Reference documentation and code samples for the Google Cloud Network Security V1 Client class AuthzPolicy.
AuthzPolicy is a resource that allows to forward traffic to a
callout backend designed to scan the traffic for security purposes.
Generated from protobuf message google.cloud.networksecurity.v1.AuthzPolicy
Namespace
Google \ Cloud \ NetworkSecurity \ V1Methods
__construct
Constructor.
| Parameters | |
|---|---|
| Name | Description |
data |
array
Optional. Data for populating the Message object. |
↳ name |
string
Required. Identifier. Name of the |
↳ create_time |
Google\Protobuf\Timestamp
Output only. The timestamp when the resource was created. |
↳ update_time |
Google\Protobuf\Timestamp
Output only. The timestamp when the resource was updated. |
↳ description |
string
Optional. A human-readable description of the resource. |
↳ labels |
array|Google\Protobuf\Internal\MapField
Optional. Set of labels associated with the |
↳ target |
AuthzPolicy\Target
Required. Specifies the set of resources to which this policy should be applied to. |
↳ http_rules |
array<AuthzPolicy\AuthzRule>
Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules. |
↳ action |
int
Required. Can be one of |
↳ custom_provider |
AuthzPolicy\CustomProvider
Optional. Required if the action is |
↳ policy_profile |
int
Optional. Immutable. Defines the type of authorization being performed. If not specified, |
getName
Required. Identifier. Name of the AuthzPolicy resource in the following
format:
projects/{project}/locations/{location}/authzPolicies/{authz_policy}.
| Returns | |
|---|---|
| Type | Description |
string |
|
setName
Required. Identifier. Name of the AuthzPolicy resource in the following
format:
projects/{project}/locations/{location}/authzPolicies/{authz_policy}.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getCreateTime
Output only. The timestamp when the resource was created.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Timestamp|null |
|
hasCreateTime
clearCreateTime
setCreateTime
Output only. The timestamp when the resource was created.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Protobuf\Timestamp
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getUpdateTime
Output only. The timestamp when the resource was updated.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Timestamp|null |
|
hasUpdateTime
clearUpdateTime
setUpdateTime
Output only. The timestamp when the resource was updated.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Protobuf\Timestamp
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getDescription
Optional. A human-readable description of the resource.
| Returns | |
|---|---|
| Type | Description |
string |
|
setDescription
Optional. A human-readable description of the resource.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getLabels
Optional. Set of labels associated with the AuthzPolicy resource.
The format must comply with the following requirements.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\MapField |
|
setLabels
Optional. Set of labels associated with the AuthzPolicy resource.
The format must comply with the following requirements.
| Parameter | |
|---|---|
| Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getTarget
Required. Specifies the set of resources to which this policy should be applied to.
| Returns | |
|---|---|
| Type | Description |
AuthzPolicy\Target|null |
|
hasTarget
clearTarget
setTarget
Required. Specifies the set of resources to which this policy should be applied to.
| Parameter | |
|---|---|
| Name | Description |
var |
AuthzPolicy\Target
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getHttpRules
Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy.
At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\RepeatedField<AuthzPolicy\AuthzRule> |
|
setHttpRules
Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy.
At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.
| Parameter | |
|---|---|
| Name | Description |
var |
array<AuthzPolicy\AuthzRule>
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getAction
Required. Can be one of ALLOW, DENY, CUSTOM.
When the action is CUSTOM, customProvider must be specified.
When the action is ALLOW, only requests matching the policy will
be allowed.
When the action is DENY, only requests matching the policy will be
denied.
When a request arrives, the policies are evaluated in the following order:
- If there is a
CUSTOMpolicy that matches the request, theCUSTOMpolicy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. - If there are any
DENYpolicies that match the request, the request is denied. - If there are no
ALLOWpolicies for the resource or if any of theALLOWpolicies match the request, the request is allowed. - Else the request is denied by default if none of the configured
AuthzPolicies with
ALLOWaction match the request.
| Returns | |
|---|---|
| Type | Description |
int |
Enum of type AuthzAction. |
setAction
Required. Can be one of ALLOW, DENY, CUSTOM.
When the action is CUSTOM, customProvider must be specified.
When the action is ALLOW, only requests matching the policy will
be allowed.
When the action is DENY, only requests matching the policy will be
denied.
When a request arrives, the policies are evaluated in the following order:
- If there is a
CUSTOMpolicy that matches the request, theCUSTOMpolicy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. - If there are any
DENYpolicies that match the request, the request is denied. - If there are no
ALLOWpolicies for the resource or if any of theALLOWpolicies match the request, the request is allowed. - Else the request is denied by default if none of the configured
AuthzPolicies with
ALLOWaction match the request.
| Parameter | |
|---|---|
| Name | Description |
var |
int
Enum of type AuthzAction. |
| Returns | |
|---|---|
| Type | Description |
$this |
|
getCustomProvider
Optional. Required if the action is CUSTOM. Allows delegating
authorization decisions to Cloud IAP or to Service Extensions. One of
cloudIap or authzExtension must be specified.
| Returns | |
|---|---|
| Type | Description |
AuthzPolicy\CustomProvider|null |
|
hasCustomProvider
clearCustomProvider
setCustomProvider
Optional. Required if the action is CUSTOM. Allows delegating
authorization decisions to Cloud IAP or to Service Extensions. One of
cloudIap or authzExtension must be specified.
| Parameter | |
|---|---|
| Name | Description |
var |
AuthzPolicy\CustomProvider
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getPolicyProfile
Optional. Immutable. Defines the type of authorization being performed.
If not specified, REQUEST_AUTHZ is applied. This field cannot be changed
once AuthzPolicy is created.
| Returns | |
|---|---|
| Type | Description |
int |
Enum of type PolicyProfile. |
setPolicyProfile
Optional. Immutable. Defines the type of authorization being performed.
If not specified, REQUEST_AUTHZ is applied. This field cannot be changed
once AuthzPolicy is created.
| Parameter | |
|---|---|
| Name | Description |
var |
int
Enum of type PolicyProfile. |
| Returns | |
|---|---|
| Type | Description |
$this |
|