Request used by the AddAddressGroupItems method.
AddressGroup is a resource that specifies how a collection of IP/DNS used in Firewall Policy.
AuthorizationPolicy is a resource that specifies how a server should authorize incoming connections. This resource in itself does not change the configuration unless it’s attached to a target https proxy or endpoint config selector resource.
The request message for Operations.CancelOperation.
Specification of a TLS certificate provider instance. Workloads may have one or more CertificateProvider instances (plugins) and one of them is enabled and configured by specifying this message. Workloads use the values from this message to locate and load the CertificateProvider instance configuration.
ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
Request used by the CloneAddressGroupItems method.
Specification of traffic destination attributes.
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: “Summary size limit” description: “Determines if a summary is less than 100 chars” expression: “document.summary.size() < 100” Example (Equality): title: “Requestor is owner” description: “Determines if requestor is the document owner” expression: “document.owner == request.auth.claims.email” Example (Logic): title: “Public documents” description: “Determine whether the document should be publicly visible” expression: “document.type != ‘private’ && document.type != ‘internal’” Example (Data Manipulation): title: “Notification string” description: “Create a notification string with a timestamp.” expression: “’New message received at ’ + string(document.create_time)” The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
The GatewaySecurityPolicy resource contains a collection of GatewaySecurityPolicyRules and associated metadata.
The GatewaySecurityPolicyRule resource is in a nested collection within a GatewaySecurityPolicy and represents a traffic matching condition and associated action to perform.
Specification of certificate provider. Defines the mechanism to obtain the certificate and private key for peer to peer authentication.
Specification of the GRPC Endpoint.
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { “audit_configs”: [ { “service”: “allServices”, “audit_log_configs”: [ { “log_type”: “DATA_READ”, “exempted_members”: [ “user:jose@example.com” ] }, { “log_type”: “DATA_WRITE” }, { “log_type”: “ADMIN_READ” } ] }, { “service”: “sampleservice.googleapis.com”, “audit_log_configs”: [ { “log_type”: “DATA_READ” }, { “log_type”: “DATA_WRITE”, “exempted_members”: [ “user:aliya@example.com” ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
Provides the configuration for logging a type of permissions. Example: { “audit_log_configs”: [ { “log_type”: “DATA_READ”, “exempted_members”: [ “user:jose@example.com” ] }, { “log_type”: “DATA_WRITE” } ] } This enables ‘DATA_READ’ and ‘DATA_WRITE’ logging, while exempting jose@example.com from DATA_READ logging.
Associates members, or principals, with a role.
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A
Policy is a collection of
bindings. A
binding binds one or more
members, or principals, to a single
role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A
role is a named list of permissions; each
role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a
binding can also specify a
condition, which is a logical expression that allows access to a resource only if the expression evaluates to
true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the
IAM documentation.
JSON example: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } YAML example: bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the
IAM documentation.
Request message for SetIamPolicy method.
Request message for TestIamPermissions method.
Response message for TestIamPermissions method.
Specification of HTTP header match attributes.
Response of the ListAddressGroupReferences method.
The Reference of AddressGroup.
Response returned by the ListAddressGroups method.
Response returned by the ListAuthorizationPolicies method.
Response returned by the ListClientTlsPolicies method.
Response returned by the ListGatewaySecurityPolicies method.
Response returned by the ListGatewaySecurityPolicyRules method.
The response message for Locations.ListLocations.
The response message for Operations.ListOperations.
Response returned by the ListServerTlsPolicies method.
Response returned by the ListTlsInspectionPolicies method.
Response returned by the ListUrlLists method.
A resource that represents a Google Cloud location.
Specification of the MTLSPolicy.
Central instance to access all NetworkSecurity related resource activities
This resource represents a long-running operation that is the result of a network API call.
Adds items to an address group.
Clones items from one address group to another.
Creates a new address group in a given project and location.
Deletes an address group.
Gets details of a single address group.
Lists address groups in a given project and location.
Lists references of an address group.
Updates parameters of an address group.
Removes items from an address group.
Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn’t support this method, it returns google.rpc.Code.UNIMPLEMENTED. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED.
Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn’t support this method, it returns google.rpc.Code.UNIMPLEMENTED.
Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
Lists operations that match the specified filter in the request. If the server doesn’t support this method, it returns UNIMPLEMENTED.
A builder providing access to all methods supported on
organization resources.
It is not used directly, but through the
NetworkSecurity hub.
Adds items to an address group.
Clones items from one address group to another.
Creates a new address group in a given project and location.
Deletes a single address group.
Gets details of a single address group.
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Lists address groups in a given project and location.
Lists references of an address group.
Updates the parameters of a single address group.
Removes items from an address group.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may “fail open” without warning.
Creates a new AuthorizationPolicy in a given project and location.
Deletes a single AuthorizationPolicy.
Gets details of a single AuthorizationPolicy.
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Lists AuthorizationPolicies in a given project and location.
Updates the parameters of a single AuthorizationPolicy.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may “fail open” without warning.
Creates a new ClientTlsPolicy in a given project and location.
Deletes a single ClientTlsPolicy.
Gets details of a single ClientTlsPolicy.
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Lists ClientTlsPolicies in a given project and location.
Updates the parameters of a single ClientTlsPolicy.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may “fail open” without warning.
Creates a new GatewaySecurityPolicy in a given project and location.
Deletes a single GatewaySecurityPolicy.
Gets details of a single GatewaySecurityPolicy.
Lists GatewaySecurityPolicies in a given project and location.
Updates the parameters of a single GatewaySecurityPolicy.
Creates a new GatewaySecurityPolicy in a given project and location.
Deletes a single GatewaySecurityPolicyRule.
Gets details of a single GatewaySecurityPolicyRule.
Lists GatewaySecurityPolicyRules in a given project and location.
Updates the parameters of a single GatewaySecurityPolicyRule.
Gets information about a location.
Lists information about the supported locations for this service.
Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn’t support this method, it returns google.rpc.Code.UNIMPLEMENTED. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED.
Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn’t support this method, it returns google.rpc.Code.UNIMPLEMENTED.
Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
Lists operations that match the specified filter in the request. If the server doesn’t support this method, it returns UNIMPLEMENTED.
Creates a new ServerTlsPolicy in a given project and location.
Deletes a single ServerTlsPolicy.
Gets details of a single ServerTlsPolicy.
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Lists ServerTlsPolicies in a given project and location.
Updates the parameters of a single ServerTlsPolicy.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may “fail open” without warning.
Creates a new TlsInspectionPolicy in a given project and location.
Deletes a single TlsInspectionPolicy.
Gets details of a single TlsInspectionPolicy.
Lists TlsInspectionPolicies in a given project and location.
Updates the parameters of a single TlsInspectionPolicy.
Creates a new UrlList in a given project and location.
Deletes a single UrlList.
Gets details of a single UrlList.
Lists UrlLists in a given project and location.
Updates the parameters of a single UrlList.
A builder providing access to all methods supported on
project resources.
It is not used directly, but through the
NetworkSecurity hub.
Request used by the RemoveAddressGroupItems method.
Specification of rules.
ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. This resource itself does not affect configuration unless it is attached to a target HTTPS proxy or endpoint config selector resource. ServerTlsPolicy in the form accepted by external HTTPS load balancers can be attached only to TargetHttpsProxy with an EXTERNAL or EXTERNAL_MANAGED load balancing scheme. Traffic Director compatible ServerTlsPolicies can be attached to EndpointPolicy and TargetHttpsProxy with Traffic Director INTERNAL_SELF_MANAGED load balancing scheme.
Specification of traffic source attributes.
The
Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by
gRPC. Each
Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the
API Design Guide.
The TlsInspectionPolicy resource contains references to CA pools in Certificate Authority Service and associated metadata.
UrlList proto helps users to set reusable, independently manageable lists of hosts, host patterns, URLs, URL patterns.
Specification of ValidationCA. Defines the mechanism to obtain the Certificate Authority certificate to validate the peer certificate.