Class: Google::Apis::NetworksecurityV1beta1::AuthzPolicy

Inherits:

Object

• Object
• Google::Apis::NetworksecurityV1beta1::AuthzPolicy

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/networksecurity_v1beta1/classes.rb,
lib/google/apis/networksecurity_v1beta1/representations.rb,
lib/google/apis/networksecurity_v1beta1/representations.rb

Overview

AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes.

Instance Attribute Summary

• #action ⇒ String

  Required.

• #create_time ⇒ String

  Output only.

• #custom_provider ⇒ Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProvider

  Allows delegating authorization decisions to Cloud IAP or to Service Extensions.

• #description ⇒ String

  Optional.

• #http_rules ⇒ Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRule>

  Optional.

• #labels ⇒ Hash<String,String>

  Optional.

• #name ⇒ String

  Required.

• #network_rules ⇒ Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRule>

  Optional.

• #policy_profile ⇒ String

  Optional.

• #target ⇒ Google::Apis::NetworksecurityV1beta1::AuthzPolicyTarget

  Specifies the set of targets to which this policy should be applied to.

• #update_time ⇒ String

  Output only.

Instance Method Summary

• #initialize(**args) ⇒ AuthzPolicy constructor

  A new instance of AuthzPolicy.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ AuthzPolicy

Returns a new instance of AuthzPolicy.

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 307

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#action ⇒ String

Required. Can be one of ALLOW, DENY, CUSTOM. When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order: 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. 2. If there are any DENY policies that match the request, the request is denied. 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Corresponds to the JSON property action

Returns:

• (String)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 242

def action
  @action
end

#create_time ⇒ String

Output only. The timestamp when the resource was created. Corresponds to the JSON property createTime

Returns:

• (String)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 247

def create_time
  @create_time
end

#custom_provider ⇒ Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProvider

Allows delegating authorization decisions to Cloud IAP or to Service Extensions. Corresponds to the JSON property customProvider

Returns:

• (Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProvider)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 253

def custom_provider
  @custom_provider
end

#description ⇒ String

Optional. A human-readable description of the resource. Corresponds to the JSON property description

Returns:

• (String)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 258

def description
  @description
end

#http_rules ⇒ Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRule>

Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules. Corresponds to the JSON property httpRules

Returns:

• (Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRule>)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 266

def http_rules
  @http_rules
end

#labels ⇒ Hash<String,String>

Optional. Set of labels associated with the AuthzPolicy resource. The format must comply with the following requirements. Corresponds to the JSON property labels

Returns:

• (Hash<String,String>)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 273

def labels
  @labels
end

#name ⇒ String

Required. Identifier. Name of the AuthzPolicy resource in the following format: projects/project/locations/location/authzPolicies/authz_policy`. Corresponds to the JSON propertyname`

Returns:

• (String)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 279

def name
  @name
end

#network_rules ⇒ Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRule>

Optional. A list of authorization network rules to match against the incoming request. A policy match occurs when at least one network rule matches the request. At least one network rule is required for Allow or Deny Action if no HTTP rules are provided. Network rules are mutually exclusive with HTTP rules. Limited to 5 rules. Corresponds to the JSON property networkRules

Returns:

• (Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRule>)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 288

def network_rules
  @network_rules
end

#policy_profile ⇒ String

Optional. Immutable. Defines the type of authorization being performed. If not specified, REQUEST_AUTHZ is applied. This field cannot be changed once AuthzPolicy is created. Corresponds to the JSON property policyProfile

Returns:

• (String)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 295

def policy_profile
  @policy_profile
end

#target ⇒ Google::Apis::NetworksecurityV1beta1::AuthzPolicyTarget

Specifies the set of targets to which this policy should be applied to. Corresponds to the JSON property target

Returns:

• (Google::Apis::NetworksecurityV1beta1::AuthzPolicyTarget)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 300

def target
  @target
end

#update_time ⇒ String

Output only. The timestamp when the resource was updated. Corresponds to the JSON property updateTime

Returns:

• (String)

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 305

def update_time
  @update_time
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/networksecurity_v1beta1/classes.rb', line 312

def update!(**args)
  @action = args[:action] if args.key?(:action)
  @create_time = args[:create_time] if args.key?(:create_time)
  @custom_provider = args[:custom_provider] if args.key?(:custom_provider)
  @description = args[:description] if args.key?(:description)
  @http_rules = args[:http_rules] if args.key?(:http_rules)
  @labels = args[:labels] if args.key?(:labels)
  @name = args[:name] if args.key?(:name)
  @network_rules = args[:network_rules] if args.key?(:network_rules)
  @policy_profile = args[:policy_profile] if args.key?(:policy_profile)
  @target = args[:target] if args.key?(:target)
  @update_time = args[:update_time] if args.key?(:update_time)
end