Class: Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::From

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/networksecurity/v1/authz_policy.rb

Overview

Describes properties of one or more sources of a request.

Defined Under Namespace

Classes: RequestSource

Instance Attribute Summary collapse

Instance Attribute Details

#not_sources::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::From::RequestSource>

Returns Optional. Describes the negated properties of request sources. Matches requests from sources that do not match the criteria specified in this field. At least one of sources or notSources must be specified.

Returns:



311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
# File 'proto_docs/google/cloud/networksecurity/v1/authz_policy.rb', line 311

class From
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Describes the properties of a single source.
  # @!attribute [rw] principals
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::Principal>]
  #     Optional. A list of identities derived from the client's certificate.
  #     This field will not match on a request unless frontend mutual TLS is
  #     enabled for the forwarding rule or Gateway and the client certificate
  #     has been successfully validated by mTLS.
  #     Each identity is a string whose value is matched against a list of
  #     URI SANs, DNS Name SANs, or the common name in the client's
  #     certificate. A match happens when any principal matches with the
  #     rule. Limited to 50 principals per Authorization Policy for regional
  #     internal Application Load Balancers, regional external Application
  #     Load Balancers, cross-region internal Application Load Balancers, and
  #     Cloud Service Mesh. This field is not supported for global external
  #     Application Load Balancers.
  # @!attribute [rw] ip_blocks
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::IpBlock>]
  #     Optional. A list of IP addresses or IP address ranges to match
  #     against the source IP address of the request. Limited to 10 ip_blocks
  #     per Authorization Policy
  # @!attribute [rw] resources
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::RequestResource>]
  #     Optional. A list of resources to match against the resource of the
  #     source VM of a request. Limited to 10 resources per Authorization
  #     Policy.
  class RequestSource
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#sources::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::From::RequestSource>

Returns Optional. Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 1 source. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.

Returns:

  • (::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::From::RequestSource>)

    Optional. Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 1 source. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.



311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
# File 'proto_docs/google/cloud/networksecurity/v1/authz_policy.rb', line 311

class From
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Describes the properties of a single source.
  # @!attribute [rw] principals
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::Principal>]
  #     Optional. A list of identities derived from the client's certificate.
  #     This field will not match on a request unless frontend mutual TLS is
  #     enabled for the forwarding rule or Gateway and the client certificate
  #     has been successfully validated by mTLS.
  #     Each identity is a string whose value is matched against a list of
  #     URI SANs, DNS Name SANs, or the common name in the client's
  #     certificate. A match happens when any principal matches with the
  #     rule. Limited to 50 principals per Authorization Policy for regional
  #     internal Application Load Balancers, regional external Application
  #     Load Balancers, cross-region internal Application Load Balancers, and
  #     Cloud Service Mesh. This field is not supported for global external
  #     Application Load Balancers.
  # @!attribute [rw] ip_blocks
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::IpBlock>]
  #     Optional. A list of IP addresses or IP address ranges to match
  #     against the source IP address of the request. Limited to 10 ip_blocks
  #     per Authorization Policy
  # @!attribute [rw] resources
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::RequestResource>]
  #     Optional. A list of resources to match against the resource of the
  #     source VM of a request. Limited to 10 resources per Authorization
  #     Policy.
  class RequestSource
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end