Skip to main content

Rule

google_cloud_chronicle_v1::model

Struct Rule 

Source 
#[non_exhaustive]
pub struct Rule {
Show 18 fields
    pub name: String,
    pub revision_id: String,
    pub display_name: String,
    pub text: String,
    pub author: String,
    pub severity: Option<Severity>,
    pub metadata: HashMap<String, String>,
    pub create_time: Option<Timestamp>,
    pub revision_create_time: Option<Timestamp>,
    pub compilation_state: CompilationState,
    pub type: RuleType,
    pub reference_lists: Vec<String>,
    pub allowed_run_frequencies: Vec<RunFrequency>,
    pub etag: String,
    pub scope: String,
    pub compilation_diagnostics: Vec<CompilationDiagnostic>,
    pub near_real_time_live_rule_eligible: bool,
    pub inputs_used: Option<InputsUsed>,
    /* private fields */

}
Expand description

The Rule resource represents a user-created rule. NEXT TAG: 21

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§name: String

Identifier. Full resource name for the rule. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}

§revision_id: String

Output only. The revision ID of the rule. A new revision is created whenever the rule text is changed in any way. Format: v_{10 digits}_{9 digits} Populated in REVISION_METADATA_ONLY view and FULL view.

§display_name: String

Output only. Display name of the rule. Populated in BASIC view and FULL view.

§text: String

The YARA-L content of the rule. Populated in FULL view.

§author: String

Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.

§severity: Option<Severity>

Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.

§metadata: HashMap<String, String>

Output only. Additional metadata specified in the meta section of text. Populated in FULL view.

§create_time: Option<Timestamp>

Output only. The timestamp of when the rule was created. Populated in FULL view.

§revision_create_time: Option<Timestamp>

Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views.

§compilation_state: CompilationState

Output only. The current compilation state of the rule. Populated in FULL view.

§type: RuleType

Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.

§reference_lists: Vec<String>

Output only. Resource names of the reference lists used in this rule. Populated in FULL view.

§allowed_run_frequencies: Vec<RunFrequency>

Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view.

§etag: String

The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.

§scope: String

Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user’s and the rule’s scopes. The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.

§compilation_diagnostics: Vec<CompilationDiagnostic>

Output only. A list of a rule’s corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.

§near_real_time_live_rule_eligible: bool

Output only. Indicate the rule can run in near real time live rule. If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.

§inputs_used: Option<InputsUsed>

Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.

Implementations§

Source§

impl Rule

Source

pub fn new() -> Self

Creates a new default instance.

Source

pub fn set_name<T: Into<String>>(self, v: T) -> Self

Sets the value of name.

§Example
let x = Rule::new().set_name(format!("projects/{project_id}/locations/{location_id}/instances/{instance_id}/rules/{rule_id}"));
Source

pub fn set_revision_id<T: Into<String>>(self, v: T) -> Self

Sets the value of revision_id.

§Example
let x = Rule::new().set_revision_id("example");
Source

pub fn set_display_name<T: Into<String>>(self, v: T) -> Self

Sets the value of display_name.

§Example
let x = Rule::new().set_display_name("example");
Source

pub fn set_text<T: Into<String>>(self, v: T) -> Self

Sets the value of text.

§Example
let x = Rule::new().set_text("example");
Source

pub fn set_author<T: Into<String>>(self, v: T) -> Self

Sets the value of author.

§Example
let x = Rule::new().set_author("example");
Source

pub fn set_severity<T>(self, v: T) -> Self
where T: Into<Severity>,

Sets the value of severity.

§Example
use google_cloud_chronicle_v1::model::Severity;
let x = Rule::new().set_severity(Severity::default()/* use setters */);
Source

pub fn set_or_clear_severity<T>(self, v: Option<T>) -> Self
where T: Into<Severity>,

Sets or clears the value of severity.

§Example
use google_cloud_chronicle_v1::model::Severity;
let x = Rule::new().set_or_clear_severity(Some(Severity::default()/* use setters */));
let x = Rule::new().set_or_clear_severity(None::<Severity>);
Source

pub fn set_metadata<T, K, V>(self, v: T) -> Self
where T: IntoIterator<Item = (K, V)>, K: Into<String>, V: Into<String>,

Sets the value of metadata.

§Example
let x = Rule::new().set_metadata([
    ("key0", "abc"),
    ("key1", "xyz"),
]);
Source

pub fn set_create_time<T>(self, v: T) -> Self
where T: Into<Timestamp>,

Sets the value of create_time.

§Example
use wkt::Timestamp;
let x = Rule::new().set_create_time(Timestamp::default()/* use setters */);
Source

pub fn set_or_clear_create_time<T>(self, v: Option<T>) -> Self
where T: Into<Timestamp>,

Sets or clears the value of create_time.

§Example
use wkt::Timestamp;
let x = Rule::new().set_or_clear_create_time(Some(Timestamp::default()/* use setters */));
let x = Rule::new().set_or_clear_create_time(None::<Timestamp>);
Source

pub fn set_revision_create_time<T>(self, v: T) -> Self
where T: Into<Timestamp>,

Sets the value of revision_create_time.

§Example
use wkt::Timestamp;
let x = Rule::new().set_revision_create_time(Timestamp::default()/* use setters */);
Source

pub fn set_or_clear_revision_create_time<T>(self, v: Option<T>) -> Self
where T: Into<Timestamp>,

Sets or clears the value of revision_create_time.

§Example
use wkt::Timestamp;
let x = Rule::new().set_or_clear_revision_create_time(Some(Timestamp::default()/* use setters */));
let x = Rule::new().set_or_clear_revision_create_time(None::<Timestamp>);
Source

pub fn set_compilation_state<T: Into<CompilationState>>(self, v: T) -> Self

Sets the value of compilation_state.

§Example
use google_cloud_chronicle_v1::model::rule::CompilationState;
let x0 = Rule::new().set_compilation_state(CompilationState::Succeeded);
let x1 = Rule::new().set_compilation_state(CompilationState::Failed);
Source

pub fn set_type<T: Into<RuleType>>(self, v: T) -> Self

Sets the value of r#type.

§Example
use google_cloud_chronicle_v1::model::RuleType;
let x0 = Rule::new().set_type(RuleType::SingleEvent);
let x1 = Rule::new().set_type(RuleType::MultiEvent);
Source

pub fn set_reference_lists<T, V>(self, v: T) -> Self
where T: IntoIterator<Item = V>, V: Into<String>,

Sets the value of reference_lists.

§Example
let x = Rule::new().set_reference_lists(["a", "b", "c"]);
Source

pub fn set_allowed_run_frequencies<T, V>(self, v: T) -> Self
where T: IntoIterator<Item = V>, V: Into<RunFrequency>,

Sets the value of allowed_run_frequencies.

§Example
use google_cloud_chronicle_v1::model::RunFrequency;
let x = Rule::new().set_allowed_run_frequencies([
    RunFrequency::Live,
    RunFrequency::Hourly,
    RunFrequency::Daily,
]);
Source

pub fn set_etag<T: Into<String>>(self, v: T) -> Self

Sets the value of etag.

§Example
let x = Rule::new().set_etag("example");
Source

pub fn set_scope<T: Into<String>>(self, v: T) -> Self

Sets the value of scope.

§Example
let x = Rule::new().set_scope(format!("projects/{project_id}/locations/{location_id}/instances/{instance_id}/dataAccessScopes/{data_access_scope_id}"));
Source

pub fn set_compilation_diagnostics<T, V>(self, v: T) -> Self
where T: IntoIterator<Item = V>, V: Into<CompilationDiagnostic>,

Sets the value of compilation_diagnostics.

§Example
use google_cloud_chronicle_v1::model::CompilationDiagnostic;
let x = Rule::new()
    .set_compilation_diagnostics([
        CompilationDiagnostic::default()/* use setters */,
        CompilationDiagnostic::default()/* use (different) setters */,
    ]);
Source

pub fn set_near_real_time_live_rule_eligible<T: Into<bool>>(self, v: T) -> Self

Sets the value of near_real_time_live_rule_eligible.

§Example
let x = Rule::new().set_near_real_time_live_rule_eligible(true);
Source

pub fn set_inputs_used<T>(self, v: T) -> Self
where T: Into<InputsUsed>,

Sets the value of inputs_used.

§Example
use google_cloud_chronicle_v1::model::InputsUsed;
let x = Rule::new().set_inputs_used(InputsUsed::default()/* use setters */);
Source

pub fn set_or_clear_inputs_used<T>(self, v: Option<T>) -> Self
where T: Into<InputsUsed>,

Sets or clears the value of inputs_used.

§Example
use google_cloud_chronicle_v1::model::InputsUsed;
let x = Rule::new().set_or_clear_inputs_used(Some(InputsUsed::default()/* use setters */));
let x = Rule::new().set_or_clear_inputs_used(None::<InputsUsed>);

Trait Implementations§

Source§

impl Clone for Rule

Source§

fn clone(&self) -> Rule

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Rule

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for Rule

Source§

fn default() -> Rule

Returns the “default value” for a type. Read more
Source§

impl Message for Rule

Source§

fn typename() -> &'static str

The typename of this message.
Source§

impl PartialEq for Rule

Source§

fn eq(&self, other: &Rule) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl StructuralPartialEq for Rule

Auto Trait Implementations§

§

impl Freeze for Rule

§

impl RefUnwindSafe for Rule

§

impl Send for Rule

§

impl Sync for Rule

§

impl Unpin for Rule

§

impl UnsafeUnpin for Rule

§

impl UnwindSafe for Rule

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FutureExt for T

Source§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
Source§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more