Class SecurityPolicyRule.Builder (1.46.0)

public static final class SecurityPolicyRule.Builder extends GeneratedMessageV3.Builder<SecurityPolicyRule.Builder> implements SecurityPolicyRuleOrBuilder

Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).

Protobuf type google.cloud.compute.v1.SecurityPolicyRule

Static Methods

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
TypeDescription
Descriptor

Methods

addRepeatedField(Descriptors.FieldDescriptor field, Object value)

public SecurityPolicyRule.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Parameters
NameDescription
fieldFieldDescriptor
valueObject
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides

build()

public SecurityPolicyRule build()
Returns
TypeDescription
SecurityPolicyRule

buildPartial()

public SecurityPolicyRule buildPartial()
Returns
TypeDescription
SecurityPolicyRule

clear()

public SecurityPolicyRule.Builder clear()
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides

clearAction()

public SecurityPolicyRule.Builder clearAction()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

clearDescription()

public SecurityPolicyRule.Builder clearDescription()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

clearField(Descriptors.FieldDescriptor field)

public SecurityPolicyRule.Builder clearField(Descriptors.FieldDescriptor field)
Parameter
NameDescription
fieldFieldDescriptor
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides

clearHeaderAction()

public SecurityPolicyRule.Builder clearHeaderAction()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
TypeDescription
SecurityPolicyRule.Builder

clearKind()

public SecurityPolicyRule.Builder clearKind()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

clearMatch()

public SecurityPolicyRule.Builder clearMatch()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
TypeDescription
SecurityPolicyRule.Builder

clearNetworkMatch()

public SecurityPolicyRule.Builder clearNetworkMatch()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
TypeDescription
SecurityPolicyRule.Builder

clearOneof(Descriptors.OneofDescriptor oneof)

public SecurityPolicyRule.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Parameter
NameDescription
oneofOneofDescriptor
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides

clearPreconfiguredWafConfig()

public SecurityPolicyRule.Builder clearPreconfiguredWafConfig()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
TypeDescription
SecurityPolicyRule.Builder

clearPreview()

public SecurityPolicyRule.Builder clearPreview()

If set to true, the specified action is not enforced.

optional bool preview = 218686408;

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

clearPriority()

public SecurityPolicyRule.Builder clearPriority()

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

optional int32 priority = 445151652;

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

clearRateLimitOptions()

public SecurityPolicyRule.Builder clearRateLimitOptions()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
TypeDescription
SecurityPolicyRule.Builder

clearRedirectOptions()

public SecurityPolicyRule.Builder clearRedirectOptions()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
TypeDescription
SecurityPolicyRule.Builder

clone()

public SecurityPolicyRule.Builder clone()
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides

getAction()

public String getAction()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
TypeDescription
String

The action.

getActionBytes()

public ByteString getActionBytes()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
TypeDescription
ByteString

The bytes for action.

getDefaultInstanceForType()

public SecurityPolicyRule getDefaultInstanceForType()
Returns
TypeDescription
SecurityPolicyRule

getDescription()

public String getDescription()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
TypeDescription
String

The description.

getDescriptionBytes()

public ByteString getDescriptionBytes()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
TypeDescription
ByteString

The bytes for description.

getDescriptorForType()

public Descriptors.Descriptor getDescriptorForType()
Returns
TypeDescription
Descriptor
Overrides

getHeaderAction()

public SecurityPolicyRuleHttpHeaderAction getHeaderAction()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
TypeDescription
SecurityPolicyRuleHttpHeaderAction

The headerAction.

getHeaderActionBuilder()

public SecurityPolicyRuleHttpHeaderAction.Builder getHeaderActionBuilder()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
TypeDescription
SecurityPolicyRuleHttpHeaderAction.Builder

getHeaderActionOrBuilder()

public SecurityPolicyRuleHttpHeaderActionOrBuilder getHeaderActionOrBuilder()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
TypeDescription
SecurityPolicyRuleHttpHeaderActionOrBuilder

getKind()

public String getKind()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
TypeDescription
String

The kind.

getKindBytes()

public ByteString getKindBytes()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
TypeDescription
ByteString

The bytes for kind.

getMatch()

public SecurityPolicyRuleMatcher getMatch()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
TypeDescription
SecurityPolicyRuleMatcher

The match.

getMatchBuilder()

public SecurityPolicyRuleMatcher.Builder getMatchBuilder()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
TypeDescription
SecurityPolicyRuleMatcher.Builder

getMatchOrBuilder()

public SecurityPolicyRuleMatcherOrBuilder getMatchOrBuilder()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
TypeDescription
SecurityPolicyRuleMatcherOrBuilder

getNetworkMatch()

public SecurityPolicyRuleNetworkMatcher getNetworkMatch()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
TypeDescription
SecurityPolicyRuleNetworkMatcher

The networkMatch.

getNetworkMatchBuilder()

public SecurityPolicyRuleNetworkMatcher.Builder getNetworkMatchBuilder()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
TypeDescription
SecurityPolicyRuleNetworkMatcher.Builder

getNetworkMatchOrBuilder()

public SecurityPolicyRuleNetworkMatcherOrBuilder getNetworkMatchOrBuilder()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
TypeDescription
SecurityPolicyRuleNetworkMatcherOrBuilder

getPreconfiguredWafConfig()

public SecurityPolicyRulePreconfiguredWafConfig getPreconfiguredWafConfig()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
TypeDescription
SecurityPolicyRulePreconfiguredWafConfig

The preconfiguredWafConfig.

getPreconfiguredWafConfigBuilder()

public SecurityPolicyRulePreconfiguredWafConfig.Builder getPreconfiguredWafConfigBuilder()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
TypeDescription
SecurityPolicyRulePreconfiguredWafConfig.Builder

getPreconfiguredWafConfigOrBuilder()

public SecurityPolicyRulePreconfiguredWafConfigOrBuilder getPreconfiguredWafConfigOrBuilder()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
TypeDescription
SecurityPolicyRulePreconfiguredWafConfigOrBuilder

getPreview()

public boolean getPreview()

If set to true, the specified action is not enforced.

optional bool preview = 218686408;

Returns
TypeDescription
boolean

The preview.

getPriority()

public int getPriority()

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

optional int32 priority = 445151652;

Returns
TypeDescription
int

The priority.

getRateLimitOptions()

public SecurityPolicyRuleRateLimitOptions getRateLimitOptions()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
TypeDescription
SecurityPolicyRuleRateLimitOptions

The rateLimitOptions.

getRateLimitOptionsBuilder()

public SecurityPolicyRuleRateLimitOptions.Builder getRateLimitOptionsBuilder()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
TypeDescription
SecurityPolicyRuleRateLimitOptions.Builder

getRateLimitOptionsOrBuilder()

public SecurityPolicyRuleRateLimitOptionsOrBuilder getRateLimitOptionsOrBuilder()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
TypeDescription
SecurityPolicyRuleRateLimitOptionsOrBuilder

getRedirectOptions()

public SecurityPolicyRuleRedirectOptions getRedirectOptions()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
TypeDescription
SecurityPolicyRuleRedirectOptions

The redirectOptions.

getRedirectOptionsBuilder()

public SecurityPolicyRuleRedirectOptions.Builder getRedirectOptionsBuilder()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
TypeDescription
SecurityPolicyRuleRedirectOptions.Builder

getRedirectOptionsOrBuilder()

public SecurityPolicyRuleRedirectOptionsOrBuilder getRedirectOptionsOrBuilder()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
TypeDescription
SecurityPolicyRuleRedirectOptionsOrBuilder

hasAction()

public boolean hasAction()

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Returns
TypeDescription
boolean

Whether the action field is set.

hasDescription()

public boolean hasDescription()

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Returns
TypeDescription
boolean

Whether the description field is set.

hasHeaderAction()

public boolean hasHeaderAction()

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Returns
TypeDescription
boolean

Whether the headerAction field is set.

hasKind()

public boolean hasKind()

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Returns
TypeDescription
boolean

Whether the kind field is set.

hasMatch()

public boolean hasMatch()

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Returns
TypeDescription
boolean

Whether the match field is set.

hasNetworkMatch()

public boolean hasNetworkMatch()

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Returns
TypeDescription
boolean

Whether the networkMatch field is set.

hasPreconfiguredWafConfig()

public boolean hasPreconfiguredWafConfig()

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Returns
TypeDescription
boolean

Whether the preconfiguredWafConfig field is set.

hasPreview()

public boolean hasPreview()

If set to true, the specified action is not enforced.

optional bool preview = 218686408;

Returns
TypeDescription
boolean

Whether the preview field is set.

hasPriority()

public boolean hasPriority()

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

optional int32 priority = 445151652;

Returns
TypeDescription
boolean

Whether the priority field is set.

hasRateLimitOptions()

public boolean hasRateLimitOptions()

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Returns
TypeDescription
boolean

Whether the rateLimitOptions field is set.

hasRedirectOptions()

public boolean hasRedirectOptions()

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Returns
TypeDescription
boolean

Whether the redirectOptions field is set.

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
TypeDescription
FieldAccessorTable
Overrides

isInitialized()

public final boolean isInitialized()
Returns
TypeDescription
boolean
Overrides

mergeFrom(SecurityPolicyRule other)

public SecurityPolicyRule.Builder mergeFrom(SecurityPolicyRule other)
Parameter
NameDescription
otherSecurityPolicyRule
Returns
TypeDescription
SecurityPolicyRule.Builder

mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public SecurityPolicyRule.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputCodedInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides
Exceptions
TypeDescription
IOException

mergeFrom(Message other)

public SecurityPolicyRule.Builder mergeFrom(Message other)
Parameter
NameDescription
otherMessage
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides

mergeHeaderAction(SecurityPolicyRuleHttpHeaderAction value)

public SecurityPolicyRule.Builder mergeHeaderAction(SecurityPolicyRuleHttpHeaderAction value)

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Parameter
NameDescription
valueSecurityPolicyRuleHttpHeaderAction
Returns
TypeDescription
SecurityPolicyRule.Builder

mergeMatch(SecurityPolicyRuleMatcher value)

public SecurityPolicyRule.Builder mergeMatch(SecurityPolicyRuleMatcher value)

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Parameter
NameDescription
valueSecurityPolicyRuleMatcher
Returns
TypeDescription
SecurityPolicyRule.Builder

mergeNetworkMatch(SecurityPolicyRuleNetworkMatcher value)

public SecurityPolicyRule.Builder mergeNetworkMatch(SecurityPolicyRuleNetworkMatcher value)

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Parameter
NameDescription
valueSecurityPolicyRuleNetworkMatcher
Returns
TypeDescription
SecurityPolicyRule.Builder

mergePreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig value)

public SecurityPolicyRule.Builder mergePreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig value)

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Parameter
NameDescription
valueSecurityPolicyRulePreconfiguredWafConfig
Returns
TypeDescription
SecurityPolicyRule.Builder

mergeRateLimitOptions(SecurityPolicyRuleRateLimitOptions value)

public SecurityPolicyRule.Builder mergeRateLimitOptions(SecurityPolicyRuleRateLimitOptions value)

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Parameter
NameDescription
valueSecurityPolicyRuleRateLimitOptions
Returns
TypeDescription
SecurityPolicyRule.Builder

mergeRedirectOptions(SecurityPolicyRuleRedirectOptions value)

public SecurityPolicyRule.Builder mergeRedirectOptions(SecurityPolicyRuleRedirectOptions value)

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Parameter
NameDescription
valueSecurityPolicyRuleRedirectOptions
Returns
TypeDescription
SecurityPolicyRule.Builder

mergeUnknownFields(UnknownFieldSet unknownFields)

public final SecurityPolicyRule.Builder mergeUnknownFields(UnknownFieldSet unknownFields)
Parameter
NameDescription
unknownFieldsUnknownFieldSet
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides

setAction(String value)

public SecurityPolicyRule.Builder setAction(String value)

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Parameter
NameDescription
valueString

The action to set.

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

setActionBytes(ByteString value)

public SecurityPolicyRule.Builder setActionBytes(ByteString value)

The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.

optional string action = 187661878;

Parameter
NameDescription
valueByteString

The bytes for action to set.

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

setDescription(String value)

public SecurityPolicyRule.Builder setDescription(String value)

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Parameter
NameDescription
valueString

The description to set.

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

setDescriptionBytes(ByteString value)

public SecurityPolicyRule.Builder setDescriptionBytes(ByteString value)

An optional description of this resource. Provide this property when you create the resource.

optional string description = 422937596;

Parameter
NameDescription
valueByteString

The bytes for description to set.

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

setField(Descriptors.FieldDescriptor field, Object value)

public SecurityPolicyRule.Builder setField(Descriptors.FieldDescriptor field, Object value)
Parameters
NameDescription
fieldFieldDescriptor
valueObject
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides

setHeaderAction(SecurityPolicyRuleHttpHeaderAction value)

public SecurityPolicyRule.Builder setHeaderAction(SecurityPolicyRuleHttpHeaderAction value)

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Parameter
NameDescription
valueSecurityPolicyRuleHttpHeaderAction
Returns
TypeDescription
SecurityPolicyRule.Builder

setHeaderAction(SecurityPolicyRuleHttpHeaderAction.Builder builderForValue)

public SecurityPolicyRule.Builder setHeaderAction(SecurityPolicyRuleHttpHeaderAction.Builder builderForValue)

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleHttpHeaderAction header_action = 328077352;

Parameter
NameDescription
builderForValueSecurityPolicyRuleHttpHeaderAction.Builder
Returns
TypeDescription
SecurityPolicyRule.Builder

setKind(String value)

public SecurityPolicyRule.Builder setKind(String value)

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Parameter
NameDescription
valueString

The kind to set.

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

setKindBytes(ByteString value)

public SecurityPolicyRule.Builder setKindBytes(ByteString value)

[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules

optional string kind = 3292052;

Parameter
NameDescription
valueByteString

The bytes for kind to set.

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

setMatch(SecurityPolicyRuleMatcher value)

public SecurityPolicyRule.Builder setMatch(SecurityPolicyRuleMatcher value)

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Parameter
NameDescription
valueSecurityPolicyRuleMatcher
Returns
TypeDescription
SecurityPolicyRule.Builder

setMatch(SecurityPolicyRuleMatcher.Builder builderForValue)

public SecurityPolicyRule.Builder setMatch(SecurityPolicyRuleMatcher.Builder builderForValue)

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

optional .google.cloud.compute.v1.SecurityPolicyRuleMatcher match = 103668165;

Parameter
NameDescription
builderForValueSecurityPolicyRuleMatcher.Builder
Returns
TypeDescription
SecurityPolicyRule.Builder

setNetworkMatch(SecurityPolicyRuleNetworkMatcher value)

public SecurityPolicyRule.Builder setNetworkMatch(SecurityPolicyRuleNetworkMatcher value)

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Parameter
NameDescription
valueSecurityPolicyRuleNetworkMatcher
Returns
TypeDescription
SecurityPolicyRule.Builder

setNetworkMatch(SecurityPolicyRuleNetworkMatcher.Builder builderForValue)

public SecurityPolicyRule.Builder setNetworkMatch(SecurityPolicyRuleNetworkMatcher.Builder builderForValue)

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive.

optional .google.cloud.compute.v1.SecurityPolicyRuleNetworkMatcher network_match = 463387764;

Parameter
NameDescription
builderForValueSecurityPolicyRuleNetworkMatcher.Builder
Returns
TypeDescription
SecurityPolicyRule.Builder

setPreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig value)

public SecurityPolicyRule.Builder setPreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig value)

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Parameter
NameDescription
valueSecurityPolicyRulePreconfiguredWafConfig
Returns
TypeDescription
SecurityPolicyRule.Builder

setPreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig.Builder builderForValue)

public SecurityPolicyRule.Builder setPreconfiguredWafConfig(SecurityPolicyRulePreconfiguredWafConfig.Builder builderForValue)

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

optional .google.cloud.compute.v1.SecurityPolicyRulePreconfiguredWafConfig preconfigured_waf_config = 117805027;

Parameter
NameDescription
builderForValueSecurityPolicyRulePreconfiguredWafConfig.Builder
Returns
TypeDescription
SecurityPolicyRule.Builder

setPreview(boolean value)

public SecurityPolicyRule.Builder setPreview(boolean value)

If set to true, the specified action is not enforced.

optional bool preview = 218686408;

Parameter
NameDescription
valueboolean

The preview to set.

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

setPriority(int value)

public SecurityPolicyRule.Builder setPriority(int value)

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

optional int32 priority = 445151652;

Parameter
NameDescription
valueint

The priority to set.

Returns
TypeDescription
SecurityPolicyRule.Builder

This builder for chaining.

setRateLimitOptions(SecurityPolicyRuleRateLimitOptions value)

public SecurityPolicyRule.Builder setRateLimitOptions(SecurityPolicyRuleRateLimitOptions value)

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Parameter
NameDescription
valueSecurityPolicyRuleRateLimitOptions
Returns
TypeDescription
SecurityPolicyRule.Builder

setRateLimitOptions(SecurityPolicyRuleRateLimitOptions.Builder builderForValue)

public SecurityPolicyRule.Builder setRateLimitOptions(SecurityPolicyRuleRateLimitOptions.Builder builderForValue)

Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.

optional .google.cloud.compute.v1.SecurityPolicyRuleRateLimitOptions rate_limit_options = 67544315;

Parameter
NameDescription
builderForValueSecurityPolicyRuleRateLimitOptions.Builder
Returns
TypeDescription
SecurityPolicyRule.Builder

setRedirectOptions(SecurityPolicyRuleRedirectOptions value)

public SecurityPolicyRule.Builder setRedirectOptions(SecurityPolicyRuleRedirectOptions value)

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Parameter
NameDescription
valueSecurityPolicyRuleRedirectOptions
Returns
TypeDescription
SecurityPolicyRule.Builder

setRedirectOptions(SecurityPolicyRuleRedirectOptions.Builder builderForValue)

public SecurityPolicyRule.Builder setRedirectOptions(SecurityPolicyRuleRedirectOptions.Builder builderForValue)

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

optional .google.cloud.compute.v1.SecurityPolicyRuleRedirectOptions redirect_options = 163285307;

Parameter
NameDescription
builderForValueSecurityPolicyRuleRedirectOptions.Builder
Returns
TypeDescription
SecurityPolicyRule.Builder

setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)

public SecurityPolicyRule.Builder setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
Parameters
NameDescription
fieldFieldDescriptor
indexint
valueObject
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides

setUnknownFields(UnknownFieldSet unknownFields)

public final SecurityPolicyRule.Builder setUnknownFields(UnknownFieldSet unknownFields)
Parameter
NameDescription
unknownFieldsUnknownFieldSet
Returns
TypeDescription
SecurityPolicyRule.Builder
Overrides