|
+
# Required. The target URI of the gRPC endpoint. Only UDS path is supported, and
|
1346
|
+
# should start with "unix:".
|
1347
|
+
# Corresponds to the JSON property `targetUri`
|
1348
|
+
# @return [String]
|
1349
|
+
attr_accessor :target_uri
|
1350
|
+
|
1351
|
+
def initialize(**args)
|
1352
|
+
update!(**args)
|
1353
|
+
end
|
1354
|
+
|
1355
|
+
# Update properties of this object
|
1356
|
+
def update!(**args)
|
1357
|
+
@target_uri = args[:target_uri] if args.key?(:target_uri)
|
1358
|
+
end
|
1359
|
+
end
|
1360
|
+
|
1361
|
+
# Specifies the audit configuration for a service. The configuration determines
|
1362
|
+
# which permission types are logged, and what identities, if any, are exempted
|
1363
|
+
# from logging. An AuditConfig must have one or more AuditLogConfigs. If there
|
1364
|
+
# are AuditConfigs for both `allServices` and a specific service, the union of
|
1365
|
+
# the two AuditConfigs is used for that service: the log_types specified in each
|
1366
|
+
# AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
|
1367
|
+
# exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
|
1368
|
+
# service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
|
1369
|
+
# exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
|
1370
|
+
# ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
|
1371
|
+
# "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
|
1372
|
+
# , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
|
1373
|
+
# this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
|
1374
|
+
# exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com`
|
1375
|
+
# from DATA_WRITE logging.
|
1376
|
+
class GoogleIamV1AuditConfig
|
1377
|
+
include Google::Apis::Core::Hashable
|
1378
|
+
|
1379
|
+
# The configuration for logging of each type of permission.
|
1380
|
+
# Corresponds to the JSON property `auditLogConfigs`
|
1381
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditLogConfig>]
|
1382
|
+
attr_accessor :audit_log_configs
|
1383
|
+
|
1384
|
+
# Specifies a service that will be enabled for audit logging. For example, `
|
1385
|
+
# storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
|
1386
|
+
# value that covers all services.
|
1387
|
+
# Corresponds to the JSON property `service`
|
1388
|
+
# @return [String]
|
1389
|
+
attr_accessor :service
|
1390
|
+
|
1391
|
+
def initialize(**args)
|
1392
|
+
update!(**args)
|
1393
|
+
end
|
1394
|
+
|
1395
|
+
# Update properties of this object
|
1396
|
+
def update!(**args)
|
1397
|
+
@audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
|
1398
|
+
@service = args[:service] if args.key?(:service)
|
1399
|
+
end
|
1400
|
+
end
|
1401
|
+
|
1402
|
+
# Provides the configuration for logging a type of permissions. Example: ` "
|
1403
|
+
# audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
|
1404
|
+
# jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
|
1405
|
+
# DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
|
1406
|
+
# DATA_READ logging.
|
856
1407
|
class GoogleIamV1AuditLogConfig
|
857
1408
|
include Google::Apis::Core::Hashable
|
858
1409
|
|
859
|
-
# Specifies the identities that do not cause logging for this type of permission.
|
860
|
-
# Follows the same format of Binding.members.
|
861
|
-
# Corresponds to the JSON property `exemptedMembers`
|
862
|
-
# @return [Array<String>]
|
863
|
-
attr_accessor :exempted_members
|
1410
|
+
# Specifies the identities that do not cause logging for this type of permission.
|
1411
|
+
# Follows the same format of Binding.members.
|
1412
|
+
# Corresponds to the JSON property `exemptedMembers`
|
1413
|
+
# @return [Array<String>]
|
1414
|
+
attr_accessor :exempted_members
|
1415
|
+
|
1416
|
+
# The log type that this config enables.
|
1417
|
+
# Corresponds to the JSON property `logType`
|
1418
|
+
# @return [String]
|
1419
|
+
attr_accessor :log_type
|
1420
|
+
|
1421
|
+
def initialize(**args)
|
1422
|
+
update!(**args)
|
1423
|
+
end
|
1424
|
+
|
1425
|
+
# Update properties of this object
|
1426
|
+
def update!(**args)
|
1427
|
+
@exempted_members = args[:exempted_members] if args.key?(:exempted_members)
|
1428
|
+
@log_type = args[:log_type] if args.key?(:log_type)
|
1429
|
+
end
|
1430
|
+
end
|
1431
|
+
|
1432
|
+
# Associates `members`, or principals, with a `role`.
|
1433
|
+
class GoogleIamV1Binding
|
1434
|
+
include Google::Apis::Core::Hashable
|
1435
|
+
|
1436
|
+
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
1437
|
+
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
1438
|
+
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
1439
|
+
# "Summary size limit" description: "Determines if a summary is less than 100
|
1440
|
+
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
1441
|
+
# Requestor is owner" description: "Determines if requestor is the document
|
1442
|
+
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
1443
|
+
# Logic): title: "Public documents" description: "Determine whether the document
|
1444
|
+
# should be publicly visible" expression: "document.type != 'private' &&
|
1445
|
+
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
1446
|
+
# string" description: "Create a notification string with a timestamp."
|
1447
|
+
# expression: "'New message received at ' + string(document.create_time)" The
|
1448
|
+
# exact variables and functions that may be referenced within an expression are
|
1449
|
+
# determined by the service that evaluates it. See the service documentation for
|
1450
|
+
# additional information.
|
1451
|
+
# Corresponds to the JSON property `condition`
|
1452
|
+
# @return [Google::Apis::NetworksecurityV1beta1::Expr]
|
1453
|
+
attr_accessor :condition
|
1454
|
+
|
1455
|
+
# Specifies the principals requesting access for a Google Cloud resource. `
|
1456
|
+
# members` can have the following values: * `allUsers`: A special identifier
|
1457
|
+
# that represents anyone who is on the internet; with or without a Google
|
1458
|
+
# account. * `allAuthenticatedUsers`: A special identifier that represents
|
1459
|
+
# anyone who is authenticated with a Google account or a service account. Does
|
1460
|
+
# not include identities that come from external identity providers (IdPs)
|
1461
|
+
# through identity federation. * `user:`emailid``: An email address that
|
1462
|
+
# represents a specific Google account. For example, `alice@example.com` . * `
|
1463
|
+
# serviceAccount:`emailid``: An email address that represents a Google service
|
1464
|
+
# account. For example, `my-other-app@appspot.gserviceaccount.com`. * `
|
1465
|
+
# serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An
|
1466
|
+
# identifier for a [Kubernetes service account](https://cloud.google.com/
|
1467
|
+
# kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-
|
1468
|
+
# project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
|
1469
|
+
# email address that represents a Google group. For example, `admins@example.com`
|
1470
|
+
# . * `domain:`domain``: The G Suite domain (primary) that represents all the
|
1471
|
+
# users of that domain. For example, `google.com` or `example.com`. * `principal:
|
1472
|
+
# //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
|
1473
|
+
# subject_attribute_value``: A single identity in a workforce identity pool. * `
|
1474
|
+
# principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
|
1475
|
+
# group/`group_id``: All workforce identities in a group. * `principalSet://iam.
|
1476
|
+
# googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
|
1477
|
+
# attribute_name`/`attribute_value``: All workforce identities with a specific
|
1478
|
+
# attribute value. * `principalSet://iam.googleapis.com/locations/global/
|
1479
|
+
# workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
|
1480
|
+
# principal://iam.googleapis.com/projects/`project_number`/locations/global/
|
1481
|
+
# workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
|
1482
|
+
# identity in a workload identity pool. * `principalSet://iam.googleapis.com/
|
1483
|
+
# projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
|
1484
|
+
# group/`group_id``: A workload identity pool group. * `principalSet://iam.
|
1485
|
+
# googleapis.com/projects/`project_number`/locations/global/
|
1486
|
+
# workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
|
1487
|
+
# All identities in a workload identity pool with a certain attribute. * `
|
1488
|
+
# principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
|
1489
|
+
# workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
|
1490
|
+
# * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
|
1491
|
+
# identifier) representing a user that has been recently deleted. For example, `
|
1492
|
+
# alice@example.com?uid=123456789012345678901`. If the user is recovered, this
|
1493
|
+
# value reverts to `user:`emailid`` and the recovered user retains the role in
|
1494
|
+
# the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
|
1495
|
+
# address (plus unique identifier) representing a service account that has been
|
1496
|
+
# recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
|
1497
|
+
# 123456789012345678901`. If the service account is undeleted, this value
|
1498
|
+
# reverts to `serviceAccount:`emailid`` and the undeleted service account
|
1499
|
+
# retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
|
1500
|
+
# An email address (plus unique identifier) representing a Google group that has
|
1501
|
+
# been recently deleted. For example, `admins@example.com?uid=
|
1502
|
+
# 123456789012345678901`. If the group is recovered, this value reverts to `
|
1503
|
+
# group:`emailid`` and the recovered group retains the role in the binding. * `
|
1504
|
+
# deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
|
1505
|
+
# pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
|
1506
|
+
# workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
|
1507
|
+
# locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
|
1508
|
+
# Corresponds to the JSON property `members`
|
1509
|
+
# @return [Array<String>]
|
1510
|
+
attr_accessor :members
|
1511
|
+
|
1512
|
+
# Role that is assigned to the list of `members`, or principals. For example, `
|
1513
|
+
# roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM
|
1514
|
+
# roles and permissions, see the [IAM documentation](https://cloud.google.com/
|
1515
|
+
# iam/docs/roles-overview). For a list of the available pre-defined roles, see [
|
1516
|
+
# here](https://cloud.google.com/iam/docs/understanding-roles).
|
1517
|
+
# Corresponds to the JSON property `role`
|
1518
|
+
# @return [String]
|
1519
|
+
attr_accessor :role
|
1520
|
+
|
1521
|
+
def initialize(**args)
|
1522
|
+
update!(**args)
|
1523
|
+
end
|
1524
|
+
|
1525
|
+
# Update properties of this object
|
1526
|
+
def update!(**args)
|
1527
|
+
@condition = args[:condition] if args.key?(:condition)
|
1528
|
+
@members = args[:members] if args.key?(:members)
|
1529
|
+
@role = args[:role] if args.key?(:role)
|
1530
|
+
end
|
1531
|
+
end
|
1532
|
+
|
1533
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
1534
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1535
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
1536
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
1537
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
1538
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
1539
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
1540
|
+
# logical expression that allows access to a resource only if the expression
|
1541
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
1542
|
+
# the request, the resource, or both. To learn which resources support
|
1543
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
1544
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
|
1545
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
1546
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
1547
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
1548
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
1549
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
1550
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1551
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
|
1552
|
+
# example:** ``` bindings: - members: - user:mike@example.com - group:admins@
|
1553
|
+
# example.com - domain:google.com - serviceAccount:my-project-id@appspot.
|
1554
|
+
# gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
|
1555
|
+
# user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
|
1556
|
+
# title: expirable access description: Does not grant access after Sep 2020
|
1557
|
+
# expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
|
1558
|
+
# BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
|
1559
|
+
# [IAM documentation](https://cloud.google.com/iam/docs/).
|
1560
|
+
class GoogleIamV1Policy
|
1561
|
+
include Google::Apis::Core::Hashable
|
1562
|
+
|
1563
|
+
# Specifies cloud audit logging configuration for this policy.
|
1564
|
+
# Corresponds to the JSON property `auditConfigs`
|
1565
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditConfig>]
|
1566
|
+
attr_accessor :audit_configs
|
1567
|
+
|
1568
|
+
# Associates a list of `members`, or principals, with a `role`. Optionally, may
|
1569
|
+
# specify a `condition` that determines how and when the `bindings` are applied.
|
1570
|
+
# Each of the `bindings` must contain at least one principal. The `bindings` in
|
1571
|
+
# a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
|
1572
|
+
# can be Google groups. Each occurrence of a principal counts towards these
|
1573
|
+
# limits. For example, if the `bindings` grant 50 different roles to `user:alice@
|
1574
|
+
# example.com`, and not to any other principal, then you can add another 1,450
|
1575
|
+
# principals to the `bindings` in the `Policy`.
|
1576
|
+
# Corresponds to the JSON property `bindings`
|
1577
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1Binding>]
|
1578
|
+
attr_accessor :bindings
|
1579
|
+
|
1580
|
+
# `etag` is used for optimistic concurrency control as a way to help prevent
|
1581
|
+
# simultaneous updates of a policy from overwriting each other. It is strongly
|
1582
|
+
# suggested that systems make use of the `etag` in the read-modify-write cycle
|
1583
|
+
# to perform policy updates in order to avoid race conditions: An `etag` is
|
1584
|
+
# returned in the response to `getIamPolicy`, and systems are expected to put
|
1585
|
+
# that etag in the request to `setIamPolicy` to ensure that their change will be
|
1586
|
+
# applied to the same version of the policy. **Important:** If you use IAM
|
1587
|
+
# Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
|
1588
|
+
# If you omit this field, then IAM allows you to overwrite a version `3` policy
|
1589
|
+
# with a version `1` policy, and all of the conditions in the version `3` policy
|
1590
|
+
# are lost.
|
1591
|
+
# Corresponds to the JSON property `etag`
|
1592
|
+
# NOTE: Values are automatically base64 encoded/decoded in the client library.
|
1593
|
+
# @return [String]
|
1594
|
+
attr_accessor :etag
|
1595
|
+
|
1596
|
+
# Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
|
1597
|
+
# Requests that specify an invalid value are rejected. Any operation that
|
1598
|
+
# affects conditional role bindings must specify version `3`. This requirement
|
1599
|
+
# applies to the following operations: * Getting a policy that includes a
|
1600
|
+
# conditional role binding * Adding a conditional role binding to a policy *
|
1601
|
+
# Changing a conditional role binding in a policy * Removing any role binding,
|
1602
|
+
# with or without a condition, from a policy that includes conditions **
|
1603
|
+
# Important:** If you use IAM Conditions, you must include the `etag` field
|
1604
|
+
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
|
1605
|
+
# to overwrite a version `3` policy with a version `1` policy, and all of the
|
1606
|
+
# conditions in the version `3` policy are lost. If a policy does not include
|
1607
|
+
# any conditions, operations on that policy may specify any valid version or
|
1608
|
+
# leave the field unset. To learn which resources support conditions in their
|
1609
|
+
# IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
|
1610
|
+
# conditions/resource-policies).
|
1611
|
+
# Corresponds to the JSON property `version`
|
1612
|
+
# @return [Fixnum]
|
1613
|
+
attr_accessor :version
|
1614
|
+
|
1615
|
+
def initialize(**args)
|
1616
|
+
update!(**args)
|
1617
|
+
end
|
1618
|
+
|
1619
|
+
# Update properties of this object
|
1620
|
+
def update!(**args)
|
1621
|
+
@audit_configs = args[:audit_configs] if args.key?(:audit_configs)
|
1622
|
+
@bindings = args[:bindings] if args.key?(:bindings)
|
1623
|
+
@etag = args[:etag] if args.key?(:etag)
|
1624
|
+
@version = args[:version] if args.key?(:version)
|
1625
|
+
end
|
1626
|
+
end
|
1627
|
+
|
1628
|
+
# Request message for `SetIamPolicy` method.
|
1629
|
+
class GoogleIamV1SetIamPolicyRequest
|
1630
|
+
include Google::Apis::Core::Hashable
|
1631
|
+
|
1632
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
1633
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1634
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
1635
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
1636
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
1637
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
1638
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
1639
|
+
# logical expression that allows access to a resource only if the expression
|
1640
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
1641
|
+
# the request, the resource, or both. To learn which resources support
|
1642
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
1643
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
|
1644
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
1645
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
1646
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
1647
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
1648
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
1649
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1650
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
|
1651
|
+
# example:** ``` bindings: - members: - user:mike@example.com - group:admins@
|
1652
|
+
# example.com - domain:google.com - serviceAccount:my-project-id@appspot.
|
1653
|
+
# gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
|
1654
|
+
# user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
|
1655
|
+
# title: expirable access description: Does not grant access after Sep 2020
|
1656
|
+
# expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
|
1657
|
+
# BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
|
1658
|
+
# [IAM documentation](https://cloud.google.com/iam/docs/).
|
1659
|
+
# Corresponds to the JSON property `policy`
|
1660
|
+
# @return [Google::Apis::NetworksecurityV1beta1::GoogleIamV1Policy]
|
1661
|
+
attr_accessor :policy
|
864
1662
|
|
865
|
-
#
|
866
|
-
#
|
1663
|
+
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
|
1664
|
+
# the fields in the mask will be modified. If no mask is provided, the following
|
1665
|
+
# default mask is used: `paths: "bindings, etag"`
|
1666
|
+
# Corresponds to the JSON property `updateMask`
|
867
1667
|
# @return [String]
|
868
|
-
attr_accessor :
|
1668
|
+
attr_accessor :update_mask
|
869
1669
|
|
870
1670
|
def initialize(**args)
|
871
1671
|
update!(**args)
|
@@ -873,99 +1673,131 @@ module Google
|
|
873
1673
|
|
874
1674
|
# Update properties of this object
|
875
1675
|
def update!(**args)
|
876
|
-
@
|
877
|
-
@
|
1676
|
+
@policy = args[:policy] if args.key?(:policy)
|
1677
|
+
@update_mask = args[:update_mask] if args.key?(:update_mask)
|
878
1678
|
end
|
879
1679
|
end
|
880
1680
|
|
881
|
-
#
|
882
|
-
class
|
1681
|
+
# Request message for `TestIamPermissions` method.
|
1682
|
+
class GoogleIamV1TestIamPermissionsRequest
|
883
1683
|
include Google::Apis::Core::Hashable
|
884
1684
|
|
885
|
-
#
|
886
|
-
#
|
887
|
-
#
|
888
|
-
#
|
889
|
-
#
|
890
|
-
|
891
|
-
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
892
|
-
# Logic): title: "Public documents" description: "Determine whether the document
|
893
|
-
# should be publicly visible" expression: "document.type != 'private' &&
|
894
|
-
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
895
|
-
# string" description: "Create a notification string with a timestamp."
|
896
|
-
# expression: "'New message received at ' + string(document.create_time)" The
|
897
|
-
# exact variables and functions that may be referenced within an expression are
|
898
|
-
# determined by the service that evaluates it. See the service documentation for
|
899
|
-
# additional information.
|
900
|
-
# Corresponds to the JSON property `condition`
|
901
|
-
# @return [Google::Apis::NetworksecurityV1beta1::Expr]
|
902
|
-
attr_accessor :condition
|
1685
|
+
# The set of permissions to check for the `resource`. Permissions with wildcards
|
1686
|
+
# (such as `*` or `storage.*`) are not allowed. For more information see [IAM
|
1687
|
+
# Overview](https://cloud.google.com/iam/docs/overview#permissions).
|
1688
|
+
# Corresponds to the JSON property `permissions`
|
1689
|
+
# @return [Array<String>]
|
1690
|
+
attr_accessor :permissions
|
903
1691
|
|
904
|
-
|
905
|
-
|
906
|
-
|
907
|
-
|
908
|
-
#
|
909
|
-
|
910
|
-
|
911
|
-
|
912
|
-
|
913
|
-
|
914
|
-
|
915
|
-
|
916
|
-
|
917
|
-
|
918
|
-
#
|
919
|
-
#
|
920
|
-
# users of that domain. For example, `google.com` or `example.com`. * `principal:
|
921
|
-
# //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
|
922
|
-
# subject_attribute_value``: A single identity in a workforce identity pool. * `
|
923
|
-
# principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
|
924
|
-
# group/`group_id``: All workforce identities in a group. * `principalSet://iam.
|
925
|
-
# googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
|
926
|
-
# attribute_name`/`attribute_value``: All workforce identities with a specific
|
927
|
-
# attribute value. * `principalSet://iam.googleapis.com/locations/global/
|
928
|
-
# workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
|
929
|
-
# principal://iam.googleapis.com/projects/`project_number`/locations/global/
|
930
|
-
# workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
|
931
|
-
# identity in a workload identity pool. * `principalSet://iam.googleapis.com/
|
932
|
-
# projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
|
933
|
-
# group/`group_id``: A workload identity pool group. * `principalSet://iam.
|
934
|
-
# googleapis.com/projects/`project_number`/locations/global/
|
935
|
-
# workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
|
936
|
-
# All identities in a workload identity pool with a certain attribute. * `
|
937
|
-
# principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
|
938
|
-
# workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
|
939
|
-
# * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
|
940
|
-
# identifier) representing a user that has been recently deleted. For example, `
|
941
|
-
# alice@example.com?uid=123456789012345678901`. If the user is recovered, this
|
942
|
-
# value reverts to `user:`emailid`` and the recovered user retains the role in
|
943
|
-
# the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
|
944
|
-
# address (plus unique identifier) representing a service account that has been
|
945
|
-
# recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
|
946
|
-
# 123456789012345678901`. If the service account is undeleted, this value
|
947
|
-
# reverts to `serviceAccount:`emailid`` and the undeleted service account
|
948
|
-
# retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
|
949
|
-
# An email address (plus unique identifier) representing a Google group that has
|
950
|
-
# been recently deleted. For example, `admins@example.com?uid=
|
951
|
-
# 123456789012345678901`. If the group is recovered, this value reverts to `
|
952
|
-
# group:`emailid`` and the recovered group retains the role in the binding. * `
|
953
|
-
# deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
|
954
|
-
# pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
|
955
|
-
# workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
|
956
|
-
# locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
|
957
|
-
# Corresponds to the JSON property `members`
|
1692
|
+
def initialize(**args)
|
1693
|
+
update!(**args)
|
1694
|
+
end
|
1695
|
+
|
1696
|
+
# Update properties of this object
|
1697
|
+
def update!(**args)
|
1698
|
+
@permissions = args[:permissions] if args.key?(:permissions)
|
1699
|
+
end
|
1700
|
+
end
|
1701
|
+
|
1702
|
+
# Response message for `TestIamPermissions` method.
|
1703
|
+
class GoogleIamV1TestIamPermissionsResponse
|
1704
|
+
include Google::Apis::Core::Hashable
|
1705
|
+
|
1706
|
+
# A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
|
1707
|
+
# Corresponds to the JSON property `permissions`
|
958
1708
|
# @return [Array<String>]
|
959
|
-
attr_accessor :
|
1709
|
+
attr_accessor :permissions
|
960
1710
|
|
961
|
-
|
962
|
-
|
963
|
-
|
964
|
-
|
965
|
-
#
|
966
|
-
|
1711
|
+
def initialize(**args)
|
1712
|
+
update!(**args)
|
1713
|
+
end
|
1714
|
+
|
1715
|
+
# Update properties of this object
|
1716
|
+
def update!(**args)
|
1717
|
+
@permissions = args[:permissions] if args.key?(:permissions)
|
1718
|
+
end
|
1719
|
+
end
|
1720
|
+
|
1721
|
+
# Specification of HTTP header match attributes.
|
1722
|
+
class HttpHeaderMatch
|
1723
|
+
include Google::Apis::Core::Hashable
|
1724
|
+
|
1725
|
+
# Required. The name of the HTTP header to match. For matching against the HTTP
|
1726
|
+
# request's authority, use a headerMatch with the header name ":authority". For
|
1727
|
+
# matching a request's method, use the headerName ":method".
|
1728
|
+
# Corresponds to the JSON property `headerName`
|
1729
|
+
# @return [String]
|
1730
|
+
attr_accessor :header_name
|
1731
|
+
|
1732
|
+
# Required. The value of the header must match the regular expression specified
|
1733
|
+
# in regexMatch. For regular expression grammar, please see: en.cppreference.com/
|
1734
|
+
# w/cpp/regex/ecmascript For matching against a port specified in the HTTP
|
1735
|
+
# request, use a headerMatch with headerName set to Host and a regular
|
1736
|
+
# expression that satisfies the RFC2616 Host header's port specifier.
|
1737
|
+
# Corresponds to the JSON property `regexMatch`
|
1738
|
+
# @return [String]
|
1739
|
+
attr_accessor :regex_match
|
1740
|
+
|
1741
|
+
def initialize(**args)
|
1742
|
+
update!(**args)
|
1743
|
+
end
|
1744
|
+
|
1745
|
+
# Update properties of this object
|
1746
|
+
def update!(**args)
|
1747
|
+
@header_name = args[:header_name] if args.key?(:header_name)
|
1748
|
+
@regex_match = args[:regex_match] if args.key?(:regex_match)
|
1749
|
+
end
|
1750
|
+
end
|
1751
|
+
|
1752
|
+
# Message describing InterceptDeployment object
|
1753
|
+
class InterceptDeployment
|
1754
|
+
include Google::Apis::Core::Hashable
|
1755
|
+
|
1756
|
+
# Output only. [Output only] Create time stamp
|
1757
|
+
# Corresponds to the JSON property `createTime`
|
1758
|
+
# @return [String]
|
1759
|
+
attr_accessor :create_time
|
1760
|
+
|
1761
|
+
# Required. Immutable. The regional load balancer which the intercepted traffic
|
1762
|
+
# should be forwarded to. Format is: projects/`project`/regions/`region`/
|
1763
|
+
# forwardingRules/`forwardingRule`
|
1764
|
+
# Corresponds to the JSON property `forwardingRule`
|
1765
|
+
# @return [String]
|
1766
|
+
attr_accessor :forwarding_rule
|
1767
|
+
|
1768
|
+
# Required. Immutable. The Intercept Deployment Group that this resource is part
|
1769
|
+
# of. Format is: `projects/`project`/locations/global/interceptDeploymentGroups/`
|
1770
|
+
# interceptDeploymentGroup``
|
1771
|
+
# Corresponds to the JSON property `interceptDeploymentGroup`
|
1772
|
+
# @return [String]
|
1773
|
+
attr_accessor :intercept_deployment_group
|
1774
|
+
|
1775
|
+
# Optional. Labels as key value pairs
|
1776
|
+
# Corresponds to the JSON property `labels`
|
1777
|
+
# @return [Hash<String,String>]
|
1778
|
+
attr_accessor :labels
|
1779
|
+
|
1780
|
+
# Immutable. Identifier. The name of the InterceptDeployment.
|
1781
|
+
# Corresponds to the JSON property `name`
|
1782
|
+
# @return [String]
|
1783
|
+
attr_accessor :name
|
1784
|
+
|
1785
|
+
# Output only. Whether reconciling is in progress, recommended per https://
|
1786
|
+
# google.aip.dev/128.
|
1787
|
+
# Corresponds to the JSON property `reconciling`
|
1788
|
+
# @return [Boolean]
|
1789
|
+
attr_accessor :reconciling
|
1790
|
+
alias_method :reconciling?, :reconciling
|
1791
|
+
|
1792
|
+
# Output only. Current state of the deployment.
|
1793
|
+
# Corresponds to the JSON property `state`
|
967
1794
|
# @return [String]
|
968
|
-
attr_accessor :
|
1795
|
+
attr_accessor :state
|
1796
|
+
|
1797
|
+
# Output only. [Output only] Update time stamp
|
1798
|
+
# Corresponds to the JSON property `updateTime`
|
1799
|
+
# @return [String]
|
1800
|
+
attr_accessor :update_time
|
969
1801
|
|
970
1802
|
def initialize(**args)
|
971
1803
|
update!(**args)
|
@@ -973,93 +1805,64 @@ module Google
|
|
973
1805
|
|
974
1806
|
# Update properties of this object
|
975
1807
|
def update!(**args)
|
976
|
-
@
|
977
|
-
@
|
978
|
-
@
|
1808
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
1809
|
+
@forwarding_rule = args[:forwarding_rule] if args.key?(:forwarding_rule)
|
1810
|
+
@intercept_deployment_group = args[:intercept_deployment_group] if args.key?(:intercept_deployment_group)
|
1811
|
+
@labels = args[:labels] if args.key?(:labels)
|
1812
|
+
@name = args[:name] if args.key?(:name)
|
1813
|
+
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
1814
|
+
@state = args[:state] if args.key?(:state)
|
1815
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
979
1816
|
end
|
980
1817
|
end
|
981
1818
|
|
982
|
-
#
|
983
|
-
|
984
|
-
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
985
|
-
# Principals can be user accounts, service accounts, Google groups, and domains (
|
986
|
-
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
987
|
-
# an IAM predefined role or a user-created custom role. For some types of Google
|
988
|
-
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
989
|
-
# logical expression that allows access to a resource only if the expression
|
990
|
-
# evaluates to `true`. A condition can add constraints based on attributes of
|
991
|
-
# the request, the resource, or both. To learn which resources support
|
992
|
-
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
993
|
-
# google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
|
994
|
-
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
995
|
-
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
996
|
-
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
997
|
-
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
998
|
-
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
999
|
-
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1000
|
-
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
|
1001
|
-
# example:** ``` bindings: - members: - user:mike@example.com - group:admins@
|
1002
|
-
# example.com - domain:google.com - serviceAccount:my-project-id@appspot.
|
1003
|
-
# gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
|
1004
|
-
# user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
|
1005
|
-
# title: expirable access description: Does not grant access after Sep 2020
|
1006
|
-
# expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
|
1007
|
-
# BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
|
1008
|
-
# [IAM documentation](https://cloud.google.com/iam/docs/).
|
1009
|
-
class GoogleIamV1Policy
|
1819
|
+
# Message describing InterceptDeploymentGroup object
|
1820
|
+
class InterceptDeploymentGroup
|
1010
1821
|
include Google::Apis::Core::Hashable
|
1011
1822
|
|
1012
|
-
#
|
1013
|
-
#
|
1014
|
-
#
|
1015
|
-
|
1823
|
+
# Output only. The list of Intercept Endpoint Groups that are connected to this
|
1824
|
+
# resource.
|
1825
|
+
# Corresponds to the JSON property `connectedEndpointGroups`
|
1826
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeploymentGroupConnectedEndpointGroup>]
|
1827
|
+
attr_accessor :connected_endpoint_groups
|
1016
1828
|
|
1017
|
-
#
|
1018
|
-
#
|
1019
|
-
#
|
1020
|
-
|
1021
|
-
# can be Google groups. Each occurrence of a principal counts towards these
|
1022
|
-
# limits. For example, if the `bindings` grant 50 different roles to `user:alice@
|
1023
|
-
# example.com`, and not to any other principal, then you can add another 1,450
|
1024
|
-
# principals to the `bindings` in the `Policy`.
|
1025
|
-
# Corresponds to the JSON property `bindings`
|
1026
|
-
# @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1Binding>]
|
1027
|
-
attr_accessor :bindings
|
1829
|
+
# Output only. [Output only] Create time stamp
|
1830
|
+
# Corresponds to the JSON property `createTime`
|
1831
|
+
# @return [String]
|
1832
|
+
attr_accessor :create_time
|
1028
1833
|
|
1029
|
-
#
|
1030
|
-
#
|
1031
|
-
#
|
1032
|
-
|
1033
|
-
|
1034
|
-
#
|
1035
|
-
#
|
1036
|
-
# Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
|
1037
|
-
# If you omit this field, then IAM allows you to overwrite a version `3` policy
|
1038
|
-
# with a version `1` policy, and all of the conditions in the version `3` policy
|
1039
|
-
# are lost.
|
1040
|
-
# Corresponds to the JSON property `etag`
|
1041
|
-
# NOTE: Values are automatically base64 encoded/decoded in the client library.
|
1834
|
+
# Optional. Labels as key value pairs
|
1835
|
+
# Corresponds to the JSON property `labels`
|
1836
|
+
# @return [Hash<String,String>]
|
1837
|
+
attr_accessor :labels
|
1838
|
+
|
1839
|
+
# Immutable. Identifier. Then name of the InterceptDeploymentGroup.
|
1840
|
+
# Corresponds to the JSON property `name`
|
1042
1841
|
# @return [String]
|
1043
|
-
attr_accessor :
|
1842
|
+
attr_accessor :name
|
1044
1843
|
|
1045
|
-
#
|
1046
|
-
#
|
1047
|
-
#
|
1048
|
-
#
|
1049
|
-
|
1050
|
-
|
1051
|
-
#
|
1052
|
-
#
|
1053
|
-
#
|
1054
|
-
#
|
1055
|
-
|
1056
|
-
|
1057
|
-
|
1058
|
-
#
|
1059
|
-
#
|
1060
|
-
#
|
1061
|
-
|
1062
|
-
|
1844
|
+
# Required. Immutable. The network that is being used for the deployment. Format
|
1845
|
+
# is: projects/`project`/global/networks/`network`.
|
1846
|
+
# Corresponds to the JSON property `network`
|
1847
|
+
# @return [String]
|
1848
|
+
attr_accessor :network
|
1849
|
+
|
1850
|
+
# Output only. Whether reconciling is in progress, recommended per https://
|
1851
|
+
# google.aip.dev/128.
|
1852
|
+
# Corresponds to the JSON property `reconciling`
|
1853
|
+
# @return [Boolean]
|
1854
|
+
attr_accessor :reconciling
|
1855
|
+
alias_method :reconciling?, :reconciling
|
1856
|
+
|
1857
|
+
# Output only. Current state of the deployment group.
|
1858
|
+
# Corresponds to the JSON property `state`
|
1859
|
+
# @return [String]
|
1860
|
+
attr_accessor :state
|
1861
|
+
|
1862
|
+
# Output only. [Output only] Update time stamp
|
1863
|
+
# Corresponds to the JSON property `updateTime`
|
1864
|
+
# @return [String]
|
1865
|
+
attr_accessor :update_time
|
1063
1866
|
|
1064
1867
|
def initialize(**args)
|
1065
1868
|
update!(**args)
|
@@ -1067,54 +1870,90 @@ module Google
|
|
1067
1870
|
|
1068
1871
|
# Update properties of this object
|
1069
1872
|
def update!(**args)
|
1070
|
-
@
|
1071
|
-
@
|
1072
|
-
@
|
1073
|
-
@
|
1873
|
+
@connected_endpoint_groups = args[:connected_endpoint_groups] if args.key?(:connected_endpoint_groups)
|
1874
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
1875
|
+
@labels = args[:labels] if args.key?(:labels)
|
1876
|
+
@name = args[:name] if args.key?(:name)
|
1877
|
+
@network = args[:network] if args.key?(:network)
|
1878
|
+
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
1879
|
+
@state = args[:state] if args.key?(:state)
|
1880
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
1074
1881
|
end
|
1075
1882
|
end
|
1076
1883
|
|
1077
|
-
#
|
1078
|
-
class
|
1884
|
+
# An endpoint group connected to this deployment group.
|
1885
|
+
class InterceptDeploymentGroupConnectedEndpointGroup
|
1079
1886
|
include Google::Apis::Core::Hashable
|
1080
1887
|
|
1081
|
-
#
|
1082
|
-
#
|
1083
|
-
#
|
1084
|
-
|
1085
|
-
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
1086
|
-
# an IAM predefined role or a user-created custom role. For some types of Google
|
1087
|
-
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
1088
|
-
# logical expression that allows access to a resource only if the expression
|
1089
|
-
# evaluates to `true`. A condition can add constraints based on attributes of
|
1090
|
-
# the request, the resource, or both. To learn which resources support
|
1091
|
-
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
1092
|
-
# google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
|
1093
|
-
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
1094
|
-
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
1095
|
-
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
1096
|
-
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
1097
|
-
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
1098
|
-
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1099
|
-
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
|
1100
|
-
# example:** ``` bindings: - members: - user:mike@example.com - group:admins@
|
1101
|
-
# example.com - domain:google.com - serviceAccount:my-project-id@appspot.
|
1102
|
-
# gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
|
1103
|
-
# user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
|
1104
|
-
# title: expirable access description: Does not grant access after Sep 2020
|
1105
|
-
# expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
|
1106
|
-
# BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
|
1107
|
-
# [IAM documentation](https://cloud.google.com/iam/docs/).
|
1108
|
-
# Corresponds to the JSON property `policy`
|
1109
|
-
# @return [Google::Apis::NetworksecurityV1beta1::GoogleIamV1Policy]
|
1110
|
-
attr_accessor :policy
|
1888
|
+
# Output only. A connected intercept endpoint group.
|
1889
|
+
# Corresponds to the JSON property `name`
|
1890
|
+
# @return [String]
|
1891
|
+
attr_accessor :name
|
1111
1892
|
|
1112
|
-
|
1113
|
-
|
1114
|
-
|
1115
|
-
|
1893
|
+
def initialize(**args)
|
1894
|
+
update!(**args)
|
1895
|
+
end
|
1896
|
+
|
1897
|
+
# Update properties of this object
|
1898
|
+
def update!(**args)
|
1899
|
+
@name = args[:name] if args.key?(:name)
|
1900
|
+
end
|
1901
|
+
end
|
1902
|
+
|
1903
|
+
# Message describing InterceptEndpointGroup object.
|
1904
|
+
class InterceptEndpointGroup
|
1905
|
+
include Google::Apis::Core::Hashable
|
1906
|
+
|
1907
|
+
# Output only. List of Intercept Endpoint Group Associations that are associated
|
1908
|
+
# to this endpoint group.
|
1909
|
+
# Corresponds to the JSON property `associations`
|
1910
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociationDetails>]
|
1911
|
+
attr_accessor :associations
|
1912
|
+
|
1913
|
+
# Output only. [Output only] Create time stamp
|
1914
|
+
# Corresponds to the JSON property `createTime`
|
1116
1915
|
# @return [String]
|
1117
|
-
attr_accessor :
|
1916
|
+
attr_accessor :create_time
|
1917
|
+
|
1918
|
+
# Optional. User-provided description of the endpoint group. Used as additional
|
1919
|
+
# context for the endpoint group.
|
1920
|
+
# Corresponds to the JSON property `description`
|
1921
|
+
# @return [String]
|
1922
|
+
attr_accessor :description
|
1923
|
+
|
1924
|
+
# Required. Immutable. The Intercept Deployment Group that this resource is
|
1925
|
+
# connected to. Format is: `projects/`project`/locations/global/
|
1926
|
+
# interceptDeploymentGroups/`interceptDeploymentGroup``
|
1927
|
+
# Corresponds to the JSON property `interceptDeploymentGroup`
|
1928
|
+
# @return [String]
|
1929
|
+
attr_accessor :intercept_deployment_group
|
1930
|
+
|
1931
|
+
# Optional. Labels as key value pairs
|
1932
|
+
# Corresponds to the JSON property `labels`
|
1933
|
+
# @return [Hash<String,String>]
|
1934
|
+
attr_accessor :labels
|
1935
|
+
|
1936
|
+
# Immutable. Identifier. The name of the InterceptEndpointGroup.
|
1937
|
+
# Corresponds to the JSON property `name`
|
1938
|
+
# @return [String]
|
1939
|
+
attr_accessor :name
|
1940
|
+
|
1941
|
+
# Output only. Whether reconciling is in progress, recommended per https://
|
1942
|
+
# google.aip.dev/128.
|
1943
|
+
# Corresponds to the JSON property `reconciling`
|
1944
|
+
# @return [Boolean]
|
1945
|
+
attr_accessor :reconciling
|
1946
|
+
alias_method :reconciling?, :reconciling
|
1947
|
+
|
1948
|
+
# Output only. Current state of the endpoint group.
|
1949
|
+
# Corresponds to the JSON property `state`
|
1950
|
+
# @return [String]
|
1951
|
+
attr_accessor :state
|
1952
|
+
|
1953
|
+
# Output only. [Output only] Update time stamp
|
1954
|
+
# Corresponds to the JSON property `updateTime`
|
1955
|
+
# @return [String]
|
1956
|
+
attr_accessor :update_time
|
1118
1957
|
|
1119
1958
|
def initialize(**args)
|
1120
1959
|
update!(**args)
|
@@ -1122,21 +1961,71 @@ module Google
|
|
1122
1961
|
|
1123
1962
|
# Update properties of this object
|
1124
1963
|
def update!(**args)
|
1125
|
-
@
|
1126
|
-
@
|
1964
|
+
@associations = args[:associations] if args.key?(:associations)
|
1965
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
1966
|
+
@description = args[:description] if args.key?(:description)
|
1967
|
+
@intercept_deployment_group = args[:intercept_deployment_group] if args.key?(:intercept_deployment_group)
|
1968
|
+
@labels = args[:labels] if args.key?(:labels)
|
1969
|
+
@name = args[:name] if args.key?(:name)
|
1970
|
+
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
1971
|
+
@state = args[:state] if args.key?(:state)
|
1972
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
1127
1973
|
end
|
1128
1974
|
end
|
1129
1975
|
|
1130
|
-
#
|
1131
|
-
class
|
1132
|
-
include Google::Apis::Core::Hashable
|
1976
|
+
# Message describing InterceptEndpointGroupAssociation object
|
1977
|
+
class InterceptEndpointGroupAssociation
|
1978
|
+
include Google::Apis::Core::Hashable
|
1979
|
+
|
1980
|
+
# Output only. [Output only] Create time stamp
|
1981
|
+
# Corresponds to the JSON property `createTime`
|
1982
|
+
# @return [String]
|
1983
|
+
attr_accessor :create_time
|
1984
|
+
|
1985
|
+
# Required. Immutable. The Intercept Endpoint Group that this resource is
|
1986
|
+
# connected to. Format is: `projects/`project`/locations/global/
|
1987
|
+
# interceptEndpointGroups/`interceptEndpointGroup``
|
1988
|
+
# Corresponds to the JSON property `interceptEndpointGroup`
|
1989
|
+
# @return [String]
|
1990
|
+
attr_accessor :intercept_endpoint_group
|
1991
|
+
|
1992
|
+
# Optional. Labels as key value pairs
|
1993
|
+
# Corresponds to the JSON property `labels`
|
1994
|
+
# @return [Hash<String,String>]
|
1995
|
+
attr_accessor :labels
|
1996
|
+
|
1997
|
+
# Output only. The list of locations that this association is in and its details.
|
1998
|
+
# Corresponds to the JSON property `locationsDetails`
|
1999
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociationLocationDetails>]
|
2000
|
+
attr_accessor :locations_details
|
2001
|
+
|
2002
|
+
# Immutable. Identifier. The name of the InterceptEndpointGroupAssociation.
|
2003
|
+
# Corresponds to the JSON property `name`
|
2004
|
+
# @return [String]
|
2005
|
+
attr_accessor :name
|
2006
|
+
|
2007
|
+
# Required. Immutable. The VPC network associated. Format: projects/`project`/
|
2008
|
+
# global/networks/`network`.
|
2009
|
+
# Corresponds to the JSON property `network`
|
2010
|
+
# @return [String]
|
2011
|
+
attr_accessor :network
|
2012
|
+
|
2013
|
+
# Output only. Whether reconciling is in progress, recommended per https://
|
2014
|
+
# google.aip.dev/128.
|
2015
|
+
# Corresponds to the JSON property `reconciling`
|
2016
|
+
# @return [Boolean]
|
2017
|
+
attr_accessor :reconciling
|
2018
|
+
alias_method :reconciling?, :reconciling
|
2019
|
+
|
2020
|
+
# Output only. Current state of the endpoint group association.
|
2021
|
+
# Corresponds to the JSON property `state`
|
2022
|
+
# @return [String]
|
2023
|
+
attr_accessor :state
|
1133
2024
|
|
1134
|
-
#
|
1135
|
-
#
|
1136
|
-
#
|
1137
|
-
|
1138
|
-
# @return [Array<String>]
|
1139
|
-
attr_accessor :permissions
|
2025
|
+
# Output only. [Output only] Update time stamp
|
2026
|
+
# Corresponds to the JSON property `updateTime`
|
2027
|
+
# @return [String]
|
2028
|
+
attr_accessor :update_time
|
1140
2029
|
|
1141
2030
|
def initialize(**args)
|
1142
2031
|
update!(**args)
|
@@ -1144,18 +2033,40 @@ module Google
|
|
1144
2033
|
|
1145
2034
|
# Update properties of this object
|
1146
2035
|
def update!(**args)
|
1147
|
-
@
|
2036
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
2037
|
+
@intercept_endpoint_group = args[:intercept_endpoint_group] if args.key?(:intercept_endpoint_group)
|
2038
|
+
@labels = args[:labels] if args.key?(:labels)
|
2039
|
+
@locations_details = args[:locations_details] if args.key?(:locations_details)
|
2040
|
+
@name = args[:name] if args.key?(:name)
|
2041
|
+
@network = args[:network] if args.key?(:network)
|
2042
|
+
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
2043
|
+
@state = args[:state] if args.key?(:state)
|
2044
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
1148
2045
|
end
|
1149
2046
|
end
|
1150
2047
|
|
1151
|
-
#
|
1152
|
-
|
2048
|
+
# This is a subset of the InterceptEndpointGroupAssociation message, containing
|
2049
|
+
# fields to be used by the consumer.
|
2050
|
+
class InterceptEndpointGroupAssociationDetails
|
1153
2051
|
include Google::Apis::Core::Hashable
|
1154
2052
|
|
1155
|
-
#
|
1156
|
-
#
|
1157
|
-
#
|
1158
|
-
|
2053
|
+
# Output only. The resource name of the InterceptEndpointGroupAssociation.
|
2054
|
+
# Format: projects/`project`/locations/`location`/
|
2055
|
+
# interceptEndpointGroupAssociations/`interceptEndpointGroupAssociation`
|
2056
|
+
# Corresponds to the JSON property `name`
|
2057
|
+
# @return [String]
|
2058
|
+
attr_accessor :name
|
2059
|
+
|
2060
|
+
# Output only. The VPC network associated. Format: projects/`project`/global/
|
2061
|
+
# networks/`name`.
|
2062
|
+
# Corresponds to the JSON property `network`
|
2063
|
+
# @return [String]
|
2064
|
+
attr_accessor :network
|
2065
|
+
|
2066
|
+
# Output only. Current state of the association.
|
2067
|
+
# Corresponds to the JSON property `state`
|
2068
|
+
# @return [String]
|
2069
|
+
attr_accessor :state
|
1159
2070
|
|
1160
2071
|
def initialize(**args)
|
1161
2072
|
update!(**args)
|
@@ -1163,29 +2074,25 @@ module Google
|
|
1163
2074
|
|
1164
2075
|
# Update properties of this object
|
1165
2076
|
def update!(**args)
|
1166
|
-
@
|
2077
|
+
@name = args[:name] if args.key?(:name)
|
2078
|
+
@network = args[:network] if args.key?(:network)
|
2079
|
+
@state = args[:state] if args.key?(:state)
|
1167
2080
|
end
|
1168
2081
|
end
|
1169
2082
|
|
1170
|
-
#
|
1171
|
-
class
|
2083
|
+
# Details about the association status in a specific cloud location.
|
2084
|
+
class InterceptEndpointGroupAssociationLocationDetails
|
1172
2085
|
include Google::Apis::Core::Hashable
|
1173
2086
|
|
1174
|
-
#
|
1175
|
-
#
|
1176
|
-
# matching a request's method, use the headerName ":method".
|
1177
|
-
# Corresponds to the JSON property `headerName`
|
2087
|
+
# Output only. The cloud location.
|
2088
|
+
# Corresponds to the JSON property `location`
|
1178
2089
|
# @return [String]
|
1179
|
-
attr_accessor :
|
2090
|
+
attr_accessor :location
|
1180
2091
|
|
1181
|
-
#
|
1182
|
-
#
|
1183
|
-
# w/cpp/regex/ecmascript For matching against a port specified in the HTTP
|
1184
|
-
# request, use a headerMatch with headerName set to Host and a regular
|
1185
|
-
# expression that satisfies the RFC2616 Host header's port specifier.
|
1186
|
-
# Corresponds to the JSON property `regexMatch`
|
2092
|
+
# Output only. The association state in this location.
|
2093
|
+
# Corresponds to the JSON property `state`
|
1187
2094
|
# @return [String]
|
1188
|
-
attr_accessor :
|
2095
|
+
attr_accessor :state
|
1189
2096
|
|
1190
2097
|
def initialize(**args)
|
1191
2098
|
update!(**args)
|
@@ -1193,8 +2100,8 @@ module Google
|
|
1193
2100
|
|
1194
2101
|
# Update properties of this object
|
1195
2102
|
def update!(**args)
|
1196
|
-
@
|
1197
|
-
@
|
2103
|
+
@location = args[:location] if args.key?(:location)
|
2104
|
+
@state = args[:state] if args.key?(:state)
|
1198
2105
|
end
|
1199
2106
|
end
|
1200
2107
|
|
@@ -1310,6 +2217,37 @@ module Google
|
|
1310
2217
|
end
|
1311
2218
|
end
|
1312
2219
|
|
2220
|
+
# Message for response to listing `AuthzPolicy` resources.
|
2221
|
+
class ListAuthzPoliciesResponse
|
2222
|
+
include Google::Apis::Core::Hashable
|
2223
|
+
|
2224
|
+
# The list of `AuthzPolicy` resources.
|
2225
|
+
# Corresponds to the JSON property `authzPolicies`
|
2226
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicy>]
|
2227
|
+
attr_accessor :authz_policies
|
2228
|
+
|
2229
|
+
# A token identifying a page of results that the server returns.
|
2230
|
+
# Corresponds to the JSON property `nextPageToken`
|
2231
|
+
# @return [String]
|
2232
|
+
attr_accessor :next_page_token
|
2233
|
+
|
2234
|
+
# Locations that could not be reached.
|
2235
|
+
# Corresponds to the JSON property `unreachable`
|
2236
|
+
# @return [Array<String>]
|
2237
|
+
attr_accessor :unreachable
|
2238
|
+
|
2239
|
+
def initialize(**args)
|
2240
|
+
update!(**args)
|
2241
|
+
end
|
2242
|
+
|
2243
|
+
# Update properties of this object
|
2244
|
+
def update!(**args)
|
2245
|
+
@authz_policies = args[:authz_policies] if args.key?(:authz_policies)
|
2246
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
2247
|
+
@unreachable = args[:unreachable] if args.key?(:unreachable)
|
2248
|
+
end
|
2249
|
+
end
|
2250
|
+
|
1313
2251
|
# Response returned by the ListClientTlsPolicies method.
|
1314
2252
|
class ListClientTlsPoliciesResponse
|
1315
2253
|
include Google::Apis::Core::Hashable
|
@@ -1459,22 +2397,234 @@ module Google
|
|
1459
2397
|
|
1460
2398
|
# Update properties of this object
|
1461
2399
|
def update!(**args)
|
1462
|
-
@gateway_security_policy_rules = args[:gateway_security_policy_rules] if args.key?(:gateway_security_policy_rules)
|
2400
|
+
@gateway_security_policy_rules = args[:gateway_security_policy_rules] if args.key?(:gateway_security_policy_rules)
|
2401
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
2402
|
+
@unreachable = args[:unreachable] if args.key?(:unreachable)
|
2403
|
+
end
|
2404
|
+
end
|
2405
|
+
|
2406
|
+
# Message for response to listing InterceptDeploymentGroups
|
2407
|
+
class ListInterceptDeploymentGroupsResponse
|
2408
|
+
include Google::Apis::Core::Hashable
|
2409
|
+
|
2410
|
+
# The list of InterceptDeploymentGroup
|
2411
|
+
# Corresponds to the JSON property `interceptDeploymentGroups`
|
2412
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeploymentGroup>]
|
2413
|
+
attr_accessor :intercept_deployment_groups
|
2414
|
+
|
2415
|
+
# A token identifying a page of results the server should return.
|
2416
|
+
# Corresponds to the JSON property `nextPageToken`
|
2417
|
+
# @return [String]
|
2418
|
+
attr_accessor :next_page_token
|
2419
|
+
|
2420
|
+
def initialize(**args)
|
2421
|
+
update!(**args)
|
2422
|
+
end
|
2423
|
+
|
2424
|
+
# Update properties of this object
|
2425
|
+
def update!(**args)
|
2426
|
+
@intercept_deployment_groups = args[:intercept_deployment_groups] if args.key?(:intercept_deployment_groups)
|
2427
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
2428
|
+
end
|
2429
|
+
end
|
2430
|
+
|
2431
|
+
# Message for response to listing InterceptDeployments
|
2432
|
+
class ListInterceptDeploymentsResponse
|
2433
|
+
include Google::Apis::Core::Hashable
|
2434
|
+
|
2435
|
+
# The list of InterceptDeployment
|
2436
|
+
# Corresponds to the JSON property `interceptDeployments`
|
2437
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeployment>]
|
2438
|
+
attr_accessor :intercept_deployments
|
2439
|
+
|
2440
|
+
# A token identifying a page of results the server should return.
|
2441
|
+
# Corresponds to the JSON property `nextPageToken`
|
2442
|
+
# @return [String]
|
2443
|
+
attr_accessor :next_page_token
|
2444
|
+
|
2445
|
+
# Locations that could not be reached.
|
2446
|
+
# Corresponds to the JSON property `unreachable`
|
2447
|
+
# @return [Array<String>]
|
2448
|
+
attr_accessor :unreachable
|
2449
|
+
|
2450
|
+
def initialize(**args)
|
2451
|
+
update!(**args)
|
2452
|
+
end
|
2453
|
+
|
2454
|
+
# Update properties of this object
|
2455
|
+
def update!(**args)
|
2456
|
+
@intercept_deployments = args[:intercept_deployments] if args.key?(:intercept_deployments)
|
2457
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
2458
|
+
@unreachable = args[:unreachable] if args.key?(:unreachable)
|
2459
|
+
end
|
2460
|
+
end
|
2461
|
+
|
2462
|
+
# Message for response to listing InterceptEndpointGroupAssociations
|
2463
|
+
class ListInterceptEndpointGroupAssociationsResponse
|
2464
|
+
include Google::Apis::Core::Hashable
|
2465
|
+
|
2466
|
+
# The list of InterceptEndpointGroupAssociation
|
2467
|
+
# Corresponds to the JSON property `interceptEndpointGroupAssociations`
|
2468
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociation>]
|
2469
|
+
attr_accessor :intercept_endpoint_group_associations
|
2470
|
+
|
2471
|
+
# A token identifying a page of results the server should return.
|
2472
|
+
# Corresponds to the JSON property `nextPageToken`
|
2473
|
+
# @return [String]
|
2474
|
+
attr_accessor :next_page_token
|
2475
|
+
|
2476
|
+
def initialize(**args)
|
2477
|
+
update!(**args)
|
2478
|
+
end
|
2479
|
+
|
2480
|
+
# Update properties of this object
|
2481
|
+
def update!(**args)
|
2482
|
+
@intercept_endpoint_group_associations = args[:intercept_endpoint_group_associations] if args.key?(:intercept_endpoint_group_associations)
|
2483
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
2484
|
+
end
|
2485
|
+
end
|
2486
|
+
|
2487
|
+
# Message for response to listing InterceptEndpointGroups
|
2488
|
+
class ListInterceptEndpointGroupsResponse
|
2489
|
+
include Google::Apis::Core::Hashable
|
2490
|
+
|
2491
|
+
# The list of InterceptEndpointGroup
|
2492
|
+
# Corresponds to the JSON property `interceptEndpointGroups`
|
2493
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroup>]
|
2494
|
+
attr_accessor :intercept_endpoint_groups
|
2495
|
+
|
2496
|
+
# A token identifying a page of results the server should return.
|
2497
|
+
# Corresponds to the JSON property `nextPageToken`
|
2498
|
+
# @return [String]
|
2499
|
+
attr_accessor :next_page_token
|
2500
|
+
|
2501
|
+
def initialize(**args)
|
2502
|
+
update!(**args)
|
2503
|
+
end
|
2504
|
+
|
2505
|
+
# Update properties of this object
|
2506
|
+
def update!(**args)
|
2507
|
+
@intercept_endpoint_groups = args[:intercept_endpoint_groups] if args.key?(:intercept_endpoint_groups)
|
2508
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
2509
|
+
end
|
2510
|
+
end
|
2511
|
+
|
2512
|
+
# The response message for Locations.ListLocations.
|
2513
|
+
class ListLocationsResponse
|
2514
|
+
include Google::Apis::Core::Hashable
|
2515
|
+
|
2516
|
+
# A list of locations that matches the specified filter in the request.
|
2517
|
+
# Corresponds to the JSON property `locations`
|
2518
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::Location>]
|
2519
|
+
attr_accessor :locations
|
2520
|
+
|
2521
|
+
# The standard List next-page token.
|
2522
|
+
# Corresponds to the JSON property `nextPageToken`
|
2523
|
+
# @return [String]
|
2524
|
+
attr_accessor :next_page_token
|
2525
|
+
|
2526
|
+
def initialize(**args)
|
2527
|
+
update!(**args)
|
2528
|
+
end
|
2529
|
+
|
2530
|
+
# Update properties of this object
|
2531
|
+
def update!(**args)
|
2532
|
+
@locations = args[:locations] if args.key?(:locations)
|
2533
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
2534
|
+
end
|
2535
|
+
end
|
2536
|
+
|
2537
|
+
# Message for response to listing MirroringDeploymentGroups
|
2538
|
+
class ListMirroringDeploymentGroupsResponse
|
2539
|
+
include Google::Apis::Core::Hashable
|
2540
|
+
|
2541
|
+
# The list of MirroringDeploymentGroup
|
2542
|
+
# Corresponds to the JSON property `mirroringDeploymentGroups`
|
2543
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeploymentGroup>]
|
2544
|
+
attr_accessor :mirroring_deployment_groups
|
2545
|
+
|
2546
|
+
# A token identifying a page of results the server should return.
|
2547
|
+
# Corresponds to the JSON property `nextPageToken`
|
2548
|
+
# @return [String]
|
2549
|
+
attr_accessor :next_page_token
|
2550
|
+
|
2551
|
+
def initialize(**args)
|
2552
|
+
update!(**args)
|
2553
|
+
end
|
2554
|
+
|
2555
|
+
# Update properties of this object
|
2556
|
+
def update!(**args)
|
2557
|
+
@mirroring_deployment_groups = args[:mirroring_deployment_groups] if args.key?(:mirroring_deployment_groups)
|
2558
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
2559
|
+
end
|
2560
|
+
end
|
2561
|
+
|
2562
|
+
# Message for response to listing MirroringDeployments
|
2563
|
+
class ListMirroringDeploymentsResponse
|
2564
|
+
include Google::Apis::Core::Hashable
|
2565
|
+
|
2566
|
+
# The list of MirroringDeployment
|
2567
|
+
# Corresponds to the JSON property `mirroringDeployments`
|
2568
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeployment>]
|
2569
|
+
attr_accessor :mirroring_deployments
|
2570
|
+
|
2571
|
+
# A token identifying a page of results the server should return.
|
2572
|
+
# Corresponds to the JSON property `nextPageToken`
|
2573
|
+
# @return [String]
|
2574
|
+
attr_accessor :next_page_token
|
2575
|
+
|
2576
|
+
# Locations that could not be reached.
|
2577
|
+
# Corresponds to the JSON property `unreachable`
|
2578
|
+
# @return [Array<String>]
|
2579
|
+
attr_accessor :unreachable
|
2580
|
+
|
2581
|
+
def initialize(**args)
|
2582
|
+
update!(**args)
|
2583
|
+
end
|
2584
|
+
|
2585
|
+
# Update properties of this object
|
2586
|
+
def update!(**args)
|
2587
|
+
@mirroring_deployments = args[:mirroring_deployments] if args.key?(:mirroring_deployments)
|
2588
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
2589
|
+
@unreachable = args[:unreachable] if args.key?(:unreachable)
|
2590
|
+
end
|
2591
|
+
end
|
2592
|
+
|
2593
|
+
# Message for response to listing MirroringEndpointGroupAssociations
|
2594
|
+
class ListMirroringEndpointGroupAssociationsResponse
|
2595
|
+
include Google::Apis::Core::Hashable
|
2596
|
+
|
2597
|
+
# The list of MirroringEndpointGroupAssociation
|
2598
|
+
# Corresponds to the JSON property `mirroringEndpointGroupAssociations`
|
2599
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroupAssociation>]
|
2600
|
+
attr_accessor :mirroring_endpoint_group_associations
|
2601
|
+
|
2602
|
+
# A token identifying a page of results the server should return.
|
2603
|
+
# Corresponds to the JSON property `nextPageToken`
|
2604
|
+
# @return [String]
|
2605
|
+
attr_accessor :next_page_token
|
2606
|
+
|
2607
|
+
def initialize(**args)
|
2608
|
+
update!(**args)
|
2609
|
+
end
|
2610
|
+
|
2611
|
+
# Update properties of this object
|
2612
|
+
def update!(**args)
|
2613
|
+
@mirroring_endpoint_group_associations = args[:mirroring_endpoint_group_associations] if args.key?(:mirroring_endpoint_group_associations)
|
1463
2614
|
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
1464
|
-
@unreachable = args[:unreachable] if args.key?(:unreachable)
|
1465
2615
|
end
|
1466
2616
|
end
|
1467
2617
|
|
1468
|
-
#
|
1469
|
-
class
|
2618
|
+
# Message for response to listing MirroringEndpointGroups
|
2619
|
+
class ListMirroringEndpointGroupsResponse
|
1470
2620
|
include Google::Apis::Core::Hashable
|
1471
2621
|
|
1472
|
-
#
|
1473
|
-
# Corresponds to the JSON property `
|
1474
|
-
# @return [Array<Google::Apis::NetworksecurityV1beta1::
|
1475
|
-
attr_accessor :
|
2622
|
+
# The list of MirroringEndpointGroup
|
2623
|
+
# Corresponds to the JSON property `mirroringEndpointGroups`
|
2624
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroup>]
|
2625
|
+
attr_accessor :mirroring_endpoint_groups
|
1476
2626
|
|
1477
|
-
#
|
2627
|
+
# A token identifying a page of results the server should return.
|
1478
2628
|
# Corresponds to the JSON property `nextPageToken`
|
1479
2629
|
# @return [String]
|
1480
2630
|
attr_accessor :next_page_token
|
@@ -1485,7 +2635,7 @@ module Google
|
|
1485
2635
|
|
1486
2636
|
# Update properties of this object
|
1487
2637
|
def update!(**args)
|
1488
|
-
@
|
2638
|
+
@mirroring_endpoint_groups = args[:mirroring_endpoint_groups] if args.key?(:mirroring_endpoint_groups)
|
1489
2639
|
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
1490
2640
|
end
|
1491
2641
|
end
|
@@ -1748,6 +2898,313 @@ module Google
|
|
1748
2898
|
end
|
1749
2899
|
end
|
1750
2900
|
|
2901
|
+
# Message describing MirroringDeployment object
|
2902
|
+
class MirroringDeployment
|
2903
|
+
include Google::Apis::Core::Hashable
|
2904
|
+
|
2905
|
+
# Output only. [Output only] Create time stamp
|
2906
|
+
# Corresponds to the JSON property `createTime`
|
2907
|
+
# @return [String]
|
2908
|
+
attr_accessor :create_time
|
2909
|
+
|
2910
|
+
# Required. Immutable. The regional load balancer which the mirrored traffic
|
2911
|
+
# should be forwarded to. Format is: projects/`project`/regions/`region`/
|
2912
|
+
# forwardingRules/`forwardingRule`
|
2913
|
+
# Corresponds to the JSON property `forwardingRule`
|
2914
|
+
# @return [String]
|
2915
|
+
attr_accessor :forwarding_rule
|
2916
|
+
|
2917
|
+
# Optional. Labels as key value pairs
|
2918
|
+
# Corresponds to the JSON property `labels`
|
2919
|
+
# @return [Hash<String,String>]
|
2920
|
+
attr_accessor :labels
|
2921
|
+
|
2922
|
+
# Required. Immutable. The Mirroring Deployment Group that this resource is part
|
2923
|
+
# of. Format is: `projects/`project`/locations/global/mirroringDeploymentGroups/`
|
2924
|
+
# mirroringDeploymentGroup``
|
2925
|
+
# Corresponds to the JSON property `mirroringDeploymentGroup`
|
2926
|
+
# @return [String]
|
2927
|
+
attr_accessor :mirroring_deployment_group
|
2928
|
+
|
2929
|
+
# Immutable. Identifier. The name of the MirroringDeployment.
|
2930
|
+
# Corresponds to the JSON property `name`
|
2931
|
+
# @return [String]
|
2932
|
+
attr_accessor :name
|
2933
|
+
|
2934
|
+
# Output only. Whether reconciling is in progress, recommended per https://
|
2935
|
+
# google.aip.dev/128.
|
2936
|
+
# Corresponds to the JSON property `reconciling`
|
2937
|
+
# @return [Boolean]
|
2938
|
+
attr_accessor :reconciling
|
2939
|
+
alias_method :reconciling?, :reconciling
|
2940
|
+
|
2941
|
+
# Output only. Current state of the deployment.
|
2942
|
+
# Corresponds to the JSON property `state`
|
2943
|
+
# @return [String]
|
2944
|
+
attr_accessor :state
|
2945
|
+
|
2946
|
+
# Output only. [Output only] Update time stamp
|
2947
|
+
# Corresponds to the JSON property `updateTime`
|
2948
|
+
# @return [String]
|
2949
|
+
attr_accessor :update_time
|
2950
|
+
|
2951
|
+
def initialize(**args)
|
2952
|
+
update!(**args)
|
2953
|
+
end
|
2954
|
+
|
2955
|
+
# Update properties of this object
|
2956
|
+
def update!(**args)
|
2957
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
2958
|
+
@forwarding_rule = args[:forwarding_rule] if args.key?(:forwarding_rule)
|
2959
|
+
@labels = args[:labels] if args.key?(:labels)
|
2960
|
+
@mirroring_deployment_group = args[:mirroring_deployment_group] if args.key?(:mirroring_deployment_group)
|
2961
|
+
@name = args[:name] if args.key?(:name)
|
2962
|
+
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
2963
|
+
@state = args[:state] if args.key?(:state)
|
2964
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
2965
|
+
end
|
2966
|
+
end
|
2967
|
+
|
2968
|
+
# Message describing MirroringDeploymentGroup object NEXT ID: 10
|
2969
|
+
class MirroringDeploymentGroup
|
2970
|
+
include Google::Apis::Core::Hashable
|
2971
|
+
|
2972
|
+
# Output only. The list of Mirroring Endpoint Groups that are connected to this
|
2973
|
+
# resource.
|
2974
|
+
# Corresponds to the JSON property `connectedEndpointGroups`
|
2975
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeploymentGroupConnectedEndpointGroup>]
|
2976
|
+
attr_accessor :connected_endpoint_groups
|
2977
|
+
|
2978
|
+
# Output only. [Output only] Create time stamp
|
2979
|
+
# Corresponds to the JSON property `createTime`
|
2980
|
+
# @return [String]
|
2981
|
+
attr_accessor :create_time
|
2982
|
+
|
2983
|
+
# Optional. Labels as key value pairs
|
2984
|
+
# Corresponds to the JSON property `labels`
|
2985
|
+
# @return [Hash<String,String>]
|
2986
|
+
attr_accessor :labels
|
2987
|
+
|
2988
|
+
# Immutable. Identifier. Then name of the MirroringDeploymentGroup.
|
2989
|
+
# Corresponds to the JSON property `name`
|
2990
|
+
# @return [String]
|
2991
|
+
attr_accessor :name
|
2992
|
+
|
2993
|
+
# Required. Immutable. The network that is being used for the deployment. Format
|
2994
|
+
# is: projects/`project`/global/networks/`network`.
|
2995
|
+
# Corresponds to the JSON property `network`
|
2996
|
+
# @return [String]
|
2997
|
+
attr_accessor :network
|
2998
|
+
|
2999
|
+
# Output only. Whether reconciling is in progress, recommended per https://
|
3000
|
+
# google.aip.dev/128.
|
3001
|
+
# Corresponds to the JSON property `reconciling`
|
3002
|
+
# @return [Boolean]
|
3003
|
+
attr_accessor :reconciling
|
3004
|
+
alias_method :reconciling?, :reconciling
|
3005
|
+
|
3006
|
+
# Output only. Current state of the deployment group.
|
3007
|
+
# Corresponds to the JSON property `state`
|
3008
|
+
# @return [String]
|
3009
|
+
attr_accessor :state
|
3010
|
+
|
3011
|
+
# Output only. [Output only] Update time stamp
|
3012
|
+
# Corresponds to the JSON property `updateTime`
|
3013
|
+
# @return [String]
|
3014
|
+
attr_accessor :update_time
|
3015
|
+
|
3016
|
+
def initialize(**args)
|
3017
|
+
update!(**args)
|
3018
|
+
end
|
3019
|
+
|
3020
|
+
# Update properties of this object
|
3021
|
+
def update!(**args)
|
3022
|
+
@connected_endpoint_groups = args[:connected_endpoint_groups] if args.key?(:connected_endpoint_groups)
|
3023
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
3024
|
+
@labels = args[:labels] if args.key?(:labels)
|
3025
|
+
@name = args[:name] if args.key?(:name)
|
3026
|
+
@network = args[:network] if args.key?(:network)
|
3027
|
+
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
3028
|
+
@state = args[:state] if args.key?(:state)
|
3029
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
3030
|
+
end
|
3031
|
+
end
|
3032
|
+
|
3033
|
+
# An endpoint group connected to this deployment group.
|
3034
|
+
class MirroringDeploymentGroupConnectedEndpointGroup
|
3035
|
+
include Google::Apis::Core::Hashable
|
3036
|
+
|
3037
|
+
# Output only. A connected mirroring endpoint group.
|
3038
|
+
# Corresponds to the JSON property `name`
|
3039
|
+
# @return [String]
|
3040
|
+
attr_accessor :name
|
3041
|
+
|
3042
|
+
def initialize(**args)
|
3043
|
+
update!(**args)
|
3044
|
+
end
|
3045
|
+
|
3046
|
+
# Update properties of this object
|
3047
|
+
def update!(**args)
|
3048
|
+
@name = args[:name] if args.key?(:name)
|
3049
|
+
end
|
3050
|
+
end
|
3051
|
+
|
3052
|
+
# Message describing MirroringEndpointGroup object.
|
3053
|
+
class MirroringEndpointGroup
|
3054
|
+
include Google::Apis::Core::Hashable
|
3055
|
+
|
3056
|
+
# Output only. [Output only] Create time stamp
|
3057
|
+
# Corresponds to the JSON property `createTime`
|
3058
|
+
# @return [String]
|
3059
|
+
attr_accessor :create_time
|
3060
|
+
|
3061
|
+
# Optional. Labels as key value pairs
|
3062
|
+
# Corresponds to the JSON property `labels`
|
3063
|
+
# @return [Hash<String,String>]
|
3064
|
+
attr_accessor :labels
|
3065
|
+
|
3066
|
+
# Required. Immutable. The Mirroring Deployment Group that this resource is
|
3067
|
+
# connected to. Format is: `projects/`project`/locations/global/
|
3068
|
+
# mirroringDeploymentGroups/`mirroringDeploymentGroup``
|
3069
|
+
# Corresponds to the JSON property `mirroringDeploymentGroup`
|
3070
|
+
# @return [String]
|
3071
|
+
attr_accessor :mirroring_deployment_group
|
3072
|
+
|
3073
|
+
# Immutable. Identifier. Next ID: 11 The name of the MirroringEndpointGroup.
|
3074
|
+
# Corresponds to the JSON property `name`
|
3075
|
+
# @return [String]
|
3076
|
+
attr_accessor :name
|
3077
|
+
|
3078
|
+
# Output only. Whether reconciling is in progress, recommended per https://
|
3079
|
+
# google.aip.dev/128.
|
3080
|
+
# Corresponds to the JSON property `reconciling`
|
3081
|
+
# @return [Boolean]
|
3082
|
+
attr_accessor :reconciling
|
3083
|
+
alias_method :reconciling?, :reconciling
|
3084
|
+
|
3085
|
+
# Output only. Current state of the endpoint group.
|
3086
|
+
# Corresponds to the JSON property `state`
|
3087
|
+
# @return [String]
|
3088
|
+
attr_accessor :state
|
3089
|
+
|
3090
|
+
# Output only. [Output only] Update time stamp
|
3091
|
+
# Corresponds to the JSON property `updateTime`
|
3092
|
+
# @return [String]
|
3093
|
+
attr_accessor :update_time
|
3094
|
+
|
3095
|
+
def initialize(**args)
|
3096
|
+
update!(**args)
|
3097
|
+
end
|
3098
|
+
|
3099
|
+
# Update properties of this object
|
3100
|
+
def update!(**args)
|
3101
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
3102
|
+
@labels = args[:labels] if args.key?(:labels)
|
3103
|
+
@mirroring_deployment_group = args[:mirroring_deployment_group] if args.key?(:mirroring_deployment_group)
|
3104
|
+
@name = args[:name] if args.key?(:name)
|
3105
|
+
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
3106
|
+
@state = args[:state] if args.key?(:state)
|
3107
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
3108
|
+
end
|
3109
|
+
end
|
3110
|
+
|
3111
|
+
# Message describing MirroringEndpointGroupAssociation object
|
3112
|
+
class MirroringEndpointGroupAssociation
|
3113
|
+
include Google::Apis::Core::Hashable
|
3114
|
+
|
3115
|
+
# Output only. [Output only] Create time stamp
|
3116
|
+
# Corresponds to the JSON property `createTime`
|
3117
|
+
# @return [String]
|
3118
|
+
attr_accessor :create_time
|
3119
|
+
|
3120
|
+
# Optional. Labels as key value pairs
|
3121
|
+
# Corresponds to the JSON property `labels`
|
3122
|
+
# @return [Hash<String,String>]
|
3123
|
+
attr_accessor :labels
|
3124
|
+
|
3125
|
+
# Output only. The list of locations that this association is in and its details.
|
3126
|
+
# Corresponds to the JSON property `locationsDetails`
|
3127
|
+
# @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroupAssociationLocationDetails>]
|
3128
|
+
attr_accessor :locations_details
|
3129
|
+
|
3130
|
+
# Required. Immutable. The Mirroring Endpoint Group that this resource is
|
3131
|
+
# connected to. Format is: `projects/`project`/locations/global/
|
3132
|
+
# mirroringEndpointGroups/`mirroringEndpointGroup``
|
3133
|
+
# Corresponds to the JSON property `mirroringEndpointGroup`
|
3134
|
+
# @return [String]
|
3135
|
+
attr_accessor :mirroring_endpoint_group
|
3136
|
+
|
3137
|
+
# Immutable. Identifier. The name of the MirroringEndpointGroupAssociation.
|
3138
|
+
# Corresponds to the JSON property `name`
|
3139
|
+
# @return [String]
|
3140
|
+
attr_accessor :name
|
3141
|
+
|
3142
|
+
# Required. Immutable. The VPC network associated. Format: projects/`project`/
|
3143
|
+
# global/networks/`network`.
|
3144
|
+
# Corresponds to the JSON property `network`
|
3145
|
+
# @return [String]
|
3146
|
+
attr_accessor :network
|
3147
|
+
|
3148
|
+
# Output only. Whether reconciling is in progress, recommended per https://
|
3149
|
+
# google.aip.dev/128.
|
3150
|
+
# Corresponds to the JSON property `reconciling`
|
3151
|
+
# @return [Boolean]
|
3152
|
+
attr_accessor :reconciling
|
3153
|
+
alias_method :reconciling?, :reconciling
|
3154
|
+
|
3155
|
+
# Output only. Current state of the endpoint group association.
|
3156
|
+
# Corresponds to the JSON property `state`
|
3157
|
+
# @return [String]
|
3158
|
+
attr_accessor :state
|
3159
|
+
|
3160
|
+
# Output only. [Output only] Update time stamp
|
3161
|
+
# Corresponds to the JSON property `updateTime`
|
3162
|
+
# @return [String]
|
3163
|
+
attr_accessor :update_time
|
3164
|
+
|
3165
|
+
def initialize(**args)
|
3166
|
+
update!(**args)
|
3167
|
+
end
|
3168
|
+
|
3169
|
+
# Update properties of this object
|
3170
|
+
def update!(**args)
|
3171
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
3172
|
+
@labels = args[:labels] if args.key?(:labels)
|
3173
|
+
@locations_details = args[:locations_details] if args.key?(:locations_details)
|
3174
|
+
@mirroring_endpoint_group = args[:mirroring_endpoint_group] if args.key?(:mirroring_endpoint_group)
|
3175
|
+
@name = args[:name] if args.key?(:name)
|
3176
|
+
@network = args[:network] if args.key?(:network)
|
3177
|
+
@reconciling = args[:reconciling] if args.key?(:reconciling)
|
3178
|
+
@state = args[:state] if args.key?(:state)
|
3179
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
3180
|
+
end
|
3181
|
+
end
|
3182
|
+
|
3183
|
+
# Details about the association status in a specific cloud location.
|
3184
|
+
class MirroringEndpointGroupAssociationLocationDetails
|
3185
|
+
include Google::Apis::Core::Hashable
|
3186
|
+
|
3187
|
+
# Output only. The cloud location.
|
3188
|
+
# Corresponds to the JSON property `location`
|
3189
|
+
# @return [String]
|
3190
|
+
attr_accessor :location
|
3191
|
+
|
3192
|
+
# Output only. The association state in this location.
|
3193
|
+
# Corresponds to the JSON property `state`
|
3194
|
+
# @return [String]
|
3195
|
+
attr_accessor :state
|
3196
|
+
|
3197
|
+
def initialize(**args)
|
3198
|
+
update!(**args)
|
3199
|
+
end
|
3200
|
+
|
3201
|
+
# Update properties of this object
|
3202
|
+
def update!(**args)
|
3203
|
+
@location = args[:location] if args.key?(:location)
|
3204
|
+
@state = args[:state] if args.key?(:state)
|
3205
|
+
end
|
3206
|
+
end
|
3207
|
+
|
1751
3208
|
# This resource represents a long-running operation that is the result of a
|
1752
3209
|
# network API call.
|
1753
3210
|
class Operation
|
@@ -1936,7 +3393,7 @@ module Google
|
|
1936
3393
|
end
|
1937
3394
|
|
1938
3395
|
# SecurityProfile is a resource that defines the behavior for one of many
|
1939
|
-
# ProfileTypes.
|
3396
|
+
# ProfileTypes.
|
1940
3397
|
class SecurityProfile
|
1941
3398
|
include Google::Apis::Core::Hashable
|
1942
3399
|
|
@@ -1945,6 +3402,18 @@ module Google
|
|
1945
3402
|
# @return [String]
|
1946
3403
|
attr_accessor :create_time
|
1947
3404
|
|
3405
|
+
# CustomInterceptProfile defines the Packet Intercept Endpoint Group used to
|
3406
|
+
# intercept traffic to a third-party firewall in a Firewall rule.
|
3407
|
+
# Corresponds to the JSON property `customInterceptProfile`
|
3408
|
+
# @return [Google::Apis::NetworksecurityV1beta1::CustomInterceptProfile]
|
3409
|
+
attr_accessor :custom_intercept_profile
|
3410
|
+
|
3411
|
+
# CustomMirroringProfile defines an action for mirroring traffic to a collector'
|
3412
|
+
# s EndpointGroup
|
3413
|
+
# Corresponds to the JSON property `customMirroringProfile`
|
3414
|
+
# @return [Google::Apis::NetworksecurityV1beta1::CustomMirroringProfile]
|
3415
|
+
attr_accessor :custom_mirroring_profile
|
3416
|
+
|
1948
3417
|
# Optional. An optional description of the profile. Max length 512 characters.
|
1949
3418
|
# Corresponds to the JSON property `description`
|
1950
3419
|
# @return [String]
|
@@ -1992,6 +3461,8 @@ module Google
|
|
1992
3461
|
# Update properties of this object
|
1993
3462
|
def update!(**args)
|
1994
3463
|
@create_time = args[:create_time] if args.key?(:create_time)
|
3464
|
+
@custom_intercept_profile = args[:custom_intercept_profile] if args.key?(:custom_intercept_profile)
|
3465
|
+
@custom_mirroring_profile = args[:custom_mirroring_profile] if args.key?(:custom_mirroring_profile)
|
1995
3466
|
@description = args[:description] if args.key?(:description)
|
1996
3467
|
@etag = args[:etag] if args.key?(:etag)
|
1997
3468
|
@labels = args[:labels] if args.key?(:labels)
|
@@ -2003,7 +3474,7 @@ module Google
|
|
2003
3474
|
end
|
2004
3475
|
|
2005
3476
|
# SecurityProfileGroup is a resource that defines the behavior for various
|
2006
|
-
# ProfileTypes.
|
3477
|
+
# ProfileTypes.
|
2007
3478
|
class SecurityProfileGroup
|
2008
3479
|
include Google::Apis::Core::Hashable
|
2009
3480
|
|
@@ -2012,6 +3483,18 @@ module Google
|
|
2012
3483
|
# @return [String]
|
2013
3484
|
attr_accessor :create_time
|
2014
3485
|
|
3486
|
+
# Optional. Reference to a SecurityProfile with the CustomIntercept
|
3487
|
+
# configuration.
|
3488
|
+
# Corresponds to the JSON property `customInterceptProfile`
|
3489
|
+
# @return [String]
|
3490
|
+
attr_accessor :custom_intercept_profile
|
3491
|
+
|
3492
|
+
# Optional. Reference to a SecurityProfile with the CustomMirroring
|
3493
|
+
# configuration.
|
3494
|
+
# Corresponds to the JSON property `customMirroringProfile`
|
3495
|
+
# @return [String]
|
3496
|
+
attr_accessor :custom_mirroring_profile
|
3497
|
+
|
2015
3498
|
# Optional. An optional description of the profile group. Max length 2048
|
2016
3499
|
# characters.
|
2017
3500
|
# Corresponds to the JSON property `description`
|
@@ -2037,8 +3520,8 @@ module Google
|
|
2037
3520
|
# @return [String]
|
2038
3521
|
attr_accessor :name
|
2039
3522
|
|
2040
|
-
# Optional. Reference to a SecurityProfile with the
|
2041
|
-
# configuration
|
3523
|
+
# Optional. Reference to a SecurityProfile with the ThreatPrevention
|
3524
|
+
# configuration.
|
2042
3525
|
# Corresponds to the JSON property `threatPreventionProfile`
|
2043
3526
|
# @return [String]
|
2044
3527
|
attr_accessor :threat_prevention_profile
|
@@ -2055,6 +3538,8 @@ module Google
|
|
2055
3538
|
# Update properties of this object
|
2056
3539
|
def update!(**args)
|
2057
3540
|
@create_time = args[:create_time] if args.key?(:create_time)
|
3541
|
+
@custom_intercept_profile = args[:custom_intercept_profile] if args.key?(:custom_intercept_profile)
|
3542
|
+
@custom_mirroring_profile = args[:custom_mirroring_profile] if args.key?(:custom_mirroring_profile)
|
2058
3543
|
@description = args[:description] if args.key?(:description)
|
2059
3544
|
@etag = args[:etag] if args.key?(:etag)
|
2060
3545
|
@labels = args[:labels] if args.key?(:labels)
|