Class: Google::Apis::ComputeV1::FirewallPolicyRule
- Inherits:
-
Object
- Object
- Google::Apis::ComputeV1::FirewallPolicyRule
- Includes:
- Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
- Defined in:
- lib/google/apis/compute_v1/classes.rb,
lib/google/apis/compute_v1/representations.rb,
lib/google/apis/compute_v1/representations.rb
Overview
Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).
Instance Attribute Summary collapse
-
#action ⇒ String
The Action to perform when the client connection triggers the rule.
-
#description ⇒ String
An optional description for this resource.
-
#direction ⇒ String
The direction in which this rule applies.
-
#disabled ⇒ Boolean
(also: #disabled?)
Denotes whether the firewall policy rule is disabled.
-
#enable_logging ⇒ Boolean
(also: #enable_logging?)
Denotes whether to enable logging for a particular rule.
-
#kind ⇒ String
Output only.
-
#match ⇒ Google::Apis::ComputeV1::FirewallPolicyRuleMatcher
Represents a match condition that incoming traffic is evaluated against.
-
#priority ⇒ Fixnum
An integer indicating the priority of a rule in the list.
-
#rule_name ⇒ String
An optional name for the rule.
-
#rule_tuple_count ⇒ Fixnum
Output only.
-
#security_profile_group ⇒ String
A fully-qualified URL of a SecurityProfileGroup resource instance.
-
#target_forwarding_rules ⇒ Array<String>
A list of forwarding rules to which this rule applies.
-
#target_resources ⇒ Array<String>
A list of network resource URLs to which this rule applies.
-
#target_secure_tags ⇒ Array<Google::Apis::ComputeV1::FirewallPolicyRuleSecureTag>
A list of secure tags that controls which instances the firewall rule applies to.
-
#target_service_accounts ⇒ Array<String>
A list of service accounts indicating the sets of instances that are applied with this rule.
-
#target_type ⇒ String
Target types of the firewall policy rule.
-
#tls_inspect ⇒ Boolean
(also: #tls_inspect?)
Boolean flag indicating if the traffic should be TLS decrypted.
Instance Method Summary collapse
-
#initialize(**args) ⇒ FirewallPolicyRule
constructor
A new instance of FirewallPolicyRule.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ FirewallPolicyRule
Returns a new instance of FirewallPolicyRule.
13267 13268 13269 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13267 def initialize(**args) update!(**args) end |
Instance Attribute Details
#action ⇒ String
The Action to perform when the client connection triggers the rule.
Valid actions for firewall rules are: "allow", "deny",
"apply_security_profile_group" and "goto_next" (
"apply_security_profile_group" can be specified only for global
network firewall policies or hierarchical firewall policies).
Valid actions for packet mirroring rules are: "mirror", "do_not_mirror"
and "goto_next".
Corresponds to the JSON property action
13134 13135 13136 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13134 def action @action end |
#description ⇒ String
An optional description for this resource.
Corresponds to the JSON property description
13139 13140 13141 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13139 def description @description end |
#direction ⇒ String
The direction in which this rule applies.
Corresponds to the JSON property direction
13144 13145 13146 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13144 def direction @direction end |
#disabled ⇒ Boolean Also known as: disabled?
Denotes whether the firewall policy rule is disabled. When set to true,
the firewall policy rule is not enforced and traffic behaves as if it did
not exist. If this is unspecified, the firewall policy rule will be
enabled.
Corresponds to the JSON property disabled
13152 13153 13154 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13152 def disabled @disabled end |
#enable_logging ⇒ Boolean Also known as: enable_logging?
Denotes whether to enable logging for a particular rule. If logging is
enabled, logs will be exported to the configured export destination in
Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you
cannot enable logging on "goto_next" rules.
Corresponds to the JSON property enableLogging
13161 13162 13163 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13161 def enable_logging @enable_logging end |
#kind ⇒ String
Output only. [Output only] Type of the resource. Returnscompute#
firewallPolicyRule for firewall rules andcompute#packetMirroringRule for
packet mirroring rules.
Corresponds to the JSON property kind
13169 13170 13171 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13169 def kind @kind end |
#match ⇒ Google::Apis::ComputeV1::FirewallPolicyRuleMatcher
Represents a match condition that incoming traffic is evaluated against.
Exactly one field must be specified.
Corresponds to the JSON property match
13175 13176 13177 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13175 def match @match end |
#priority ⇒ Fixnum
An integer indicating the priority of a rule in the list. The priority
must be a positive value between 0 and 2147483647.
Rules are evaluated from highest to lowest priority where 0 is the
highest priority and 2147483647 is the lowest priority.
Corresponds to the JSON property priority
13183 13184 13185 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13183 def priority @priority end |
#rule_name ⇒ String
An optional name for the rule. This field is not a unique identifier
and can be updated.
Corresponds to the JSON property ruleName
13189 13190 13191 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13189 def rule_name @rule_name end |
#rule_tuple_count ⇒ Fixnum
Output only. [Output Only] Calculation of the complexity of a single firewall
policy
rule.
Corresponds to the JSON property ruleTupleCount
13196 13197 13198 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13196 def rule_tuple_count @rule_tuple_count end |
#security_profile_group ⇒ String
A fully-qualified URL of a SecurityProfileGroup resource instance.
Example:
https://networksecurity.googleapis.com/v1/projects/`project`/locations/`
location/securityProfileGroups/my-security-profile-group
Must be specified if action is one of 'apply_security_profile_group' or
'mirror'. Cannot be specified for other actions. Can be specified only
for global network firewall policies or hierarchical firewall policies.
Corresponds to the JSON propertysecurityProfileGroup`
13207 13208 13209 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13207 def security_profile_group @security_profile_group end |
#target_forwarding_rules ⇒ Array<String>
A list of forwarding rules to which this rule applies. This field allows you to control which load balancers get this rule. For example, the following are valid values:
- https://www.googleapis.com/compute/v1/projects/project/global/ forwardingRules/forwardingRule
- https://www.googleapis.com/compute/v1/projects/project/regions/region/ forwardingRules/forwardingRule
- projects/project/global/ forwardingRules/forwardingRule
- projects/project/regions/region/forwardingRules/
forwardingRule
Corresponds to the JSON property
targetForwardingRules
13224 13225 13226 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13224 def target_forwarding_rules @target_forwarding_rules end |
#target_resources ⇒ Array<String>
A list of network resource URLs to which this rule applies. This field
allows you to control which network's VMs get this rule. If this field
is left blank, all VMs within the organization will receive the rule.
Corresponds to the JSON property targetResources
13231 13232 13233 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13231 def target_resources @target_resources end |
#target_secure_tags ⇒ Array<Google::Apis::ComputeV1::FirewallPolicyRuleSecureTag>
A list of secure tags that controls which instances the firewall rule
applies to. If targetSecureTag are specified, then the
firewall rule applies only to instances in the VPC network that have one
of those EFFECTIVE secure tags, if all the target_secure_tag are in
INEFFECTIVE state, then this rule will be ignored.targetSecureTag may not be
set at the same time astargetServiceAccounts.
If neither targetServiceAccounts nortargetSecureTag are specified, the
firewall rule applies
to all instances on the specified network.
Maximum number of target label tags allowed is 256.
Corresponds to the JSON property targetSecureTags
13245 13246 13247 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13245 def @target_secure_tags end |
#target_service_accounts ⇒ Array<String>
A list of service accounts indicating the sets of instances that are
applied with this rule.
Corresponds to the JSON property targetServiceAccounts
13251 13252 13253 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13251 def target_service_accounts @target_service_accounts end |
#target_type ⇒ String
Target types of the firewall policy rule.
Default value is INSTANCES.
Corresponds to the JSON property targetType
13257 13258 13259 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13257 def target_type @target_type end |
#tls_inspect ⇒ Boolean Also known as: tls_inspect?
Boolean flag indicating if the traffic should be TLS decrypted.
Can be set only if action = 'apply_security_profile_group' and cannot
be set for other actions.
Corresponds to the JSON property tlsInspect
13264 13265 13266 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13264 def tls_inspect @tls_inspect end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
13272 13273 13274 13275 13276 13277 13278 13279 13280 13281 13282 13283 13284 13285 13286 13287 13288 13289 13290 |
# File 'lib/google/apis/compute_v1/classes.rb', line 13272 def update!(**args) @action = args[:action] if args.key?(:action) @description = args[:description] if args.key?(:description) @direction = args[:direction] if args.key?(:direction) @disabled = args[:disabled] if args.key?(:disabled) @enable_logging = args[:enable_logging] if args.key?(:enable_logging) @kind = args[:kind] if args.key?(:kind) @match = args[:match] if args.key?(:match) @priority = args[:priority] if args.key?(:priority) @rule_name = args[:rule_name] if args.key?(:rule_name) @rule_tuple_count = args[:rule_tuple_count] if args.key?(:rule_tuple_count) @security_profile_group = args[:security_profile_group] if args.key?(:security_profile_group) @target_forwarding_rules = args[:target_forwarding_rules] if args.key?(:target_forwarding_rules) @target_resources = args[:target_resources] if args.key?(:target_resources) @target_secure_tags = args[:target_secure_tags] if args.key?(:target_secure_tags) @target_service_accounts = args[:target_service_accounts] if args.key?(:target_service_accounts) @target_type = args[:target_type] if args.key?(:target_type) @tls_inspect = args[:tls_inspect] if args.key?(:tls_inspect) end |