google-cloud-network_security-v1 0.a → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (126) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +12 -0
  3. data/AUTHENTICATION.md +122 -0
  4. data/README.md +154 -8
  5. data/lib/google/cloud/network_security/v1/address_group_service/client.rb +1457 -0
  6. data/lib/google/cloud/network_security/v1/address_group_service/credentials.rb +47 -0
  7. data/lib/google/cloud/network_security/v1/address_group_service/operations.rb +843 -0
  8. data/lib/google/cloud/network_security/v1/address_group_service/paths.rb +110 -0
  9. data/lib/google/cloud/network_security/v1/address_group_service.rb +52 -0
  10. data/lib/google/cloud/network_security/v1/dns_threat_detector_service/client.rb +900 -0
  11. data/lib/google/cloud/network_security/v1/dns_threat_detector_service/credentials.rb +47 -0
  12. data/lib/google/cloud/network_security/v1/dns_threat_detector_service/paths.rb +86 -0
  13. data/lib/google/cloud/network_security/v1/dns_threat_detector_service.rb +49 -0
  14. data/lib/google/cloud/network_security/v1/firewall_activation/client.rb +2098 -0
  15. data/lib/google/cloud/network_security/v1/firewall_activation/credentials.rb +47 -0
  16. data/lib/google/cloud/network_security/v1/firewall_activation/operations.rb +843 -0
  17. data/lib/google/cloud/network_security/v1/firewall_activation/paths.rb +165 -0
  18. data/lib/google/cloud/network_security/v1/firewall_activation.rb +50 -0
  19. data/lib/google/cloud/network_security/v1/intercept/client.rb +2599 -0
  20. data/lib/google/cloud/network_security/v1/intercept/credentials.rb +47 -0
  21. data/lib/google/cloud/network_security/v1/intercept/operations.rb +843 -0
  22. data/lib/google/cloud/network_security/v1/intercept/paths.rb +160 -0
  23. data/lib/google/cloud/network_security/v1/intercept.rb +51 -0
  24. data/lib/google/cloud/network_security/v1/mirroring/client.rb +2598 -0
  25. data/lib/google/cloud/network_security/v1/mirroring/credentials.rb +47 -0
  26. data/lib/google/cloud/network_security/v1/mirroring/operations.rb +843 -0
  27. data/lib/google/cloud/network_security/v1/mirroring/paths.rb +160 -0
  28. data/lib/google/cloud/network_security/v1/mirroring.rb +50 -0
  29. data/lib/google/cloud/network_security/v1/network_security/client.rb +5161 -0
  30. data/lib/google/cloud/network_security/v1/network_security/credentials.rb +47 -0
  31. data/lib/google/cloud/network_security/v1/network_security/operations.rb +843 -0
  32. data/lib/google/cloud/network_security/v1/network_security/paths.rb +280 -0
  33. data/lib/google/cloud/network_security/v1/network_security.rb +52 -0
  34. data/lib/google/cloud/network_security/v1/organization_address_group_service/client.rb +1457 -0
  35. data/lib/google/cloud/network_security/v1/organization_address_group_service/credentials.rb +47 -0
  36. data/lib/google/cloud/network_security/v1/organization_address_group_service/operations.rb +843 -0
  37. data/lib/google/cloud/network_security/v1/organization_address_group_service/paths.rb +110 -0
  38. data/lib/google/cloud/network_security/v1/organization_address_group_service.rb +52 -0
  39. data/lib/google/cloud/network_security/v1/organization_security_profile_group_service/client.rb +1471 -0
  40. data/lib/google/cloud/network_security/v1/organization_security_profile_group_service/credentials.rb +47 -0
  41. data/lib/google/cloud/network_security/v1/organization_security_profile_group_service/operations.rb +843 -0
  42. data/lib/google/cloud/network_security/v1/organization_security_profile_group_service/paths.rb +191 -0
  43. data/lib/google/cloud/network_security/v1/organization_security_profile_group_service.rb +50 -0
  44. data/lib/google/cloud/network_security/v1/security_profile_group_service/client.rb +1472 -0
  45. data/lib/google/cloud/network_security/v1/security_profile_group_service/credentials.rb +47 -0
  46. data/lib/google/cloud/network_security/v1/security_profile_group_service/operations.rb +843 -0
  47. data/lib/google/cloud/network_security/v1/security_profile_group_service/paths.rb +191 -0
  48. data/lib/google/cloud/network_security/v1/security_profile_group_service.rb +51 -0
  49. data/lib/google/cloud/network_security/v1/sse_realm_service/client.rb +1316 -0
  50. data/lib/google/cloud/network_security/v1/sse_realm_service/credentials.rb +47 -0
  51. data/lib/google/cloud/network_security/v1/sse_realm_service/operations.rb +843 -0
  52. data/lib/google/cloud/network_security/v1/sse_realm_service/paths.rb +88 -0
  53. data/lib/google/cloud/network_security/v1/sse_realm_service.rb +50 -0
  54. data/lib/google/cloud/network_security/v1/version.rb +7 -2
  55. data/lib/google/cloud/network_security/v1.rb +49 -0
  56. data/lib/google/cloud/networksecurity/v1/address_group_pb.rb +46 -0
  57. data/lib/google/cloud/networksecurity/v1/address_group_services_pb.rb +97 -0
  58. data/lib/google/cloud/networksecurity/v1/authorization_policy_pb.rb +37 -0
  59. data/lib/google/cloud/networksecurity/v1/authz_policy_pb.rb +56 -0
  60. data/lib/google/cloud/networksecurity/v1/backend_authentication_config_pb.rb +33 -0
  61. data/lib/google/cloud/networksecurity/v1/client_tls_policy_pb.rb +33 -0
  62. data/lib/google/cloud/networksecurity/v1/common_pb.rb +24 -0
  63. data/lib/google/cloud/networksecurity/v1/dns_threat_detector_pb.rb +36 -0
  64. data/lib/google/cloud/networksecurity/v1/dns_threat_detector_services_pb.rb +53 -0
  65. data/lib/google/cloud/networksecurity/v1/firewall_activation_pb.rb +48 -0
  66. data/lib/google/cloud/networksecurity/v1/firewall_activation_services_pb.rb +73 -0
  67. data/lib/google/cloud/networksecurity/v1/gateway_security_policy_pb.rb +32 -0
  68. data/lib/google/cloud/networksecurity/v1/gateway_security_policy_rule_pb.rb +33 -0
  69. data/lib/google/cloud/networksecurity/v1/intercept_pb.rb +71 -0
  70. data/lib/google/cloud/networksecurity/v1/intercept_services_pb.rb +104 -0
  71. data/lib/google/cloud/networksecurity/v1/mirroring_pb.rb +72 -0
  72. data/lib/google/cloud/networksecurity/v1/mirroring_services_pb.rb +103 -0
  73. data/lib/google/cloud/networksecurity/v1/network_security_pb.rb +35 -0
  74. data/lib/google/cloud/networksecurity/v1/network_security_services_pb.rb +138 -0
  75. data/lib/google/cloud/networksecurity/v1/security_profile_group_intercept_pb.rb +24 -0
  76. data/lib/google/cloud/networksecurity/v1/security_profile_group_mirroring_pb.rb +24 -0
  77. data/lib/google/cloud/networksecurity/v1/security_profile_group_pb.rb +31 -0
  78. data/lib/google/cloud/networksecurity/v1/security_profile_group_service_pb.rb +42 -0
  79. data/lib/google/cloud/networksecurity/v1/security_profile_group_service_services_pb.rb +98 -0
  80. data/lib/google/cloud/networksecurity/v1/security_profile_group_threatprevention_pb.rb +30 -0
  81. data/lib/google/cloud/networksecurity/v1/security_profile_group_urlfiltering_pb.rb +25 -0
  82. data/lib/google/cloud/networksecurity/v1/server_tls_policy_pb.rb +35 -0
  83. data/lib/google/cloud/networksecurity/v1/sse_realm_pb.rb +46 -0
  84. data/lib/google/cloud/networksecurity/v1/sse_realm_services_pb.rb +59 -0
  85. data/lib/google/cloud/networksecurity/v1/tls_inspection_policy_pb.rb +34 -0
  86. data/lib/google/cloud/networksecurity/v1/tls_pb.rb +26 -0
  87. data/lib/google/cloud/networksecurity/v1/url_list_pb.rb +32 -0
  88. data/lib/google-cloud-network_security-v1.rb +21 -0
  89. data/proto_docs/README.md +4 -0
  90. data/proto_docs/google/api/client.rb +593 -0
  91. data/proto_docs/google/api/field_behavior.rb +85 -0
  92. data/proto_docs/google/api/field_info.rb +88 -0
  93. data/proto_docs/google/api/launch_stage.rb +71 -0
  94. data/proto_docs/google/api/resource.rb +227 -0
  95. data/proto_docs/google/cloud/networksecurity/v1/address_group.rb +374 -0
  96. data/proto_docs/google/cloud/networksecurity/v1/authorization_policy.rb +263 -0
  97. data/proto_docs/google/cloud/networksecurity/v1/authz_policy.rb +735 -0
  98. data/proto_docs/google/cloud/networksecurity/v1/backend_authentication_config.rb +217 -0
  99. data/proto_docs/google/cloud/networksecurity/v1/client_tls_policy.rb +162 -0
  100. data/proto_docs/google/cloud/networksecurity/v1/common.rb +57 -0
  101. data/proto_docs/google/cloud/networksecurity/v1/dns_threat_detector.rb +159 -0
  102. data/proto_docs/google/cloud/networksecurity/v1/firewall_activation.rb +469 -0
  103. data/proto_docs/google/cloud/networksecurity/v1/gateway_security_policy.rb +144 -0
  104. data/proto_docs/google/cloud/networksecurity/v1/gateway_security_policy_rule.rb +178 -0
  105. data/proto_docs/google/cloud/networksecurity/v1/intercept.rb +960 -0
  106. data/proto_docs/google/cloud/networksecurity/v1/mirroring.rb +970 -0
  107. data/proto_docs/google/cloud/networksecurity/v1/security_profile_group.rb +166 -0
  108. data/proto_docs/google/cloud/networksecurity/v1/security_profile_group_intercept.rb +38 -0
  109. data/proto_docs/google/cloud/networksecurity/v1/security_profile_group_mirroring.rb +38 -0
  110. data/proto_docs/google/cloud/networksecurity/v1/security_profile_group_service.rb +211 -0
  111. data/proto_docs/google/cloud/networksecurity/v1/security_profile_group_threatprevention.rb +193 -0
  112. data/proto_docs/google/cloud/networksecurity/v1/security_profile_group_urlfiltering.rb +66 -0
  113. data/proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb +251 -0
  114. data/proto_docs/google/cloud/networksecurity/v1/sse_realm.rb +388 -0
  115. data/proto_docs/google/cloud/networksecurity/v1/tls.rb +90 -0
  116. data/proto_docs/google/cloud/networksecurity/v1/tls_inspection_policy.rb +239 -0
  117. data/proto_docs/google/cloud/networksecurity/v1/url_list.rb +144 -0
  118. data/proto_docs/google/longrunning/operations.rb +191 -0
  119. data/proto_docs/google/protobuf/any.rb +145 -0
  120. data/proto_docs/google/protobuf/duration.rb +98 -0
  121. data/proto_docs/google/protobuf/empty.rb +34 -0
  122. data/proto_docs/google/protobuf/field_mask.rb +229 -0
  123. data/proto_docs/google/protobuf/timestamp.rb +127 -0
  124. data/proto_docs/google/rpc/status.rb +48 -0
  125. data/proto_docs/google/type/expr.rb +75 -0
  126. metadata +186 -9
@@ -0,0 +1,735 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2026 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module NetworkSecurity
23
+ module V1
24
+ # `AuthzPolicy` is a resource that allows to forward traffic to a
25
+ # callout backend designed to scan the traffic for security purposes.
26
+ # @!attribute [rw] name
27
+ # @return [::String]
28
+ # Required. Identifier. Name of the `AuthzPolicy` resource in the following
29
+ # format:
30
+ # `projects/{project}/locations/{location}/authzPolicies/{authz_policy}`.
31
+ # @!attribute [r] create_time
32
+ # @return [::Google::Protobuf::Timestamp]
33
+ # Output only. The timestamp when the resource was created.
34
+ # @!attribute [r] update_time
35
+ # @return [::Google::Protobuf::Timestamp]
36
+ # Output only. The timestamp when the resource was updated.
37
+ # @!attribute [rw] description
38
+ # @return [::String]
39
+ # Optional. A human-readable description of the resource.
40
+ # @!attribute [rw] labels
41
+ # @return [::Google::Protobuf::Map{::String => ::String}]
42
+ # Optional. Set of labels associated with the `AuthzPolicy` resource.
43
+ #
44
+ # The format must comply with [the following
45
+ # requirements](/compute/docs/labeling-resources#requirements).
46
+ # @!attribute [rw] target
47
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::Target]
48
+ # Required. Specifies the set of resources to which this policy should be
49
+ # applied to.
50
+ # @!attribute [rw] http_rules
51
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>]
52
+ # Optional. A list of authorization HTTP rules to match against the incoming
53
+ # request. A policy match occurs when at least one HTTP rule matches the
54
+ # request or when no HTTP rules are specified in the policy.
55
+ # At least one HTTP Rule is required for Allow or Deny Action. Limited
56
+ # to 5 rules.
57
+ # @!attribute [rw] network_rules
58
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule>]
59
+ # Optional. A list of authorization network rules to match against the
60
+ # incoming request. A policy match occurs when at least one network rule
61
+ # matches the request.
62
+ # At least one network rule is required for Allow or Deny Action if no HTTP
63
+ # rules are provided. Network rules are mutually exclusive with HTTP rules.
64
+ # Limited to 5 rules.
65
+ # @!attribute [rw] action
66
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzAction]
67
+ # Required. Can be one of `ALLOW`, `DENY`, `CUSTOM`.
68
+ #
69
+ # When the action is `CUSTOM`, `customProvider` must be specified.
70
+ #
71
+ # When the action is `ALLOW`, only requests matching the policy will
72
+ # be allowed.
73
+ #
74
+ # When the action is `DENY`, only requests matching the policy will be
75
+ # denied.
76
+ #
77
+ # When a request arrives, the policies are evaluated in the following order:
78
+ #
79
+ # 1. If there is a `CUSTOM` policy that matches the request, the `CUSTOM`
80
+ # policy is evaluated using the custom authorization providers and the
81
+ # request is denied if the provider rejects the request.
82
+ #
83
+ # 2. If there are any `DENY` policies that match the request, the request
84
+ # is denied.
85
+ #
86
+ # 3. If there are no `ALLOW` policies for the resource or if any of the
87
+ # `ALLOW` policies match the request, the request is allowed.
88
+ #
89
+ # 4. Else the request is denied by default if none of the configured
90
+ # AuthzPolicies with `ALLOW` action match the request.
91
+ # @!attribute [rw] custom_provider
92
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::CustomProvider]
93
+ # Optional. Required if the action is `CUSTOM`. Allows delegating
94
+ # authorization decisions to Cloud IAP or to Service Extensions. One of
95
+ # `cloudIap` or `authzExtension` must be specified.
96
+ # @!attribute [rw] policy_profile
97
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::PolicyProfile]
98
+ # Optional. Immutable. Defines the type of authorization being performed.
99
+ # If not specified, `REQUEST_AUTHZ` is applied. This field cannot be changed
100
+ # once AuthzPolicy is created.
101
+ class AuthzPolicy
102
+ include ::Google::Protobuf::MessageExts
103
+ extend ::Google::Protobuf::MessageExts::ClassMethods
104
+
105
+ # Specifies the set of targets to which this policy should be applied to.
106
+ # @!attribute [rw] load_balancing_scheme
107
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::LoadBalancingScheme]
108
+ # Optional. All gateways and forwarding rules referenced by this policy and
109
+ # extensions must share the same load balancing scheme. Required only when
110
+ # targeting forwarding rules. If targeting Secure Web Proxy, this field
111
+ # must be `INTERNAL_MANAGED` or not specified. Must not be specified
112
+ # when targeting Agent Gateway. Supported values:
113
+ # `INTERNAL_MANAGED` and `EXTERNAL_MANAGED`. For more information, refer
114
+ # to [Backend services
115
+ # overview](https://cloud.google.com/load-balancing/docs/backend-service).
116
+ # @!attribute [rw] resources
117
+ # @return [::Array<::String>]
118
+ # Required. A list of references to the Forwarding Rules, Secure Web Proxy
119
+ # Gateways, or Agent Gateways on which this policy will be applied.
120
+ class Target
121
+ include ::Google::Protobuf::MessageExts
122
+ extend ::Google::Protobuf::MessageExts::ClassMethods
123
+ end
124
+
125
+ # Conditions to match against the incoming request.
126
+ # @!attribute [rw] from
127
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::From]
128
+ # Optional. Describes properties of a source of a request.
129
+ # @!attribute [rw] to
130
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To]
131
+ # Optional. Describes properties of a target of a request.
132
+ # @!attribute [rw] when
133
+ # @return [::String]
134
+ # Optional. CEL expression that describes the conditions to be satisfied
135
+ # for the action. The result of the CEL expression is ANDed with the from
136
+ # and to. Refer to the CEL language reference for a list of available
137
+ # attributes.
138
+ class AuthzRule
139
+ include ::Google::Protobuf::MessageExts
140
+ extend ::Google::Protobuf::MessageExts::ClassMethods
141
+
142
+ # Determines how a string value should be matched.
143
+ # @!attribute [rw] exact
144
+ # @return [::String]
145
+ # The input string must match exactly the string specified here.
146
+ #
147
+ # Examples:
148
+ #
149
+ # * ``abc`` only matches the value ``abc``.
150
+ #
151
+ # Note: The following fields are mutually exclusive: `exact`, `prefix`, `suffix`, `contains`. If a field in that set is populated, all other fields in the set will automatically be cleared.
152
+ # @!attribute [rw] prefix
153
+ # @return [::String]
154
+ # The input string must have the prefix specified here.
155
+ # Note: empty prefix is not allowed, please use regex instead.
156
+ #
157
+ # Examples:
158
+ #
159
+ # * ``abc`` matches the value ``abc.xyz``
160
+ #
161
+ # Note: The following fields are mutually exclusive: `prefix`, `exact`, `suffix`, `contains`. If a field in that set is populated, all other fields in the set will automatically be cleared.
162
+ # @!attribute [rw] suffix
163
+ # @return [::String]
164
+ # The input string must have the suffix specified here.
165
+ # Note: empty prefix is not allowed, please use regex instead.
166
+ #
167
+ # Examples:
168
+ #
169
+ # * ``abc`` matches the value ``xyz.abc``
170
+ #
171
+ # Note: The following fields are mutually exclusive: `suffix`, `exact`, `prefix`, `contains`. If a field in that set is populated, all other fields in the set will automatically be cleared.
172
+ # @!attribute [rw] contains
173
+ # @return [::String]
174
+ # The input string must have the substring specified here.
175
+ # Note: empty contains match is not allowed, please use regex instead.
176
+ #
177
+ # Examples:
178
+ #
179
+ # * ``abc`` matches the value ``xyz.abc.def``
180
+ #
181
+ # Note: The following fields are mutually exclusive: `contains`, `exact`, `prefix`, `suffix`. If a field in that set is populated, all other fields in the set will automatically be cleared.
182
+ # @!attribute [rw] ignore_case
183
+ # @return [::Boolean]
184
+ # If true, indicates the exact/prefix/suffix/contains matching should be
185
+ # case insensitive. For example, the matcher ``data`` will match both
186
+ # input string ``Data`` and ``data`` if set to true.
187
+ class StringMatch
188
+ include ::Google::Protobuf::MessageExts
189
+ extend ::Google::Protobuf::MessageExts::ClassMethods
190
+ end
191
+
192
+ # Represents a range of IP Addresses.
193
+ # @!attribute [rw] prefix
194
+ # @return [::String]
195
+ # Required. The address prefix.
196
+ # @!attribute [rw] length
197
+ # @return [::Integer]
198
+ # Required. The length of the address range.
199
+ class IpBlock
200
+ include ::Google::Protobuf::MessageExts
201
+ extend ::Google::Protobuf::MessageExts::ClassMethods
202
+ end
203
+
204
+ # Describes the properties of a client VM resource accessing the internal
205
+ # application load balancers.
206
+ # @!attribute [rw] tag_value_id_set
207
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::RequestResource::TagValueIdSet]
208
+ # Optional. A list of resource tag value permanent IDs to match against
209
+ # the resource manager tags value associated with the source VM of a
210
+ # request.
211
+ # @!attribute [rw] iam_service_account
212
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch]
213
+ # Optional. An IAM service account to match against the source
214
+ # service account of the VM sending the request.
215
+ class RequestResource
216
+ include ::Google::Protobuf::MessageExts
217
+ extend ::Google::Protobuf::MessageExts::ClassMethods
218
+
219
+ # Describes a set of resource tag value permanent IDs to match against
220
+ # the resource manager tags value associated with the source VM of a
221
+ # request.
222
+ # @!attribute [rw] ids
223
+ # @return [::Array<::Integer>]
224
+ # Required. A list of resource tag value permanent IDs to match against
225
+ # the resource manager tags value associated with the source VM of a
226
+ # request. The match follows AND semantics which means all
227
+ # the ids must match. Limited to 5 ids in the Tag value id set.
228
+ class TagValueIdSet
229
+ include ::Google::Protobuf::MessageExts
230
+ extend ::Google::Protobuf::MessageExts::ClassMethods
231
+ end
232
+ end
233
+
234
+ # Determines how a HTTP header should be matched.
235
+ # @!attribute [rw] name
236
+ # @return [::String]
237
+ # Optional. Specifies the name of the header in the request.
238
+ # @!attribute [rw] value
239
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch]
240
+ # Optional. Specifies how the header match will be performed.
241
+ class HeaderMatch
242
+ include ::Google::Protobuf::MessageExts
243
+ extend ::Google::Protobuf::MessageExts::ClassMethods
244
+ end
245
+
246
+ # Describes the properties of a principal to be matched against.
247
+ # @!attribute [rw] principal_selector
248
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::Principal::PrincipalSelector]
249
+ # Optional. An enum to decide what principal value the principal rule
250
+ # will match against. If not specified, the PrincipalSelector is
251
+ # CLIENT_CERT_URI_SAN.
252
+ # @!attribute [rw] principal
253
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch]
254
+ # Required. A non-empty string whose value is matched against the
255
+ # principal value based on the principal_selector. Only exact match can
256
+ # be applied for CLIENT_CERT_URI_SAN, CLIENT_CERT_DNS_NAME_SAN,
257
+ # CLIENT_CERT_COMMON_NAME selectors.
258
+ class Principal
259
+ include ::Google::Protobuf::MessageExts
260
+ extend ::Google::Protobuf::MessageExts::ClassMethods
261
+
262
+ # The principal value the principal rule will match against.
263
+ module PrincipalSelector
264
+ # Unspecified principal selector. It will be treated as
265
+ # CLIENT_CERT_URI_SAN by default.
266
+ PRINCIPAL_SELECTOR_UNSPECIFIED = 0
267
+
268
+ # The principal rule is matched against a list of URI SANs in the
269
+ # validated client's certificate. A match happens when there is any
270
+ # exact URI SAN value match. This is the default principal selector.
271
+ CLIENT_CERT_URI_SAN = 1
272
+
273
+ # The principal rule is matched against a list of DNS Name SANs in the
274
+ # validated client's certificate. A match happens when there is any
275
+ # exact DNS Name SAN value match.
276
+ # This is only applicable for Application Load Balancers
277
+ # except for classic Global External Application load balancer.
278
+ # CLIENT_CERT_DNS_NAME_SAN is not supported for INTERNAL_SELF_MANAGED
279
+ # load balancing scheme.
280
+ CLIENT_CERT_DNS_NAME_SAN = 2
281
+
282
+ # The principal rule is matched against the common name in the client's
283
+ # certificate. Authorization against multiple common names in the
284
+ # client certificate is not supported. Requests with multiple common
285
+ # names in the client certificate will be rejected if
286
+ # CLIENT_CERT_COMMON_NAME is set as the principal selector. A match
287
+ # happens when there is an exact common name value match.
288
+ # This is only applicable for Application Load Balancers
289
+ # except for global external Application Load Balancer and
290
+ # classic Application Load Balancer.
291
+ # CLIENT_CERT_COMMON_NAME is not supported for INTERNAL_SELF_MANAGED
292
+ # load balancing scheme.
293
+ CLIENT_CERT_COMMON_NAME = 3
294
+ end
295
+ end
296
+
297
+ # Describes properties of one or more sources of a request.
298
+ # @!attribute [rw] sources
299
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::From::RequestSource>]
300
+ # Optional. Describes the properties of a request's sources. At least one
301
+ # of sources or notSources must be specified. Limited to 1 source.
302
+ # A match occurs when ANY source (in sources or notSources) matches the
303
+ # request. Within a single source, the match follows AND semantics
304
+ # across fields and OR semantics within a single field, i.e. a match
305
+ # occurs when ANY principal matches AND ANY ipBlocks match.
306
+ # @!attribute [rw] not_sources
307
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::From::RequestSource>]
308
+ # Optional. Describes the negated properties of request sources. Matches
309
+ # requests from sources that do not match the criteria specified in this
310
+ # field. At least one of sources or notSources must be specified.
311
+ class From
312
+ include ::Google::Protobuf::MessageExts
313
+ extend ::Google::Protobuf::MessageExts::ClassMethods
314
+
315
+ # Describes the properties of a single source.
316
+ # @!attribute [rw] principals
317
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::Principal>]
318
+ # Optional. A list of identities derived from the client's certificate.
319
+ # This field will not match on a request unless frontend mutual TLS is
320
+ # enabled for the forwarding rule or Gateway and the client certificate
321
+ # has been successfully validated by mTLS.
322
+ # Each identity is a string whose value is matched against a list of
323
+ # URI SANs, DNS Name SANs, or the common name in the client's
324
+ # certificate. A match happens when any principal matches with the
325
+ # rule. Limited to 50 principals per Authorization Policy for regional
326
+ # internal Application Load Balancers, regional external Application
327
+ # Load Balancers, cross-region internal Application Load Balancers, and
328
+ # Cloud Service Mesh. This field is not supported for global external
329
+ # Application Load Balancers.
330
+ # @!attribute [rw] ip_blocks
331
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::IpBlock>]
332
+ # Optional. A list of IP addresses or IP address ranges to match
333
+ # against the source IP address of the request. Limited to 10 ip_blocks
334
+ # per Authorization Policy
335
+ # @!attribute [rw] resources
336
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::RequestResource>]
337
+ # Optional. A list of resources to match against the resource of the
338
+ # source VM of a request. Limited to 10 resources per Authorization
339
+ # Policy.
340
+ class RequestSource
341
+ include ::Google::Protobuf::MessageExts
342
+ extend ::Google::Protobuf::MessageExts::ClassMethods
343
+ end
344
+ end
345
+
346
+ # Describes properties of one or more targets of a request.
347
+ # @!attribute [rw] operations
348
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation>]
349
+ # Optional. Describes properties of one or more targets of a request. At
350
+ # least one of operations or notOperations must be specified. Limited to
351
+ # 1 operation. A match occurs when ANY operation (in operations or
352
+ # notOperations) matches. Within an operation, the match follows AND
353
+ # semantics across fields and OR semantics within a field, i.e. a match
354
+ # occurs when ANY path matches AND ANY header matches and ANY method
355
+ # matches.
356
+ # @!attribute [rw] not_operations
357
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation>]
358
+ # Optional. Describes the negated properties of the targets of a request.
359
+ # Matches requests for operations that do not match the criteria
360
+ # specified in this field. At least one of operations or notOperations
361
+ # must be specified.
362
+ class To
363
+ include ::Google::Protobuf::MessageExts
364
+ extend ::Google::Protobuf::MessageExts::ClassMethods
365
+
366
+ # Describes properties of one or more targets of a request.
367
+ # @!attribute [rw] header_set
368
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::HeaderSet]
369
+ # Optional. A list of headers to match against in http header.
370
+ # @!attribute [rw] hosts
371
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>]
372
+ # Optional. A list of HTTP Hosts to match against. The match can be one
373
+ # of exact, prefix, suffix, or contains (substring match). Matches are
374
+ # always case sensitive unless the ignoreCase is set. Limited to 10
375
+ # hosts per Authorization Policy.
376
+ # @!attribute [rw] paths
377
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>]
378
+ # Optional. A list of paths to match against. The match can be one of
379
+ # exact, prefix, suffix, or contains (substring match). Matches are
380
+ # always case sensitive unless the ignoreCase is set. Limited to 10
381
+ # paths per Authorization Policy.
382
+ # Note that this path match includes the query parameters. For gRPC
383
+ # services, this should be a fully-qualified name of the form
384
+ # /package.service/method.
385
+ # @!attribute [rw] methods
386
+ # @return [::Array<::String>]
387
+ # Optional. A list of HTTP methods to match against. Each entry must be
388
+ # a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE,
389
+ # OPTIONS). It only allows exact match and is always case sensitive.
390
+ # Limited to 10 methods per Authorization Policy.
391
+ # @!attribute [rw] mcp
392
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::MCP]
393
+ # Optional. Defines the MCP protocol attributes to match on. If the MCP
394
+ # payload in the request body cannot be successfully parsed, the
395
+ # request will be denied. This field can be set only for AuthzPolicies
396
+ # targeting AgentGateway resources.
397
+ # @!attribute [rw] snis
398
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>]
399
+ # Optional. A list of SNIs to match against. The match can be one of
400
+ # exact, prefix, suffix, or contains (substring match). If there is no
401
+ # SNI (i.e. plaintext HTTP traffic), the request will be denied.
402
+ # Matches are always case sensitive unless the ignoreCase is set.
403
+ # Limited to 10 SNIs per Authorization Policy.
404
+ class RequestOperation
405
+ include ::Google::Protobuf::MessageExts
406
+ extend ::Google::Protobuf::MessageExts::ClassMethods
407
+
408
+ # Describes a set of HTTP headers to match against.
409
+ # @!attribute [rw] headers
410
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::HeaderMatch>]
411
+ # Required. A list of headers to match against in http header.
412
+ # The match can be one of exact, prefix, suffix, or contains
413
+ # (substring match). The match follows AND semantics which means all
414
+ # the headers must match. Matches are always case sensitive unless
415
+ # the ignoreCase is set. Limited to 10 headers per Authorization
416
+ # Policy.
417
+ class HeaderSet
418
+ include ::Google::Protobuf::MessageExts
419
+ extend ::Google::Protobuf::MessageExts::ClassMethods
420
+ end
421
+
422
+ # Describes a set of MCP methods to match against.
423
+ # @!attribute [rw] name
424
+ # @return [::String]
425
+ # Required. The MCP method to match against. Allowed values are as
426
+ # follows:
427
+ # 1. `tools`, `prompts`, `resources` - these will match against all
428
+ # sub methods under the respective methods.
429
+ # 2. `prompts/list`, `tools/list`, `resources/list`,
430
+ # `resources/templates/list`
431
+ # 3. `prompts/get`, `tools/call`, `resources/subscribe`,
432
+ # `resources/unsubscribe`, `resources/read`
433
+ # Params cannot be specified for categories 1 and 2.
434
+ # @!attribute [rw] params
435
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>]
436
+ # Optional. A list of MCP method parameters to match against. The
437
+ # match can be one of exact, prefix, suffix, or contains (substring
438
+ # match). Matches are always case sensitive unless the ignoreCase is
439
+ # set. Limited to 10 MCP method parameters per Authorization Policy.
440
+ class MCPMethod
441
+ include ::Google::Protobuf::MessageExts
442
+ extend ::Google::Protobuf::MessageExts::ClassMethods
443
+ end
444
+
445
+ # Describes a set of MCP protocol attributes to match against for a
446
+ # given MCP request.
447
+ # @!attribute [rw] base_protocol_methods_option
448
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::BaseProtocolMethodsOption]
449
+ # Optional. If specified, matches on the MCP protocol’s non-access
450
+ # specific methods namely:
451
+ # * initialize
452
+ # * completion/
453
+ # * logging/
454
+ # * notifications/
455
+ # * ping
456
+ # Defaults to SKIP_BASE_PROTOCOL_METHODS if not specified.
457
+ # @!attribute [rw] methods
458
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::MCPMethod>]
459
+ # Optional. A list of MCP methods and associated parameters to match
460
+ # on. It is recommended to use this field to match on tools, prompts
461
+ # and resource accesses while setting the baseProtocolMethodsOption
462
+ # to MATCH_BASE_PROTOCOL_METHODS to match on all the other MCP
463
+ # protocol methods.
464
+ # Limited to 10 MCP methods per Authorization Policy.
465
+ class MCP
466
+ include ::Google::Protobuf::MessageExts
467
+ extend ::Google::Protobuf::MessageExts::ClassMethods
468
+ end
469
+
470
+ # Describes the option to match against the base MCP protocol methods.
471
+ module BaseProtocolMethodsOption
472
+ # Unspecified option. Defaults to SKIP_BASE_PROTOCOL_METHODS.
473
+ BASE_PROTOCOL_METHODS_OPTION_UNSPECIFIED = 0
474
+
475
+ # Skip matching on the base MCP protocol methods.
476
+ SKIP_BASE_PROTOCOL_METHODS = 1
477
+
478
+ # Match on the base MCP protocol methods.
479
+ MATCH_BASE_PROTOCOL_METHODS = 2
480
+ end
481
+ end
482
+ end
483
+ end
484
+
485
+ # Allows delegating authorization decisions to Cloud IAP or to
486
+ # Service Extensions.
487
+ # @!attribute [rw] cloud_iap
488
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::CustomProvider::CloudIap]
489
+ # Optional. Delegates authorization decisions to Cloud IAP. Applicable
490
+ # only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy
491
+ # level is not compatible with Cloud IAP settings in the BackendService.
492
+ # Enabling IAP in both places will result in request failure. Ensure that
493
+ # IAP is enabled in either the AuthzPolicy or the BackendService but not in
494
+ # both places.
495
+ # @!attribute [rw] authz_extension
496
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::CustomProvider::AuthzExtension]
497
+ # Optional. Delegate authorization decision to user authored Service
498
+ # Extension. Only one of cloudIap or authzExtension can be specified.
499
+ class CustomProvider
500
+ include ::Google::Protobuf::MessageExts
501
+ extend ::Google::Protobuf::MessageExts::ClassMethods
502
+
503
+ # Optional. Delegates authorization decisions to Cloud IAP. Applicable
504
+ # only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy
505
+ # level is not compatible with Cloud IAP settings in the BackendService.
506
+ # Enabling IAP in both places will result in request failure. Ensure that
507
+ # IAP is enabled in either the AuthzPolicy or the BackendService but not in
508
+ # both places.
509
+ class CloudIap
510
+ include ::Google::Protobuf::MessageExts
511
+ extend ::Google::Protobuf::MessageExts::ClassMethods
512
+ end
513
+
514
+ # Optional. Delegate authorization decision to user authored extension.
515
+ # Only one of cloudIap or authzExtension can be specified.
516
+ # @!attribute [rw] resources
517
+ # @return [::Array<::String>]
518
+ # Required. A list of references to authorization
519
+ # extensions that will be invoked for requests matching this policy.
520
+ # Limited to 1 custom provider.
521
+ class AuthzExtension
522
+ include ::Google::Protobuf::MessageExts
523
+ extend ::Google::Protobuf::MessageExts::ClassMethods
524
+ end
525
+ end
526
+
527
+ # @!attribute [rw] key
528
+ # @return [::String]
529
+ # @!attribute [rw] value
530
+ # @return [::String]
531
+ class LabelsEntry
532
+ include ::Google::Protobuf::MessageExts
533
+ extend ::Google::Protobuf::MessageExts::ClassMethods
534
+ end
535
+
536
+ # Load balancing schemes supported by the `AuthzPolicy` resource. The valid
537
+ # values are `INTERNAL_MANAGED` and
538
+ # `EXTERNAL_MANAGED`. For more information, refer to [Backend services
539
+ # overview](https://cloud.google.com/load-balancing/docs/backend-service).
540
+ module LoadBalancingScheme
541
+ # Default value. Do not use.
542
+ LOAD_BALANCING_SCHEME_UNSPECIFIED = 0
543
+
544
+ # Signifies that this is used for Regional internal or Cross-region
545
+ # internal Application Load Balancing.
546
+ INTERNAL_MANAGED = 1
547
+
548
+ # Signifies that this is used for Global external or Regional external
549
+ # Application Load Balancing.
550
+ EXTERNAL_MANAGED = 2
551
+
552
+ # Signifies that this is used for Cloud Service Mesh. Meant for use by
553
+ # CSM GKE controller only.
554
+ INTERNAL_SELF_MANAGED = 3
555
+ end
556
+
557
+ # The action to be applied to this policy. Valid values are
558
+ # `ALLOW`, `DENY`, `CUSTOM`.
559
+ module AuthzAction
560
+ # Unspecified action.
561
+ AUTHZ_ACTION_UNSPECIFIED = 0
562
+
563
+ # Allow request to pass through to the backend.
564
+ ALLOW = 1
565
+
566
+ # Deny the request and return a HTTP 404 to the client.
567
+ DENY = 2
568
+
569
+ # Delegate the authorization decision to an external authorization engine.
570
+ CUSTOM = 3
571
+ end
572
+
573
+ # The type of authorization being performed.
574
+ # New values may be added in the future.
575
+ module PolicyProfile
576
+ # Unspecified policy profile.
577
+ POLICY_PROFILE_UNSPECIFIED = 0
578
+
579
+ # Applies to request authorization. `CUSTOM` authorization
580
+ # policies with Authz extensions will be allowed with `EXT_AUTHZ_GRPC` or
581
+ # `EXT_PROC_GRPC` protocols. Extensions are invoked only for request header
582
+ # events.
583
+ REQUEST_AUTHZ = 1
584
+
585
+ # Applies to content security, sanitization, etc. Only
586
+ # `CUSTOM` action is allowed in this policy profile. AuthzExtensions in the
587
+ # custom provider must support `EXT_PROC_GRPC` protocol only and be capable
588
+ # of receiving all `EXT_PROC_GRPC` events (REQUEST_HEADERS, REQUEST_BODY,
589
+ # REQUEST_TRAILERS, RESPONSE_HEADERS, RESPONSE_BODY, RESPONSE_TRAILERS)
590
+ # with `FULL_DUPLEX_STREAMED` body send mode.
591
+ CONTENT_AUTHZ = 2
592
+ end
593
+ end
594
+
595
+ # Message for creating an `AuthzPolicy` resource.
596
+ # @!attribute [rw] parent
597
+ # @return [::String]
598
+ # Required. The parent resource of the `AuthzPolicy` resource. Must be in
599
+ # the format `projects/{project}/locations/{location}`.
600
+ # @!attribute [rw] authz_policy_id
601
+ # @return [::String]
602
+ # Required. User-provided ID of the `AuthzPolicy` resource to be created.
603
+ # @!attribute [rw] authz_policy
604
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy]
605
+ # Required. `AuthzPolicy` resource to be created.
606
+ # @!attribute [rw] request_id
607
+ # @return [::String]
608
+ # Optional. An optional request ID to identify requests. Specify a unique
609
+ # request ID so that if you must retry your request, the server can ignore
610
+ # the request if it has already been completed. The server guarantees
611
+ # that for at least 60 minutes since the first request.
612
+ #
613
+ # For example, consider a situation where you make an initial request and the
614
+ # request times out. If you make the request again with the same request
615
+ # ID, the server can check if original operation with the same request ID
616
+ # was received, and if so, ignores the second request. This prevents
617
+ # clients from accidentally creating duplicate commitments.
618
+ #
619
+ # The request ID must be a valid UUID with the exception that zero UUID is
620
+ # not supported (00000000-0000-0000-0000-000000000000).
621
+ class CreateAuthzPolicyRequest
622
+ include ::Google::Protobuf::MessageExts
623
+ extend ::Google::Protobuf::MessageExts::ClassMethods
624
+ end
625
+
626
+ # Message for requesting list of `AuthzPolicy` resources.
627
+ # @!attribute [rw] parent
628
+ # @return [::String]
629
+ # Required. The project and location from which the `AuthzPolicy` resources
630
+ # are listed, specified in the following format:
631
+ # `projects/{project}/locations/{location}`.
632
+ # @!attribute [rw] page_size
633
+ # @return [::Integer]
634
+ # Optional. Requested page size. The server might return fewer items than
635
+ # requested. If unspecified, the server picks an appropriate default.
636
+ # @!attribute [rw] page_token
637
+ # @return [::String]
638
+ # Optional. A token identifying a page of results that the server returns.
639
+ # @!attribute [rw] filter
640
+ # @return [::String]
641
+ # Optional. Filtering results.
642
+ # @!attribute [rw] order_by
643
+ # @return [::String]
644
+ # Optional. Hint for how to order the results.
645
+ class ListAuthzPoliciesRequest
646
+ include ::Google::Protobuf::MessageExts
647
+ extend ::Google::Protobuf::MessageExts::ClassMethods
648
+ end
649
+
650
+ # Message for response to listing `AuthzPolicy` resources.
651
+ # @!attribute [rw] authz_policies
652
+ # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy>]
653
+ # The list of `AuthzPolicy` resources.
654
+ # @!attribute [rw] next_page_token
655
+ # @return [::String]
656
+ # A token identifying a page of results that the server returns.
657
+ # @!attribute [rw] unreachable
658
+ # @return [::Array<::String>]
659
+ # Locations that could not be reached.
660
+ class ListAuthzPoliciesResponse
661
+ include ::Google::Protobuf::MessageExts
662
+ extend ::Google::Protobuf::MessageExts::ClassMethods
663
+ end
664
+
665
+ # Message for getting a `AuthzPolicy` resource.
666
+ # @!attribute [rw] name
667
+ # @return [::String]
668
+ # Required. A name of the `AuthzPolicy` resource to get. Must be in the
669
+ # format
670
+ # `projects/{project}/locations/{location}/authzPolicies/{authz_policy}`.
671
+ class GetAuthzPolicyRequest
672
+ include ::Google::Protobuf::MessageExts
673
+ extend ::Google::Protobuf::MessageExts::ClassMethods
674
+ end
675
+
676
+ # Message for updating an `AuthzPolicy` resource.
677
+ # @!attribute [rw] update_mask
678
+ # @return [::Google::Protobuf::FieldMask]
679
+ # Required. Used to specify the fields to be overwritten in the
680
+ # `AuthzPolicy` resource by the update.
681
+ # The fields specified in the `update_mask` are relative to the resource, not
682
+ # the full request. A field is overwritten if it is in the mask. If the
683
+ # user does not specify a mask, then all fields are overwritten.
684
+ # @!attribute [rw] authz_policy
685
+ # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy]
686
+ # Required. `AuthzPolicy` resource being updated.
687
+ # @!attribute [rw] request_id
688
+ # @return [::String]
689
+ # Optional. An optional request ID to identify requests. Specify a unique
690
+ # request ID so that if you must retry your request, the server can ignore
691
+ # the request if it has already been completed. The server guarantees
692
+ # that for at least 60 minutes since the first request.
693
+ #
694
+ # For example, consider a situation where you make an initial request and the
695
+ # request times out. If you make the request again with the same request
696
+ # ID, the server can check if original operation with the same request ID
697
+ # was received, and if so, ignores the second request. This prevents
698
+ # clients from accidentally creating duplicate commitments.
699
+ #
700
+ # The request ID must be a valid UUID with the exception that zero UUID is
701
+ # not supported (00000000-0000-0000-0000-000000000000).
702
+ class UpdateAuthzPolicyRequest
703
+ include ::Google::Protobuf::MessageExts
704
+ extend ::Google::Protobuf::MessageExts::ClassMethods
705
+ end
706
+
707
+ # Message for deleting an `AuthzPolicy` resource.
708
+ # @!attribute [rw] name
709
+ # @return [::String]
710
+ # Required. The name of the `AuthzPolicy` resource to delete. Must be in
711
+ # the format
712
+ # `projects/{project}/locations/{location}/authzPolicies/{authz_policy}`.
713
+ # @!attribute [rw] request_id
714
+ # @return [::String]
715
+ # Optional. An optional request ID to identify requests. Specify a unique
716
+ # request ID so that if you must retry your request, the server can ignore
717
+ # the request if it has already been completed. The server guarantees
718
+ # that for at least 60 minutes after the first request.
719
+ #
720
+ # For example, consider a situation where you make an initial request and the
721
+ # request times out. If you make the request again with the same request
722
+ # ID, the server can check if original operation with the same request ID
723
+ # was received, and if so, ignores the second request. This prevents
724
+ # clients from accidentally creating duplicate commitments.
725
+ #
726
+ # The request ID must be a valid UUID with the exception that zero UUID is
727
+ # not supported (00000000-0000-0000-0000-000000000000).
728
+ class DeleteAuthzPolicyRequest
729
+ include ::Google::Protobuf::MessageExts
730
+ extend ::Google::Protobuf::MessageExts::ClassMethods
731
+ end
732
+ end
733
+ end
734
+ end
735
+ end