Class SecurityPolicyRule.Builder (1.65.0)

public static final class SecurityPolicyRule.Builder extends GeneratedMessageV3.Builder<SecurityPolicyRule.Builder> implements SecurityPolicyRuleOrBuilder

Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).

Protobuf type google.cloud.compute.v1.SecurityPolicyRule

Static Methods

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
Type Description
Descriptor

Methods

addRepeatedField(Descriptors.FieldDescriptor field, Object value)

public SecurityPolicyRule.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Parameters
Name Description
field FieldDescriptor
value Object
Returns
Type Description
SecurityPolicyRule.Builder
Overrides

build()

public SecurityPolicyRule build()
Returns
Type Description
SecurityPolicyRule

buildPartial()

public SecurityPolicyRule buildPartial()
Returns
Type Description
SecurityPolicyRule

clear()

public SecurityPolicyRule.Builder clear()
Returns
Type Description
SecurityPolicyRule.Builder
Overrides

clearAction()

public SecurityPolicyRule.Builder clearAction()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

clearDescription()

public SecurityPolicyRule.Builder clearDescription()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

clearField(Descriptors.FieldDescriptor field)

public SecurityPolicyRule.Builder clearField(Descriptors.FieldDescriptor field)
Parameter
Name Description
field FieldDescriptor
Returns
Type Description
SecurityPolicyRule.Builder
Overrides

clearHeaderAction()

public SecurityPolicyRule.Builder clearHeaderAction()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
Type Description
SecurityPolicyRule.Builder

clearKind()

public SecurityPolicyRule.Builder clearKind()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

clearMatch()

public SecurityPolicyRule.Builder clearMatch()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
Type Description
SecurityPolicyRule.Builder

clearNetworkMatch()

public SecurityPolicyRule.Builder clearNetworkMatch()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
Type Description
SecurityPolicyRule.Builder

clearOneof(Descriptors.OneofDescriptor oneof)

public SecurityPolicyRule.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Parameter
Name Description
oneof OneofDescriptor
Returns
Type Description
SecurityPolicyRule.Builder
Overrides

clearPreconfiguredWafConfig()

public SecurityPolicyRule.Builder clearPreconfiguredWafConfig()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
Type Description
SecurityPolicyRule.Builder

clearPreview()

public SecurityPolicyRule.Builder clearPreview()

If set to true, the specified action is not enforced.

optional bool preview = 218686408;

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

clearPriority()

public SecurityPolicyRule.Builder clearPriority()

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

optional int32 priority = 445151652;

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

clearRateLimitOptions()

public SecurityPolicyRule.Builder clearRateLimitOptions()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
Type Description
SecurityPolicyRule.Builder

clearRedirectOptions()

public SecurityPolicyRule.Builder clearRedirectOptions()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
Type Description
SecurityPolicyRule.Builder

clone()

public SecurityPolicyRule.Builder clone()
Returns
Type Description
SecurityPolicyRule.Builder
Overrides

getAction()

public String getAction()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
Type Description
String

The action.

getActionBytes()

public ByteString getActionBytes()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
Type Description
ByteString

The bytes for action.

getDefaultInstanceForType()

public SecurityPolicyRule getDefaultInstanceForType()
Returns
Type Description
SecurityPolicyRule

getDescription()

public String getDescription()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
Type Description
String

The description.

getDescriptionBytes()

public ByteString getDescriptionBytes()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
Type Description
ByteString

The bytes for description.

getDescriptorForType()

public Descriptors.Descriptor getDescriptorForType()
Returns
Type Description
Descriptor
Overrides

getHeaderAction()

public SecurityPolicyRuleHttpHeaderAction getHeaderAction()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
Type Description
SecurityPolicyRuleHttpHeaderAction

The headerAction.

getHeaderActionBuilder()

public SecurityPolicyRuleHttpHeaderAction.Builder getHeaderActionBuilder()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
Type Description
SecurityPolicyRuleHttpHeaderAction.Builder

getHeaderActionOrBuilder()

public SecurityPolicyRuleHttpHeaderActionOrBuilder getHeaderActionOrBuilder()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
Type Description
SecurityPolicyRuleHttpHeaderActionOrBuilder

getKind()

public String getKind()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
Type Description
String

The kind.

getKindBytes()

public ByteString getKindBytes()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
Type Description
ByteString

The bytes for kind.

getMatch()

public SecurityPolicyRuleMatcher getMatch()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
Type Description
SecurityPolicyRuleMatcher

The match.

getMatchBuilder()

public SecurityPolicyRuleMatcher.Builder getMatchBuilder()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
Type Description
SecurityPolicyRuleMatcher.Builder

getMatchOrBuilder()

public SecurityPolicyRuleMatcherOrBuilder getMatchOrBuilder()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
Type Description
SecurityPolicyRuleMatcherOrBuilder

getNetworkMatch()

public SecurityPolicyRuleNetworkMatcher getNetworkMatch()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
Type Description
SecurityPolicyRuleNetworkMatcher

The networkMatch.

getNetworkMatchBuilder()

public SecurityPolicyRuleNetworkMatcher.Builder getNetworkMatchBuilder()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
Type Description
SecurityPolicyRuleNetworkMatcher.Builder

getNetworkMatchOrBuilder()

public SecurityPolicyRuleNetworkMatcherOrBuilder getNetworkMatchOrBuilder()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
Type Description
SecurityPolicyRuleNetworkMatcherOrBuilder

getPreconfiguredWafConfig()

public SecurityPolicyRulePreconfiguredWafConfig getPreconfiguredWafConfig()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
Type Description
SecurityPolicyRulePreconfiguredWafConfig

The preconfiguredWafConfig.

getPreconfiguredWafConfigBuilder()

public SecurityPolicyRulePreconfiguredWafConfig.Builder getPreconfiguredWafConfigBuilder()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
Type Description
SecurityPolicyRulePreconfiguredWafConfig.Builder

getPreconfiguredWafConfigOrBuilder()

public SecurityPolicyRulePreconfiguredWafConfigOrBuilder getPreconfiguredWafConfigOrBuilder()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
Type Description
SecurityPolicyRulePreconfiguredWafConfigOrBuilder

getPreview()

public boolean getPreview()

If set to true, the specified action is not enforced.

optional bool preview = 218686408;

Returns
Type Description
boolean

The preview.

getPriority()

public int getPriority()

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

optional int32 priority = 445151652;

Returns
Type Description
int

The priority.

getRateLimitOptions()

public SecurityPolicyRuleRateLimitOptions getRateLimitOptions()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
Type Description
SecurityPolicyRuleRateLimitOptions

The rateLimitOptions.

getRateLimitOptionsBuilder()

public SecurityPolicyRuleRateLimitOptions.Builder getRateLimitOptionsBuilder()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
Type Description
SecurityPolicyRuleRateLimitOptions.Builder

getRateLimitOptionsOrBuilder()

public SecurityPolicyRuleRateLimitOptionsOrBuilder getRateLimitOptionsOrBuilder()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
Type Description
SecurityPolicyRuleRateLimitOptionsOrBuilder

getRedirectOptions()

public SecurityPolicyRuleRedirectOptions getRedirectOptions()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
Type Description
SecurityPolicyRuleRedirectOptions

The redirectOptions.

getRedirectOptionsBuilder()

public SecurityPolicyRuleRedirectOptions.Builder getRedirectOptionsBuilder()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
Type Description
SecurityPolicyRuleRedirectOptions.Builder

getRedirectOptionsOrBuilder()

public SecurityPolicyRuleRedirectOptionsOrBuilder getRedirectOptionsOrBuilder()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
Type Description
SecurityPolicyRuleRedirectOptionsOrBuilder

hasAction()

public boolean hasAction()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
Type Description
boolean

Whether the action field is set.

hasDescription()

public boolean hasDescription()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
Type Description
boolean

Whether the description field is set.

hasHeaderAction()

public boolean hasHeaderAction()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
Type Description
boolean

Whether the headerAction field is set.

hasKind()

public boolean hasKind()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
Type Description
boolean

Whether the kind field is set.

hasMatch()

public boolean hasMatch()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
Type Description
boolean

Whether the match field is set.

hasNetworkMatch()

public boolean hasNetworkMatch()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
Type Description
boolean

Whether the networkMatch field is set.

hasPreconfiguredWafConfig()

public boolean hasPreconfiguredWafConfig()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
Type Description
boolean

Whether the preconfiguredWafConfig field is set.

hasPreview()

public boolean hasPreview()

If set to true, the specified action is not enforced.

optional bool preview = 218686408;

Returns
Type Description
boolean

Whether the preview field is set.

hasPriority()

public boolean hasPriority()

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

optional int32 priority = 445151652;

Returns
Type Description
boolean

Whether the priority field is set.

hasRateLimitOptions()

public boolean hasRateLimitOptions()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
Type Description
boolean

Whether the rateLimitOptions field is set.

hasRedirectOptions()

public boolean hasRedirectOptions()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
Type Description
boolean

Whether the redirectOptions field is set.

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
Type Description
FieldAccessorTable
Overrides

isInitialized()

public final boolean isInitialized()
Returns
Type Description
boolean
Overrides

mergeFrom(SecurityPolicyRule other)

public SecurityPolicyRule.Builder mergeFrom(SecurityPolicyRule other)
Parameter
Name Description
other SecurityPolicyRule
Returns
Type Description
SecurityPolicyRule.Builder

mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public SecurityPolicyRule.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input CodedInputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
SecurityPolicyRule.Builder
Overrides
Exceptions
Type Description
IOException

mergeFrom(Message other)

public SecurityPolicyRule.Builder mergeFrom(Message other)
Parameter
Name Description
other Message
Returns
Type Description
SecurityPolicyRule.Builder
Overrides

mergeHeaderAction(SecurityPolicyRuleHttpHeaderAction value)

public SecurityPolicyRule.Builder mergeHeaderAction(SecurityPolicyRuleHttpHeaderAction value)

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Parameter
Name Description
value SecurityPolicyRuleHttpHeaderAction
Returns
Type Description
SecurityPolicyRule.Builder

mergeMatch(SecurityPolicyRuleMatcher value)

public SecurityPolicyRule.Builder mergeMatch(SecurityPolicyRuleMatcher value)

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Parameter
Name Description
value SecurityPolicyRuleMatcher
Returns
Type Description
SecurityPolicyRule.Builder

mergeNetworkMatch(SecurityPolicyRuleNetworkMatcher value)

public SecurityPolicyRule.Builder mergeNetworkMatch(SecurityPolicyRuleNetworkMatcher value)

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Parameter
Name Description
value SecurityPolicyRuleNetworkMatcher
Returns
Type Description
SecurityPolicyRule.Builder

mergePreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig value)

public SecurityPolicyRule.Builder mergePreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig value)

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Parameter
Name Description
value SecurityPolicyRulePreconfiguredWafConfig
Returns
Type Description
SecurityPolicyRule.Builder

mergeRateLimitOptions(SecurityPolicyRuleRateLimitOptions value)

public SecurityPolicyRule.Builder mergeRateLimitOptions(SecurityPolicyRuleRateLimitOptions value)

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Parameter
Name Description
value SecurityPolicyRuleRateLimitOptions
Returns
Type Description
SecurityPolicyRule.Builder

mergeRedirectOptions(SecurityPolicyRuleRedirectOptions value)

public SecurityPolicyRule.Builder mergeRedirectOptions(SecurityPolicyRuleRedirectOptions value)

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Parameter
Name Description
value SecurityPolicyRuleRedirectOptions
Returns
Type Description
SecurityPolicyRule.Builder

mergeUnknownFields(UnknownFieldSet unknownFields)

public final SecurityPolicyRule.Builder mergeUnknownFields(UnknownFieldSet unknownFields)
Parameter
Name Description
unknownFields UnknownFieldSet
Returns
Type Description
SecurityPolicyRule.Builder
Overrides

setAction(String value)

public SecurityPolicyRule.Builder setAction(String value)

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Parameter
Name Description
value String

The action to set.

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

setActionBytes(ByteString value)

public SecurityPolicyRule.Builder setActionBytes(ByteString value)

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Parameter
Name Description
value ByteString

The bytes for action to set.

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

setDescription(String value)

public SecurityPolicyRule.Builder setDescription(String value)

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Parameter
Name Description
value String

The description to set.

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

setDescriptionBytes(ByteString value)

public SecurityPolicyRule.Builder setDescriptionBytes(ByteString value)

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Parameter
Name Description
value ByteString

The bytes for description to set.

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

setField(Descriptors.FieldDescriptor field, Object value)

public SecurityPolicyRule.Builder setField(Descriptors.FieldDescriptor field, Object value)
Parameters
Name Description
field FieldDescriptor
value Object
Returns
Type Description
SecurityPolicyRule.Builder
Overrides

setHeaderAction(SecurityPolicyRuleHttpHeaderAction value)

public SecurityPolicyRule.Builder setHeaderAction(SecurityPolicyRuleHttpHeaderAction value)

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Parameter
Name Description
value SecurityPolicyRuleHttpHeaderAction
Returns
Type Description
SecurityPolicyRule.Builder

setHeaderAction(SecurityPolicyRuleHttpHeaderAction.Builder builderForValue)

public SecurityPolicyRule.Builder setHeaderAction(SecurityPolicyRuleHttpHeaderAction.Builder builderForValue)

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Parameter
Name Description
builderForValue SecurityPolicyRuleHttpHeaderAction.Builder
Returns
Type Description
SecurityPolicyRule.Builder

setKind(String value)

public SecurityPolicyRule.Builder setKind(String value)

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Parameter
Name Description
value String

The kind to set.

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

setKindBytes(ByteString value)

public SecurityPolicyRule.Builder setKindBytes(ByteString value)

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Parameter
Name Description
value ByteString

The bytes for kind to set.

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

setMatch(SecurityPolicyRuleMatcher value)

public SecurityPolicyRule.Builder setMatch(SecurityPolicyRuleMatcher value)

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Parameter
Name Description
value SecurityPolicyRuleMatcher
Returns
Type Description
SecurityPolicyRule.Builder

setMatch(SecurityPolicyRuleMatcher.Builder builderForValue)

public SecurityPolicyRule.Builder setMatch(SecurityPolicyRuleMatcher.Builder builderForValue)

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Parameter
Name Description
builderForValue SecurityPolicyRuleMatcher.Builder
Returns
Type Description
SecurityPolicyRule.Builder

setNetworkMatch(SecurityPolicyRuleNetworkMatcher value)

public SecurityPolicyRule.Builder setNetworkMatch(SecurityPolicyRuleNetworkMatcher value)

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Parameter
Name Description
value SecurityPolicyRuleNetworkMatcher
Returns
Type Description
SecurityPolicyRule.Builder

setNetworkMatch(SecurityPolicyRuleNetworkMatcher.Builder builderForValue)

public SecurityPolicyRule.Builder setNetworkMatch(SecurityPolicyRuleNetworkMatcher.Builder builderForValue)

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Parameter
Name Description
builderForValue SecurityPolicyRuleNetworkMatcher.Builder
Returns
Type Description
SecurityPolicyRule.Builder

setPreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig value)

public SecurityPolicyRule.Builder setPreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig value)

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Parameter
Name Description
value SecurityPolicyRulePreconfiguredWafConfig
Returns
Type Description
SecurityPolicyRule.Builder

setPreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig.Builder builderForValue)

public SecurityPolicyRule.Builder setPreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig.Builder builderForValue)

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Parameter
Name Description
builderForValue SecurityPolicyRulePreconfiguredWafConfig.Builder
Returns
Type Description
SecurityPolicyRule.Builder

setPreview(boolean value)

public SecurityPolicyRule.Builder setPreview(boolean value)

If set to true, the specified action is not enforced.

optional bool preview = 218686408;

Parameter
Name Description
value boolean

The preview to set.

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

setPriority(int value)

public SecurityPolicyRule.Builder setPriority(int value)

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

optional int32 priority = 445151652;

Parameter
Name Description
value int

The priority to set.

Returns
Type Description
SecurityPolicyRule.Builder

This builder for chaining.

setRateLimitOptions(SecurityPolicyRuleRateLimitOptions value)

public SecurityPolicyRule.Builder setRateLimitOptions(SecurityPolicyRuleRateLimitOptions value)

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Parameter
Name Description
value SecurityPolicyRuleRateLimitOptions
Returns
Type Description
SecurityPolicyRule.Builder

setRateLimitOptions(SecurityPolicyRuleRateLimitOptions.Builder builderForValue)

public SecurityPolicyRule.Builder setRateLimitOptions(SecurityPolicyRuleRateLimitOptions.Builder builderForValue)

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Parameter
Name Description
builderForValue SecurityPolicyRuleRateLimitOptions.Builder
Returns
Type Description
SecurityPolicyRule.Builder

setRedirectOptions(SecurityPolicyRuleRedirectOptions value)

public SecurityPolicyRule.Builder setRedirectOptions(SecurityPolicyRuleRedirectOptions value)

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Parameter
Name Description
value SecurityPolicyRuleRedirectOptions
Returns
Type Description
SecurityPolicyRule.Builder

setRedirectOptions(SecurityPolicyRuleRedirectOptions.Builder builderForValue)

public SecurityPolicyRule.Builder setRedirectOptions(SecurityPolicyRuleRedirectOptions.Builder builderForValue)

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Parameter
Name Description
builderForValue SecurityPolicyRuleRedirectOptions.Builder
Returns
Type Description
SecurityPolicyRule.Builder

setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)

public SecurityPolicyRule.Builder setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
Parameters
Name Description
field FieldDescriptor
index int
value Object
Returns
Type Description
SecurityPolicyRule.Builder
Overrides

setUnknownFields(UnknownFieldSet unknownFields)

public final SecurityPolicyRule.Builder setUnknownFields(UnknownFieldSet unknownFields)
Parameter
Name Description
unknownFields UnknownFieldSet
Returns
Type Description
SecurityPolicyRule.Builder
Overrides