REST Resource: projects.locations.networkPolicies.externalAccessRules

Resource: ExternalAccessRule

External access firewall rules for filtering incoming traffic destined to ExternalAddress resources.

JSON representation 
{
  "name": string,
  "createTime": string,
  "updateTime": string,
  "description": string,
  "priority": integer,
  "action": enum (Action),
  "ipProtocol": string,
  "sourceIpRanges": [
    {
      object (IpRange)
    }
  ],
  "sourcePorts": [
    string
  ],
  "destinationIpRanges": [
    {
      object (IpRange)
    }
  ],
  "destinationPorts": [
    string
  ],
  "state": enum (State),
  "uid": string
}
Fields
name

string

Output only. The resource name of this external access rule. Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. For example: projects/my-project/locations/us-central1/networkPolicies/my-policy/externalAccessRules/my-rule
createTime

string (Timestamp format)

Output only. Creation time of this resource.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
updateTime

string (Timestamp format)

Output only. Last update time of this resource.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
description

string

User-provided description for this external access rule.
priority

integer

External access rule priority, which determines the external access rule to use when multiple rules apply. If multiple rules have the same priority, their ordering is non-deterministic. If specific ordering is required, assign unique priorities to enforce such ordering. The external access rule priority is an integer from 100 to 4096, both inclusive. Lower integers indicate higher precedence. For example, a rule with priority 100 has higher precedence than a rule with priority 101.
action

enum (Action)

The action that the external access rule performs.
ipProtocol

string

The IP protocol to which the external access rule applies. This value can be one of the following three protocol strings (not case-sensitive): tcp, udp, or icmp.
sourceIpRanges[]

object (IpRange)

If source ranges are specified, the external access rule applies only to traffic that has a source IP address in these ranges. These ranges can either be expressed in the CIDR format or as an IP address. As only inbound rules are supported, ExternalAddress resources cannot be the source IP addresses of an external access rule. To match all source addresses, specify 0.0.0.0/0.
sourcePorts[]

string

A list of source ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: ["22"], ["80","443"], or ["12345-12349"]. To match all source ports, specify ["0-65535"].
destinationIpRanges[]

object (IpRange)

If destination ranges are specified, the external access rule applies only to the traffic that has a destination IP address in these ranges. The specified IP addresses must have reserved external IP addresses in the scope of the parent network policy. To match all external IP addresses in the scope of the parent network policy, specify 0.0.0.0/0. To match a specific external IP address, specify it using the IpRange.external_address property.
destinationPorts[]

string

A list of destination ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: ["22"], ["80","443"], or ["12345-12349"]. To match all destination ports, specify ["0-65535"].
state

enum (State)

Output only. The state of the resource.
uid

string

Output only. System-generated unique identifier for the resource.

Action

Action determines whether the external access rule permits or blocks traffic, subject to the other components of the rule matching the traffic.

Enums
ACTION_UNSPECIFIED Defaults to allow.
ALLOW Allows connections that match the other specified components.
DENY Blocks connections that match the other specified components.

IpRange

An IP range provided in any one of the supported formats.

JSON representation 
{

  // Union field ip_range can be only one of the following:
  "ipAddress": string,
  "ipAddressRange": string,
  "externalAddress": string
  // End of list of possible types for union field ip_range.
}
Fields

Union field ip_range.

ip_range can be only one of the following:
ipAddress

string

A single IP address. For example: 10.0.0.5.
ipAddressRange

string

An IP address range in the CIDR format. For example: 10.0.0.0/24.
externalAddress

string

The name of an ExternalAddress resource. The external address must have been reserved in the scope of this external access rule's parent network policy. Provide the external address name in the form of projects/{project}/locations/{location}/privateClouds/{privateCloud}/externalAddresses/{externalAddress}. For example: projects/my-project/locations/us-central1-a/privateClouds/my-cloud/externalAddresses/my-address.

State

Defines possible states of external access firewall rules.

Enums
STATE_UNSPECIFIED The default value. This value is used if the state is omitted.
ACTIVE The rule is ready.
CREATING The rule is being created.
UPDATING The rule is being updated.
DELETING The rule is being deleted.

Methods

create

 Creates a new external access rule in a given network policy.

delete

 Deletes a single external access rule.

get

 Gets details of a single external access rule.

list

 Lists ExternalAccessRule resources in the specified network policy.

patch

 Updates the parameters of a single external access rule.