public final class SecurityPolicyRule extends GeneratedMessageV3 implements SecurityPolicyRuleOrBuilder
Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).
Protobuf type google.cloud.compute.v1.SecurityPolicyRule
Inherited Members
com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT)
com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT,int)
com.google.protobuf.GeneratedMessageV3.<T>emptyList(java.lang.Class<T>)
com.google.protobuf.GeneratedMessageV3.internalGetMapFieldReflection(int)
Static Fields
ACTION_FIELD_NUMBER
public static final int ACTION_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
DESCRIPTION_FIELD_NUMBER
public static final int DESCRIPTION_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
public static final int HEADER_ACTION_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
KIND_FIELD_NUMBER
public static final int KIND_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
MATCH_FIELD_NUMBER
public static final int MATCH_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
NETWORK_MATCH_FIELD_NUMBER
public static final int NETWORK_MATCH_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
public static final int PRECONFIGURED_WAF_CONFIG_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
PREVIEW_FIELD_NUMBER
public static final int PREVIEW_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
PRIORITY_FIELD_NUMBER
public static final int PRIORITY_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
RATE_LIMIT_OPTIONS_FIELD_NUMBER
public static final int RATE_LIMIT_OPTIONS_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
REDIRECT_OPTIONS_FIELD_NUMBER
public static final int REDIRECT_OPTIONS_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
Static Methods
getDefaultInstance()
public static SecurityPolicyRule getDefaultInstance()
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
newBuilder()
public static SecurityPolicyRule.Builder newBuilder()
newBuilder(SecurityPolicyRule prototype)
public static SecurityPolicyRule.Builder newBuilder(SecurityPolicyRule prototype)
public static SecurityPolicyRule parseDelimitedFrom(InputStream input)
public static SecurityPolicyRule parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(byte[] data)
public static SecurityPolicyRule parseFrom(byte[] data)
Parameter |
---|
Name | Description |
data | byte[]
|
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static SecurityPolicyRule parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteString data)
public static SecurityPolicyRule parseFrom(ByteString data)
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static SecurityPolicyRule parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static SecurityPolicyRule parseFrom(CodedInputStream input)
public static SecurityPolicyRule parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
public static SecurityPolicyRule parseFrom(InputStream input)
public static SecurityPolicyRule parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteBuffer data)
public static SecurityPolicyRule parseFrom(ByteBuffer data)
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static SecurityPolicyRule parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
parser()
public static Parser<SecurityPolicyRule> parser()
Methods
equals(Object obj)
public boolean equals(Object obj)
Parameter |
---|
Name | Description |
obj | Object
|
Overrides
getAction()
public String getAction()
The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS
are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.
optional string action = 187661878;
Returns |
---|
Type | Description |
String | The action.
|
getActionBytes()
public ByteString getActionBytes()
The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS
are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.
optional string action = 187661878;
Returns |
---|
Type | Description |
ByteString | The bytes for action.
|
getDefaultInstanceForType()
public SecurityPolicyRule getDefaultInstanceForType()
getDescription()
public String getDescription()
An optional description of this resource. Provide this property when you create the resource.
optional string description = 422937596;
Returns |
---|
Type | Description |
String | The description.
|
getDescriptionBytes()
public ByteString getDescriptionBytes()
An optional description of this resource. Provide this property when you create the resource.
optional string description = 422937596;
Returns |
---|
Type | Description |
ByteString | The bytes for description.
|
public SecurityPolicyRuleHttpHeaderAction getHeaderAction()
Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;
public SecurityPolicyRuleHttpHeaderActionOrBuilder getHeaderActionOrBuilder()
Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;
getKind()
[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules
optional string kind = 3292052;
Returns |
---|
Type | Description |
String | The kind.
|
getKindBytes()
public ByteString getKindBytes()
[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules
optional string kind = 3292052;
Returns |
---|
Type | Description |
ByteString | The bytes for kind.
|
getMatch()
public SecurityPolicyRuleMatcher getMatch()
A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;
getMatchOrBuilder()
public SecurityPolicyRuleMatcherOrBuilder getMatchOrBuilder()
A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;
getNetworkMatch()
public SecurityPolicyRuleNetworkMatcher getNetworkMatch()
A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.
optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;
getNetworkMatchOrBuilder()
public SecurityPolicyRuleNetworkMatcherOrBuilder getNetworkMatchOrBuilder()
A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.
optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;
getParserForType()
public Parser<SecurityPolicyRule> getParserForType()
Overrides
public SecurityPolicyRulePreconfiguredWafConfig getPreconfiguredWafConfig()
Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;
public SecurityPolicyRulePreconfiguredWafConfigOrBuilder getPreconfiguredWafConfigOrBuilder()
Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;
getPreview()
public boolean getPreview()
If set to true, the specified action is not enforced.
optional bool preview = 218686408;
Returns |
---|
Type | Description |
boolean | The preview.
|
getPriority()
An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
optional int32 priority = 445151652;
Returns |
---|
Type | Description |
int | The priority.
|
getRateLimitOptions()
public SecurityPolicyRuleRateLimitOptions getRateLimitOptions()
Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;
getRateLimitOptionsOrBuilder()
public SecurityPolicyRuleRateLimitOptionsOrBuilder getRateLimitOptionsOrBuilder()
Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;
getRedirectOptions()
public SecurityPolicyRuleRedirectOptions getRedirectOptions()
Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;
getRedirectOptionsOrBuilder()
public SecurityPolicyRuleRedirectOptionsOrBuilder getRedirectOptionsOrBuilder()
Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;
getSerializedSize()
public int getSerializedSize()
Returns |
---|
Type | Description |
int | |
Overrides
hasAction()
public boolean hasAction()
The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS
are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.
optional string action = 187661878;
Returns |
---|
Type | Description |
boolean | Whether the action field is set.
|
hasDescription()
public boolean hasDescription()
An optional description of this resource. Provide this property when you create the resource.
optional string description = 422937596;
Returns |
---|
Type | Description |
boolean | Whether the description field is set.
|
public boolean hasHeaderAction()
Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;
Returns |
---|
Type | Description |
boolean | Whether the headerAction field is set.
|
hasKind()
[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules
optional string kind = 3292052;
Returns |
---|
Type | Description |
boolean | Whether the kind field is set.
|
hasMatch()
public boolean hasMatch()
A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;
Returns |
---|
Type | Description |
boolean | Whether the match field is set.
|
hasNetworkMatch()
public boolean hasNetworkMatch()
A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.
optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;
Returns |
---|
Type | Description |
boolean | Whether the networkMatch field is set.
|
public boolean hasPreconfiguredWafConfig()
Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;
Returns |
---|
Type | Description |
boolean | Whether the preconfiguredWafConfig field is set.
|
hasPreview()
public boolean hasPreview()
If set to true, the specified action is not enforced.
optional bool preview = 218686408;
Returns |
---|
Type | Description |
boolean | Whether the preview field is set.
|
hasPriority()
public boolean hasPriority()
An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
optional int32 priority = 445151652;
Returns |
---|
Type | Description |
boolean | Whether the priority field is set.
|
hasRateLimitOptions()
public boolean hasRateLimitOptions()
Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;
Returns |
---|
Type | Description |
boolean | Whether the rateLimitOptions field is set.
|
hasRedirectOptions()
public boolean hasRedirectOptions()
Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;
Returns |
---|
Type | Description |
boolean | Whether the redirectOptions field is set.
|
hashCode()
Returns |
---|
Type | Description |
int | |
Overrides
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Overrides
isInitialized()
public final boolean isInitialized()
Overrides
newBuilderForType()
public SecurityPolicyRule.Builder newBuilderForType()
newBuilderForType(GeneratedMessageV3.BuilderParent parent)
protected SecurityPolicyRule.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Overrides
newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Overrides
toBuilder()
public SecurityPolicyRule.Builder toBuilder()
writeTo(CodedOutputStream output)
public void writeTo(CodedOutputStream output)
Overrides