Struct SecurityPolicyRule 

#[non_exhaustive]
pub struct SecurityPolicyRule {
    pub action: Option<String>,
    pub description: Option<String>,
    pub header_action: Option<SecurityPolicyRuleHttpHeaderAction>,
    pub kind: Option<String>,
    pub match: Option<SecurityPolicyRuleMatcher>,
    pub network_match: Option<SecurityPolicyRuleNetworkMatcher>,
    pub preconfigured_waf_config: Option<SecurityPolicyRulePreconfiguredWafConfig>,
    pub preview: Option<bool>,
    pub priority: Option<i32>,
    pub rate_limit_options: Option<SecurityPolicyRuleRateLimitOptions>,
    pub redirect_options: Option<SecurityPolicyRuleRedirectOptions>,
    /* private fields */
}

Available on crate features organization-security-policies or region-security-policies or security-policies only.

Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

action: Option<String>

The Action to perform when the rule is matched. The following are the valid actions:

• allow: allow access to target.
• deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.
• rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set.
• redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.
• throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.
• fairshare (preview only): when traffic reaches the threshold limit, requests from the clients matching this rule begin to be rate-limited using the Fair Share algorithm. This action is only allowed in security policies of type CLOUD_ARMOR_INTERNAL_SERVICE.

description: Option<String>

An optional description of this resource. Provide this property when you create the resource.

header_action: Option<SecurityPolicyRuleHttpHeaderAction>

Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

kind: Option<String>

Output only. [Output only] Type of the resource. Alwayscompute#securityPolicyRule for security policy rules

match: Option<SecurityPolicyRuleMatcher>

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding ‘action’ is enforced.

network_match: Option<SecurityPolicyRuleNetworkMatcher>

A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding ‘action’ is enforced.

The match criteria for a rule consists of built-in match fields (like ‘srcIpRanges’) and potentially multiple user-defined match fields (‘userDefinedFields’).

Field values may be extracted directly from the packet or derived from it (e.g. ‘srcRegionCodes’). Some fields may not be present in every packet (e.g. ‘srcPorts’). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds.

Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it’s not required to be present. For strings specifying ‘*’ is also equivalent to match all.

For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet.

Example:

networkMatch: srcIpRanges:

• “192.0.2.0/24”
• “198.51.100.0/24” userDefinedFields:
• name: “ipv4_fragment_offset” values:
  • “1-0x1fff”

The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named “ipv4_fragment_offset” with a value between 1 and 0x1fff inclusive.

preconfigured_waf_config: Option<SecurityPolicyRulePreconfiguredWafConfig>

Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.

preview: Option<bool>

If set to true, the specified action is not enforced.

priority: Option<i32>

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

rate_limit_options: Option<SecurityPolicyRuleRateLimitOptions>

Must be specified if the action is “rate_based_ban” or “throttle” or “fairshare”. Cannot be specified for any other actions.

redirect_options: Option<SecurityPolicyRuleRedirectOptions>

Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.

Implementations

impl SecurityPolicyRule

pub fn new() -> Self

pub fn set_action<T>(self, v: T) -> Self

where T: Into<String>,

Sets the value of action.

Example

let x = SecurityPolicyRule::new().set_action("example");

pub fn set_or_clear_action<T>(self, v: Option<T>) -> Self

where T: Into<String>,

Sets or clears the value of action.

Example

let x = SecurityPolicyRule::new().set_or_clear_action(Some("example"));
let x = SecurityPolicyRule::new().set_or_clear_action(None::<String>);

pub fn set_description<T>(self, v: T) -> Self

where T: Into<String>,

Sets the value of description.

Example

let x = SecurityPolicyRule::new().set_description("example");

pub fn set_or_clear_description<T>(self, v: Option<T>) -> Self

where T: Into<String>,

Sets or clears the value of description.

Example

let x = SecurityPolicyRule::new().set_or_clear_description(Some("example"));
let x = SecurityPolicyRule::new().set_or_clear_description(None::<String>);

pub fn set_header_action<T>(self, v: T) -> Self

where T: Into<SecurityPolicyRuleHttpHeaderAction>,

Sets the value of header_action.

Example

use google_cloud_compute_v1::model::SecurityPolicyRuleHttpHeaderAction;
let x = SecurityPolicyRule::new().set_header_action(SecurityPolicyRuleHttpHeaderAction::default()/* use setters */);

pub fn set_or_clear_header_action<T>(self, v: Option<T>) -> Self

where T: Into<SecurityPolicyRuleHttpHeaderAction>,

Sets or clears the value of header_action.

Example

use google_cloud_compute_v1::model::SecurityPolicyRuleHttpHeaderAction;
let x = SecurityPolicyRule::new().set_or_clear_header_action(Some(SecurityPolicyRuleHttpHeaderAction::default()/* use setters */));
let x = SecurityPolicyRule::new().set_or_clear_header_action(None::<SecurityPolicyRuleHttpHeaderAction>);

pub fn set_kind<T>(self, v: T) -> Self

where T: Into<String>,

Sets the value of kind.

Example

let x = SecurityPolicyRule::new().set_kind("example");

pub fn set_or_clear_kind<T>(self, v: Option<T>) -> Self

where T: Into<String>,

Sets or clears the value of kind.

Example

let x = SecurityPolicyRule::new().set_or_clear_kind(Some("example"));
let x = SecurityPolicyRule::new().set_or_clear_kind(None::<String>);

pub fn set_match<T>(self, v: T) -> Self

where T: Into<SecurityPolicyRuleMatcher>,

Sets the value of r#match.

Example

use google_cloud_compute_v1::model::SecurityPolicyRuleMatcher;
let x = SecurityPolicyRule::new().set_match(SecurityPolicyRuleMatcher::default()/* use setters */);

pub fn set_or_clear_match<T>(self, v: Option<T>) -> Self

where T: Into<SecurityPolicyRuleMatcher>,

Sets or clears the value of r#match.

Example

use google_cloud_compute_v1::model::SecurityPolicyRuleMatcher;
let x = SecurityPolicyRule::new().set_or_clear_match(Some(SecurityPolicyRuleMatcher::default()/* use setters */));
let x = SecurityPolicyRule::new().set_or_clear_match(None::<SecurityPolicyRuleMatcher>);

pub fn set_network_match<T>(self, v: T) -> Self

where T: Into<SecurityPolicyRuleNetworkMatcher>,

Sets the value of network_match.

Example

use google_cloud_compute_v1::model::SecurityPolicyRuleNetworkMatcher;
let x = SecurityPolicyRule::new().set_network_match(SecurityPolicyRuleNetworkMatcher::default()/* use setters */);

pub fn set_or_clear_network_match<T>(self, v: Option<T>) -> Self

where T: Into<SecurityPolicyRuleNetworkMatcher>,

Sets or clears the value of network_match.

Example

use google_cloud_compute_v1::model::SecurityPolicyRuleNetworkMatcher;
let x = SecurityPolicyRule::new().set_or_clear_network_match(Some(SecurityPolicyRuleNetworkMatcher::default()/* use setters */));
let x = SecurityPolicyRule::new().set_or_clear_network_match(None::<SecurityPolicyRuleNetworkMatcher>);

pub fn set_preconfigured_waf_config<T>(self, v: T) -> Self

where T: Into<SecurityPolicyRulePreconfiguredWafConfig>,

Sets the value of preconfigured_waf_config.

Example

use google_cloud_compute_v1::model::SecurityPolicyRulePreconfiguredWafConfig;
let x = SecurityPolicyRule::new().set_preconfigured_waf_config(SecurityPolicyRulePreconfiguredWafConfig::default()/* use setters */);

pub fn set_or_clear_preconfigured_waf_config<T>(self, v: Option<T>) -> Self

where T: Into<SecurityPolicyRulePreconfiguredWafConfig>,

Sets or clears the value of preconfigured_waf_config.

Example

use google_cloud_compute_v1::model::SecurityPolicyRulePreconfiguredWafConfig;
let x = SecurityPolicyRule::new().set_or_clear_preconfigured_waf_config(Some(SecurityPolicyRulePreconfiguredWafConfig::default()/* use setters */));
let x = SecurityPolicyRule::new().set_or_clear_preconfigured_waf_config(None::<SecurityPolicyRulePreconfiguredWafConfig>);

pub fn set_preview<T>(self, v: T) -> Self

where T: Into<bool>,

Sets the value of preview.

Example

let x = SecurityPolicyRule::new().set_preview(true);

pub fn set_or_clear_preview<T>(self, v: Option<T>) -> Self

where T: Into<bool>,

Sets or clears the value of preview.

Example

let x = SecurityPolicyRule::new().set_or_clear_preview(Some(false));
let x = SecurityPolicyRule::new().set_or_clear_preview(None::<bool>);

pub fn set_priority<T>(self, v: T) -> Self

where T: Into<i32>,

Sets the value of priority.

Example

let x = SecurityPolicyRule::new().set_priority(42);

pub fn set_or_clear_priority<T>(self, v: Option<T>) -> Self

where T: Into<i32>,

Sets or clears the value of priority.

Example

let x = SecurityPolicyRule::new().set_or_clear_priority(Some(42));
let x = SecurityPolicyRule::new().set_or_clear_priority(None::<i32>);

pub fn set_rate_limit_options<T>(self, v: T) -> Self

where T: Into<SecurityPolicyRuleRateLimitOptions>,

Sets the value of rate_limit_options.

Example

use google_cloud_compute_v1::model::SecurityPolicyRuleRateLimitOptions;
let x = SecurityPolicyRule::new().set_rate_limit_options(SecurityPolicyRuleRateLimitOptions::default()/* use setters */);

pub fn set_or_clear_rate_limit_options<T>(self, v: Option<T>) -> Self

where T: Into<SecurityPolicyRuleRateLimitOptions>,

Sets or clears the value of rate_limit_options.

Example

use google_cloud_compute_v1::model::SecurityPolicyRuleRateLimitOptions;
let x = SecurityPolicyRule::new().set_or_clear_rate_limit_options(Some(SecurityPolicyRuleRateLimitOptions::default()/* use setters */));
let x = SecurityPolicyRule::new().set_or_clear_rate_limit_options(None::<SecurityPolicyRuleRateLimitOptions>);

pub fn set_redirect_options<T>(self, v: T) -> Self

where T: Into<SecurityPolicyRuleRedirectOptions>,

Sets the value of redirect_options.

Example

use google_cloud_compute_v1::model::SecurityPolicyRuleRedirectOptions;
let x = SecurityPolicyRule::new().set_redirect_options(SecurityPolicyRuleRedirectOptions::default()/* use setters */);

pub fn set_or_clear_redirect_options<T>(self, v: Option<T>) -> Self

where T: Into<SecurityPolicyRuleRedirectOptions>,

Sets or clears the value of redirect_options.

Example

use google_cloud_compute_v1::model::SecurityPolicyRuleRedirectOptions;
let x = SecurityPolicyRule::new().set_or_clear_redirect_options(Some(SecurityPolicyRuleRedirectOptions::default()/* use setters */));
let x = SecurityPolicyRule::new().set_or_clear_redirect_options(None::<SecurityPolicyRuleRedirectOptions>);

Trait Implementations

impl Clone for SecurityPolicyRule

fn clone(&self) -> SecurityPolicyRule

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SecurityPolicyRule

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for SecurityPolicyRule

fn default() -> SecurityPolicyRule

Returns the “default value” for a type.

impl Message for SecurityPolicyRule

fn typename() -> &'static str

The typename of this message.

impl PartialEq for SecurityPolicyRule

fn eq(&self, other: &SecurityPolicyRule) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl StructuralPartialEq for SecurityPolicyRule