google-cloud-network_security-v1beta1 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.yardopts +12 -0
- data/AUTHENTICATION.md +167 -0
- data/LICENSE.md +201 -0
- data/README.md +139 -0
- data/lib/google/cloud/network_security/v1beta1/network_security/client.rb +1517 -0
- data/lib/google/cloud/network_security/v1beta1/network_security/credentials.rb +47 -0
- data/lib/google/cloud/network_security/v1beta1/network_security/operations.rb +664 -0
- data/lib/google/cloud/network_security/v1beta1/network_security/paths.rb +107 -0
- data/lib/google/cloud/network_security/v1beta1/network_security.rb +48 -0
- data/lib/google/cloud/network_security/v1beta1/version.rb +28 -0
- data/lib/google/cloud/network_security/v1beta1.rb +38 -0
- data/lib/google/cloud/networksecurity/v1beta1/authorization_policy_pb.rb +93 -0
- data/lib/google/cloud/networksecurity/v1beta1/client_tls_policy_pb.rb +65 -0
- data/lib/google/cloud/networksecurity/v1beta1/common_pb.rb +31 -0
- data/lib/google/cloud/networksecurity/v1beta1/network_security_pb.rb +24 -0
- data/lib/google/cloud/networksecurity/v1beta1/network_security_services_pb.rb +72 -0
- data/lib/google/cloud/networksecurity/v1beta1/server_tls_policy_pb.rb +69 -0
- data/lib/google/cloud/networksecurity/v1beta1/tls_pb.rb +42 -0
- data/lib/google-cloud-network_security-v1beta1.rb +21 -0
- data/proto_docs/README.md +4 -0
- data/proto_docs/google/api/field_behavior.rb +71 -0
- data/proto_docs/google/api/resource.rb +283 -0
- data/proto_docs/google/cloud/networksecurity/v1beta1/authorization_policy.rb +252 -0
- data/proto_docs/google/cloud/networksecurity/v1beta1/client_tls_policy.rb +160 -0
- data/proto_docs/google/cloud/networksecurity/v1beta1/common.rb +56 -0
- data/proto_docs/google/cloud/networksecurity/v1beta1/server_tls_policy.rb +176 -0
- data/proto_docs/google/cloud/networksecurity/v1beta1/tls.rb +82 -0
- data/proto_docs/google/longrunning/operations.rb +164 -0
- data/proto_docs/google/protobuf/any.rb +141 -0
- data/proto_docs/google/protobuf/duration.rb +98 -0
- data/proto_docs/google/protobuf/empty.rb +36 -0
- data/proto_docs/google/protobuf/field_mask.rb +229 -0
- data/proto_docs/google/protobuf/timestamp.rb +129 -0
- data/proto_docs/google/rpc/status.rb +46 -0
- metadata +225 -0
@@ -0,0 +1,71 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Api
|
22
|
+
# An indicator of the behavior of a given field (for example, that a field
|
23
|
+
# is required in requests, or given as output but ignored as input).
|
24
|
+
# This **does not** change the behavior in protocol buffers itself; it only
|
25
|
+
# denotes the behavior and may affect how API tooling handles the field.
|
26
|
+
#
|
27
|
+
# Note: This enum **may** receive new values in the future.
|
28
|
+
module FieldBehavior
|
29
|
+
# Conventional default for enums. Do not use this.
|
30
|
+
FIELD_BEHAVIOR_UNSPECIFIED = 0
|
31
|
+
|
32
|
+
# Specifically denotes a field as optional.
|
33
|
+
# While all fields in protocol buffers are optional, this may be specified
|
34
|
+
# for emphasis if appropriate.
|
35
|
+
OPTIONAL = 1
|
36
|
+
|
37
|
+
# Denotes a field as required.
|
38
|
+
# This indicates that the field **must** be provided as part of the request,
|
39
|
+
# and failure to do so will cause an error (usually `INVALID_ARGUMENT`).
|
40
|
+
REQUIRED = 2
|
41
|
+
|
42
|
+
# Denotes a field as output only.
|
43
|
+
# This indicates that the field is provided in responses, but including the
|
44
|
+
# field in a request does nothing (the server *must* ignore it and
|
45
|
+
# *must not* throw an error as a result of the field's presence).
|
46
|
+
OUTPUT_ONLY = 3
|
47
|
+
|
48
|
+
# Denotes a field as input only.
|
49
|
+
# This indicates that the field is provided in requests, and the
|
50
|
+
# corresponding field is not included in output.
|
51
|
+
INPUT_ONLY = 4
|
52
|
+
|
53
|
+
# Denotes a field as immutable.
|
54
|
+
# This indicates that the field may be set once in a request to create a
|
55
|
+
# resource, but may not be changed thereafter.
|
56
|
+
IMMUTABLE = 5
|
57
|
+
|
58
|
+
# Denotes that a (repeated) field is an unordered list.
|
59
|
+
# This indicates that the service may provide the elements of the list
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
61
|
+
# provided. Additionally, the list's order may or may not be stable.
|
62
|
+
UNORDERED_LIST = 6
|
63
|
+
|
64
|
+
# Denotes that this field returns a non-empty default value if not set.
|
65
|
+
# This indicates that if the user provides the empty value in a request,
|
66
|
+
# a non-empty value will be returned. The user will not be aware of what
|
67
|
+
# non-empty value to expect.
|
68
|
+
NON_EMPTY_DEFAULT = 7
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,283 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Api
|
22
|
+
# A simple descriptor of a resource type.
|
23
|
+
#
|
24
|
+
# ResourceDescriptor annotates a resource message (either by means of a
|
25
|
+
# protobuf annotation or use in the service config), and associates the
|
26
|
+
# resource's schema, the resource type, and the pattern of the resource name.
|
27
|
+
#
|
28
|
+
# Example:
|
29
|
+
#
|
30
|
+
# message Topic {
|
31
|
+
# // Indicates this message defines a resource schema.
|
32
|
+
# // Declares the resource type in the format of {service}/{kind}.
|
33
|
+
# // For Kubernetes resources, the format is {api group}/{kind}.
|
34
|
+
# option (google.api.resource) = {
|
35
|
+
# type: "pubsub.googleapis.com/Topic"
|
36
|
+
# name_descriptor: {
|
37
|
+
# pattern: "projects/{project}/topics/{topic}"
|
38
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
39
|
+
# parent_name_extractor: "projects/{project}"
|
40
|
+
# }
|
41
|
+
# };
|
42
|
+
# }
|
43
|
+
#
|
44
|
+
# The ResourceDescriptor Yaml config will look like:
|
45
|
+
#
|
46
|
+
# resources:
|
47
|
+
# - type: "pubsub.googleapis.com/Topic"
|
48
|
+
# name_descriptor:
|
49
|
+
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
+
# parent_name_extractor: "projects/{project}"
|
52
|
+
#
|
53
|
+
# Sometimes, resources have multiple patterns, typically because they can
|
54
|
+
# live under multiple parents.
|
55
|
+
#
|
56
|
+
# Example:
|
57
|
+
#
|
58
|
+
# message LogEntry {
|
59
|
+
# option (google.api.resource) = {
|
60
|
+
# type: "logging.googleapis.com/LogEntry"
|
61
|
+
# name_descriptor: {
|
62
|
+
# pattern: "projects/{project}/logs/{log}"
|
63
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
64
|
+
# parent_name_extractor: "projects/{project}"
|
65
|
+
# }
|
66
|
+
# name_descriptor: {
|
67
|
+
# pattern: "folders/{folder}/logs/{log}"
|
68
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
69
|
+
# parent_name_extractor: "folders/{folder}"
|
70
|
+
# }
|
71
|
+
# name_descriptor: {
|
72
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
73
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
74
|
+
# parent_name_extractor: "organizations/{organization}"
|
75
|
+
# }
|
76
|
+
# name_descriptor: {
|
77
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
78
|
+
# parent_type: "billing.googleapis.com/BillingAccount"
|
79
|
+
# parent_name_extractor: "billingAccounts/{billing_account}"
|
80
|
+
# }
|
81
|
+
# };
|
82
|
+
# }
|
83
|
+
#
|
84
|
+
# The ResourceDescriptor Yaml config will look like:
|
85
|
+
#
|
86
|
+
# resources:
|
87
|
+
# - type: 'logging.googleapis.com/LogEntry'
|
88
|
+
# name_descriptor:
|
89
|
+
# - pattern: "projects/{project}/logs/{log}"
|
90
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
91
|
+
# parent_name_extractor: "projects/{project}"
|
92
|
+
# - pattern: "folders/{folder}/logs/{log}"
|
93
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
94
|
+
# parent_name_extractor: "folders/{folder}"
|
95
|
+
# - pattern: "organizations/{organization}/logs/{log}"
|
96
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
97
|
+
# parent_name_extractor: "organizations/{organization}"
|
98
|
+
# - pattern: "billingAccounts/{billing_account}/logs/{log}"
|
99
|
+
# parent_type: "billing.googleapis.com/BillingAccount"
|
100
|
+
# parent_name_extractor: "billingAccounts/{billing_account}"
|
101
|
+
#
|
102
|
+
# For flexible resources, the resource name doesn't contain parent names, but
|
103
|
+
# the resource itself has parents for policy evaluation.
|
104
|
+
#
|
105
|
+
# Example:
|
106
|
+
#
|
107
|
+
# message Shelf {
|
108
|
+
# option (google.api.resource) = {
|
109
|
+
# type: "library.googleapis.com/Shelf"
|
110
|
+
# name_descriptor: {
|
111
|
+
# pattern: "shelves/{shelf}"
|
112
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
113
|
+
# }
|
114
|
+
# name_descriptor: {
|
115
|
+
# pattern: "shelves/{shelf}"
|
116
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
117
|
+
# }
|
118
|
+
# };
|
119
|
+
# }
|
120
|
+
#
|
121
|
+
# The ResourceDescriptor Yaml config will look like:
|
122
|
+
#
|
123
|
+
# resources:
|
124
|
+
# - type: 'library.googleapis.com/Shelf'
|
125
|
+
# name_descriptor:
|
126
|
+
# - pattern: "shelves/{shelf}"
|
127
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
128
|
+
# - pattern: "shelves/{shelf}"
|
129
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
130
|
+
# @!attribute [rw] type
|
131
|
+
# @return [::String]
|
132
|
+
# The resource type. It must be in the format of
|
133
|
+
# \\{service_name}/\\{resource_type_kind}. The `resource_type_kind` must be
|
134
|
+
# singular and must not include version numbers.
|
135
|
+
#
|
136
|
+
# Example: `storage.googleapis.com/Bucket`
|
137
|
+
#
|
138
|
+
# The value of the resource_type_kind must follow the regular expression
|
139
|
+
# /[A-Za-z][a-zA-Z0-9]+/. It should start with an upper case character and
|
140
|
+
# should use PascalCase (UpperCamelCase). The maximum number of
|
141
|
+
# characters allowed for the `resource_type_kind` is 100.
|
142
|
+
# @!attribute [rw] pattern
|
143
|
+
# @return [::Array<::String>]
|
144
|
+
# Optional. The relative resource name pattern associated with this resource
|
145
|
+
# type. The DNS prefix of the full resource name shouldn't be specified here.
|
146
|
+
#
|
147
|
+
# The path pattern must follow the syntax, which aligns with HTTP binding
|
148
|
+
# syntax:
|
149
|
+
#
|
150
|
+
# Template = Segment { "/" Segment } ;
|
151
|
+
# Segment = LITERAL | Variable ;
|
152
|
+
# Variable = "{" LITERAL "}" ;
|
153
|
+
#
|
154
|
+
# Examples:
|
155
|
+
#
|
156
|
+
# - "projects/\\{project}/topics/\\{topic}"
|
157
|
+
# - "projects/\\{project}/knowledgeBases/\\{knowledge_base}"
|
158
|
+
#
|
159
|
+
# The components in braces correspond to the IDs for each resource in the
|
160
|
+
# hierarchy. It is expected that, if multiple patterns are provided,
|
161
|
+
# the same component name (e.g. "project") refers to IDs of the same
|
162
|
+
# type of resource.
|
163
|
+
# @!attribute [rw] name_field
|
164
|
+
# @return [::String]
|
165
|
+
# Optional. The field on the resource that designates the resource name
|
166
|
+
# field. If omitted, this is assumed to be "name".
|
167
|
+
# @!attribute [rw] history
|
168
|
+
# @return [::Google::Api::ResourceDescriptor::History]
|
169
|
+
# Optional. The historical or future-looking state of the resource pattern.
|
170
|
+
#
|
171
|
+
# Example:
|
172
|
+
#
|
173
|
+
# // The InspectTemplate message originally only supported resource
|
174
|
+
# // names with organization, and project was added later.
|
175
|
+
# message InspectTemplate {
|
176
|
+
# option (google.api.resource) = {
|
177
|
+
# type: "dlp.googleapis.com/InspectTemplate"
|
178
|
+
# pattern:
|
179
|
+
# "organizations/{organization}/inspectTemplates/{inspect_template}"
|
180
|
+
# pattern: "projects/{project}/inspectTemplates/{inspect_template}"
|
181
|
+
# history: ORIGINALLY_SINGLE_PATTERN
|
182
|
+
# };
|
183
|
+
# }
|
184
|
+
# @!attribute [rw] plural
|
185
|
+
# @return [::String]
|
186
|
+
# The plural name used in the resource name and permission names, such as
|
187
|
+
# 'projects' for the resource name of 'projects/\\{project}' and the permission
|
188
|
+
# name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
|
189
|
+
# concept of the `plural` field in k8s CRD spec
|
190
|
+
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
191
|
+
#
|
192
|
+
# Note: The plural form is required even for singleton resources. See
|
193
|
+
# https://aip.dev/156
|
194
|
+
# @!attribute [rw] singular
|
195
|
+
# @return [::String]
|
196
|
+
# The same concept of the `singular` field in k8s CRD spec
|
197
|
+
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
198
|
+
# Such as "project" for the `resourcemanager.googleapis.com/Project` type.
|
199
|
+
# @!attribute [rw] style
|
200
|
+
# @return [::Array<::Google::Api::ResourceDescriptor::Style>]
|
201
|
+
# Style flag(s) for this resource.
|
202
|
+
# These indicate that a resource is expected to conform to a given
|
203
|
+
# style. See the specific style flags for additional information.
|
204
|
+
class ResourceDescriptor
|
205
|
+
include ::Google::Protobuf::MessageExts
|
206
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
207
|
+
|
208
|
+
# A description of the historical or future-looking state of the
|
209
|
+
# resource pattern.
|
210
|
+
module History
|
211
|
+
# The "unset" value.
|
212
|
+
HISTORY_UNSPECIFIED = 0
|
213
|
+
|
214
|
+
# The resource originally had one pattern and launched as such, and
|
215
|
+
# additional patterns were added later.
|
216
|
+
ORIGINALLY_SINGLE_PATTERN = 1
|
217
|
+
|
218
|
+
# The resource has one pattern, but the API owner expects to add more
|
219
|
+
# later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents
|
220
|
+
# that from being necessary once there are multiple patterns.)
|
221
|
+
FUTURE_MULTI_PATTERN = 2
|
222
|
+
end
|
223
|
+
|
224
|
+
# A flag representing a specific style that a resource claims to conform to.
|
225
|
+
module Style
|
226
|
+
# The unspecified value. Do not use.
|
227
|
+
STYLE_UNSPECIFIED = 0
|
228
|
+
|
229
|
+
# This resource is intended to be "declarative-friendly".
|
230
|
+
#
|
231
|
+
# Declarative-friendly resources must be more strictly consistent, and
|
232
|
+
# setting this to true communicates to tools that this resource should
|
233
|
+
# adhere to declarative-friendly expectations.
|
234
|
+
#
|
235
|
+
# Note: This is used by the API linter (linter.aip.dev) to enable
|
236
|
+
# additional checks.
|
237
|
+
DECLARATIVE_FRIENDLY = 1
|
238
|
+
end
|
239
|
+
end
|
240
|
+
|
241
|
+
# Defines a proto annotation that describes a string field that refers to
|
242
|
+
# an API resource.
|
243
|
+
# @!attribute [rw] type
|
244
|
+
# @return [::String]
|
245
|
+
# The resource type that the annotated field references.
|
246
|
+
#
|
247
|
+
# Example:
|
248
|
+
#
|
249
|
+
# message Subscription {
|
250
|
+
# string topic = 2 [(google.api.resource_reference) = {
|
251
|
+
# type: "pubsub.googleapis.com/Topic"
|
252
|
+
# }];
|
253
|
+
# }
|
254
|
+
#
|
255
|
+
# Occasionally, a field may reference an arbitrary resource. In this case,
|
256
|
+
# APIs use the special value * in their resource reference.
|
257
|
+
#
|
258
|
+
# Example:
|
259
|
+
#
|
260
|
+
# message GetIamPolicyRequest {
|
261
|
+
# string resource = 2 [(google.api.resource_reference) = {
|
262
|
+
# type: "*"
|
263
|
+
# }];
|
264
|
+
# }
|
265
|
+
# @!attribute [rw] child_type
|
266
|
+
# @return [::String]
|
267
|
+
# The resource type of a child collection that the annotated field
|
268
|
+
# references. This is useful for annotating the `parent` field that
|
269
|
+
# doesn't have a fixed resource type.
|
270
|
+
#
|
271
|
+
# Example:
|
272
|
+
#
|
273
|
+
# message ListLogEntriesRequest {
|
274
|
+
# string parent = 1 [(google.api.resource_reference) = {
|
275
|
+
# child_type: "logging.googleapis.com/LogEntry"
|
276
|
+
# };
|
277
|
+
# }
|
278
|
+
class ResourceReference
|
279
|
+
include ::Google::Protobuf::MessageExts
|
280
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
281
|
+
end
|
282
|
+
end
|
283
|
+
end
|
@@ -0,0 +1,252 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Cloud
|
22
|
+
module NetworkSecurity
|
23
|
+
module V1beta1
|
24
|
+
# AuthorizationPolicy is a resource that specifies how a server
|
25
|
+
# should authorize incoming connections. This resource in itself does
|
26
|
+
# not change the configuration unless it's attached to a target https
|
27
|
+
# proxy or endpoint config selector resource.
|
28
|
+
# @!attribute [rw] name
|
29
|
+
# @return [::String]
|
30
|
+
# Required. Name of the AuthorizationPolicy resource. It matches pattern
|
31
|
+
# `projects/{project}/locations/{location}/authorizationPolicies/<authorization_policy>`.
|
32
|
+
# @!attribute [rw] description
|
33
|
+
# @return [::String]
|
34
|
+
# Optional. Free-text description of the resource.
|
35
|
+
# @!attribute [r] create_time
|
36
|
+
# @return [::Google::Protobuf::Timestamp]
|
37
|
+
# Output only. The timestamp when the resource was created.
|
38
|
+
# @!attribute [r] update_time
|
39
|
+
# @return [::Google::Protobuf::Timestamp]
|
40
|
+
# Output only. The timestamp when the resource was updated.
|
41
|
+
# @!attribute [rw] labels
|
42
|
+
# @return [::Google::Protobuf::Map{::String => ::String}]
|
43
|
+
# Optional. Set of label tags associated with the AuthorizationPolicy resource.
|
44
|
+
# @!attribute [rw] action
|
45
|
+
# @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Action]
|
46
|
+
# Required. The action to take when a rule match is found. Possible values
|
47
|
+
# are "ALLOW" or "DENY".
|
48
|
+
# @!attribute [rw] rules
|
49
|
+
# @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule>]
|
50
|
+
# Optional. List of rules to match. Note that at least one of the rules must match in
|
51
|
+
# order for the action specified in the 'action' field to be taken. A rule is
|
52
|
+
# a match if there is a matching source and destination. If left blank, the
|
53
|
+
# action specified in the `action` field will be applied on every request.
|
54
|
+
class AuthorizationPolicy
|
55
|
+
include ::Google::Protobuf::MessageExts
|
56
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
57
|
+
|
58
|
+
# Specification of rules.
|
59
|
+
# @!attribute [rw] sources
|
60
|
+
# @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Source>]
|
61
|
+
# Optional. List of attributes for the traffic source. All of the sources must match.
|
62
|
+
# A source is a match if both principals and ip_blocks match. If not set,
|
63
|
+
# the action specified in the 'action' field will be applied without any
|
64
|
+
# rule checks for the source.
|
65
|
+
# @!attribute [rw] destinations
|
66
|
+
# @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Destination>]
|
67
|
+
# Optional. List of attributes for the traffic destination. All of the destinations
|
68
|
+
# must match. A destination is a match if a request matches all the
|
69
|
+
# specified hosts, ports, methods and headers. If not set, the
|
70
|
+
# action specified in the 'action' field will be applied without any rule
|
71
|
+
# checks for the destination.
|
72
|
+
class Rule
|
73
|
+
include ::Google::Protobuf::MessageExts
|
74
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
75
|
+
|
76
|
+
# Specification of traffic source attributes.
|
77
|
+
# @!attribute [rw] principals
|
78
|
+
# @return [::Array<::String>]
|
79
|
+
# Optional. List of peer identities to match for authorization. At least one
|
80
|
+
# principal should match. Each peer can be an exact match, or a prefix
|
81
|
+
# match (example, "namespace/*") or a suffix match (example, //
|
82
|
+
# */service-account") or a presence match "*".
|
83
|
+
# @!attribute [rw] ip_blocks
|
84
|
+
# @return [::Array<::String>]
|
85
|
+
# Optional. List of CIDR ranges to match based on source IP address. At least one
|
86
|
+
# IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
|
87
|
+
# "1.2.3.0/24") are supported.
|
88
|
+
class Source
|
89
|
+
include ::Google::Protobuf::MessageExts
|
90
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
91
|
+
end
|
92
|
+
|
93
|
+
# Specification of traffic destination attributes.
|
94
|
+
# @!attribute [rw] hosts
|
95
|
+
# @return [::Array<::String>]
|
96
|
+
# Required. List of host names to match. Matched against HOST header in
|
97
|
+
# http requests. At least one host should match. Each host can be an
|
98
|
+
# exact match, or a prefix match (example "mydomain.*") or a suffix
|
99
|
+
# match (example // *.myorg.com") or a presence(any) match "*".
|
100
|
+
# @!attribute [rw] ports
|
101
|
+
# @return [::Array<::Integer>]
|
102
|
+
# Required. List of destination ports to match. At least one port should match.
|
103
|
+
# @!attribute [rw] methods
|
104
|
+
# @return [::Array<::String>]
|
105
|
+
# Optional. A list of HTTP methods to match. At least one method should
|
106
|
+
# match. Should not be set for gRPC services.
|
107
|
+
# @!attribute [rw] http_header_match
|
108
|
+
# @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Destination::HttpHeaderMatch]
|
109
|
+
# Optional. Match against key:value pair in http header. Provides a
|
110
|
+
# flexible match based on HTTP headers, for potentially
|
111
|
+
# advanced use cases. At least one header should match.
|
112
|
+
class Destination
|
113
|
+
include ::Google::Protobuf::MessageExts
|
114
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
115
|
+
|
116
|
+
# Specification of HTTP header match atrributes.
|
117
|
+
# @!attribute [rw] regex_match
|
118
|
+
# @return [::String]
|
119
|
+
# Required. The value of the header must match the regular expression
|
120
|
+
# specified in regexMatch. For regular expression grammar,
|
121
|
+
# please see: en.cppreference.com/w/cpp/regex/ecmascript
|
122
|
+
# For matching against a port specified in the HTTP
|
123
|
+
# request, use a headerMatch with headerName set to Host
|
124
|
+
# and a regular expression that satisfies the RFC2616 Host
|
125
|
+
# header's port specifier.
|
126
|
+
# @!attribute [rw] header_name
|
127
|
+
# @return [::String]
|
128
|
+
# Required. The name of the HTTP header to match. For matching
|
129
|
+
# against the HTTP request's authority, use a headerMatch
|
130
|
+
# with the header name ":authority". For matching a
|
131
|
+
# request's method, use the headerName ":method".
|
132
|
+
class HttpHeaderMatch
|
133
|
+
include ::Google::Protobuf::MessageExts
|
134
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
# @!attribute [rw] key
|
140
|
+
# @return [::String]
|
141
|
+
# @!attribute [rw] value
|
142
|
+
# @return [::String]
|
143
|
+
class LabelsEntry
|
144
|
+
include ::Google::Protobuf::MessageExts
|
145
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
146
|
+
end
|
147
|
+
|
148
|
+
# Possible values that define what action to take.
|
149
|
+
module Action
|
150
|
+
# Default value.
|
151
|
+
ACTION_UNSPECIFIED = 0
|
152
|
+
|
153
|
+
# Grant access.
|
154
|
+
ALLOW = 1
|
155
|
+
|
156
|
+
# Deny access.
|
157
|
+
DENY = 2
|
158
|
+
end
|
159
|
+
end
|
160
|
+
|
161
|
+
# Request used with the ListAuthorizationPolicies method.
|
162
|
+
# @!attribute [rw] parent
|
163
|
+
# @return [::String]
|
164
|
+
# Required. The project and location from which the AuthorizationPolicies
|
165
|
+
# should be listed, specified in the format
|
166
|
+
# `projects/{project}/locations/{location}`.
|
167
|
+
# @!attribute [rw] page_size
|
168
|
+
# @return [::Integer]
|
169
|
+
# Maximum number of AuthorizationPolicies to return per call.
|
170
|
+
# @!attribute [rw] page_token
|
171
|
+
# @return [::String]
|
172
|
+
# The value returned by the last
|
173
|
+
# `ListAuthorizationPoliciesResponse` Indicates that this is a
|
174
|
+
# continuation of a prior `ListAuthorizationPolicies` call, and
|
175
|
+
# that the system should return the next page of data.
|
176
|
+
class ListAuthorizationPoliciesRequest
|
177
|
+
include ::Google::Protobuf::MessageExts
|
178
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
179
|
+
end
|
180
|
+
|
181
|
+
# Response returned by the ListAuthorizationPolicies method.
|
182
|
+
# @!attribute [rw] authorization_policies
|
183
|
+
# @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy>]
|
184
|
+
# List of AuthorizationPolicies resources.
|
185
|
+
# @!attribute [rw] next_page_token
|
186
|
+
# @return [::String]
|
187
|
+
# If there might be more results than those appearing in this response, then
|
188
|
+
# `next_page_token` is included. To get the next set of results, call this
|
189
|
+
# method again using the value of `next_page_token` as `page_token`.
|
190
|
+
class ListAuthorizationPoliciesResponse
|
191
|
+
include ::Google::Protobuf::MessageExts
|
192
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
193
|
+
end
|
194
|
+
|
195
|
+
# Request used by the GetAuthorizationPolicy method.
|
196
|
+
# @!attribute [rw] name
|
197
|
+
# @return [::String]
|
198
|
+
# Required. A name of the AuthorizationPolicy to get. Must be in the format
|
199
|
+
# `projects/{project}/locations/{location}/authorizationPolicies/*`.
|
200
|
+
class GetAuthorizationPolicyRequest
|
201
|
+
include ::Google::Protobuf::MessageExts
|
202
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
203
|
+
end
|
204
|
+
|
205
|
+
# Request used by the CreateAuthorizationPolicy method.
|
206
|
+
# @!attribute [rw] parent
|
207
|
+
# @return [::String]
|
208
|
+
# Required. The parent resource of the AuthorizationPolicy. Must be in the
|
209
|
+
# format `projects/{project}/locations/{location}`.
|
210
|
+
# @!attribute [rw] authorization_policy_id
|
211
|
+
# @return [::String]
|
212
|
+
# Required. Short name of the AuthorizationPolicy resource to be created.
|
213
|
+
# This value should be 1-63 characters long, containing only
|
214
|
+
# letters, numbers, hyphens, and underscores, and should not start
|
215
|
+
# with a number. E.g. "authz_policy".
|
216
|
+
# @!attribute [rw] authorization_policy
|
217
|
+
# @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy]
|
218
|
+
# Required. AuthorizationPolicy resource to be created.
|
219
|
+
class CreateAuthorizationPolicyRequest
|
220
|
+
include ::Google::Protobuf::MessageExts
|
221
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
222
|
+
end
|
223
|
+
|
224
|
+
# Request used by the UpdateAuthorizationPolicy method.
|
225
|
+
# @!attribute [rw] update_mask
|
226
|
+
# @return [::Google::Protobuf::FieldMask]
|
227
|
+
# Optional. Field mask is used to specify the fields to be overwritten in the
|
228
|
+
# AuthorizationPolicy resource by the update.
|
229
|
+
# The fields specified in the update_mask are relative to the resource, not
|
230
|
+
# the full request. A field will be overwritten if it is in the mask. If the
|
231
|
+
# user does not provide a mask then all fields will be overwritten.
|
232
|
+
# @!attribute [rw] authorization_policy
|
233
|
+
# @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy]
|
234
|
+
# Required. Updated AuthorizationPolicy resource.
|
235
|
+
class UpdateAuthorizationPolicyRequest
|
236
|
+
include ::Google::Protobuf::MessageExts
|
237
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
238
|
+
end
|
239
|
+
|
240
|
+
# Request used by the DeleteAuthorizationPolicy method.
|
241
|
+
# @!attribute [rw] name
|
242
|
+
# @return [::String]
|
243
|
+
# Required. A name of the AuthorizationPolicy to delete. Must be in the format
|
244
|
+
# `projects/{project}/locations/{location}/authorizationPolicies/*`.
|
245
|
+
class DeleteAuthorizationPolicyRequest
|
246
|
+
include ::Google::Protobuf::MessageExts
|
247
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
248
|
+
end
|
249
|
+
end
|
250
|
+
end
|
251
|
+
end
|
252
|
+
end
|