Class: Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To
- Inherits:
-
Object
- Object
- Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To
- Extended by:
- Protobuf::MessageExts::ClassMethods
- Includes:
- Protobuf::MessageExts
- Defined in:
- proto_docs/google/cloud/networksecurity/v1/authz_policy.rb
Overview
Describes properties of one or more targets of a request.
Defined Under Namespace
Classes: RequestOperation
Instance Attribute Summary collapse
-
#not_operations ⇒ ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation>
Optional.
-
#operations ⇒ ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation>
Optional.
Instance Attribute Details
#not_operations ⇒ ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation>
Returns Optional. Describes the negated properties of the targets of a request. Matches requests for operations that do not match the criteria specified in this field. At least one of operations or notOperations must be specified.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 |
# File 'proto_docs/google/cloud/networksecurity/v1/authz_policy.rb', line 362 class To include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Describes properties of one or more targets of a request. # @!attribute [rw] header_set # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::HeaderSet] # Optional. A list of headers to match against in http header. # @!attribute [rw] hosts # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>] # Optional. A list of HTTP Hosts to match against. The match can be one # of exact, prefix, suffix, or contains (substring match). Matches are # always case sensitive unless the ignoreCase is set. Limited to 10 # hosts per Authorization Policy. # @!attribute [rw] paths # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>] # Optional. A list of paths to match against. The match can be one of # exact, prefix, suffix, or contains (substring match). Matches are # always case sensitive unless the ignoreCase is set. Limited to 10 # paths per Authorization Policy. # Note that this path match includes the query parameters. For gRPC # services, this should be a fully-qualified name of the form # /package.service/method. # @!attribute [rw] methods # @return [::Array<::String>] # Optional. A list of HTTP methods to match against. Each entry must be # a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, # OPTIONS). It only allows exact match and is always case sensitive. # Limited to 10 methods per Authorization Policy. # @!attribute [rw] mcp # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::MCP] # Optional. Defines the MCP protocol attributes to match on. If the MCP # payload in the request body cannot be successfully parsed, the # request will be denied. This field can be set only for AuthzPolicies # targeting AgentGateway resources. # @!attribute [rw] snis # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>] # Optional. A list of SNIs to match against. The match can be one of # exact, prefix, suffix, or contains (substring match). If there is no # SNI (i.e. plaintext HTTP traffic), the request will be denied. # Matches are always case sensitive unless the ignoreCase is set. # Limited to 10 SNIs per Authorization Policy. class RequestOperation include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Describes a set of HTTP headers to match against. # @!attribute [rw] headers # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::HeaderMatch>] # Required. A list of headers to match against in http header. # The match can be one of exact, prefix, suffix, or contains # (substring match). The match follows AND semantics which means all # the headers must match. Matches are always case sensitive unless # the ignoreCase is set. Limited to 10 headers per Authorization # Policy. class HeaderSet include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Describes a set of MCP methods to match against. # @!attribute [rw] name # @return [::String] # Required. The MCP method to match against. Allowed values are as # follows: # 1. `tools`, `prompts`, `resources` - these will match against all # sub methods under the respective methods. # 2. `prompts/list`, `tools/list`, `resources/list`, # `resources/templates/list` # 3. `prompts/get`, `tools/call`, `resources/subscribe`, # `resources/unsubscribe`, `resources/read` # Params cannot be specified for categories 1 and 2. # @!attribute [rw] params # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>] # Optional. A list of MCP method parameters to match against. The # match can be one of exact, prefix, suffix, or contains (substring # match). Matches are always case sensitive unless the ignoreCase is # set. Limited to 10 MCP method parameters per Authorization Policy. class MCPMethod include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Describes a set of MCP protocol attributes to match against for a # given MCP request. # @!attribute [rw] base_protocol_methods_option # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::BaseProtocolMethodsOption] # Optional. If specified, matches on the MCP protocol’s non-access # specific methods namely: # * initialize # * completion/ # * logging/ # * notifications/ # * ping # Defaults to SKIP_BASE_PROTOCOL_METHODS if not specified. # @!attribute [rw] methods # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::MCPMethod>] # Optional. A list of MCP methods and associated parameters to match # on. It is recommended to use this field to match on tools, prompts # and resource accesses while setting the baseProtocolMethodsOption # to MATCH_BASE_PROTOCOL_METHODS to match on all the other MCP # protocol methods. # Limited to 10 MCP methods per Authorization Policy. class MCP include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Describes the option to match against the base MCP protocol methods. module BaseProtocolMethodsOption # Unspecified option. Defaults to SKIP_BASE_PROTOCOL_METHODS. BASE_PROTOCOL_METHODS_OPTION_UNSPECIFIED = 0 # Skip matching on the base MCP protocol methods. SKIP_BASE_PROTOCOL_METHODS = 1 # Match on the base MCP protocol methods. MATCH_BASE_PROTOCOL_METHODS = 2 end end end |
#operations ⇒ ::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation>
Returns Optional. Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 1 operation. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 |
# File 'proto_docs/google/cloud/networksecurity/v1/authz_policy.rb', line 362 class To include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Describes properties of one or more targets of a request. # @!attribute [rw] header_set # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::HeaderSet] # Optional. A list of headers to match against in http header. # @!attribute [rw] hosts # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>] # Optional. A list of HTTP Hosts to match against. The match can be one # of exact, prefix, suffix, or contains (substring match). Matches are # always case sensitive unless the ignoreCase is set. Limited to 10 # hosts per Authorization Policy. # @!attribute [rw] paths # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>] # Optional. A list of paths to match against. The match can be one of # exact, prefix, suffix, or contains (substring match). Matches are # always case sensitive unless the ignoreCase is set. Limited to 10 # paths per Authorization Policy. # Note that this path match includes the query parameters. For gRPC # services, this should be a fully-qualified name of the form # /package.service/method. # @!attribute [rw] methods # @return [::Array<::String>] # Optional. A list of HTTP methods to match against. Each entry must be # a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, # OPTIONS). It only allows exact match and is always case sensitive. # Limited to 10 methods per Authorization Policy. # @!attribute [rw] mcp # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::MCP] # Optional. Defines the MCP protocol attributes to match on. If the MCP # payload in the request body cannot be successfully parsed, the # request will be denied. This field can be set only for AuthzPolicies # targeting AgentGateway resources. # @!attribute [rw] snis # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>] # Optional. A list of SNIs to match against. The match can be one of # exact, prefix, suffix, or contains (substring match). If there is no # SNI (i.e. plaintext HTTP traffic), the request will be denied. # Matches are always case sensitive unless the ignoreCase is set. # Limited to 10 SNIs per Authorization Policy. class RequestOperation include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Describes a set of HTTP headers to match against. # @!attribute [rw] headers # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::HeaderMatch>] # Required. A list of headers to match against in http header. # The match can be one of exact, prefix, suffix, or contains # (substring match). The match follows AND semantics which means all # the headers must match. Matches are always case sensitive unless # the ignoreCase is set. Limited to 10 headers per Authorization # Policy. class HeaderSet include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Describes a set of MCP methods to match against. # @!attribute [rw] name # @return [::String] # Required. The MCP method to match against. Allowed values are as # follows: # 1. `tools`, `prompts`, `resources` - these will match against all # sub methods under the respective methods. # 2. `prompts/list`, `tools/list`, `resources/list`, # `resources/templates/list` # 3. `prompts/get`, `tools/call`, `resources/subscribe`, # `resources/unsubscribe`, `resources/read` # Params cannot be specified for categories 1 and 2. # @!attribute [rw] params # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch>] # Optional. A list of MCP method parameters to match against. The # match can be one of exact, prefix, suffix, or contains (substring # match). Matches are always case sensitive unless the ignoreCase is # set. Limited to 10 MCP method parameters per Authorization Policy. class MCPMethod include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Describes a set of MCP protocol attributes to match against for a # given MCP request. # @!attribute [rw] base_protocol_methods_option # @return [::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::BaseProtocolMethodsOption] # Optional. If specified, matches on the MCP protocol’s non-access # specific methods namely: # * initialize # * completion/ # * logging/ # * notifications/ # * ping # Defaults to SKIP_BASE_PROTOCOL_METHODS if not specified. # @!attribute [rw] methods # @return [::Array<::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::To::RequestOperation::MCPMethod>] # Optional. A list of MCP methods and associated parameters to match # on. It is recommended to use this field to match on tools, prompts # and resource accesses while setting the baseProtocolMethodsOption # to MATCH_BASE_PROTOCOL_METHODS to match on all the other MCP # protocol methods. # Limited to 10 MCP methods per Authorization Policy. class MCP include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Describes the option to match against the base MCP protocol methods. module BaseProtocolMethodsOption # Unspecified option. Defaults to SKIP_BASE_PROTOCOL_METHODS. BASE_PROTOCOL_METHODS_OPTION_UNSPECIFIED = 0 # Skip matching on the base MCP protocol methods. SKIP_BASE_PROTOCOL_METHODS = 1 # Match on the base MCP protocol methods. MATCH_BASE_PROTOCOL_METHODS = 2 end end end |