google-apis-networksecurity_v1beta1 0.37.0 → 0.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -194,88 +194,68 @@ module Google
194
194
  end
195
195
  end
196
196
 
197
- # The request message for Operations.CancelOperation.
198
- class CancelOperationRequest
199
- include Google::Apis::Core::Hashable
200
-
201
- def initialize(**args)
202
- update!(**args)
203
- end
204
-
205
- # Update properties of this object
206
- def update!(**args)
207
- end
208
- end
209
-
210
- # Specification of a TLS certificate provider instance. Workloads may have one
211
- # or more CertificateProvider instances (plugins) and one of them is enabled and
212
- # configured by specifying this message. Workloads use the values from this
213
- # message to locate and load the CertificateProvider instance configuration.
214
- class CertificateProviderInstance
197
+ # `AuthzPolicy` is a resource that allows to forward traffic to a callout
198
+ # backend designed to scan the traffic for security purposes.
199
+ class AuthzPolicy
215
200
  include Google::Apis::Core::Hashable
216
201
 
217
- # Required. Plugin instance name, used to locate and load CertificateProvider
218
- # instance configuration. Set to "google_cloud_private_spiffe" to use
219
- # Certificate Authority Service certificate provider instance.
220
- # Corresponds to the JSON property `pluginInstance`
202
+ # Required. Can be one of `ALLOW`, `DENY`, `CUSTOM`. When the action is `CUSTOM`,
203
+ # `customProvider` must be specified. When the action is `ALLOW`, only requests
204
+ # matching the policy will be allowed. When the action is `DENY`, only requests
205
+ # matching the policy will be denied. When a request arrives, the policies are
206
+ # evaluated in the following order: 1. If there is a `CUSTOM` policy that
207
+ # matches the request, the `CUSTOM` policy is evaluated using the custom
208
+ # authorization providers and the request is denied if the provider rejects the
209
+ # request. 2. If there are any `DENY` policies that match the request, the
210
+ # request is denied. 3. If there are no `ALLOW` policies for the resource or if
211
+ # any of the `ALLOW` policies match the request, the request is allowed. 4. Else
212
+ # the request is denied by default if none of the configured AuthzPolicies with `
213
+ # ALLOW` action match the request.
214
+ # Corresponds to the JSON property `action`
221
215
  # @return [String]
222
- attr_accessor :plugin_instance
223
-
224
- def initialize(**args)
225
- update!(**args)
226
- end
227
-
228
- # Update properties of this object
229
- def update!(**args)
230
- @plugin_instance = args[:plugin_instance] if args.key?(:plugin_instance)
231
- end
232
- end
233
-
234
- # ClientTlsPolicy is a resource that specifies how a client should authenticate
235
- # connections to backends of a service. This resource itself does not affect
236
- # configuration unless it is attached to a backend service resource.
237
- class ClientTlsPolicy
238
- include Google::Apis::Core::Hashable
239
-
240
- # Specification of certificate provider. Defines the mechanism to obtain the
241
- # certificate and private key for peer to peer authentication.
242
- # Corresponds to the JSON property `clientCertificate`
243
- # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1CertificateProvider]
244
- attr_accessor :client_certificate
216
+ attr_accessor :action
245
217
 
246
218
  # Output only. The timestamp when the resource was created.
247
219
  # Corresponds to the JSON property `createTime`
248
220
  # @return [String]
249
221
  attr_accessor :create_time
250
222
 
251
- # Optional. Free-text description of the resource.
223
+ # Allows delegating authorization decisions to Cloud IAP or to Service
224
+ # Extensions.
225
+ # Corresponds to the JSON property `customProvider`
226
+ # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProvider]
227
+ attr_accessor :custom_provider
228
+
229
+ # Optional. A human-readable description of the resource.
252
230
  # Corresponds to the JSON property `description`
253
231
  # @return [String]
254
232
  attr_accessor :description
255
233
 
256
- # Optional. Set of label tags associated with the resource.
234
+ # Optional. A list of authorization HTTP rules to match against the incoming
235
+ # request. A policy match occurs when at least one HTTP rule matches the request
236
+ # or when no HTTP rules are specified in the policy. At least one HTTP Rule is
237
+ # required for Allow or Deny Action. Limited to 5 rules.
238
+ # Corresponds to the JSON property `httpRules`
239
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRule>]
240
+ attr_accessor :http_rules
241
+
242
+ # Optional. Set of labels associated with the `AuthzPolicy` resource. The format
243
+ # must comply with [the following requirements](/compute/docs/labeling-resources#
244
+ # requirements).
257
245
  # Corresponds to the JSON property `labels`
258
246
  # @return [Hash<String,String>]
259
247
  attr_accessor :labels
260
248
 
261
- # Required. Name of the ClientTlsPolicy resource. It matches the pattern `
262
- # projects/*/locations/`location`/clientTlsPolicies/`client_tls_policy``
249
+ # Required. Identifier. Name of the `AuthzPolicy` resource in the following
250
+ # format: `projects/`project`/locations/`location`/authzPolicies/`authz_policy``.
263
251
  # Corresponds to the JSON property `name`
264
252
  # @return [String]
265
253
  attr_accessor :name
266
254
 
267
- # Optional. Defines the mechanism to obtain the Certificate Authority
268
- # certificate to validate the server certificate. If empty, client does not
269
- # validate the server certificate.
270
- # Corresponds to the JSON property `serverValidationCa`
271
- # @return [Array<Google::Apis::NetworksecurityV1beta1::ValidationCa>]
272
- attr_accessor :server_validation_ca
273
-
274
- # Optional. Server Name Indication string to present to the server during TLS
275
- # handshake. E.g: "secure.example.com".
276
- # Corresponds to the JSON property `sni`
277
- # @return [String]
278
- attr_accessor :sni
255
+ # Specifies the set of targets to which this policy should be applied to.
256
+ # Corresponds to the JSON property `target`
257
+ # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyTarget]
258
+ attr_accessor :target
279
259
 
280
260
  # Output only. The timestamp when the resource was updated.
281
261
  # Corresponds to the JSON property `updateTime`
@@ -288,39 +268,38 @@ module Google
288
268
 
289
269
  # Update properties of this object
290
270
  def update!(**args)
291
- @client_certificate = args[:client_certificate] if args.key?(:client_certificate)
271
+ @action = args[:action] if args.key?(:action)
292
272
  @create_time = args[:create_time] if args.key?(:create_time)
273
+ @custom_provider = args[:custom_provider] if args.key?(:custom_provider)
293
274
  @description = args[:description] if args.key?(:description)
275
+ @http_rules = args[:http_rules] if args.key?(:http_rules)
294
276
  @labels = args[:labels] if args.key?(:labels)
295
277
  @name = args[:name] if args.key?(:name)
296
- @server_validation_ca = args[:server_validation_ca] if args.key?(:server_validation_ca)
297
- @sni = args[:sni] if args.key?(:sni)
278
+ @target = args[:target] if args.key?(:target)
298
279
  @update_time = args[:update_time] if args.key?(:update_time)
299
280
  end
300
281
  end
301
282
 
302
- # Request used by the CloneAddressGroupItems method.
303
- class CloneAddressGroupItemsRequest
283
+ # Conditions to match against the incoming request.
284
+ class AuthzPolicyAuthzRule
304
285
  include Google::Apis::Core::Hashable
305
286
 
306
- # Optional. An optional request ID to identify requests. Specify a unique
307
- # request ID so that if you must retry your request, the server will know to
308
- # ignore the request if it has already been completed. The server will guarantee
309
- # that for at least 60 minutes since the first request. For example, consider a
310
- # situation where you make an initial request and the request times out. If you
311
- # make the request again with the same request ID, the server can check if
312
- # original operation with the same request ID was received, and if so, will
313
- # ignore the second request. This prevents clients from accidentally creating
314
- # duplicate commitments. The request ID must be a valid UUID with the exception
315
- # that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
316
- # Corresponds to the JSON property `requestId`
317
- # @return [String]
318
- attr_accessor :request_id
287
+ # Describes properties of one or more sources of a request.
288
+ # Corresponds to the JSON property `from`
289
+ # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFrom]
290
+ attr_accessor :from
319
291
 
320
- # Required. Source address group to clone items from.
321
- # Corresponds to the JSON property `sourceAddressGroup`
292
+ # Describes properties of one or more targets of a request.
293
+ # Corresponds to the JSON property `to`
294
+ # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleTo]
295
+ attr_accessor :to
296
+
297
+ # Optional. CEL expression that describes the conditions to be satisfied for the
298
+ # action. The result of the CEL expression is ANDed with the from and to. Refer
299
+ # to the CEL language reference for a list of available attributes.
300
+ # Corresponds to the JSON property `when`
322
301
  # @return [String]
323
- attr_accessor :source_address_group
302
+ attr_accessor :when
324
303
 
325
304
  def initialize(**args)
326
305
  update!(**args)
@@ -328,38 +307,32 @@ module Google
328
307
 
329
308
  # Update properties of this object
330
309
  def update!(**args)
331
- @request_id = args[:request_id] if args.key?(:request_id)
332
- @source_address_group = args[:source_address_group] if args.key?(:source_address_group)
310
+ @from = args[:from] if args.key?(:from)
311
+ @to = args[:to] if args.key?(:to)
312
+ @when = args[:when] if args.key?(:when)
333
313
  end
334
314
  end
335
315
 
336
- # Specification of traffic destination attributes.
337
- class Destination
316
+ # Describes properties of one or more sources of a request.
317
+ class AuthzPolicyAuthzRuleFrom
338
318
  include Google::Apis::Core::Hashable
339
319
 
340
- # Required. List of host names to match. Matched against the ":authority" header
341
- # in http requests. At least one host should match. Each host can be an exact
342
- # match, or a prefix match (example "mydomain.*") or a suffix match (example "*.
343
- # myorg.com") or a presence (any) match "*".
344
- # Corresponds to the JSON property `hosts`
345
- # @return [Array<String>]
346
- attr_accessor :hosts
347
-
348
- # Specification of HTTP header match attributes.
349
- # Corresponds to the JSON property `httpHeaderMatch`
350
- # @return [Google::Apis::NetworksecurityV1beta1::HttpHeaderMatch]
351
- attr_accessor :http_header_match
352
-
353
- # Optional. A list of HTTP methods to match. At least one method should match.
354
- # Should not be set for gRPC services.
355
- # Corresponds to the JSON property `methods`
356
- # @return [Array<String>]
357
- attr_accessor :methods_prop
358
-
359
- # Required. List of destination ports to match. At least one port should match.
360
- # Corresponds to the JSON property `ports`
361
- # @return [Array<Fixnum>]
362
- attr_accessor :ports
320
+ # Optional. Describes the negated properties of request sources. Matches
321
+ # requests from sources that do not match the criteria specified in this field.
322
+ # At least one of sources or notSources must be specified.
323
+ # Corresponds to the JSON property `notSources`
324
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFromRequestSource>]
325
+ attr_accessor :not_sources
326
+
327
+ # Optional. Describes the properties of a request's sources. At least one of
328
+ # sources or notSources must be specified. Limited to 1 source. A match occurs
329
+ # when ANY source (in sources or notSources) matches the request. Within a
330
+ # single source, the match follows AND semantics across fields and OR semantics
331
+ # within a single field, i.e. a match occurs when ANY principal matches AND ANY
332
+ # ipBlocks match.
333
+ # Corresponds to the JSON property `sources`
334
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFromRequestSource>]
335
+ attr_accessor :sources
363
336
 
364
337
  def initialize(**args)
365
338
  update!(**args)
@@ -367,69 +340,83 @@ module Google
367
340
 
368
341
  # Update properties of this object
369
342
  def update!(**args)
370
- @hosts = args[:hosts] if args.key?(:hosts)
371
- @http_header_match = args[:http_header_match] if args.key?(:http_header_match)
372
- @methods_prop = args[:methods_prop] if args.key?(:methods_prop)
373
- @ports = args[:ports] if args.key?(:ports)
343
+ @not_sources = args[:not_sources] if args.key?(:not_sources)
344
+ @sources = args[:sources] if args.key?(:sources)
374
345
  end
375
346
  end
376
347
 
377
- # A generic empty message that you can re-use to avoid defining duplicated empty
378
- # messages in your APIs. A typical example is to use it as the request or the
379
- # response type of an API method. For instance: service Foo ` rpc Bar(google.
380
- # protobuf.Empty) returns (google.protobuf.Empty); `
381
- class Empty
348
+ # Describes the properties of a single source.
349
+ class AuthzPolicyAuthzRuleFromRequestSource
382
350
  include Google::Apis::Core::Hashable
383
351
 
352
+ # Optional. A list of identities derived from the client's certificate. This
353
+ # field will not match on a request unless mutual TLS is enabled for the
354
+ # Forwarding rule or Gateway. Each identity is a string whose value is matched
355
+ # against the URI SAN, or DNS SAN or the subject field in the client's
356
+ # certificate. The match can be exact, prefix, suffix or a substring match. One
357
+ # of exact, prefix, suffix or contains must be specified. Limited to 5
358
+ # principals.
359
+ # Corresponds to the JSON property `principals`
360
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
361
+ attr_accessor :principals
362
+
363
+ # Optional. A list of resources to match against the resource of the source VM
364
+ # of a request. Limited to 5 resources.
365
+ # Corresponds to the JSON property `resources`
366
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleRequestResource>]
367
+ attr_accessor :resources
368
+
384
369
  def initialize(**args)
385
370
  update!(**args)
386
371
  end
387
372
 
388
373
  # Update properties of this object
389
374
  def update!(**args)
375
+ @principals = args[:principals] if args.key?(:principals)
376
+ @resources = args[:resources] if args.key?(:resources)
390
377
  end
391
378
  end
392
379
 
393
- # Represents a textual expression in the Common Expression Language (CEL) syntax.
394
- # CEL is a C-like expression language. The syntax and semantics of CEL are
395
- # documented at https://github.com/google/cel-spec. Example (Comparison): title:
396
- # "Summary size limit" description: "Determines if a summary is less than 100
397
- # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
398
- # Requestor is owner" description: "Determines if requestor is the document
399
- # owner" expression: "document.owner == request.auth.claims.email" Example (
400
- # Logic): title: "Public documents" description: "Determine whether the document
401
- # should be publicly visible" expression: "document.type != 'private' &&
402
- # document.type != 'internal'" Example (Data Manipulation): title: "Notification
403
- # string" description: "Create a notification string with a timestamp."
404
- # expression: "'New message received at ' + string(document.create_time)" The
405
- # exact variables and functions that may be referenced within an expression are
406
- # determined by the service that evaluates it. See the service documentation for
407
- # additional information.
408
- class Expr
380
+ # Determines how a HTTP header should be matched.
381
+ class AuthzPolicyAuthzRuleHeaderMatch
409
382
  include Google::Apis::Core::Hashable
410
383
 
411
- # Optional. Description of the expression. This is a longer text which describes
412
- # the expression, e.g. when hovered over it in a UI.
413
- # Corresponds to the JSON property `description`
384
+ # Optional. Specifies the name of the header in the request.
385
+ # Corresponds to the JSON property `name`
414
386
  # @return [String]
415
- attr_accessor :description
387
+ attr_accessor :name
416
388
 
417
- # Textual representation of an expression in Common Expression Language syntax.
418
- # Corresponds to the JSON property `expression`
419
- # @return [String]
420
- attr_accessor :expression
389
+ # Determines how a string value should be matched.
390
+ # Corresponds to the JSON property `value`
391
+ # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch]
392
+ attr_accessor :value
421
393
 
422
- # Optional. String indicating the location of the expression for error reporting,
423
- # e.g. a file name and a position in the file.
424
- # Corresponds to the JSON property `location`
425
- # @return [String]
426
- attr_accessor :location
394
+ def initialize(**args)
395
+ update!(**args)
396
+ end
427
397
 
428
- # Optional. Title for the expression, i.e. a short string describing its purpose.
429
- # This can be used e.g. in UIs which allow to enter the expression.
430
- # Corresponds to the JSON property `title`
431
- # @return [String]
432
- attr_accessor :title
398
+ # Update properties of this object
399
+ def update!(**args)
400
+ @name = args[:name] if args.key?(:name)
401
+ @value = args[:value] if args.key?(:value)
402
+ end
403
+ end
404
+
405
+ # Describes the properties of a client VM resource accessing the internal
406
+ # application load balancers.
407
+ class AuthzPolicyAuthzRuleRequestResource
408
+ include Google::Apis::Core::Hashable
409
+
410
+ # Determines how a string value should be matched.
411
+ # Corresponds to the JSON property `iamServiceAccount`
412
+ # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch]
413
+ attr_accessor :iam_service_account
414
+
415
+ # Describes a set of resource tag value permanent IDs to match against the
416
+ # resource manager tags value associated with the source VM of a request.
417
+ # Corresponds to the JSON property `tagValueIdSet`
418
+ # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleRequestResourceTagValueIdSet]
419
+ attr_accessor :tag_value_id_set
433
420
 
434
421
  def initialize(**args)
435
422
  update!(**args)
@@ -437,73 +424,72 @@ module Google
437
424
 
438
425
  # Update properties of this object
439
426
  def update!(**args)
440
- @description = args[:description] if args.key?(:description)
441
- @expression = args[:expression] if args.key?(:expression)
442
- @location = args[:location] if args.key?(:location)
443
- @title = args[:title] if args.key?(:title)
427
+ @iam_service_account = args[:iam_service_account] if args.key?(:iam_service_account)
428
+ @tag_value_id_set = args[:tag_value_id_set] if args.key?(:tag_value_id_set)
444
429
  end
445
430
  end
446
431
 
447
- # Message describing Endpoint object
448
- class FirewallEndpoint
432
+ # Describes a set of resource tag value permanent IDs to match against the
433
+ # resource manager tags value associated with the source VM of a request.
434
+ class AuthzPolicyAuthzRuleRequestResourceTagValueIdSet
449
435
  include Google::Apis::Core::Hashable
450
436
 
451
- # Output only. List of networks that are associated with this endpoint in the
452
- # local zone. This is a projection of the FirewallEndpointAssociations pointing
453
- # at this endpoint. A network will only appear in this list after traffic
454
- # routing is fully configured. Format: projects/`project`/global/networks/`name`.
455
- # Corresponds to the JSON property `associatedNetworks`
456
- # @return [Array<String>]
457
- attr_accessor :associated_networks
437
+ # Required. A list of resource tag value permanent IDs to match against the
438
+ # resource manager tags value associated with the source VM of a request. The
439
+ # match follows AND semantics which means all the ids must match. Limited to 5
440
+ # matches.
441
+ # Corresponds to the JSON property `ids`
442
+ # @return [Array<Fixnum>]
443
+ attr_accessor :ids
458
444
 
459
- # Output only. List of FirewallEndpointAssociations that are associated to this
460
- # endpoint. An association will only appear in this list after traffic routing
461
- # is fully configured.
462
- # Corresponds to the JSON property `associations`
463
- # @return [Array<Google::Apis::NetworksecurityV1beta1::FirewallEndpointAssociationReference>]
464
- attr_accessor :associations
445
+ def initialize(**args)
446
+ update!(**args)
447
+ end
465
448
 
466
- # Required. Project to bill on endpoint uptime usage.
467
- # Corresponds to the JSON property `billingProjectId`
468
- # @return [String]
469
- attr_accessor :billing_project_id
449
+ # Update properties of this object
450
+ def update!(**args)
451
+ @ids = args[:ids] if args.key?(:ids)
452
+ end
453
+ end
470
454
 
471
- # Output only. Create time stamp
472
- # Corresponds to the JSON property `createTime`
473
- # @return [String]
474
- attr_accessor :create_time
455
+ # Determines how a string value should be matched.
456
+ class AuthzPolicyAuthzRuleStringMatch
457
+ include Google::Apis::Core::Hashable
475
458
 
476
- # Optional. Description of the firewall endpoint. Max length 2048 characters.
477
- # Corresponds to the JSON property `description`
459
+ # The input string must have the substring specified here. Note: empty contains
460
+ # match is not allowed, please use regex instead. Examples: * ``abc`` matches
461
+ # the value ``xyz.abc.def``
462
+ # Corresponds to the JSON property `contains`
478
463
  # @return [String]
479
- attr_accessor :description
480
-
481
- # Optional. Labels as key value pairs
482
- # Corresponds to the JSON property `labels`
483
- # @return [Hash<String,String>]
484
- attr_accessor :labels
464
+ attr_accessor :contains
485
465
 
486
- # Immutable. Identifier. name of resource
487
- # Corresponds to the JSON property `name`
466
+ # The input string must match exactly the string specified here. Examples: * ``
467
+ # abc`` only matches the value ``abc``.
468
+ # Corresponds to the JSON property `exact`
488
469
  # @return [String]
489
- attr_accessor :name
470
+ attr_accessor :exact
490
471
 
491
- # Output only. Whether reconciling is in progress, recommended per https://
492
- # google.aip.dev/128.
493
- # Corresponds to the JSON property `reconciling`
472
+ # If true, indicates the exact/prefix/suffix/contains matching should be case
473
+ # insensitive. For example, the matcher ``data`` will match both input string ``
474
+ # Data`` and ``data`` if set to true.
475
+ # Corresponds to the JSON property `ignoreCase`
494
476
  # @return [Boolean]
495
- attr_accessor :reconciling
496
- alias_method :reconciling?, :reconciling
477
+ attr_accessor :ignore_case
478
+ alias_method :ignore_case?, :ignore_case
497
479
 
498
- # Output only. Current state of the endpoint.
499
- # Corresponds to the JSON property `state`
480
+ # The input string must have the prefix specified here. Note: empty prefix is
481
+ # not allowed, please use regex instead. Examples: * ``abc`` matches the value ``
482
+ # abc.xyz``
483
+ # Corresponds to the JSON property `prefix`
500
484
  # @return [String]
501
- attr_accessor :state
485
+ attr_accessor :prefix
502
486
 
503
- # Output only. Update time stamp
504
- # Corresponds to the JSON property `updateTime`
487
+ # The input string must have the suffix specified here. Note: empty prefix is
488
+ # not allowed, please use regex instead. Examples: * ``abc`` matches the value ``
489
+ # xyz.abc``
490
+ # Corresponds to the JSON property `suffix`
505
491
  # @return [String]
506
- attr_accessor :update_time
492
+ attr_accessor :suffix
507
493
 
508
494
  def initialize(**args)
509
495
  update!(**args)
@@ -511,76 +497,77 @@ module Google
511
497
 
512
498
  # Update properties of this object
513
499
  def update!(**args)
514
- @associated_networks = args[:associated_networks] if args.key?(:associated_networks)
515
- @associations = args[:associations] if args.key?(:associations)
516
- @billing_project_id = args[:billing_project_id] if args.key?(:billing_project_id)
517
- @create_time = args[:create_time] if args.key?(:create_time)
518
- @description = args[:description] if args.key?(:description)
519
- @labels = args[:labels] if args.key?(:labels)
520
- @name = args[:name] if args.key?(:name)
521
- @reconciling = args[:reconciling] if args.key?(:reconciling)
522
- @state = args[:state] if args.key?(:state)
523
- @update_time = args[:update_time] if args.key?(:update_time)
500
+ @contains = args[:contains] if args.key?(:contains)
501
+ @exact = args[:exact] if args.key?(:exact)
502
+ @ignore_case = args[:ignore_case] if args.key?(:ignore_case)
503
+ @prefix = args[:prefix] if args.key?(:prefix)
504
+ @suffix = args[:suffix] if args.key?(:suffix)
524
505
  end
525
506
  end
526
507
 
527
- # Message describing Association object
528
- class FirewallEndpointAssociation
508
+ # Describes properties of one or more targets of a request.
509
+ class AuthzPolicyAuthzRuleTo
529
510
  include Google::Apis::Core::Hashable
530
511
 
531
- # Output only. Create time stamp
532
- # Corresponds to the JSON property `createTime`
533
- # @return [String]
534
- attr_accessor :create_time
535
-
536
- # Optional. Whether the association is disabled. True indicates that traffic won'
537
- # t be intercepted
538
- # Corresponds to the JSON property `disabled`
539
- # @return [Boolean]
540
- attr_accessor :disabled
541
- alias_method :disabled?, :disabled
542
-
543
- # Required. The URL of the FirewallEndpoint that is being associated.
544
- # Corresponds to the JSON property `firewallEndpoint`
545
- # @return [String]
546
- attr_accessor :firewall_endpoint
512
+ # Optional. Describes the negated properties of the targets of a request.
513
+ # Matches requests for operations that do not match the criteria specified in
514
+ # this field. At least one of operations or notOperations must be specified.
515
+ # Corresponds to the JSON property `notOperations`
516
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperation>]
517
+ attr_accessor :not_operations
518
+
519
+ # Optional. Describes properties of one or more targets of a request. At least
520
+ # one of operations or notOperations must be specified. Limited to 1 operation.
521
+ # A match occurs when ANY operation (in operations or notOperations) matches.
522
+ # Within an operation, the match follows AND semantics across fields and OR
523
+ # semantics within a field, i.e. a match occurs when ANY path matches AND ANY
524
+ # header matches and ANY method matches.
525
+ # Corresponds to the JSON property `operations`
526
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperation>]
527
+ attr_accessor :operations
547
528
 
548
- # Optional. Labels as key value pairs
549
- # Corresponds to the JSON property `labels`
550
- # @return [Hash<String,String>]
551
- attr_accessor :labels
529
+ def initialize(**args)
530
+ update!(**args)
531
+ end
552
532
 
553
- # Immutable. Identifier. name of resource
554
- # Corresponds to the JSON property `name`
555
- # @return [String]
556
- attr_accessor :name
533
+ # Update properties of this object
534
+ def update!(**args)
535
+ @not_operations = args[:not_operations] if args.key?(:not_operations)
536
+ @operations = args[:operations] if args.key?(:operations)
537
+ end
538
+ end
557
539
 
558
- # Required. The URL of the network that is being associated.
559
- # Corresponds to the JSON property `network`
560
- # @return [String]
561
- attr_accessor :network
540
+ # Describes properties of one or more targets of a request.
541
+ class AuthzPolicyAuthzRuleToRequestOperation
542
+ include Google::Apis::Core::Hashable
562
543
 
563
- # Output only. Whether reconciling is in progress, recommended per https://
564
- # google.aip.dev/128.
565
- # Corresponds to the JSON property `reconciling`
566
- # @return [Boolean]
567
- attr_accessor :reconciling
568
- alias_method :reconciling?, :reconciling
544
+ # Describes a set of HTTP headers to match against.
545
+ # Corresponds to the JSON property `headerSet`
546
+ # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperationHeaderSet]
547
+ attr_accessor :header_set
569
548
 
570
- # Output only. Current state of the association.
571
- # Corresponds to the JSON property `state`
572
- # @return [String]
573
- attr_accessor :state
549
+ # Optional. A list of HTTP Hosts to match against. The match can be one of exact,
550
+ # prefix, suffix, or contains (substring match). Matches are always case
551
+ # sensitive unless the ignoreCase is set. Limited to 5 matches.
552
+ # Corresponds to the JSON property `hosts`
553
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
554
+ attr_accessor :hosts
574
555
 
575
- # Optional. The URL of the TlsInspectionPolicy that is being associated.
576
- # Corresponds to the JSON property `tlsInspectionPolicy`
577
- # @return [String]
578
- attr_accessor :tls_inspection_policy
556
+ # Optional. A list of HTTP methods to match against. Each entry must be a valid
557
+ # HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only
558
+ # allows exact match and is always case sensitive.
559
+ # Corresponds to the JSON property `methods`
560
+ # @return [Array<String>]
561
+ attr_accessor :methods_prop
579
562
 
580
- # Output only. Update time stamp
581
- # Corresponds to the JSON property `updateTime`
582
- # @return [String]
583
- attr_accessor :update_time
563
+ # Optional. A list of paths to match against. The match can be one of exact,
564
+ # prefix, suffix, or contains (substring match). Matches are always case
565
+ # sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this
566
+ # path match includes the query parameters. For gRPC services, this should be a
567
+ # fully-qualified name of the form /package.service/method.
568
+ # Corresponds to the JSON property `paths`
569
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
570
+ attr_accessor :paths
584
571
 
585
572
  def initialize(**args)
586
573
  update!(**args)
@@ -588,35 +575,24 @@ module Google
588
575
 
589
576
  # Update properties of this object
590
577
  def update!(**args)
591
- @create_time = args[:create_time] if args.key?(:create_time)
592
- @disabled = args[:disabled] if args.key?(:disabled)
593
- @firewall_endpoint = args[:firewall_endpoint] if args.key?(:firewall_endpoint)
594
- @labels = args[:labels] if args.key?(:labels)
595
- @name = args[:name] if args.key?(:name)
596
- @network = args[:network] if args.key?(:network)
597
- @reconciling = args[:reconciling] if args.key?(:reconciling)
598
- @state = args[:state] if args.key?(:state)
599
- @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
600
- @update_time = args[:update_time] if args.key?(:update_time)
578
+ @header_set = args[:header_set] if args.key?(:header_set)
579
+ @hosts = args[:hosts] if args.key?(:hosts)
580
+ @methods_prop = args[:methods_prop] if args.key?(:methods_prop)
581
+ @paths = args[:paths] if args.key?(:paths)
601
582
  end
602
583
  end
603
584
 
604
- # This is a subset of the FirewallEndpointAssociation message, containing fields
605
- # to be used by the consumer.
606
- class FirewallEndpointAssociationReference
585
+ # Describes a set of HTTP headers to match against.
586
+ class AuthzPolicyAuthzRuleToRequestOperationHeaderSet
607
587
  include Google::Apis::Core::Hashable
608
588
 
609
- # Output only. The resource name of the FirewallEndpointAssociation. Format:
610
- # projects/`project`/locations/`location`/firewallEndpointAssociations/`id`
611
- # Corresponds to the JSON property `name`
612
- # @return [String]
613
- attr_accessor :name
614
-
615
- # Output only. The VPC network associated. Format: projects/`project`/global/
616
- # networks/`name`.
617
- # Corresponds to the JSON property `network`
618
- # @return [String]
619
- attr_accessor :network
589
+ # Required. A list of headers to match against in http header. The match can be
590
+ # one of exact, prefix, suffix, or contains (substring match). The match follows
591
+ # AND semantics which means all the headers must match. Matches are always case
592
+ # sensitive unless the ignoreCase is set. Limited to 5 matches.
593
+ # Corresponds to the JSON property `headers`
594
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleHeaderMatch>]
595
+ attr_accessor :headers
620
596
 
621
597
  def initialize(**args)
622
598
  update!(**args)
@@ -624,44 +600,29 @@ module Google
624
600
 
625
601
  # Update properties of this object
626
602
  def update!(**args)
627
- @name = args[:name] if args.key?(:name)
628
- @network = args[:network] if args.key?(:network)
603
+ @headers = args[:headers] if args.key?(:headers)
629
604
  end
630
605
  end
631
606
 
632
- # The GatewaySecurityPolicy resource contains a collection of
633
- # GatewaySecurityPolicyRules and associated metadata.
634
- class GatewaySecurityPolicy
607
+ # Allows delegating authorization decisions to Cloud IAP or to Service
608
+ # Extensions.
609
+ class AuthzPolicyCustomProvider
635
610
  include Google::Apis::Core::Hashable
636
611
 
637
- # Output only. The timestamp when the resource was created.
638
- # Corresponds to the JSON property `createTime`
639
- # @return [String]
640
- attr_accessor :create_time
641
-
642
- # Optional. Free-text description of the resource.
643
- # Corresponds to the JSON property `description`
644
- # @return [String]
645
- attr_accessor :description
646
-
647
- # Required. Name of the resource. Name is of the form projects/`project`/
648
- # locations/`location`/gatewaySecurityPolicies/`gateway_security_policy`
649
- # gateway_security_policy should match the pattern:(^[a-z]([a-z0-9-]`0,61`[a-z0-
650
- # 9])?$).
651
- # Corresponds to the JSON property `name`
652
- # @return [String]
653
- attr_accessor :name
654
-
655
- # Optional. Name of a TLS Inspection Policy resource that defines how TLS
656
- # inspection will be performed for any rule(s) which enables it.
657
- # Corresponds to the JSON property `tlsInspectionPolicy`
658
- # @return [String]
659
- attr_accessor :tls_inspection_policy
660
-
661
- # Output only. The timestamp when the resource was updated.
662
- # Corresponds to the JSON property `updateTime`
663
- # @return [String]
664
- attr_accessor :update_time
612
+ # Optional. Delegate authorization decision to user authored extension. Only one
613
+ # of cloudIap or authzExtension can be specified.
614
+ # Corresponds to the JSON property `authzExtension`
615
+ # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProviderAuthzExtension]
616
+ attr_accessor :authz_extension
617
+
618
+ # Optional. Delegates authorization decisions to Cloud IAP. Applicable only for
619
+ # managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not
620
+ # compatible with Cloud IAP settings in the BackendService. Enabling IAP in both
621
+ # places will result in request failure. Ensure that IAP is enabled in either
622
+ # the AuthzPolicy or the BackendService but not in both places.
623
+ # Corresponds to the JSON property `cloudIap`
624
+ # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProviderCloudIap]
625
+ attr_accessor :cloud_iap
665
626
 
666
627
  def initialize(**args)
667
628
  update!(**args)
@@ -669,75 +630,21 @@ module Google
669
630
 
670
631
  # Update properties of this object
671
632
  def update!(**args)
672
- @create_time = args[:create_time] if args.key?(:create_time)
673
- @description = args[:description] if args.key?(:description)
674
- @name = args[:name] if args.key?(:name)
675
- @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
676
- @update_time = args[:update_time] if args.key?(:update_time)
633
+ @authz_extension = args[:authz_extension] if args.key?(:authz_extension)
634
+ @cloud_iap = args[:cloud_iap] if args.key?(:cloud_iap)
677
635
  end
678
636
  end
679
637
 
680
- # The GatewaySecurityPolicyRule resource is in a nested collection within a
681
- # GatewaySecurityPolicy and represents a traffic matching condition and
682
- # associated action to perform.
683
- class GatewaySecurityPolicyRule
638
+ # Optional. Delegate authorization decision to user authored extension. Only one
639
+ # of cloudIap or authzExtension can be specified.
640
+ class AuthzPolicyCustomProviderAuthzExtension
684
641
  include Google::Apis::Core::Hashable
685
642
 
686
- # Optional. CEL expression for matching on L7/application level criteria.
687
- # Corresponds to the JSON property `applicationMatcher`
688
- # @return [String]
689
- attr_accessor :application_matcher
690
-
691
- # Required. Profile which tells what the primitive action should be.
692
- # Corresponds to the JSON property `basicProfile`
693
- # @return [String]
694
- attr_accessor :basic_profile
695
-
696
- # Output only. Time when the rule was created.
697
- # Corresponds to the JSON property `createTime`
698
- # @return [String]
699
- attr_accessor :create_time
700
-
701
- # Optional. Free-text description of the resource.
702
- # Corresponds to the JSON property `description`
703
- # @return [String]
704
- attr_accessor :description
705
-
706
- # Required. Whether the rule is enforced.
707
- # Corresponds to the JSON property `enabled`
708
- # @return [Boolean]
709
- attr_accessor :enabled
710
- alias_method :enabled?, :enabled
711
-
712
- # Required. Immutable. Name of the resource. ame is the full resource name so
713
- # projects/`project`/locations/`location`/gatewaySecurityPolicies/`
714
- # gateway_security_policy`/rules/`rule` rule should match the pattern: (^[a-z]([
715
- # a-z0-9-]`0,61`[a-z0-9])?$).
716
- # Corresponds to the JSON property `name`
717
- # @return [String]
718
- attr_accessor :name
719
-
720
- # Required. Priority of the rule. Lower number corresponds to higher precedence.
721
- # Corresponds to the JSON property `priority`
722
- # @return [Fixnum]
723
- attr_accessor :priority
724
-
725
- # Required. CEL expression for matching on session criteria.
726
- # Corresponds to the JSON property `sessionMatcher`
727
- # @return [String]
728
- attr_accessor :session_matcher
729
-
730
- # Optional. Flag to enable TLS inspection of traffic matching on , can only be
731
- # true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
732
- # Corresponds to the JSON property `tlsInspectionEnabled`
733
- # @return [Boolean]
734
- attr_accessor :tls_inspection_enabled
735
- alias_method :tls_inspection_enabled?, :tls_inspection_enabled
736
-
737
- # Output only. Time when the rule was updated.
738
- # Corresponds to the JSON property `updateTime`
739
- # @return [String]
740
- attr_accessor :update_time
643
+ # Required. A list of references to authorization extensions that will be
644
+ # invoked for requests matching this policy. Limited to 1 custom provider.
645
+ # Corresponds to the JSON property `resources`
646
+ # @return [Array<String>]
647
+ attr_accessor :resources
741
648
 
742
649
  def initialize(**args)
743
650
  update!(**args)
@@ -745,57 +652,45 @@ module Google
745
652
 
746
653
  # Update properties of this object
747
654
  def update!(**args)
748
- @application_matcher = args[:application_matcher] if args.key?(:application_matcher)
749
- @basic_profile = args[:basic_profile] if args.key?(:basic_profile)
750
- @create_time = args[:create_time] if args.key?(:create_time)
751
- @description = args[:description] if args.key?(:description)
752
- @enabled = args[:enabled] if args.key?(:enabled)
753
- @name = args[:name] if args.key?(:name)
754
- @priority = args[:priority] if args.key?(:priority)
755
- @session_matcher = args[:session_matcher] if args.key?(:session_matcher)
756
- @tls_inspection_enabled = args[:tls_inspection_enabled] if args.key?(:tls_inspection_enabled)
757
- @update_time = args[:update_time] if args.key?(:update_time)
655
+ @resources = args[:resources] if args.key?(:resources)
758
656
  end
759
657
  end
760
658
 
761
- # Specification of certificate provider. Defines the mechanism to obtain the
762
- # certificate and private key for peer to peer authentication.
763
- class GoogleCloudNetworksecurityV1beta1CertificateProvider
659
+ # Optional. Delegates authorization decisions to Cloud IAP. Applicable only for
660
+ # managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not
661
+ # compatible with Cloud IAP settings in the BackendService. Enabling IAP in both
662
+ # places will result in request failure. Ensure that IAP is enabled in either
663
+ # the AuthzPolicy or the BackendService but not in both places.
664
+ class AuthzPolicyCustomProviderCloudIap
764
665
  include Google::Apis::Core::Hashable
765
666
 
766
- # Specification of a TLS certificate provider instance. Workloads may have one
767
- # or more CertificateProvider instances (plugins) and one of them is enabled and
768
- # configured by specifying this message. Workloads use the values from this
769
- # message to locate and load the CertificateProvider instance configuration.
770
- # Corresponds to the JSON property `certificateProviderInstance`
771
- # @return [Google::Apis::NetworksecurityV1beta1::CertificateProviderInstance]
772
- attr_accessor :certificate_provider_instance
773
-
774
- # Specification of the GRPC Endpoint.
775
- # Corresponds to the JSON property `grpcEndpoint`
776
- # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1GrpcEndpoint]
777
- attr_accessor :grpc_endpoint
778
-
779
667
  def initialize(**args)
780
668
  update!(**args)
781
669
  end
782
670
 
783
671
  # Update properties of this object
784
672
  def update!(**args)
785
- @certificate_provider_instance = args[:certificate_provider_instance] if args.key?(:certificate_provider_instance)
786
- @grpc_endpoint = args[:grpc_endpoint] if args.key?(:grpc_endpoint)
787
673
  end
788
674
  end
789
675
 
790
- # Specification of the GRPC Endpoint.
791
- class GoogleCloudNetworksecurityV1beta1GrpcEndpoint
676
+ # Specifies the set of targets to which this policy should be applied to.
677
+ class AuthzPolicyTarget
792
678
  include Google::Apis::Core::Hashable
793
679
 
794
- # Required. The target URI of the gRPC endpoint. Only UDS path is supported, and
795
- # should start with "unix:".
796
- # Corresponds to the JSON property `targetUri`
680
+ # Required. All gateways and forwarding rules referenced by this policy and
681
+ # extensions must share the same load balancing scheme. Supported values: `
682
+ # INTERNAL_MANAGED` and `EXTERNAL_MANAGED`. For more information, refer to [
683
+ # Backend services overview](https://cloud.google.com/load-balancing/docs/
684
+ # backend-service).
685
+ # Corresponds to the JSON property `loadBalancingScheme`
797
686
  # @return [String]
798
- attr_accessor :target_uri
687
+ attr_accessor :load_balancing_scheme
688
+
689
+ # Required. A list of references to the Forwarding Rules on which this policy
690
+ # will be applied.
691
+ # Corresponds to the JSON property `resources`
692
+ # @return [Array<String>]
693
+ attr_accessor :resources
799
694
 
800
695
  def initialize(**args)
801
696
  update!(**args)
@@ -803,69 +698,974 @@ module Google
803
698
 
804
699
  # Update properties of this object
805
700
  def update!(**args)
806
- @target_uri = args[:target_uri] if args.key?(:target_uri)
701
+ @load_balancing_scheme = args[:load_balancing_scheme] if args.key?(:load_balancing_scheme)
702
+ @resources = args[:resources] if args.key?(:resources)
807
703
  end
808
704
  end
809
705
 
810
- # Specifies the audit configuration for a service. The configuration determines
811
- # which permission types are logged, and what identities, if any, are exempted
812
- # from logging. An AuditConfig must have one or more AuditLogConfigs. If there
813
- # are AuditConfigs for both `allServices` and a specific service, the union of
814
- # the two AuditConfigs is used for that service: the log_types specified in each
815
- # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
816
- # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
817
- # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
818
- # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
819
- # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
820
- # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
821
- # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
822
- # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
823
- # exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com`
824
- # from DATA_WRITE logging.
825
- class GoogleIamV1AuditConfig
706
+ # The request message for Operations.CancelOperation.
707
+ class CancelOperationRequest
826
708
  include Google::Apis::Core::Hashable
827
709
 
828
- # The configuration for logging of each type of permission.
829
- # Corresponds to the JSON property `auditLogConfigs`
830
- # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditLogConfig>]
831
- attr_accessor :audit_log_configs
832
-
833
- # Specifies a service that will be enabled for audit logging. For example, `
834
- # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
835
- # value that covers all services.
836
- # Corresponds to the JSON property `service`
837
- # @return [String]
838
- attr_accessor :service
839
-
840
710
  def initialize(**args)
841
711
  update!(**args)
842
712
  end
843
713
 
844
714
  # Update properties of this object
845
715
  def update!(**args)
846
- @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
847
- @service = args[:service] if args.key?(:service)
848
716
  end
849
717
  end
850
718
 
851
- # Provides the configuration for logging a type of permissions. Example: ` "
852
- # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
853
- # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
854
- # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
855
- # DATA_READ logging.
719
+ # Specification of a TLS certificate provider instance. Workloads may have one
720
+ # or more CertificateProvider instances (plugins) and one of them is enabled and
721
+ # configured by specifying this message. Workloads use the values from this
722
+ # message to locate and load the CertificateProvider instance configuration.
723
+ class CertificateProviderInstance
724
+ include Google::Apis::Core::Hashable
725
+
726
+ # Required. Plugin instance name, used to locate and load CertificateProvider
727
+ # instance configuration. Set to "google_cloud_private_spiffe" to use
728
+ # Certificate Authority Service certificate provider instance.
729
+ # Corresponds to the JSON property `pluginInstance`
730
+ # @return [String]
731
+ attr_accessor :plugin_instance
732
+
733
+ def initialize(**args)
734
+ update!(**args)
735
+ end
736
+
737
+ # Update properties of this object
738
+ def update!(**args)
739
+ @plugin_instance = args[:plugin_instance] if args.key?(:plugin_instance)
740
+ end
741
+ end
742
+
743
+ # ClientTlsPolicy is a resource that specifies how a client should authenticate
744
+ # connections to backends of a service. This resource itself does not affect
745
+ # configuration unless it is attached to a backend service resource.
746
+ class ClientTlsPolicy
747
+ include Google::Apis::Core::Hashable
748
+
749
+ # Specification of certificate provider. Defines the mechanism to obtain the
750
+ # certificate and private key for peer to peer authentication.
751
+ # Corresponds to the JSON property `clientCertificate`
752
+ # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1CertificateProvider]
753
+ attr_accessor :client_certificate
754
+
755
+ # Output only. The timestamp when the resource was created.
756
+ # Corresponds to the JSON property `createTime`
757
+ # @return [String]
758
+ attr_accessor :create_time
759
+
760
+ # Optional. Free-text description of the resource.
761
+ # Corresponds to the JSON property `description`
762
+ # @return [String]
763
+ attr_accessor :description
764
+
765
+ # Optional. Set of label tags associated with the resource.
766
+ # Corresponds to the JSON property `labels`
767
+ # @return [Hash<String,String>]
768
+ attr_accessor :labels
769
+
770
+ # Required. Name of the ClientTlsPolicy resource. It matches the pattern `
771
+ # projects/*/locations/`location`/clientTlsPolicies/`client_tls_policy``
772
+ # Corresponds to the JSON property `name`
773
+ # @return [String]
774
+ attr_accessor :name
775
+
776
+ # Optional. Defines the mechanism to obtain the Certificate Authority
777
+ # certificate to validate the server certificate. If empty, client does not
778
+ # validate the server certificate.
779
+ # Corresponds to the JSON property `serverValidationCa`
780
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::ValidationCa>]
781
+ attr_accessor :server_validation_ca
782
+
783
+ # Optional. Server Name Indication string to present to the server during TLS
784
+ # handshake. E.g: "secure.example.com".
785
+ # Corresponds to the JSON property `sni`
786
+ # @return [String]
787
+ attr_accessor :sni
788
+
789
+ # Output only. The timestamp when the resource was updated.
790
+ # Corresponds to the JSON property `updateTime`
791
+ # @return [String]
792
+ attr_accessor :update_time
793
+
794
+ def initialize(**args)
795
+ update!(**args)
796
+ end
797
+
798
+ # Update properties of this object
799
+ def update!(**args)
800
+ @client_certificate = args[:client_certificate] if args.key?(:client_certificate)
801
+ @create_time = args[:create_time] if args.key?(:create_time)
802
+ @description = args[:description] if args.key?(:description)
803
+ @labels = args[:labels] if args.key?(:labels)
804
+ @name = args[:name] if args.key?(:name)
805
+ @server_validation_ca = args[:server_validation_ca] if args.key?(:server_validation_ca)
806
+ @sni = args[:sni] if args.key?(:sni)
807
+ @update_time = args[:update_time] if args.key?(:update_time)
808
+ end
809
+ end
810
+
811
+ # Request used by the CloneAddressGroupItems method.
812
+ class CloneAddressGroupItemsRequest
813
+ include Google::Apis::Core::Hashable
814
+
815
+ # Optional. An optional request ID to identify requests. Specify a unique
816
+ # request ID so that if you must retry your request, the server will know to
817
+ # ignore the request if it has already been completed. The server will guarantee
818
+ # that for at least 60 minutes since the first request. For example, consider a
819
+ # situation where you make an initial request and the request times out. If you
820
+ # make the request again with the same request ID, the server can check if
821
+ # original operation with the same request ID was received, and if so, will
822
+ # ignore the second request. This prevents clients from accidentally creating
823
+ # duplicate commitments. The request ID must be a valid UUID with the exception
824
+ # that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
825
+ # Corresponds to the JSON property `requestId`
826
+ # @return [String]
827
+ attr_accessor :request_id
828
+
829
+ # Required. Source address group to clone items from.
830
+ # Corresponds to the JSON property `sourceAddressGroup`
831
+ # @return [String]
832
+ attr_accessor :source_address_group
833
+
834
+ def initialize(**args)
835
+ update!(**args)
836
+ end
837
+
838
+ # Update properties of this object
839
+ def update!(**args)
840
+ @request_id = args[:request_id] if args.key?(:request_id)
841
+ @source_address_group = args[:source_address_group] if args.key?(:source_address_group)
842
+ end
843
+ end
844
+
845
+ # CustomInterceptProfile defines the Packet Intercept Endpoint Group used to
846
+ # intercept traffic to a third-party firewall in a Firewall rule.
847
+ class CustomInterceptProfile
848
+ include Google::Apis::Core::Hashable
849
+
850
+ # Required. The InterceptEndpointGroup to which traffic associated with the SP
851
+ # should be mirrored.
852
+ # Corresponds to the JSON property `interceptEndpointGroup`
853
+ # @return [String]
854
+ attr_accessor :intercept_endpoint_group
855
+
856
+ def initialize(**args)
857
+ update!(**args)
858
+ end
859
+
860
+ # Update properties of this object
861
+ def update!(**args)
862
+ @intercept_endpoint_group = args[:intercept_endpoint_group] if args.key?(:intercept_endpoint_group)
863
+ end
864
+ end
865
+
866
+ # CustomMirroringProfile defines an action for mirroring traffic to a collector'
867
+ # s EndpointGroup
868
+ class CustomMirroringProfile
869
+ include Google::Apis::Core::Hashable
870
+
871
+ # Required. The MirroringEndpointGroup to which traffic associated with the SP
872
+ # should be mirrored.
873
+ # Corresponds to the JSON property `mirroringEndpointGroup`
874
+ # @return [String]
875
+ attr_accessor :mirroring_endpoint_group
876
+
877
+ def initialize(**args)
878
+ update!(**args)
879
+ end
880
+
881
+ # Update properties of this object
882
+ def update!(**args)
883
+ @mirroring_endpoint_group = args[:mirroring_endpoint_group] if args.key?(:mirroring_endpoint_group)
884
+ end
885
+ end
886
+
887
+ # Specification of traffic destination attributes.
888
+ class Destination
889
+ include Google::Apis::Core::Hashable
890
+
891
+ # Required. List of host names to match. Matched against the ":authority" header
892
+ # in http requests. At least one host should match. Each host can be an exact
893
+ # match, or a prefix match (example "mydomain.*") or a suffix match (example "*.
894
+ # myorg.com") or a presence (any) match "*".
895
+ # Corresponds to the JSON property `hosts`
896
+ # @return [Array<String>]
897
+ attr_accessor :hosts
898
+
899
+ # Specification of HTTP header match attributes.
900
+ # Corresponds to the JSON property `httpHeaderMatch`
901
+ # @return [Google::Apis::NetworksecurityV1beta1::HttpHeaderMatch]
902
+ attr_accessor :http_header_match
903
+
904
+ # Optional. A list of HTTP methods to match. At least one method should match.
905
+ # Should not be set for gRPC services.
906
+ # Corresponds to the JSON property `methods`
907
+ # @return [Array<String>]
908
+ attr_accessor :methods_prop
909
+
910
+ # Required. List of destination ports to match. At least one port should match.
911
+ # Corresponds to the JSON property `ports`
912
+ # @return [Array<Fixnum>]
913
+ attr_accessor :ports
914
+
915
+ def initialize(**args)
916
+ update!(**args)
917
+ end
918
+
919
+ # Update properties of this object
920
+ def update!(**args)
921
+ @hosts = args[:hosts] if args.key?(:hosts)
922
+ @http_header_match = args[:http_header_match] if args.key?(:http_header_match)
923
+ @methods_prop = args[:methods_prop] if args.key?(:methods_prop)
924
+ @ports = args[:ports] if args.key?(:ports)
925
+ end
926
+ end
927
+
928
+ # A generic empty message that you can re-use to avoid defining duplicated empty
929
+ # messages in your APIs. A typical example is to use it as the request or the
930
+ # response type of an API method. For instance: service Foo ` rpc Bar(google.
931
+ # protobuf.Empty) returns (google.protobuf.Empty); `
932
+ class Empty
933
+ include Google::Apis::Core::Hashable
934
+
935
+ def initialize(**args)
936
+ update!(**args)
937
+ end
938
+
939
+ # Update properties of this object
940
+ def update!(**args)
941
+ end
942
+ end
943
+
944
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
945
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
946
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
947
+ # "Summary size limit" description: "Determines if a summary is less than 100
948
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
949
+ # Requestor is owner" description: "Determines if requestor is the document
950
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
951
+ # Logic): title: "Public documents" description: "Determine whether the document
952
+ # should be publicly visible" expression: "document.type != 'private' &&
953
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
954
+ # string" description: "Create a notification string with a timestamp."
955
+ # expression: "'New message received at ' + string(document.create_time)" The
956
+ # exact variables and functions that may be referenced within an expression are
957
+ # determined by the service that evaluates it. See the service documentation for
958
+ # additional information.
959
+ class Expr
960
+ include Google::Apis::Core::Hashable
961
+
962
+ # Optional. Description of the expression. This is a longer text which describes
963
+ # the expression, e.g. when hovered over it in a UI.
964
+ # Corresponds to the JSON property `description`
965
+ # @return [String]
966
+ attr_accessor :description
967
+
968
+ # Textual representation of an expression in Common Expression Language syntax.
969
+ # Corresponds to the JSON property `expression`
970
+ # @return [String]
971
+ attr_accessor :expression
972
+
973
+ # Optional. String indicating the location of the expression for error reporting,
974
+ # e.g. a file name and a position in the file.
975
+ # Corresponds to the JSON property `location`
976
+ # @return [String]
977
+ attr_accessor :location
978
+
979
+ # Optional. Title for the expression, i.e. a short string describing its purpose.
980
+ # This can be used e.g. in UIs which allow to enter the expression.
981
+ # Corresponds to the JSON property `title`
982
+ # @return [String]
983
+ attr_accessor :title
984
+
985
+ def initialize(**args)
986
+ update!(**args)
987
+ end
988
+
989
+ # Update properties of this object
990
+ def update!(**args)
991
+ @description = args[:description] if args.key?(:description)
992
+ @expression = args[:expression] if args.key?(:expression)
993
+ @location = args[:location] if args.key?(:location)
994
+ @title = args[:title] if args.key?(:title)
995
+ end
996
+ end
997
+
998
+ # Message describing Endpoint object
999
+ class FirewallEndpoint
1000
+ include Google::Apis::Core::Hashable
1001
+
1002
+ # Output only. List of networks that are associated with this endpoint in the
1003
+ # local zone. This is a projection of the FirewallEndpointAssociations pointing
1004
+ # at this endpoint. A network will only appear in this list after traffic
1005
+ # routing is fully configured. Format: projects/`project`/global/networks/`name`.
1006
+ # Corresponds to the JSON property `associatedNetworks`
1007
+ # @return [Array<String>]
1008
+ attr_accessor :associated_networks
1009
+
1010
+ # Output only. List of FirewallEndpointAssociations that are associated to this
1011
+ # endpoint. An association will only appear in this list after traffic routing
1012
+ # is fully configured.
1013
+ # Corresponds to the JSON property `associations`
1014
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::FirewallEndpointAssociationReference>]
1015
+ attr_accessor :associations
1016
+
1017
+ # Required. Project to bill on endpoint uptime usage.
1018
+ # Corresponds to the JSON property `billingProjectId`
1019
+ # @return [String]
1020
+ attr_accessor :billing_project_id
1021
+
1022
+ # Output only. Create time stamp
1023
+ # Corresponds to the JSON property `createTime`
1024
+ # @return [String]
1025
+ attr_accessor :create_time
1026
+
1027
+ # Optional. Description of the firewall endpoint. Max length 2048 characters.
1028
+ # Corresponds to the JSON property `description`
1029
+ # @return [String]
1030
+ attr_accessor :description
1031
+
1032
+ # Optional. Labels as key value pairs
1033
+ # Corresponds to the JSON property `labels`
1034
+ # @return [Hash<String,String>]
1035
+ attr_accessor :labels
1036
+
1037
+ # Immutable. Identifier. name of resource
1038
+ # Corresponds to the JSON property `name`
1039
+ # @return [String]
1040
+ attr_accessor :name
1041
+
1042
+ # Output only. Whether reconciling is in progress, recommended per https://
1043
+ # google.aip.dev/128.
1044
+ # Corresponds to the JSON property `reconciling`
1045
+ # @return [Boolean]
1046
+ attr_accessor :reconciling
1047
+ alias_method :reconciling?, :reconciling
1048
+
1049
+ # Output only. Current state of the endpoint.
1050
+ # Corresponds to the JSON property `state`
1051
+ # @return [String]
1052
+ attr_accessor :state
1053
+
1054
+ # Output only. Update time stamp
1055
+ # Corresponds to the JSON property `updateTime`
1056
+ # @return [String]
1057
+ attr_accessor :update_time
1058
+
1059
+ def initialize(**args)
1060
+ update!(**args)
1061
+ end
1062
+
1063
+ # Update properties of this object
1064
+ def update!(**args)
1065
+ @associated_networks = args[:associated_networks] if args.key?(:associated_networks)
1066
+ @associations = args[:associations] if args.key?(:associations)
1067
+ @billing_project_id = args[:billing_project_id] if args.key?(:billing_project_id)
1068
+ @create_time = args[:create_time] if args.key?(:create_time)
1069
+ @description = args[:description] if args.key?(:description)
1070
+ @labels = args[:labels] if args.key?(:labels)
1071
+ @name = args[:name] if args.key?(:name)
1072
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
1073
+ @state = args[:state] if args.key?(:state)
1074
+ @update_time = args[:update_time] if args.key?(:update_time)
1075
+ end
1076
+ end
1077
+
1078
+ # Message describing Association object
1079
+ class FirewallEndpointAssociation
1080
+ include Google::Apis::Core::Hashable
1081
+
1082
+ # Output only. Create time stamp
1083
+ # Corresponds to the JSON property `createTime`
1084
+ # @return [String]
1085
+ attr_accessor :create_time
1086
+
1087
+ # Optional. Whether the association is disabled. True indicates that traffic won'
1088
+ # t be intercepted
1089
+ # Corresponds to the JSON property `disabled`
1090
+ # @return [Boolean]
1091
+ attr_accessor :disabled
1092
+ alias_method :disabled?, :disabled
1093
+
1094
+ # Required. The URL of the FirewallEndpoint that is being associated.
1095
+ # Corresponds to the JSON property `firewallEndpoint`
1096
+ # @return [String]
1097
+ attr_accessor :firewall_endpoint
1098
+
1099
+ # Optional. Labels as key value pairs
1100
+ # Corresponds to the JSON property `labels`
1101
+ # @return [Hash<String,String>]
1102
+ attr_accessor :labels
1103
+
1104
+ # Immutable. Identifier. name of resource
1105
+ # Corresponds to the JSON property `name`
1106
+ # @return [String]
1107
+ attr_accessor :name
1108
+
1109
+ # Required. The URL of the network that is being associated.
1110
+ # Corresponds to the JSON property `network`
1111
+ # @return [String]
1112
+ attr_accessor :network
1113
+
1114
+ # Output only. Whether reconciling is in progress, recommended per https://
1115
+ # google.aip.dev/128.
1116
+ # Corresponds to the JSON property `reconciling`
1117
+ # @return [Boolean]
1118
+ attr_accessor :reconciling
1119
+ alias_method :reconciling?, :reconciling
1120
+
1121
+ # Output only. Current state of the association.
1122
+ # Corresponds to the JSON property `state`
1123
+ # @return [String]
1124
+ attr_accessor :state
1125
+
1126
+ # Optional. The URL of the TlsInspectionPolicy that is being associated.
1127
+ # Corresponds to the JSON property `tlsInspectionPolicy`
1128
+ # @return [String]
1129
+ attr_accessor :tls_inspection_policy
1130
+
1131
+ # Output only. Update time stamp
1132
+ # Corresponds to the JSON property `updateTime`
1133
+ # @return [String]
1134
+ attr_accessor :update_time
1135
+
1136
+ def initialize(**args)
1137
+ update!(**args)
1138
+ end
1139
+
1140
+ # Update properties of this object
1141
+ def update!(**args)
1142
+ @create_time = args[:create_time] if args.key?(:create_time)
1143
+ @disabled = args[:disabled] if args.key?(:disabled)
1144
+ @firewall_endpoint = args[:firewall_endpoint] if args.key?(:firewall_endpoint)
1145
+ @labels = args[:labels] if args.key?(:labels)
1146
+ @name = args[:name] if args.key?(:name)
1147
+ @network = args[:network] if args.key?(:network)
1148
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
1149
+ @state = args[:state] if args.key?(:state)
1150
+ @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
1151
+ @update_time = args[:update_time] if args.key?(:update_time)
1152
+ end
1153
+ end
1154
+
1155
+ # This is a subset of the FirewallEndpointAssociation message, containing fields
1156
+ # to be used by the consumer.
1157
+ class FirewallEndpointAssociationReference
1158
+ include Google::Apis::Core::Hashable
1159
+
1160
+ # Output only. The resource name of the FirewallEndpointAssociation. Format:
1161
+ # projects/`project`/locations/`location`/firewallEndpointAssociations/`id`
1162
+ # Corresponds to the JSON property `name`
1163
+ # @return [String]
1164
+ attr_accessor :name
1165
+
1166
+ # Output only. The VPC network associated. Format: projects/`project`/global/
1167
+ # networks/`name`.
1168
+ # Corresponds to the JSON property `network`
1169
+ # @return [String]
1170
+ attr_accessor :network
1171
+
1172
+ def initialize(**args)
1173
+ update!(**args)
1174
+ end
1175
+
1176
+ # Update properties of this object
1177
+ def update!(**args)
1178
+ @name = args[:name] if args.key?(:name)
1179
+ @network = args[:network] if args.key?(:network)
1180
+ end
1181
+ end
1182
+
1183
+ # The GatewaySecurityPolicy resource contains a collection of
1184
+ # GatewaySecurityPolicyRules and associated metadata.
1185
+ class GatewaySecurityPolicy
1186
+ include Google::Apis::Core::Hashable
1187
+
1188
+ # Output only. The timestamp when the resource was created.
1189
+ # Corresponds to the JSON property `createTime`
1190
+ # @return [String]
1191
+ attr_accessor :create_time
1192
+
1193
+ # Optional. Free-text description of the resource.
1194
+ # Corresponds to the JSON property `description`
1195
+ # @return [String]
1196
+ attr_accessor :description
1197
+
1198
+ # Required. Name of the resource. Name is of the form projects/`project`/
1199
+ # locations/`location`/gatewaySecurityPolicies/`gateway_security_policy`
1200
+ # gateway_security_policy should match the pattern:(^[a-z]([a-z0-9-]`0,61`[a-z0-
1201
+ # 9])?$).
1202
+ # Corresponds to the JSON property `name`
1203
+ # @return [String]
1204
+ attr_accessor :name
1205
+
1206
+ # Optional. Name of a TLS Inspection Policy resource that defines how TLS
1207
+ # inspection will be performed for any rule(s) which enables it.
1208
+ # Corresponds to the JSON property `tlsInspectionPolicy`
1209
+ # @return [String]
1210
+ attr_accessor :tls_inspection_policy
1211
+
1212
+ # Output only. The timestamp when the resource was updated.
1213
+ # Corresponds to the JSON property `updateTime`
1214
+ # @return [String]
1215
+ attr_accessor :update_time
1216
+
1217
+ def initialize(**args)
1218
+ update!(**args)
1219
+ end
1220
+
1221
+ # Update properties of this object
1222
+ def update!(**args)
1223
+ @create_time = args[:create_time] if args.key?(:create_time)
1224
+ @description = args[:description] if args.key?(:description)
1225
+ @name = args[:name] if args.key?(:name)
1226
+ @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
1227
+ @update_time = args[:update_time] if args.key?(:update_time)
1228
+ end
1229
+ end
1230
+
1231
+ # The GatewaySecurityPolicyRule resource is in a nested collection within a
1232
+ # GatewaySecurityPolicy and represents a traffic matching condition and
1233
+ # associated action to perform.
1234
+ class GatewaySecurityPolicyRule
1235
+ include Google::Apis::Core::Hashable
1236
+
1237
+ # Optional. CEL expression for matching on L7/application level criteria.
1238
+ # Corresponds to the JSON property `applicationMatcher`
1239
+ # @return [String]
1240
+ attr_accessor :application_matcher
1241
+
1242
+ # Required. Profile which tells what the primitive action should be.
1243
+ # Corresponds to the JSON property `basicProfile`
1244
+ # @return [String]
1245
+ attr_accessor :basic_profile
1246
+
1247
+ # Output only. Time when the rule was created.
1248
+ # Corresponds to the JSON property `createTime`
1249
+ # @return [String]
1250
+ attr_accessor :create_time
1251
+
1252
+ # Optional. Free-text description of the resource.
1253
+ # Corresponds to the JSON property `description`
1254
+ # @return [String]
1255
+ attr_accessor :description
1256
+
1257
+ # Required. Whether the rule is enforced.
1258
+ # Corresponds to the JSON property `enabled`
1259
+ # @return [Boolean]
1260
+ attr_accessor :enabled
1261
+ alias_method :enabled?, :enabled
1262
+
1263
+ # Required. Immutable. Name of the resource. ame is the full resource name so
1264
+ # projects/`project`/locations/`location`/gatewaySecurityPolicies/`
1265
+ # gateway_security_policy`/rules/`rule` rule should match the pattern: (^[a-z]([
1266
+ # a-z0-9-]`0,61`[a-z0-9])?$).
1267
+ # Corresponds to the JSON property `name`
1268
+ # @return [String]
1269
+ attr_accessor :name
1270
+
1271
+ # Required. Priority of the rule. Lower number corresponds to higher precedence.
1272
+ # Corresponds to the JSON property `priority`
1273
+ # @return [Fixnum]
1274
+ attr_accessor :priority
1275
+
1276
+ # Required. CEL expression for matching on session criteria.
1277
+ # Corresponds to the JSON property `sessionMatcher`
1278
+ # @return [String]
1279
+ attr_accessor :session_matcher
1280
+
1281
+ # Optional. Flag to enable TLS inspection of traffic matching on , can only be
1282
+ # true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
1283
+ # Corresponds to the JSON property `tlsInspectionEnabled`
1284
+ # @return [Boolean]
1285
+ attr_accessor :tls_inspection_enabled
1286
+ alias_method :tls_inspection_enabled?, :tls_inspection_enabled
1287
+
1288
+ # Output only. Time when the rule was updated.
1289
+ # Corresponds to the JSON property `updateTime`
1290
+ # @return [String]
1291
+ attr_accessor :update_time
1292
+
1293
+ def initialize(**args)
1294
+ update!(**args)
1295
+ end
1296
+
1297
+ # Update properties of this object
1298
+ def update!(**args)
1299
+ @application_matcher = args[:application_matcher] if args.key?(:application_matcher)
1300
+ @basic_profile = args[:basic_profile] if args.key?(:basic_profile)
1301
+ @create_time = args[:create_time] if args.key?(:create_time)
1302
+ @description = args[:description] if args.key?(:description)
1303
+ @enabled = args[:enabled] if args.key?(:enabled)
1304
+ @name = args[:name] if args.key?(:name)
1305
+ @priority = args[:priority] if args.key?(:priority)
1306
+ @session_matcher = args[:session_matcher] if args.key?(:session_matcher)
1307
+ @tls_inspection_enabled = args[:tls_inspection_enabled] if args.key?(:tls_inspection_enabled)
1308
+ @update_time = args[:update_time] if args.key?(:update_time)
1309
+ end
1310
+ end
1311
+
1312
+ # Specification of certificate provider. Defines the mechanism to obtain the
1313
+ # certificate and private key for peer to peer authentication.
1314
+ class GoogleCloudNetworksecurityV1beta1CertificateProvider
1315
+ include Google::Apis::Core::Hashable
1316
+
1317
+ # Specification of a TLS certificate provider instance. Workloads may have one
1318
+ # or more CertificateProvider instances (plugins) and one of them is enabled and
1319
+ # configured by specifying this message. Workloads use the values from this
1320
+ # message to locate and load the CertificateProvider instance configuration.
1321
+ # Corresponds to the JSON property `certificateProviderInstance`
1322
+ # @return [Google::Apis::NetworksecurityV1beta1::CertificateProviderInstance]
1323
+ attr_accessor :certificate_provider_instance
1324
+
1325
+ # Specification of the GRPC Endpoint.
1326
+ # Corresponds to the JSON property `grpcEndpoint`
1327
+ # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1GrpcEndpoint]
1328
+ attr_accessor :grpc_endpoint
1329
+
1330
+ def initialize(**args)
1331
+ update!(**args)
1332
+ end
1333
+
1334
+ # Update properties of this object
1335
+ def update!(**args)
1336
+ @certificate_provider_instance = args[:certificate_provider_instance] if args.key?(:certificate_provider_instance)
1337
+ @grpc_endpoint = args[:grpc_endpoint] if args.key?(:grpc_endpoint)
1338
+ end
1339
+ end
1340
+
1341
+ # Specification of the GRPC Endpoint.
1342
+ class GoogleCloudNetworksecurityV1beta1GrpcEndpoint
1343
+ include Google::Apis::Core::Hashable
1344
+
1345
+ # Required. The target URI of the gRPC endpoint. Only UDS path is supported, and
1346
+ # should start with "unix:".
1347
+ # Corresponds to the JSON property `targetUri`
1348
+ # @return [String]
1349
+ attr_accessor :target_uri
1350
+
1351
+ def initialize(**args)
1352
+ update!(**args)
1353
+ end
1354
+
1355
+ # Update properties of this object
1356
+ def update!(**args)
1357
+ @target_uri = args[:target_uri] if args.key?(:target_uri)
1358
+ end
1359
+ end
1360
+
1361
+ # Specifies the audit configuration for a service. The configuration determines
1362
+ # which permission types are logged, and what identities, if any, are exempted
1363
+ # from logging. An AuditConfig must have one or more AuditLogConfigs. If there
1364
+ # are AuditConfigs for both `allServices` and a specific service, the union of
1365
+ # the two AuditConfigs is used for that service: the log_types specified in each
1366
+ # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
1367
+ # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
1368
+ # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
1369
+ # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
1370
+ # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
1371
+ # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
1372
+ # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
1373
+ # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
1374
+ # exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com`
1375
+ # from DATA_WRITE logging.
1376
+ class GoogleIamV1AuditConfig
1377
+ include Google::Apis::Core::Hashable
1378
+
1379
+ # The configuration for logging of each type of permission.
1380
+ # Corresponds to the JSON property `auditLogConfigs`
1381
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditLogConfig>]
1382
+ attr_accessor :audit_log_configs
1383
+
1384
+ # Specifies a service that will be enabled for audit logging. For example, `
1385
+ # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
1386
+ # value that covers all services.
1387
+ # Corresponds to the JSON property `service`
1388
+ # @return [String]
1389
+ attr_accessor :service
1390
+
1391
+ def initialize(**args)
1392
+ update!(**args)
1393
+ end
1394
+
1395
+ # Update properties of this object
1396
+ def update!(**args)
1397
+ @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
1398
+ @service = args[:service] if args.key?(:service)
1399
+ end
1400
+ end
1401
+
1402
+ # Provides the configuration for logging a type of permissions. Example: ` "
1403
+ # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
1404
+ # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
1405
+ # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
1406
+ # DATA_READ logging.
856
1407
  class GoogleIamV1AuditLogConfig
857
1408
  include Google::Apis::Core::Hashable
858
1409
 
859
- # Specifies the identities that do not cause logging for this type of permission.
860
- # Follows the same format of Binding.members.
861
- # Corresponds to the JSON property `exemptedMembers`
862
- # @return [Array<String>]
863
- attr_accessor :exempted_members
1410
+ # Specifies the identities that do not cause logging for this type of permission.
1411
+ # Follows the same format of Binding.members.
1412
+ # Corresponds to the JSON property `exemptedMembers`
1413
+ # @return [Array<String>]
1414
+ attr_accessor :exempted_members
1415
+
1416
+ # The log type that this config enables.
1417
+ # Corresponds to the JSON property `logType`
1418
+ # @return [String]
1419
+ attr_accessor :log_type
1420
+
1421
+ def initialize(**args)
1422
+ update!(**args)
1423
+ end
1424
+
1425
+ # Update properties of this object
1426
+ def update!(**args)
1427
+ @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
1428
+ @log_type = args[:log_type] if args.key?(:log_type)
1429
+ end
1430
+ end
1431
+
1432
+ # Associates `members`, or principals, with a `role`.
1433
+ class GoogleIamV1Binding
1434
+ include Google::Apis::Core::Hashable
1435
+
1436
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
1437
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
1438
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
1439
+ # "Summary size limit" description: "Determines if a summary is less than 100
1440
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
1441
+ # Requestor is owner" description: "Determines if requestor is the document
1442
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
1443
+ # Logic): title: "Public documents" description: "Determine whether the document
1444
+ # should be publicly visible" expression: "document.type != 'private' &&
1445
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
1446
+ # string" description: "Create a notification string with a timestamp."
1447
+ # expression: "'New message received at ' + string(document.create_time)" The
1448
+ # exact variables and functions that may be referenced within an expression are
1449
+ # determined by the service that evaluates it. See the service documentation for
1450
+ # additional information.
1451
+ # Corresponds to the JSON property `condition`
1452
+ # @return [Google::Apis::NetworksecurityV1beta1::Expr]
1453
+ attr_accessor :condition
1454
+
1455
+ # Specifies the principals requesting access for a Google Cloud resource. `
1456
+ # members` can have the following values: * `allUsers`: A special identifier
1457
+ # that represents anyone who is on the internet; with or without a Google
1458
+ # account. * `allAuthenticatedUsers`: A special identifier that represents
1459
+ # anyone who is authenticated with a Google account or a service account. Does
1460
+ # not include identities that come from external identity providers (IdPs)
1461
+ # through identity federation. * `user:`emailid``: An email address that
1462
+ # represents a specific Google account. For example, `alice@example.com` . * `
1463
+ # serviceAccount:`emailid``: An email address that represents a Google service
1464
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`. * `
1465
+ # serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An
1466
+ # identifier for a [Kubernetes service account](https://cloud.google.com/
1467
+ # kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-
1468
+ # project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
1469
+ # email address that represents a Google group. For example, `admins@example.com`
1470
+ # . * `domain:`domain``: The G Suite domain (primary) that represents all the
1471
+ # users of that domain. For example, `google.com` or `example.com`. * `principal:
1472
+ # //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
1473
+ # subject_attribute_value``: A single identity in a workforce identity pool. * `
1474
+ # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
1475
+ # group/`group_id``: All workforce identities in a group. * `principalSet://iam.
1476
+ # googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
1477
+ # attribute_name`/`attribute_value``: All workforce identities with a specific
1478
+ # attribute value. * `principalSet://iam.googleapis.com/locations/global/
1479
+ # workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
1480
+ # principal://iam.googleapis.com/projects/`project_number`/locations/global/
1481
+ # workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
1482
+ # identity in a workload identity pool. * `principalSet://iam.googleapis.com/
1483
+ # projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
1484
+ # group/`group_id``: A workload identity pool group. * `principalSet://iam.
1485
+ # googleapis.com/projects/`project_number`/locations/global/
1486
+ # workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
1487
+ # All identities in a workload identity pool with a certain attribute. * `
1488
+ # principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
1489
+ # workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
1490
+ # * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
1491
+ # identifier) representing a user that has been recently deleted. For example, `
1492
+ # alice@example.com?uid=123456789012345678901`. If the user is recovered, this
1493
+ # value reverts to `user:`emailid`` and the recovered user retains the role in
1494
+ # the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
1495
+ # address (plus unique identifier) representing a service account that has been
1496
+ # recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
1497
+ # 123456789012345678901`. If the service account is undeleted, this value
1498
+ # reverts to `serviceAccount:`emailid`` and the undeleted service account
1499
+ # retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
1500
+ # An email address (plus unique identifier) representing a Google group that has
1501
+ # been recently deleted. For example, `admins@example.com?uid=
1502
+ # 123456789012345678901`. If the group is recovered, this value reverts to `
1503
+ # group:`emailid`` and the recovered group retains the role in the binding. * `
1504
+ # deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
1505
+ # pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
1506
+ # workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
1507
+ # locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
1508
+ # Corresponds to the JSON property `members`
1509
+ # @return [Array<String>]
1510
+ attr_accessor :members
1511
+
1512
+ # Role that is assigned to the list of `members`, or principals. For example, `
1513
+ # roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM
1514
+ # roles and permissions, see the [IAM documentation](https://cloud.google.com/
1515
+ # iam/docs/roles-overview). For a list of the available pre-defined roles, see [
1516
+ # here](https://cloud.google.com/iam/docs/understanding-roles).
1517
+ # Corresponds to the JSON property `role`
1518
+ # @return [String]
1519
+ attr_accessor :role
1520
+
1521
+ def initialize(**args)
1522
+ update!(**args)
1523
+ end
1524
+
1525
+ # Update properties of this object
1526
+ def update!(**args)
1527
+ @condition = args[:condition] if args.key?(:condition)
1528
+ @members = args[:members] if args.key?(:members)
1529
+ @role = args[:role] if args.key?(:role)
1530
+ end
1531
+ end
1532
+
1533
+ # An Identity and Access Management (IAM) policy, which specifies access
1534
+ # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
1535
+ # A `binding` binds one or more `members`, or principals, to a single `role`.
1536
+ # Principals can be user accounts, service accounts, Google groups, and domains (
1537
+ # such as G Suite). A `role` is a named list of permissions; each `role` can be
1538
+ # an IAM predefined role or a user-created custom role. For some types of Google
1539
+ # Cloud resources, a `binding` can also specify a `condition`, which is a
1540
+ # logical expression that allows access to a resource only if the expression
1541
+ # evaluates to `true`. A condition can add constraints based on attributes of
1542
+ # the request, the resource, or both. To learn which resources support
1543
+ # conditions in their IAM policies, see the [IAM documentation](https://cloud.
1544
+ # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
1545
+ # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
1546
+ # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
1547
+ # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
1548
+ # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
1549
+ # ], "condition": ` "title": "expirable access", "description": "Does not grant
1550
+ # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
1551
+ # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
1552
+ # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
1553
+ # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
1554
+ # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
1555
+ # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
1556
+ # title: expirable access description: Does not grant access after Sep 2020
1557
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
1558
+ # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
1559
+ # [IAM documentation](https://cloud.google.com/iam/docs/).
1560
+ class GoogleIamV1Policy
1561
+ include Google::Apis::Core::Hashable
1562
+
1563
+ # Specifies cloud audit logging configuration for this policy.
1564
+ # Corresponds to the JSON property `auditConfigs`
1565
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditConfig>]
1566
+ attr_accessor :audit_configs
1567
+
1568
+ # Associates a list of `members`, or principals, with a `role`. Optionally, may
1569
+ # specify a `condition` that determines how and when the `bindings` are applied.
1570
+ # Each of the `bindings` must contain at least one principal. The `bindings` in
1571
+ # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
1572
+ # can be Google groups. Each occurrence of a principal counts towards these
1573
+ # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
1574
+ # example.com`, and not to any other principal, then you can add another 1,450
1575
+ # principals to the `bindings` in the `Policy`.
1576
+ # Corresponds to the JSON property `bindings`
1577
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1Binding>]
1578
+ attr_accessor :bindings
1579
+
1580
+ # `etag` is used for optimistic concurrency control as a way to help prevent
1581
+ # simultaneous updates of a policy from overwriting each other. It is strongly
1582
+ # suggested that systems make use of the `etag` in the read-modify-write cycle
1583
+ # to perform policy updates in order to avoid race conditions: An `etag` is
1584
+ # returned in the response to `getIamPolicy`, and systems are expected to put
1585
+ # that etag in the request to `setIamPolicy` to ensure that their change will be
1586
+ # applied to the same version of the policy. **Important:** If you use IAM
1587
+ # Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
1588
+ # If you omit this field, then IAM allows you to overwrite a version `3` policy
1589
+ # with a version `1` policy, and all of the conditions in the version `3` policy
1590
+ # are lost.
1591
+ # Corresponds to the JSON property `etag`
1592
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
1593
+ # @return [String]
1594
+ attr_accessor :etag
1595
+
1596
+ # Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
1597
+ # Requests that specify an invalid value are rejected. Any operation that
1598
+ # affects conditional role bindings must specify version `3`. This requirement
1599
+ # applies to the following operations: * Getting a policy that includes a
1600
+ # conditional role binding * Adding a conditional role binding to a policy *
1601
+ # Changing a conditional role binding in a policy * Removing any role binding,
1602
+ # with or without a condition, from a policy that includes conditions **
1603
+ # Important:** If you use IAM Conditions, you must include the `etag` field
1604
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
1605
+ # to overwrite a version `3` policy with a version `1` policy, and all of the
1606
+ # conditions in the version `3` policy are lost. If a policy does not include
1607
+ # any conditions, operations on that policy may specify any valid version or
1608
+ # leave the field unset. To learn which resources support conditions in their
1609
+ # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
1610
+ # conditions/resource-policies).
1611
+ # Corresponds to the JSON property `version`
1612
+ # @return [Fixnum]
1613
+ attr_accessor :version
1614
+
1615
+ def initialize(**args)
1616
+ update!(**args)
1617
+ end
1618
+
1619
+ # Update properties of this object
1620
+ def update!(**args)
1621
+ @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
1622
+ @bindings = args[:bindings] if args.key?(:bindings)
1623
+ @etag = args[:etag] if args.key?(:etag)
1624
+ @version = args[:version] if args.key?(:version)
1625
+ end
1626
+ end
1627
+
1628
+ # Request message for `SetIamPolicy` method.
1629
+ class GoogleIamV1SetIamPolicyRequest
1630
+ include Google::Apis::Core::Hashable
1631
+
1632
+ # An Identity and Access Management (IAM) policy, which specifies access
1633
+ # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
1634
+ # A `binding` binds one or more `members`, or principals, to a single `role`.
1635
+ # Principals can be user accounts, service accounts, Google groups, and domains (
1636
+ # such as G Suite). A `role` is a named list of permissions; each `role` can be
1637
+ # an IAM predefined role or a user-created custom role. For some types of Google
1638
+ # Cloud resources, a `binding` can also specify a `condition`, which is a
1639
+ # logical expression that allows access to a resource only if the expression
1640
+ # evaluates to `true`. A condition can add constraints based on attributes of
1641
+ # the request, the resource, or both. To learn which resources support
1642
+ # conditions in their IAM policies, see the [IAM documentation](https://cloud.
1643
+ # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
1644
+ # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
1645
+ # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
1646
+ # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
1647
+ # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
1648
+ # ], "condition": ` "title": "expirable access", "description": "Does not grant
1649
+ # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
1650
+ # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
1651
+ # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
1652
+ # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
1653
+ # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
1654
+ # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
1655
+ # title: expirable access description: Does not grant access after Sep 2020
1656
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
1657
+ # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
1658
+ # [IAM documentation](https://cloud.google.com/iam/docs/).
1659
+ # Corresponds to the JSON property `policy`
1660
+ # @return [Google::Apis::NetworksecurityV1beta1::GoogleIamV1Policy]
1661
+ attr_accessor :policy
864
1662
 
865
- # The log type that this config enables.
866
- # Corresponds to the JSON property `logType`
1663
+ # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
1664
+ # the fields in the mask will be modified. If no mask is provided, the following
1665
+ # default mask is used: `paths: "bindings, etag"`
1666
+ # Corresponds to the JSON property `updateMask`
867
1667
  # @return [String]
868
- attr_accessor :log_type
1668
+ attr_accessor :update_mask
869
1669
 
870
1670
  def initialize(**args)
871
1671
  update!(**args)
@@ -873,99 +1673,131 @@ module Google
873
1673
 
874
1674
  # Update properties of this object
875
1675
  def update!(**args)
876
- @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
877
- @log_type = args[:log_type] if args.key?(:log_type)
1676
+ @policy = args[:policy] if args.key?(:policy)
1677
+ @update_mask = args[:update_mask] if args.key?(:update_mask)
878
1678
  end
879
1679
  end
880
1680
 
881
- # Associates `members`, or principals, with a `role`.
882
- class GoogleIamV1Binding
1681
+ # Request message for `TestIamPermissions` method.
1682
+ class GoogleIamV1TestIamPermissionsRequest
883
1683
  include Google::Apis::Core::Hashable
884
1684
 
885
- # Represents a textual expression in the Common Expression Language (CEL) syntax.
886
- # CEL is a C-like expression language. The syntax and semantics of CEL are
887
- # documented at https://github.com/google/cel-spec. Example (Comparison): title:
888
- # "Summary size limit" description: "Determines if a summary is less than 100
889
- # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
890
- # Requestor is owner" description: "Determines if requestor is the document
891
- # owner" expression: "document.owner == request.auth.claims.email" Example (
892
- # Logic): title: "Public documents" description: "Determine whether the document
893
- # should be publicly visible" expression: "document.type != 'private' &&
894
- # document.type != 'internal'" Example (Data Manipulation): title: "Notification
895
- # string" description: "Create a notification string with a timestamp."
896
- # expression: "'New message received at ' + string(document.create_time)" The
897
- # exact variables and functions that may be referenced within an expression are
898
- # determined by the service that evaluates it. See the service documentation for
899
- # additional information.
900
- # Corresponds to the JSON property `condition`
901
- # @return [Google::Apis::NetworksecurityV1beta1::Expr]
902
- attr_accessor :condition
1685
+ # The set of permissions to check for the `resource`. Permissions with wildcards
1686
+ # (such as `*` or `storage.*`) are not allowed. For more information see [IAM
1687
+ # Overview](https://cloud.google.com/iam/docs/overview#permissions).
1688
+ # Corresponds to the JSON property `permissions`
1689
+ # @return [Array<String>]
1690
+ attr_accessor :permissions
903
1691
 
904
- # Specifies the principals requesting access for a Google Cloud resource. `
905
- # members` can have the following values: * `allUsers`: A special identifier
906
- # that represents anyone who is on the internet; with or without a Google
907
- # account. * `allAuthenticatedUsers`: A special identifier that represents
908
- # anyone who is authenticated with a Google account or a service account. Does
909
- # not include identities that come from external identity providers (IdPs)
910
- # through identity federation. * `user:`emailid``: An email address that
911
- # represents a specific Google account. For example, `alice@example.com` . * `
912
- # serviceAccount:`emailid``: An email address that represents a Google service
913
- # account. For example, `my-other-app@appspot.gserviceaccount.com`. * `
914
- # serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An
915
- # identifier for a [Kubernetes service account](https://cloud.google.com/
916
- # kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-
917
- # project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
918
- # email address that represents a Google group. For example, `admins@example.com`
919
- # . * `domain:`domain``: The G Suite domain (primary) that represents all the
920
- # users of that domain. For example, `google.com` or `example.com`. * `principal:
921
- # //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
922
- # subject_attribute_value``: A single identity in a workforce identity pool. * `
923
- # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
924
- # group/`group_id``: All workforce identities in a group. * `principalSet://iam.
925
- # googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
926
- # attribute_name`/`attribute_value``: All workforce identities with a specific
927
- # attribute value. * `principalSet://iam.googleapis.com/locations/global/
928
- # workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
929
- # principal://iam.googleapis.com/projects/`project_number`/locations/global/
930
- # workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
931
- # identity in a workload identity pool. * `principalSet://iam.googleapis.com/
932
- # projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
933
- # group/`group_id``: A workload identity pool group. * `principalSet://iam.
934
- # googleapis.com/projects/`project_number`/locations/global/
935
- # workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
936
- # All identities in a workload identity pool with a certain attribute. * `
937
- # principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
938
- # workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
939
- # * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
940
- # identifier) representing a user that has been recently deleted. For example, `
941
- # alice@example.com?uid=123456789012345678901`. If the user is recovered, this
942
- # value reverts to `user:`emailid`` and the recovered user retains the role in
943
- # the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
944
- # address (plus unique identifier) representing a service account that has been
945
- # recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
946
- # 123456789012345678901`. If the service account is undeleted, this value
947
- # reverts to `serviceAccount:`emailid`` and the undeleted service account
948
- # retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
949
- # An email address (plus unique identifier) representing a Google group that has
950
- # been recently deleted. For example, `admins@example.com?uid=
951
- # 123456789012345678901`. If the group is recovered, this value reverts to `
952
- # group:`emailid`` and the recovered group retains the role in the binding. * `
953
- # deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
954
- # pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
955
- # workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
956
- # locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
957
- # Corresponds to the JSON property `members`
1692
+ def initialize(**args)
1693
+ update!(**args)
1694
+ end
1695
+
1696
+ # Update properties of this object
1697
+ def update!(**args)
1698
+ @permissions = args[:permissions] if args.key?(:permissions)
1699
+ end
1700
+ end
1701
+
1702
+ # Response message for `TestIamPermissions` method.
1703
+ class GoogleIamV1TestIamPermissionsResponse
1704
+ include Google::Apis::Core::Hashable
1705
+
1706
+ # A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
1707
+ # Corresponds to the JSON property `permissions`
958
1708
  # @return [Array<String>]
959
- attr_accessor :members
1709
+ attr_accessor :permissions
960
1710
 
961
- # Role that is assigned to the list of `members`, or principals. For example, `
962
- # roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM
963
- # roles and permissions, see the [IAM documentation](https://cloud.google.com/
964
- # iam/docs/roles-overview). For a list of the available pre-defined roles, see [
965
- # here](https://cloud.google.com/iam/docs/understanding-roles).
966
- # Corresponds to the JSON property `role`
1711
+ def initialize(**args)
1712
+ update!(**args)
1713
+ end
1714
+
1715
+ # Update properties of this object
1716
+ def update!(**args)
1717
+ @permissions = args[:permissions] if args.key?(:permissions)
1718
+ end
1719
+ end
1720
+
1721
+ # Specification of HTTP header match attributes.
1722
+ class HttpHeaderMatch
1723
+ include Google::Apis::Core::Hashable
1724
+
1725
+ # Required. The name of the HTTP header to match. For matching against the HTTP
1726
+ # request's authority, use a headerMatch with the header name ":authority". For
1727
+ # matching a request's method, use the headerName ":method".
1728
+ # Corresponds to the JSON property `headerName`
1729
+ # @return [String]
1730
+ attr_accessor :header_name
1731
+
1732
+ # Required. The value of the header must match the regular expression specified
1733
+ # in regexMatch. For regular expression grammar, please see: en.cppreference.com/
1734
+ # w/cpp/regex/ecmascript For matching against a port specified in the HTTP
1735
+ # request, use a headerMatch with headerName set to Host and a regular
1736
+ # expression that satisfies the RFC2616 Host header's port specifier.
1737
+ # Corresponds to the JSON property `regexMatch`
1738
+ # @return [String]
1739
+ attr_accessor :regex_match
1740
+
1741
+ def initialize(**args)
1742
+ update!(**args)
1743
+ end
1744
+
1745
+ # Update properties of this object
1746
+ def update!(**args)
1747
+ @header_name = args[:header_name] if args.key?(:header_name)
1748
+ @regex_match = args[:regex_match] if args.key?(:regex_match)
1749
+ end
1750
+ end
1751
+
1752
+ # Message describing InterceptDeployment object
1753
+ class InterceptDeployment
1754
+ include Google::Apis::Core::Hashable
1755
+
1756
+ # Output only. [Output only] Create time stamp
1757
+ # Corresponds to the JSON property `createTime`
1758
+ # @return [String]
1759
+ attr_accessor :create_time
1760
+
1761
+ # Required. Immutable. The regional load balancer which the intercepted traffic
1762
+ # should be forwarded to. Format is: projects/`project`/regions/`region`/
1763
+ # forwardingRules/`forwardingRule`
1764
+ # Corresponds to the JSON property `forwardingRule`
1765
+ # @return [String]
1766
+ attr_accessor :forwarding_rule
1767
+
1768
+ # Required. Immutable. The Intercept Deployment Group that this resource is part
1769
+ # of. Format is: `projects/`project`/locations/global/interceptDeploymentGroups/`
1770
+ # interceptDeploymentGroup``
1771
+ # Corresponds to the JSON property `interceptDeploymentGroup`
1772
+ # @return [String]
1773
+ attr_accessor :intercept_deployment_group
1774
+
1775
+ # Optional. Labels as key value pairs
1776
+ # Corresponds to the JSON property `labels`
1777
+ # @return [Hash<String,String>]
1778
+ attr_accessor :labels
1779
+
1780
+ # Immutable. Identifier. The name of the InterceptDeployment.
1781
+ # Corresponds to the JSON property `name`
1782
+ # @return [String]
1783
+ attr_accessor :name
1784
+
1785
+ # Output only. Whether reconciling is in progress, recommended per https://
1786
+ # google.aip.dev/128.
1787
+ # Corresponds to the JSON property `reconciling`
1788
+ # @return [Boolean]
1789
+ attr_accessor :reconciling
1790
+ alias_method :reconciling?, :reconciling
1791
+
1792
+ # Output only. Current state of the deployment.
1793
+ # Corresponds to the JSON property `state`
967
1794
  # @return [String]
968
- attr_accessor :role
1795
+ attr_accessor :state
1796
+
1797
+ # Output only. [Output only] Update time stamp
1798
+ # Corresponds to the JSON property `updateTime`
1799
+ # @return [String]
1800
+ attr_accessor :update_time
969
1801
 
970
1802
  def initialize(**args)
971
1803
  update!(**args)
@@ -973,93 +1805,64 @@ module Google
973
1805
 
974
1806
  # Update properties of this object
975
1807
  def update!(**args)
976
- @condition = args[:condition] if args.key?(:condition)
977
- @members = args[:members] if args.key?(:members)
978
- @role = args[:role] if args.key?(:role)
1808
+ @create_time = args[:create_time] if args.key?(:create_time)
1809
+ @forwarding_rule = args[:forwarding_rule] if args.key?(:forwarding_rule)
1810
+ @intercept_deployment_group = args[:intercept_deployment_group] if args.key?(:intercept_deployment_group)
1811
+ @labels = args[:labels] if args.key?(:labels)
1812
+ @name = args[:name] if args.key?(:name)
1813
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
1814
+ @state = args[:state] if args.key?(:state)
1815
+ @update_time = args[:update_time] if args.key?(:update_time)
979
1816
  end
980
1817
  end
981
1818
 
982
- # An Identity and Access Management (IAM) policy, which specifies access
983
- # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
984
- # A `binding` binds one or more `members`, or principals, to a single `role`.
985
- # Principals can be user accounts, service accounts, Google groups, and domains (
986
- # such as G Suite). A `role` is a named list of permissions; each `role` can be
987
- # an IAM predefined role or a user-created custom role. For some types of Google
988
- # Cloud resources, a `binding` can also specify a `condition`, which is a
989
- # logical expression that allows access to a resource only if the expression
990
- # evaluates to `true`. A condition can add constraints based on attributes of
991
- # the request, the resource, or both. To learn which resources support
992
- # conditions in their IAM policies, see the [IAM documentation](https://cloud.
993
- # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
994
- # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
995
- # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
996
- # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
997
- # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
998
- # ], "condition": ` "title": "expirable access", "description": "Does not grant
999
- # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
1000
- # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
1001
- # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
1002
- # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
1003
- # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
1004
- # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
1005
- # title: expirable access description: Does not grant access after Sep 2020
1006
- # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
1007
- # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
1008
- # [IAM documentation](https://cloud.google.com/iam/docs/).
1009
- class GoogleIamV1Policy
1819
+ # Message describing InterceptDeploymentGroup object
1820
+ class InterceptDeploymentGroup
1010
1821
  include Google::Apis::Core::Hashable
1011
1822
 
1012
- # Specifies cloud audit logging configuration for this policy.
1013
- # Corresponds to the JSON property `auditConfigs`
1014
- # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditConfig>]
1015
- attr_accessor :audit_configs
1823
+ # Output only. The list of Intercept Endpoint Groups that are connected to this
1824
+ # resource.
1825
+ # Corresponds to the JSON property `connectedEndpointGroups`
1826
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeploymentGroupConnectedEndpointGroup>]
1827
+ attr_accessor :connected_endpoint_groups
1016
1828
 
1017
- # Associates a list of `members`, or principals, with a `role`. Optionally, may
1018
- # specify a `condition` that determines how and when the `bindings` are applied.
1019
- # Each of the `bindings` must contain at least one principal. The `bindings` in
1020
- # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
1021
- # can be Google groups. Each occurrence of a principal counts towards these
1022
- # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
1023
- # example.com`, and not to any other principal, then you can add another 1,450
1024
- # principals to the `bindings` in the `Policy`.
1025
- # Corresponds to the JSON property `bindings`
1026
- # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1Binding>]
1027
- attr_accessor :bindings
1829
+ # Output only. [Output only] Create time stamp
1830
+ # Corresponds to the JSON property `createTime`
1831
+ # @return [String]
1832
+ attr_accessor :create_time
1028
1833
 
1029
- # `etag` is used for optimistic concurrency control as a way to help prevent
1030
- # simultaneous updates of a policy from overwriting each other. It is strongly
1031
- # suggested that systems make use of the `etag` in the read-modify-write cycle
1032
- # to perform policy updates in order to avoid race conditions: An `etag` is
1033
- # returned in the response to `getIamPolicy`, and systems are expected to put
1034
- # that etag in the request to `setIamPolicy` to ensure that their change will be
1035
- # applied to the same version of the policy. **Important:** If you use IAM
1036
- # Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
1037
- # If you omit this field, then IAM allows you to overwrite a version `3` policy
1038
- # with a version `1` policy, and all of the conditions in the version `3` policy
1039
- # are lost.
1040
- # Corresponds to the JSON property `etag`
1041
- # NOTE: Values are automatically base64 encoded/decoded in the client library.
1834
+ # Optional. Labels as key value pairs
1835
+ # Corresponds to the JSON property `labels`
1836
+ # @return [Hash<String,String>]
1837
+ attr_accessor :labels
1838
+
1839
+ # Immutable. Identifier. Then name of the InterceptDeploymentGroup.
1840
+ # Corresponds to the JSON property `name`
1042
1841
  # @return [String]
1043
- attr_accessor :etag
1842
+ attr_accessor :name
1044
1843
 
1045
- # Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
1046
- # Requests that specify an invalid value are rejected. Any operation that
1047
- # affects conditional role bindings must specify version `3`. This requirement
1048
- # applies to the following operations: * Getting a policy that includes a
1049
- # conditional role binding * Adding a conditional role binding to a policy *
1050
- # Changing a conditional role binding in a policy * Removing any role binding,
1051
- # with or without a condition, from a policy that includes conditions **
1052
- # Important:** If you use IAM Conditions, you must include the `etag` field
1053
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
1054
- # to overwrite a version `3` policy with a version `1` policy, and all of the
1055
- # conditions in the version `3` policy are lost. If a policy does not include
1056
- # any conditions, operations on that policy may specify any valid version or
1057
- # leave the field unset. To learn which resources support conditions in their
1058
- # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
1059
- # conditions/resource-policies).
1060
- # Corresponds to the JSON property `version`
1061
- # @return [Fixnum]
1062
- attr_accessor :version
1844
+ # Required. Immutable. The network that is being used for the deployment. Format
1845
+ # is: projects/`project`/global/networks/`network`.
1846
+ # Corresponds to the JSON property `network`
1847
+ # @return [String]
1848
+ attr_accessor :network
1849
+
1850
+ # Output only. Whether reconciling is in progress, recommended per https://
1851
+ # google.aip.dev/128.
1852
+ # Corresponds to the JSON property `reconciling`
1853
+ # @return [Boolean]
1854
+ attr_accessor :reconciling
1855
+ alias_method :reconciling?, :reconciling
1856
+
1857
+ # Output only. Current state of the deployment group.
1858
+ # Corresponds to the JSON property `state`
1859
+ # @return [String]
1860
+ attr_accessor :state
1861
+
1862
+ # Output only. [Output only] Update time stamp
1863
+ # Corresponds to the JSON property `updateTime`
1864
+ # @return [String]
1865
+ attr_accessor :update_time
1063
1866
 
1064
1867
  def initialize(**args)
1065
1868
  update!(**args)
@@ -1067,54 +1870,90 @@ module Google
1067
1870
 
1068
1871
  # Update properties of this object
1069
1872
  def update!(**args)
1070
- @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
1071
- @bindings = args[:bindings] if args.key?(:bindings)
1072
- @etag = args[:etag] if args.key?(:etag)
1073
- @version = args[:version] if args.key?(:version)
1873
+ @connected_endpoint_groups = args[:connected_endpoint_groups] if args.key?(:connected_endpoint_groups)
1874
+ @create_time = args[:create_time] if args.key?(:create_time)
1875
+ @labels = args[:labels] if args.key?(:labels)
1876
+ @name = args[:name] if args.key?(:name)
1877
+ @network = args[:network] if args.key?(:network)
1878
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
1879
+ @state = args[:state] if args.key?(:state)
1880
+ @update_time = args[:update_time] if args.key?(:update_time)
1074
1881
  end
1075
1882
  end
1076
1883
 
1077
- # Request message for `SetIamPolicy` method.
1078
- class GoogleIamV1SetIamPolicyRequest
1884
+ # An endpoint group connected to this deployment group.
1885
+ class InterceptDeploymentGroupConnectedEndpointGroup
1079
1886
  include Google::Apis::Core::Hashable
1080
1887
 
1081
- # An Identity and Access Management (IAM) policy, which specifies access
1082
- # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
1083
- # A `binding` binds one or more `members`, or principals, to a single `role`.
1084
- # Principals can be user accounts, service accounts, Google groups, and domains (
1085
- # such as G Suite). A `role` is a named list of permissions; each `role` can be
1086
- # an IAM predefined role or a user-created custom role. For some types of Google
1087
- # Cloud resources, a `binding` can also specify a `condition`, which is a
1088
- # logical expression that allows access to a resource only if the expression
1089
- # evaluates to `true`. A condition can add constraints based on attributes of
1090
- # the request, the resource, or both. To learn which resources support
1091
- # conditions in their IAM policies, see the [IAM documentation](https://cloud.
1092
- # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
1093
- # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
1094
- # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
1095
- # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
1096
- # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
1097
- # ], "condition": ` "title": "expirable access", "description": "Does not grant
1098
- # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
1099
- # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
1100
- # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
1101
- # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
1102
- # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
1103
- # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
1104
- # title: expirable access description: Does not grant access after Sep 2020
1105
- # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
1106
- # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
1107
- # [IAM documentation](https://cloud.google.com/iam/docs/).
1108
- # Corresponds to the JSON property `policy`
1109
- # @return [Google::Apis::NetworksecurityV1beta1::GoogleIamV1Policy]
1110
- attr_accessor :policy
1888
+ # Output only. A connected intercept endpoint group.
1889
+ # Corresponds to the JSON property `name`
1890
+ # @return [String]
1891
+ attr_accessor :name
1111
1892
 
1112
- # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
1113
- # the fields in the mask will be modified. If no mask is provided, the following
1114
- # default mask is used: `paths: "bindings, etag"`
1115
- # Corresponds to the JSON property `updateMask`
1893
+ def initialize(**args)
1894
+ update!(**args)
1895
+ end
1896
+
1897
+ # Update properties of this object
1898
+ def update!(**args)
1899
+ @name = args[:name] if args.key?(:name)
1900
+ end
1901
+ end
1902
+
1903
+ # Message describing InterceptEndpointGroup object.
1904
+ class InterceptEndpointGroup
1905
+ include Google::Apis::Core::Hashable
1906
+
1907
+ # Output only. List of Intercept Endpoint Group Associations that are associated
1908
+ # to this endpoint group.
1909
+ # Corresponds to the JSON property `associations`
1910
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociationDetails>]
1911
+ attr_accessor :associations
1912
+
1913
+ # Output only. [Output only] Create time stamp
1914
+ # Corresponds to the JSON property `createTime`
1116
1915
  # @return [String]
1117
- attr_accessor :update_mask
1916
+ attr_accessor :create_time
1917
+
1918
+ # Optional. User-provided description of the endpoint group. Used as additional
1919
+ # context for the endpoint group.
1920
+ # Corresponds to the JSON property `description`
1921
+ # @return [String]
1922
+ attr_accessor :description
1923
+
1924
+ # Required. Immutable. The Intercept Deployment Group that this resource is
1925
+ # connected to. Format is: `projects/`project`/locations/global/
1926
+ # interceptDeploymentGroups/`interceptDeploymentGroup``
1927
+ # Corresponds to the JSON property `interceptDeploymentGroup`
1928
+ # @return [String]
1929
+ attr_accessor :intercept_deployment_group
1930
+
1931
+ # Optional. Labels as key value pairs
1932
+ # Corresponds to the JSON property `labels`
1933
+ # @return [Hash<String,String>]
1934
+ attr_accessor :labels
1935
+
1936
+ # Immutable. Identifier. The name of the InterceptEndpointGroup.
1937
+ # Corresponds to the JSON property `name`
1938
+ # @return [String]
1939
+ attr_accessor :name
1940
+
1941
+ # Output only. Whether reconciling is in progress, recommended per https://
1942
+ # google.aip.dev/128.
1943
+ # Corresponds to the JSON property `reconciling`
1944
+ # @return [Boolean]
1945
+ attr_accessor :reconciling
1946
+ alias_method :reconciling?, :reconciling
1947
+
1948
+ # Output only. Current state of the endpoint group.
1949
+ # Corresponds to the JSON property `state`
1950
+ # @return [String]
1951
+ attr_accessor :state
1952
+
1953
+ # Output only. [Output only] Update time stamp
1954
+ # Corresponds to the JSON property `updateTime`
1955
+ # @return [String]
1956
+ attr_accessor :update_time
1118
1957
 
1119
1958
  def initialize(**args)
1120
1959
  update!(**args)
@@ -1122,21 +1961,71 @@ module Google
1122
1961
 
1123
1962
  # Update properties of this object
1124
1963
  def update!(**args)
1125
- @policy = args[:policy] if args.key?(:policy)
1126
- @update_mask = args[:update_mask] if args.key?(:update_mask)
1964
+ @associations = args[:associations] if args.key?(:associations)
1965
+ @create_time = args[:create_time] if args.key?(:create_time)
1966
+ @description = args[:description] if args.key?(:description)
1967
+ @intercept_deployment_group = args[:intercept_deployment_group] if args.key?(:intercept_deployment_group)
1968
+ @labels = args[:labels] if args.key?(:labels)
1969
+ @name = args[:name] if args.key?(:name)
1970
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
1971
+ @state = args[:state] if args.key?(:state)
1972
+ @update_time = args[:update_time] if args.key?(:update_time)
1127
1973
  end
1128
1974
  end
1129
1975
 
1130
- # Request message for `TestIamPermissions` method.
1131
- class GoogleIamV1TestIamPermissionsRequest
1132
- include Google::Apis::Core::Hashable
1976
+ # Message describing InterceptEndpointGroupAssociation object
1977
+ class InterceptEndpointGroupAssociation
1978
+ include Google::Apis::Core::Hashable
1979
+
1980
+ # Output only. [Output only] Create time stamp
1981
+ # Corresponds to the JSON property `createTime`
1982
+ # @return [String]
1983
+ attr_accessor :create_time
1984
+
1985
+ # Required. Immutable. The Intercept Endpoint Group that this resource is
1986
+ # connected to. Format is: `projects/`project`/locations/global/
1987
+ # interceptEndpointGroups/`interceptEndpointGroup``
1988
+ # Corresponds to the JSON property `interceptEndpointGroup`
1989
+ # @return [String]
1990
+ attr_accessor :intercept_endpoint_group
1991
+
1992
+ # Optional. Labels as key value pairs
1993
+ # Corresponds to the JSON property `labels`
1994
+ # @return [Hash<String,String>]
1995
+ attr_accessor :labels
1996
+
1997
+ # Output only. The list of locations that this association is in and its details.
1998
+ # Corresponds to the JSON property `locationsDetails`
1999
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociationLocationDetails>]
2000
+ attr_accessor :locations_details
2001
+
2002
+ # Immutable. Identifier. The name of the InterceptEndpointGroupAssociation.
2003
+ # Corresponds to the JSON property `name`
2004
+ # @return [String]
2005
+ attr_accessor :name
2006
+
2007
+ # Required. Immutable. The VPC network associated. Format: projects/`project`/
2008
+ # global/networks/`network`.
2009
+ # Corresponds to the JSON property `network`
2010
+ # @return [String]
2011
+ attr_accessor :network
2012
+
2013
+ # Output only. Whether reconciling is in progress, recommended per https://
2014
+ # google.aip.dev/128.
2015
+ # Corresponds to the JSON property `reconciling`
2016
+ # @return [Boolean]
2017
+ attr_accessor :reconciling
2018
+ alias_method :reconciling?, :reconciling
2019
+
2020
+ # Output only. Current state of the endpoint group association.
2021
+ # Corresponds to the JSON property `state`
2022
+ # @return [String]
2023
+ attr_accessor :state
1133
2024
 
1134
- # The set of permissions to check for the `resource`. Permissions with wildcards
1135
- # (such as `*` or `storage.*`) are not allowed. For more information see [IAM
1136
- # Overview](https://cloud.google.com/iam/docs/overview#permissions).
1137
- # Corresponds to the JSON property `permissions`
1138
- # @return [Array<String>]
1139
- attr_accessor :permissions
2025
+ # Output only. [Output only] Update time stamp
2026
+ # Corresponds to the JSON property `updateTime`
2027
+ # @return [String]
2028
+ attr_accessor :update_time
1140
2029
 
1141
2030
  def initialize(**args)
1142
2031
  update!(**args)
@@ -1144,18 +2033,40 @@ module Google
1144
2033
 
1145
2034
  # Update properties of this object
1146
2035
  def update!(**args)
1147
- @permissions = args[:permissions] if args.key?(:permissions)
2036
+ @create_time = args[:create_time] if args.key?(:create_time)
2037
+ @intercept_endpoint_group = args[:intercept_endpoint_group] if args.key?(:intercept_endpoint_group)
2038
+ @labels = args[:labels] if args.key?(:labels)
2039
+ @locations_details = args[:locations_details] if args.key?(:locations_details)
2040
+ @name = args[:name] if args.key?(:name)
2041
+ @network = args[:network] if args.key?(:network)
2042
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
2043
+ @state = args[:state] if args.key?(:state)
2044
+ @update_time = args[:update_time] if args.key?(:update_time)
1148
2045
  end
1149
2046
  end
1150
2047
 
1151
- # Response message for `TestIamPermissions` method.
1152
- class GoogleIamV1TestIamPermissionsResponse
2048
+ # This is a subset of the InterceptEndpointGroupAssociation message, containing
2049
+ # fields to be used by the consumer.
2050
+ class InterceptEndpointGroupAssociationDetails
1153
2051
  include Google::Apis::Core::Hashable
1154
2052
 
1155
- # A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
1156
- # Corresponds to the JSON property `permissions`
1157
- # @return [Array<String>]
1158
- attr_accessor :permissions
2053
+ # Output only. The resource name of the InterceptEndpointGroupAssociation.
2054
+ # Format: projects/`project`/locations/`location`/
2055
+ # interceptEndpointGroupAssociations/`interceptEndpointGroupAssociation`
2056
+ # Corresponds to the JSON property `name`
2057
+ # @return [String]
2058
+ attr_accessor :name
2059
+
2060
+ # Output only. The VPC network associated. Format: projects/`project`/global/
2061
+ # networks/`name`.
2062
+ # Corresponds to the JSON property `network`
2063
+ # @return [String]
2064
+ attr_accessor :network
2065
+
2066
+ # Output only. Current state of the association.
2067
+ # Corresponds to the JSON property `state`
2068
+ # @return [String]
2069
+ attr_accessor :state
1159
2070
 
1160
2071
  def initialize(**args)
1161
2072
  update!(**args)
@@ -1163,29 +2074,25 @@ module Google
1163
2074
 
1164
2075
  # Update properties of this object
1165
2076
  def update!(**args)
1166
- @permissions = args[:permissions] if args.key?(:permissions)
2077
+ @name = args[:name] if args.key?(:name)
2078
+ @network = args[:network] if args.key?(:network)
2079
+ @state = args[:state] if args.key?(:state)
1167
2080
  end
1168
2081
  end
1169
2082
 
1170
- # Specification of HTTP header match attributes.
1171
- class HttpHeaderMatch
2083
+ # Details about the association status in a specific cloud location.
2084
+ class InterceptEndpointGroupAssociationLocationDetails
1172
2085
  include Google::Apis::Core::Hashable
1173
2086
 
1174
- # Required. The name of the HTTP header to match. For matching against the HTTP
1175
- # request's authority, use a headerMatch with the header name ":authority". For
1176
- # matching a request's method, use the headerName ":method".
1177
- # Corresponds to the JSON property `headerName`
2087
+ # Output only. The cloud location.
2088
+ # Corresponds to the JSON property `location`
1178
2089
  # @return [String]
1179
- attr_accessor :header_name
2090
+ attr_accessor :location
1180
2091
 
1181
- # Required. The value of the header must match the regular expression specified
1182
- # in regexMatch. For regular expression grammar, please see: en.cppreference.com/
1183
- # w/cpp/regex/ecmascript For matching against a port specified in the HTTP
1184
- # request, use a headerMatch with headerName set to Host and a regular
1185
- # expression that satisfies the RFC2616 Host header's port specifier.
1186
- # Corresponds to the JSON property `regexMatch`
2092
+ # Output only. The association state in this location.
2093
+ # Corresponds to the JSON property `state`
1187
2094
  # @return [String]
1188
- attr_accessor :regex_match
2095
+ attr_accessor :state
1189
2096
 
1190
2097
  def initialize(**args)
1191
2098
  update!(**args)
@@ -1193,8 +2100,8 @@ module Google
1193
2100
 
1194
2101
  # Update properties of this object
1195
2102
  def update!(**args)
1196
- @header_name = args[:header_name] if args.key?(:header_name)
1197
- @regex_match = args[:regex_match] if args.key?(:regex_match)
2103
+ @location = args[:location] if args.key?(:location)
2104
+ @state = args[:state] if args.key?(:state)
1198
2105
  end
1199
2106
  end
1200
2107
 
@@ -1310,6 +2217,37 @@ module Google
1310
2217
  end
1311
2218
  end
1312
2219
 
2220
+ # Message for response to listing `AuthzPolicy` resources.
2221
+ class ListAuthzPoliciesResponse
2222
+ include Google::Apis::Core::Hashable
2223
+
2224
+ # The list of `AuthzPolicy` resources.
2225
+ # Corresponds to the JSON property `authzPolicies`
2226
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicy>]
2227
+ attr_accessor :authz_policies
2228
+
2229
+ # A token identifying a page of results that the server returns.
2230
+ # Corresponds to the JSON property `nextPageToken`
2231
+ # @return [String]
2232
+ attr_accessor :next_page_token
2233
+
2234
+ # Locations that could not be reached.
2235
+ # Corresponds to the JSON property `unreachable`
2236
+ # @return [Array<String>]
2237
+ attr_accessor :unreachable
2238
+
2239
+ def initialize(**args)
2240
+ update!(**args)
2241
+ end
2242
+
2243
+ # Update properties of this object
2244
+ def update!(**args)
2245
+ @authz_policies = args[:authz_policies] if args.key?(:authz_policies)
2246
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2247
+ @unreachable = args[:unreachable] if args.key?(:unreachable)
2248
+ end
2249
+ end
2250
+
1313
2251
  # Response returned by the ListClientTlsPolicies method.
1314
2252
  class ListClientTlsPoliciesResponse
1315
2253
  include Google::Apis::Core::Hashable
@@ -1459,22 +2397,234 @@ module Google
1459
2397
 
1460
2398
  # Update properties of this object
1461
2399
  def update!(**args)
1462
- @gateway_security_policy_rules = args[:gateway_security_policy_rules] if args.key?(:gateway_security_policy_rules)
2400
+ @gateway_security_policy_rules = args[:gateway_security_policy_rules] if args.key?(:gateway_security_policy_rules)
2401
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2402
+ @unreachable = args[:unreachable] if args.key?(:unreachable)
2403
+ end
2404
+ end
2405
+
2406
+ # Message for response to listing InterceptDeploymentGroups
2407
+ class ListInterceptDeploymentGroupsResponse
2408
+ include Google::Apis::Core::Hashable
2409
+
2410
+ # The list of InterceptDeploymentGroup
2411
+ # Corresponds to the JSON property `interceptDeploymentGroups`
2412
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeploymentGroup>]
2413
+ attr_accessor :intercept_deployment_groups
2414
+
2415
+ # A token identifying a page of results the server should return.
2416
+ # Corresponds to the JSON property `nextPageToken`
2417
+ # @return [String]
2418
+ attr_accessor :next_page_token
2419
+
2420
+ def initialize(**args)
2421
+ update!(**args)
2422
+ end
2423
+
2424
+ # Update properties of this object
2425
+ def update!(**args)
2426
+ @intercept_deployment_groups = args[:intercept_deployment_groups] if args.key?(:intercept_deployment_groups)
2427
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2428
+ end
2429
+ end
2430
+
2431
+ # Message for response to listing InterceptDeployments
2432
+ class ListInterceptDeploymentsResponse
2433
+ include Google::Apis::Core::Hashable
2434
+
2435
+ # The list of InterceptDeployment
2436
+ # Corresponds to the JSON property `interceptDeployments`
2437
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeployment>]
2438
+ attr_accessor :intercept_deployments
2439
+
2440
+ # A token identifying a page of results the server should return.
2441
+ # Corresponds to the JSON property `nextPageToken`
2442
+ # @return [String]
2443
+ attr_accessor :next_page_token
2444
+
2445
+ # Locations that could not be reached.
2446
+ # Corresponds to the JSON property `unreachable`
2447
+ # @return [Array<String>]
2448
+ attr_accessor :unreachable
2449
+
2450
+ def initialize(**args)
2451
+ update!(**args)
2452
+ end
2453
+
2454
+ # Update properties of this object
2455
+ def update!(**args)
2456
+ @intercept_deployments = args[:intercept_deployments] if args.key?(:intercept_deployments)
2457
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2458
+ @unreachable = args[:unreachable] if args.key?(:unreachable)
2459
+ end
2460
+ end
2461
+
2462
+ # Message for response to listing InterceptEndpointGroupAssociations
2463
+ class ListInterceptEndpointGroupAssociationsResponse
2464
+ include Google::Apis::Core::Hashable
2465
+
2466
+ # The list of InterceptEndpointGroupAssociation
2467
+ # Corresponds to the JSON property `interceptEndpointGroupAssociations`
2468
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociation>]
2469
+ attr_accessor :intercept_endpoint_group_associations
2470
+
2471
+ # A token identifying a page of results the server should return.
2472
+ # Corresponds to the JSON property `nextPageToken`
2473
+ # @return [String]
2474
+ attr_accessor :next_page_token
2475
+
2476
+ def initialize(**args)
2477
+ update!(**args)
2478
+ end
2479
+
2480
+ # Update properties of this object
2481
+ def update!(**args)
2482
+ @intercept_endpoint_group_associations = args[:intercept_endpoint_group_associations] if args.key?(:intercept_endpoint_group_associations)
2483
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2484
+ end
2485
+ end
2486
+
2487
+ # Message for response to listing InterceptEndpointGroups
2488
+ class ListInterceptEndpointGroupsResponse
2489
+ include Google::Apis::Core::Hashable
2490
+
2491
+ # The list of InterceptEndpointGroup
2492
+ # Corresponds to the JSON property `interceptEndpointGroups`
2493
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroup>]
2494
+ attr_accessor :intercept_endpoint_groups
2495
+
2496
+ # A token identifying a page of results the server should return.
2497
+ # Corresponds to the JSON property `nextPageToken`
2498
+ # @return [String]
2499
+ attr_accessor :next_page_token
2500
+
2501
+ def initialize(**args)
2502
+ update!(**args)
2503
+ end
2504
+
2505
+ # Update properties of this object
2506
+ def update!(**args)
2507
+ @intercept_endpoint_groups = args[:intercept_endpoint_groups] if args.key?(:intercept_endpoint_groups)
2508
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2509
+ end
2510
+ end
2511
+
2512
+ # The response message for Locations.ListLocations.
2513
+ class ListLocationsResponse
2514
+ include Google::Apis::Core::Hashable
2515
+
2516
+ # A list of locations that matches the specified filter in the request.
2517
+ # Corresponds to the JSON property `locations`
2518
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::Location>]
2519
+ attr_accessor :locations
2520
+
2521
+ # The standard List next-page token.
2522
+ # Corresponds to the JSON property `nextPageToken`
2523
+ # @return [String]
2524
+ attr_accessor :next_page_token
2525
+
2526
+ def initialize(**args)
2527
+ update!(**args)
2528
+ end
2529
+
2530
+ # Update properties of this object
2531
+ def update!(**args)
2532
+ @locations = args[:locations] if args.key?(:locations)
2533
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2534
+ end
2535
+ end
2536
+
2537
+ # Message for response to listing MirroringDeploymentGroups
2538
+ class ListMirroringDeploymentGroupsResponse
2539
+ include Google::Apis::Core::Hashable
2540
+
2541
+ # The list of MirroringDeploymentGroup
2542
+ # Corresponds to the JSON property `mirroringDeploymentGroups`
2543
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeploymentGroup>]
2544
+ attr_accessor :mirroring_deployment_groups
2545
+
2546
+ # A token identifying a page of results the server should return.
2547
+ # Corresponds to the JSON property `nextPageToken`
2548
+ # @return [String]
2549
+ attr_accessor :next_page_token
2550
+
2551
+ def initialize(**args)
2552
+ update!(**args)
2553
+ end
2554
+
2555
+ # Update properties of this object
2556
+ def update!(**args)
2557
+ @mirroring_deployment_groups = args[:mirroring_deployment_groups] if args.key?(:mirroring_deployment_groups)
2558
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2559
+ end
2560
+ end
2561
+
2562
+ # Message for response to listing MirroringDeployments
2563
+ class ListMirroringDeploymentsResponse
2564
+ include Google::Apis::Core::Hashable
2565
+
2566
+ # The list of MirroringDeployment
2567
+ # Corresponds to the JSON property `mirroringDeployments`
2568
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeployment>]
2569
+ attr_accessor :mirroring_deployments
2570
+
2571
+ # A token identifying a page of results the server should return.
2572
+ # Corresponds to the JSON property `nextPageToken`
2573
+ # @return [String]
2574
+ attr_accessor :next_page_token
2575
+
2576
+ # Locations that could not be reached.
2577
+ # Corresponds to the JSON property `unreachable`
2578
+ # @return [Array<String>]
2579
+ attr_accessor :unreachable
2580
+
2581
+ def initialize(**args)
2582
+ update!(**args)
2583
+ end
2584
+
2585
+ # Update properties of this object
2586
+ def update!(**args)
2587
+ @mirroring_deployments = args[:mirroring_deployments] if args.key?(:mirroring_deployments)
2588
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
2589
+ @unreachable = args[:unreachable] if args.key?(:unreachable)
2590
+ end
2591
+ end
2592
+
2593
+ # Message for response to listing MirroringEndpointGroupAssociations
2594
+ class ListMirroringEndpointGroupAssociationsResponse
2595
+ include Google::Apis::Core::Hashable
2596
+
2597
+ # The list of MirroringEndpointGroupAssociation
2598
+ # Corresponds to the JSON property `mirroringEndpointGroupAssociations`
2599
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroupAssociation>]
2600
+ attr_accessor :mirroring_endpoint_group_associations
2601
+
2602
+ # A token identifying a page of results the server should return.
2603
+ # Corresponds to the JSON property `nextPageToken`
2604
+ # @return [String]
2605
+ attr_accessor :next_page_token
2606
+
2607
+ def initialize(**args)
2608
+ update!(**args)
2609
+ end
2610
+
2611
+ # Update properties of this object
2612
+ def update!(**args)
2613
+ @mirroring_endpoint_group_associations = args[:mirroring_endpoint_group_associations] if args.key?(:mirroring_endpoint_group_associations)
1463
2614
  @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
1464
- @unreachable = args[:unreachable] if args.key?(:unreachable)
1465
2615
  end
1466
2616
  end
1467
2617
 
1468
- # The response message for Locations.ListLocations.
1469
- class ListLocationsResponse
2618
+ # Message for response to listing MirroringEndpointGroups
2619
+ class ListMirroringEndpointGroupsResponse
1470
2620
  include Google::Apis::Core::Hashable
1471
2621
 
1472
- # A list of locations that matches the specified filter in the request.
1473
- # Corresponds to the JSON property `locations`
1474
- # @return [Array<Google::Apis::NetworksecurityV1beta1::Location>]
1475
- attr_accessor :locations
2622
+ # The list of MirroringEndpointGroup
2623
+ # Corresponds to the JSON property `mirroringEndpointGroups`
2624
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroup>]
2625
+ attr_accessor :mirroring_endpoint_groups
1476
2626
 
1477
- # The standard List next-page token.
2627
+ # A token identifying a page of results the server should return.
1478
2628
  # Corresponds to the JSON property `nextPageToken`
1479
2629
  # @return [String]
1480
2630
  attr_accessor :next_page_token
@@ -1485,7 +2635,7 @@ module Google
1485
2635
 
1486
2636
  # Update properties of this object
1487
2637
  def update!(**args)
1488
- @locations = args[:locations] if args.key?(:locations)
2638
+ @mirroring_endpoint_groups = args[:mirroring_endpoint_groups] if args.key?(:mirroring_endpoint_groups)
1489
2639
  @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
1490
2640
  end
1491
2641
  end
@@ -1748,6 +2898,313 @@ module Google
1748
2898
  end
1749
2899
  end
1750
2900
 
2901
+ # Message describing MirroringDeployment object
2902
+ class MirroringDeployment
2903
+ include Google::Apis::Core::Hashable
2904
+
2905
+ # Output only. [Output only] Create time stamp
2906
+ # Corresponds to the JSON property `createTime`
2907
+ # @return [String]
2908
+ attr_accessor :create_time
2909
+
2910
+ # Required. Immutable. The regional load balancer which the mirrored traffic
2911
+ # should be forwarded to. Format is: projects/`project`/regions/`region`/
2912
+ # forwardingRules/`forwardingRule`
2913
+ # Corresponds to the JSON property `forwardingRule`
2914
+ # @return [String]
2915
+ attr_accessor :forwarding_rule
2916
+
2917
+ # Optional. Labels as key value pairs
2918
+ # Corresponds to the JSON property `labels`
2919
+ # @return [Hash<String,String>]
2920
+ attr_accessor :labels
2921
+
2922
+ # Required. Immutable. The Mirroring Deployment Group that this resource is part
2923
+ # of. Format is: `projects/`project`/locations/global/mirroringDeploymentGroups/`
2924
+ # mirroringDeploymentGroup``
2925
+ # Corresponds to the JSON property `mirroringDeploymentGroup`
2926
+ # @return [String]
2927
+ attr_accessor :mirroring_deployment_group
2928
+
2929
+ # Immutable. Identifier. The name of the MirroringDeployment.
2930
+ # Corresponds to the JSON property `name`
2931
+ # @return [String]
2932
+ attr_accessor :name
2933
+
2934
+ # Output only. Whether reconciling is in progress, recommended per https://
2935
+ # google.aip.dev/128.
2936
+ # Corresponds to the JSON property `reconciling`
2937
+ # @return [Boolean]
2938
+ attr_accessor :reconciling
2939
+ alias_method :reconciling?, :reconciling
2940
+
2941
+ # Output only. Current state of the deployment.
2942
+ # Corresponds to the JSON property `state`
2943
+ # @return [String]
2944
+ attr_accessor :state
2945
+
2946
+ # Output only. [Output only] Update time stamp
2947
+ # Corresponds to the JSON property `updateTime`
2948
+ # @return [String]
2949
+ attr_accessor :update_time
2950
+
2951
+ def initialize(**args)
2952
+ update!(**args)
2953
+ end
2954
+
2955
+ # Update properties of this object
2956
+ def update!(**args)
2957
+ @create_time = args[:create_time] if args.key?(:create_time)
2958
+ @forwarding_rule = args[:forwarding_rule] if args.key?(:forwarding_rule)
2959
+ @labels = args[:labels] if args.key?(:labels)
2960
+ @mirroring_deployment_group = args[:mirroring_deployment_group] if args.key?(:mirroring_deployment_group)
2961
+ @name = args[:name] if args.key?(:name)
2962
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
2963
+ @state = args[:state] if args.key?(:state)
2964
+ @update_time = args[:update_time] if args.key?(:update_time)
2965
+ end
2966
+ end
2967
+
2968
+ # Message describing MirroringDeploymentGroup object NEXT ID: 10
2969
+ class MirroringDeploymentGroup
2970
+ include Google::Apis::Core::Hashable
2971
+
2972
+ # Output only. The list of Mirroring Endpoint Groups that are connected to this
2973
+ # resource.
2974
+ # Corresponds to the JSON property `connectedEndpointGroups`
2975
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeploymentGroupConnectedEndpointGroup>]
2976
+ attr_accessor :connected_endpoint_groups
2977
+
2978
+ # Output only. [Output only] Create time stamp
2979
+ # Corresponds to the JSON property `createTime`
2980
+ # @return [String]
2981
+ attr_accessor :create_time
2982
+
2983
+ # Optional. Labels as key value pairs
2984
+ # Corresponds to the JSON property `labels`
2985
+ # @return [Hash<String,String>]
2986
+ attr_accessor :labels
2987
+
2988
+ # Immutable. Identifier. Then name of the MirroringDeploymentGroup.
2989
+ # Corresponds to the JSON property `name`
2990
+ # @return [String]
2991
+ attr_accessor :name
2992
+
2993
+ # Required. Immutable. The network that is being used for the deployment. Format
2994
+ # is: projects/`project`/global/networks/`network`.
2995
+ # Corresponds to the JSON property `network`
2996
+ # @return [String]
2997
+ attr_accessor :network
2998
+
2999
+ # Output only. Whether reconciling is in progress, recommended per https://
3000
+ # google.aip.dev/128.
3001
+ # Corresponds to the JSON property `reconciling`
3002
+ # @return [Boolean]
3003
+ attr_accessor :reconciling
3004
+ alias_method :reconciling?, :reconciling
3005
+
3006
+ # Output only. Current state of the deployment group.
3007
+ # Corresponds to the JSON property `state`
3008
+ # @return [String]
3009
+ attr_accessor :state
3010
+
3011
+ # Output only. [Output only] Update time stamp
3012
+ # Corresponds to the JSON property `updateTime`
3013
+ # @return [String]
3014
+ attr_accessor :update_time
3015
+
3016
+ def initialize(**args)
3017
+ update!(**args)
3018
+ end
3019
+
3020
+ # Update properties of this object
3021
+ def update!(**args)
3022
+ @connected_endpoint_groups = args[:connected_endpoint_groups] if args.key?(:connected_endpoint_groups)
3023
+ @create_time = args[:create_time] if args.key?(:create_time)
3024
+ @labels = args[:labels] if args.key?(:labels)
3025
+ @name = args[:name] if args.key?(:name)
3026
+ @network = args[:network] if args.key?(:network)
3027
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
3028
+ @state = args[:state] if args.key?(:state)
3029
+ @update_time = args[:update_time] if args.key?(:update_time)
3030
+ end
3031
+ end
3032
+
3033
+ # An endpoint group connected to this deployment group.
3034
+ class MirroringDeploymentGroupConnectedEndpointGroup
3035
+ include Google::Apis::Core::Hashable
3036
+
3037
+ # Output only. A connected mirroring endpoint group.
3038
+ # Corresponds to the JSON property `name`
3039
+ # @return [String]
3040
+ attr_accessor :name
3041
+
3042
+ def initialize(**args)
3043
+ update!(**args)
3044
+ end
3045
+
3046
+ # Update properties of this object
3047
+ def update!(**args)
3048
+ @name = args[:name] if args.key?(:name)
3049
+ end
3050
+ end
3051
+
3052
+ # Message describing MirroringEndpointGroup object.
3053
+ class MirroringEndpointGroup
3054
+ include Google::Apis::Core::Hashable
3055
+
3056
+ # Output only. [Output only] Create time stamp
3057
+ # Corresponds to the JSON property `createTime`
3058
+ # @return [String]
3059
+ attr_accessor :create_time
3060
+
3061
+ # Optional. Labels as key value pairs
3062
+ # Corresponds to the JSON property `labels`
3063
+ # @return [Hash<String,String>]
3064
+ attr_accessor :labels
3065
+
3066
+ # Required. Immutable. The Mirroring Deployment Group that this resource is
3067
+ # connected to. Format is: `projects/`project`/locations/global/
3068
+ # mirroringDeploymentGroups/`mirroringDeploymentGroup``
3069
+ # Corresponds to the JSON property `mirroringDeploymentGroup`
3070
+ # @return [String]
3071
+ attr_accessor :mirroring_deployment_group
3072
+
3073
+ # Immutable. Identifier. Next ID: 11 The name of the MirroringEndpointGroup.
3074
+ # Corresponds to the JSON property `name`
3075
+ # @return [String]
3076
+ attr_accessor :name
3077
+
3078
+ # Output only. Whether reconciling is in progress, recommended per https://
3079
+ # google.aip.dev/128.
3080
+ # Corresponds to the JSON property `reconciling`
3081
+ # @return [Boolean]
3082
+ attr_accessor :reconciling
3083
+ alias_method :reconciling?, :reconciling
3084
+
3085
+ # Output only. Current state of the endpoint group.
3086
+ # Corresponds to the JSON property `state`
3087
+ # @return [String]
3088
+ attr_accessor :state
3089
+
3090
+ # Output only. [Output only] Update time stamp
3091
+ # Corresponds to the JSON property `updateTime`
3092
+ # @return [String]
3093
+ attr_accessor :update_time
3094
+
3095
+ def initialize(**args)
3096
+ update!(**args)
3097
+ end
3098
+
3099
+ # Update properties of this object
3100
+ def update!(**args)
3101
+ @create_time = args[:create_time] if args.key?(:create_time)
3102
+ @labels = args[:labels] if args.key?(:labels)
3103
+ @mirroring_deployment_group = args[:mirroring_deployment_group] if args.key?(:mirroring_deployment_group)
3104
+ @name = args[:name] if args.key?(:name)
3105
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
3106
+ @state = args[:state] if args.key?(:state)
3107
+ @update_time = args[:update_time] if args.key?(:update_time)
3108
+ end
3109
+ end
3110
+
3111
+ # Message describing MirroringEndpointGroupAssociation object
3112
+ class MirroringEndpointGroupAssociation
3113
+ include Google::Apis::Core::Hashable
3114
+
3115
+ # Output only. [Output only] Create time stamp
3116
+ # Corresponds to the JSON property `createTime`
3117
+ # @return [String]
3118
+ attr_accessor :create_time
3119
+
3120
+ # Optional. Labels as key value pairs
3121
+ # Corresponds to the JSON property `labels`
3122
+ # @return [Hash<String,String>]
3123
+ attr_accessor :labels
3124
+
3125
+ # Output only. The list of locations that this association is in and its details.
3126
+ # Corresponds to the JSON property `locationsDetails`
3127
+ # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroupAssociationLocationDetails>]
3128
+ attr_accessor :locations_details
3129
+
3130
+ # Required. Immutable. The Mirroring Endpoint Group that this resource is
3131
+ # connected to. Format is: `projects/`project`/locations/global/
3132
+ # mirroringEndpointGroups/`mirroringEndpointGroup``
3133
+ # Corresponds to the JSON property `mirroringEndpointGroup`
3134
+ # @return [String]
3135
+ attr_accessor :mirroring_endpoint_group
3136
+
3137
+ # Immutable. Identifier. The name of the MirroringEndpointGroupAssociation.
3138
+ # Corresponds to the JSON property `name`
3139
+ # @return [String]
3140
+ attr_accessor :name
3141
+
3142
+ # Required. Immutable. The VPC network associated. Format: projects/`project`/
3143
+ # global/networks/`network`.
3144
+ # Corresponds to the JSON property `network`
3145
+ # @return [String]
3146
+ attr_accessor :network
3147
+
3148
+ # Output only. Whether reconciling is in progress, recommended per https://
3149
+ # google.aip.dev/128.
3150
+ # Corresponds to the JSON property `reconciling`
3151
+ # @return [Boolean]
3152
+ attr_accessor :reconciling
3153
+ alias_method :reconciling?, :reconciling
3154
+
3155
+ # Output only. Current state of the endpoint group association.
3156
+ # Corresponds to the JSON property `state`
3157
+ # @return [String]
3158
+ attr_accessor :state
3159
+
3160
+ # Output only. [Output only] Update time stamp
3161
+ # Corresponds to the JSON property `updateTime`
3162
+ # @return [String]
3163
+ attr_accessor :update_time
3164
+
3165
+ def initialize(**args)
3166
+ update!(**args)
3167
+ end
3168
+
3169
+ # Update properties of this object
3170
+ def update!(**args)
3171
+ @create_time = args[:create_time] if args.key?(:create_time)
3172
+ @labels = args[:labels] if args.key?(:labels)
3173
+ @locations_details = args[:locations_details] if args.key?(:locations_details)
3174
+ @mirroring_endpoint_group = args[:mirroring_endpoint_group] if args.key?(:mirroring_endpoint_group)
3175
+ @name = args[:name] if args.key?(:name)
3176
+ @network = args[:network] if args.key?(:network)
3177
+ @reconciling = args[:reconciling] if args.key?(:reconciling)
3178
+ @state = args[:state] if args.key?(:state)
3179
+ @update_time = args[:update_time] if args.key?(:update_time)
3180
+ end
3181
+ end
3182
+
3183
+ # Details about the association status in a specific cloud location.
3184
+ class MirroringEndpointGroupAssociationLocationDetails
3185
+ include Google::Apis::Core::Hashable
3186
+
3187
+ # Output only. The cloud location.
3188
+ # Corresponds to the JSON property `location`
3189
+ # @return [String]
3190
+ attr_accessor :location
3191
+
3192
+ # Output only. The association state in this location.
3193
+ # Corresponds to the JSON property `state`
3194
+ # @return [String]
3195
+ attr_accessor :state
3196
+
3197
+ def initialize(**args)
3198
+ update!(**args)
3199
+ end
3200
+
3201
+ # Update properties of this object
3202
+ def update!(**args)
3203
+ @location = args[:location] if args.key?(:location)
3204
+ @state = args[:state] if args.key?(:state)
3205
+ end
3206
+ end
3207
+
1751
3208
  # This resource represents a long-running operation that is the result of a
1752
3209
  # network API call.
1753
3210
  class Operation
@@ -1936,7 +3393,7 @@ module Google
1936
3393
  end
1937
3394
 
1938
3395
  # SecurityProfile is a resource that defines the behavior for one of many
1939
- # ProfileTypes. Next ID: 11
3396
+ # ProfileTypes.
1940
3397
  class SecurityProfile
1941
3398
  include Google::Apis::Core::Hashable
1942
3399
 
@@ -1945,6 +3402,18 @@ module Google
1945
3402
  # @return [String]
1946
3403
  attr_accessor :create_time
1947
3404
 
3405
+ # CustomInterceptProfile defines the Packet Intercept Endpoint Group used to
3406
+ # intercept traffic to a third-party firewall in a Firewall rule.
3407
+ # Corresponds to the JSON property `customInterceptProfile`
3408
+ # @return [Google::Apis::NetworksecurityV1beta1::CustomInterceptProfile]
3409
+ attr_accessor :custom_intercept_profile
3410
+
3411
+ # CustomMirroringProfile defines an action for mirroring traffic to a collector'
3412
+ # s EndpointGroup
3413
+ # Corresponds to the JSON property `customMirroringProfile`
3414
+ # @return [Google::Apis::NetworksecurityV1beta1::CustomMirroringProfile]
3415
+ attr_accessor :custom_mirroring_profile
3416
+
1948
3417
  # Optional. An optional description of the profile. Max length 512 characters.
1949
3418
  # Corresponds to the JSON property `description`
1950
3419
  # @return [String]
@@ -1992,6 +3461,8 @@ module Google
1992
3461
  # Update properties of this object
1993
3462
  def update!(**args)
1994
3463
  @create_time = args[:create_time] if args.key?(:create_time)
3464
+ @custom_intercept_profile = args[:custom_intercept_profile] if args.key?(:custom_intercept_profile)
3465
+ @custom_mirroring_profile = args[:custom_mirroring_profile] if args.key?(:custom_mirroring_profile)
1995
3466
  @description = args[:description] if args.key?(:description)
1996
3467
  @etag = args[:etag] if args.key?(:etag)
1997
3468
  @labels = args[:labels] if args.key?(:labels)
@@ -2003,7 +3474,7 @@ module Google
2003
3474
  end
2004
3475
 
2005
3476
  # SecurityProfileGroup is a resource that defines the behavior for various
2006
- # ProfileTypes. Next ID: 10
3477
+ # ProfileTypes.
2007
3478
  class SecurityProfileGroup
2008
3479
  include Google::Apis::Core::Hashable
2009
3480
 
@@ -2012,6 +3483,18 @@ module Google
2012
3483
  # @return [String]
2013
3484
  attr_accessor :create_time
2014
3485
 
3486
+ # Optional. Reference to a SecurityProfile with the CustomIntercept
3487
+ # configuration.
3488
+ # Corresponds to the JSON property `customInterceptProfile`
3489
+ # @return [String]
3490
+ attr_accessor :custom_intercept_profile
3491
+
3492
+ # Optional. Reference to a SecurityProfile with the CustomMirroring
3493
+ # configuration.
3494
+ # Corresponds to the JSON property `customMirroringProfile`
3495
+ # @return [String]
3496
+ attr_accessor :custom_mirroring_profile
3497
+
2015
3498
  # Optional. An optional description of the profile group. Max length 2048
2016
3499
  # characters.
2017
3500
  # Corresponds to the JSON property `description`
@@ -2037,8 +3520,8 @@ module Google
2037
3520
  # @return [String]
2038
3521
  attr_accessor :name
2039
3522
 
2040
- # Optional. Reference to a SecurityProfile with the threat prevention
2041
- # configuration for the SecurityProfileGroup.
3523
+ # Optional. Reference to a SecurityProfile with the ThreatPrevention
3524
+ # configuration.
2042
3525
  # Corresponds to the JSON property `threatPreventionProfile`
2043
3526
  # @return [String]
2044
3527
  attr_accessor :threat_prevention_profile
@@ -2055,6 +3538,8 @@ module Google
2055
3538
  # Update properties of this object
2056
3539
  def update!(**args)
2057
3540
  @create_time = args[:create_time] if args.key?(:create_time)
3541
+ @custom_intercept_profile = args[:custom_intercept_profile] if args.key?(:custom_intercept_profile)
3542
+ @custom_mirroring_profile = args[:custom_mirroring_profile] if args.key?(:custom_mirroring_profile)
2058
3543
  @description = args[:description] if args.key?(:description)
2059
3544
  @etag = args[:etag] if args.key?(:etag)
2060
3545
  @labels = args[:labels] if args.key?(:labels)