Class: Google::Apis::ComputeBeta::SecurityPolicyRule

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
lib/google/apis/compute_beta/classes.rb,
lib/google/apis/compute_beta/representations.rb,
lib/google/apis/compute_beta/representations.rb

Overview

Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ SecurityPolicyRule

Returns a new instance of SecurityPolicyRule.



58890
58891
58892
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58890

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#actionString

The Action to perform when the rule is matched. The following are the valid actions:

  • allow: allow access to target.
  • deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.
  • rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set.
  • redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.
  • throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.
  • fairshare (preview only): when traffic reaches the threshold limit, requests from the clients matching this rule begin to be rate-limited using the Fair Share algorithm. This action is only allowed in security policies of type CLOUD_ARMOR_INTERNAL_SERVICE. Corresponds to the JSON property action

Returns:

  • (String) 


58777
58778
58779
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58777

def action
  @action
end

#descriptionString

An optional description of this resource. Provide this property when you create the resource. Corresponds to the JSON property description

Returns:

  • (String) 


58783
58784
58785
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58783

def description
  @description
end

#directionString

The direction in which this rule applies. This field may only be specified when versioned_expr is set to FIREWALL. Corresponds to the JSON property direction

Returns:

  • (String) 


58789
58790
58791
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58789

def direction
  @direction
end

#enable_loggingBoolean Also known as: enable_logging?

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules. This field may only be specified when the versioned_expr is set to FIREWALL. Corresponds to the JSON property enableLogging

Returns:

  • (Boolean) 


58799
58800
58801
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58799

def enable_logging
  @enable_logging
end

#header_actionGoogle::Apis::ComputeBeta::SecurityPolicyRuleHttpHeaderAction

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR. Corresponds to the JSON property headerAction

Returns:



58807
58808
58809
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58807

def header_action
  @header_action
end

#kindString

Output only. [Output only] Type of the resource. Alwayscompute# securityPolicyRule for security policy rules Corresponds to the JSON property kind

Returns:

  • (String) 


58813
58814
58815
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58813

def kind
  @kind
end

#matchGoogle::Apis::ComputeBeta::SecurityPolicyRuleMatcher

Represents a match condition that incoming traffic is evaluated against. Exactly one field must be specified. Corresponds to the JSON property match

Returns:



58819
58820
58821
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58819

def match
  @match
end

#network_matchGoogle::Apis::ComputeBeta::SecurityPolicyRuleNetworkMatcher

Represents a match condition that incoming network traffic is evaluated against. Corresponds to the JSON property networkMatch

Returns:



58825
58826
58827
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58825

def network_match
  @network_match
end

#preconfigured_waf_configGoogle::Apis::ComputeBeta::SecurityPolicyRulePreconfiguredWafConfig

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Corresponds to the JSON property preconfiguredWafConfig

Returns:



58832
58833
58834
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58832

def preconfigured_waf_config
  @preconfigured_waf_config
end

#previewBoolean Also known as: preview?

If set to true, the specified action is not enforced. Corresponds to the JSON property preview

Returns:

  • (Boolean) 


58837
58838
58839
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58837

def preview
  @preview
end

#priorityFixnum

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority. Corresponds to the JSON property priority

Returns:

  • (Fixnum) 


58846
58847
58848
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58846

def priority
  @priority
end

#rate_limit_optionsGoogle::Apis::ComputeBeta::SecurityPolicyRuleRateLimitOptions

Must be specified if the action is "rate_based_ban" or "throttle" or "fairshare". Cannot be specified for any other actions. Corresponds to the JSON property rateLimitOptions

Returns:



58852
58853
58854
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58852

def rate_limit_options
  @rate_limit_options
end

#redirect_optionsGoogle::Apis::ComputeBeta::SecurityPolicyRuleRedirectOptions

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR. Corresponds to the JSON property redirectOptions

Returns:



58860
58861
58862
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58860

def redirect_options
  @redirect_options
end

#rule_numberFixnum

Identifier for the rule. This is only unique within the given security policy. This can only be set during rule creation, if rule number is not specified it will be generated by the server. Corresponds to the JSON property ruleNumber

Returns:

  • (Fixnum) 


58867
58868
58869
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58867

def rule_number
  @rule_number
end

#rule_tuple_countFixnum

Output only. [Output Only] Calculation of the complexity of a single firewall security policy rule. Corresponds to the JSON property ruleTupleCount

Returns:

  • (Fixnum) 


58874
58875
58876
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58874

def rule_tuple_count
  @rule_tuple_count
end

#target_resourcesArray<String>

A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule. This field may only be specified when versioned_expr is set to FIREWALL. Corresponds to the JSON property targetResources

Returns:

  • (Array<String>) 


58882
58883
58884
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58882

def target_resources
  @target_resources
end

#target_service_accountsArray<String>

A list of service accounts indicating the sets of instances that are applied with this rule. Corresponds to the JSON property targetServiceAccounts

Returns:

  • (Array<String>) 


58888
58889
58890
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58888

def target_service_accounts
  @target_service_accounts
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



58895
58896
58897
58898
58899
58900
58901
58902
58903
58904
58905
58906
58907
58908
58909
58910
58911
58912
58913
 
# File 'lib/google/apis/compute_beta/classes.rb', line 58895

def update!(**args)
  @action = args[:action] if args.key?(:action)
  @description = args[:description] if args.key?(:description)
  @direction = args[:direction] if args.key?(:direction)
  @enable_logging = args[:enable_logging] if args.key?(:enable_logging)
  @header_action = args[:header_action] if args.key?(:header_action)
  @kind = args[:kind] if args.key?(:kind)
  @match = args[:match] if args.key?(:match)
  @network_match = args[:network_match] if args.key?(:network_match)
  @preconfigured_waf_config = args[:preconfigured_waf_config] if args.key?(:preconfigured_waf_config)
  @preview = args[:preview] if args.key?(:preview)
  @priority = args[:priority] if args.key?(:priority)
  @rate_limit_options = args[:rate_limit_options] if args.key?(:rate_limit_options)
  @redirect_options = args[:redirect_options] if args.key?(:redirect_options)
  @rule_number = args[:rule_number] if args.key?(:rule_number)
  @rule_tuple_count = args[:rule_tuple_count] if args.key?(:rule_tuple_count)
  @target_resources = args[:target_resources] if args.key?(:target_resources)
  @target_service_accounts = args[:target_service_accounts] if args.key?(:target_service_accounts)
end