# frozen_string_literal: true

# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Auto-generated by gapic-generator-ruby. DO NOT EDIT!


module Google
  module Cloud
    module NetworkSecurity
      module V1beta1
        # AuthorizationPolicy is a resource that specifies how a server
        # should authorize incoming connections. This resource in itself does
        # not change the configuration unless it's attached to a target https
        # proxy or endpoint config selector resource.
        # @!attribute [rw] name
        #   @return [::String]
        #     Required. Name of the AuthorizationPolicy resource. It matches pattern
        #     `projects/{project}/locations/{location}/authorizationPolicies/<authorization_policy>`.
        # @!attribute [rw] description
        #   @return [::String]
        #     Optional. Free-text description of the resource.
        # @!attribute [r] create_time
        #   @return [::Google::Protobuf::Timestamp]
        #     Output only. The timestamp when the resource was created.
        # @!attribute [r] update_time
        #   @return [::Google::Protobuf::Timestamp]
        #     Output only. The timestamp when the resource was updated.
        # @!attribute [rw] labels
        #   @return [::Google::Protobuf::Map{::String => ::String}]
        #     Optional. Set of label tags associated with the AuthorizationPolicy resource.
        # @!attribute [rw] action
        #   @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Action]
        #     Required. The action to take when a rule match is found. Possible values
        #     are "ALLOW" or "DENY".
        # @!attribute [rw] rules
        #   @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule>]
        #     Optional. List of rules to match. Note that at least one of the rules must match in
        #     order for the action specified in the 'action' field to be taken. A rule is
        #     a match if there is a matching source and destination. If left blank, the
        #     action specified in the `action` field will be applied on every request.
        class AuthorizationPolicy
          include ::Google::Protobuf::MessageExts
          extend ::Google::Protobuf::MessageExts::ClassMethods

          # Specification of rules.
          # @!attribute [rw] sources
          #   @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Source>]
          #     Optional. List of attributes for the traffic source. All of the sources must match.
          #     A source is a match if both principals and ip_blocks match. If not set,
          #     the action specified in the 'action' field will be applied without any
          #     rule checks for the source.
          # @!attribute [rw] destinations
          #   @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Destination>]
          #     Optional. List of attributes for the traffic destination. All of the destinations
          #     must match. A destination is a match if a request matches all the
          #     specified hosts, ports, methods and headers. If not set, the
          #     action specified in the 'action' field will be applied without any rule
          #     checks for the destination.
          class Rule
            include ::Google::Protobuf::MessageExts
            extend ::Google::Protobuf::MessageExts::ClassMethods

            # Specification of traffic source attributes.
            # @!attribute [rw] principals
            #   @return [::Array<::String>]
            #     Optional. List of peer identities to match for authorization. At least one
            #     principal should match. Each peer can be an exact match, or a prefix
            #     match (example, "namespace/*") or a suffix match (example, //
            #     */service-account") or a presence match "*".
            # @!attribute [rw] ip_blocks
            #   @return [::Array<::String>]
            #     Optional. List of CIDR ranges to match based on source IP address. At least one
            #     IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
            #     "1.2.3.0/24") are supported.
            class Source
              include ::Google::Protobuf::MessageExts
              extend ::Google::Protobuf::MessageExts::ClassMethods
            end

            # Specification of traffic destination attributes.
            # @!attribute [rw] hosts
            #   @return [::Array<::String>]
            #     Required. List of host names to match. Matched against HOST header in
            #     http requests. At least one host should match. Each host can be an
            #     exact match, or a prefix match (example "mydomain.*") or a suffix
            #     match (example // *.myorg.com") or a presence(any) match "*".
            # @!attribute [rw] ports
            #   @return [::Array<::Integer>]
            #     Required. List of destination ports to match. At least one port should match.
            # @!attribute [rw] methods
            #   @return [::Array<::String>]
            #     Optional. A list of HTTP methods to match. At least one method should
            #     match. Should not be set for gRPC services.
            # @!attribute [rw] http_header_match
            #   @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Destination::HttpHeaderMatch]
            #     Optional. Match against key:value pair in http header. Provides a
            #     flexible match based on HTTP headers, for potentially
            #     advanced use cases. At least one header should match.
            class Destination
              include ::Google::Protobuf::MessageExts
              extend ::Google::Protobuf::MessageExts::ClassMethods

              # Specification of HTTP header match atrributes.
              # @!attribute [rw] regex_match
              #   @return [::String]
              #     Required. The value of the header must match the regular expression
              #     specified in regexMatch. For regular expression grammar,
              #     please see: en.cppreference.com/w/cpp/regex/ecmascript
              #     For matching against a port specified in the HTTP
              #     request, use a headerMatch with headerName set to Host
              #     and a regular expression that satisfies the RFC2616 Host
              #     header's port specifier.
              # @!attribute [rw] header_name
              #   @return [::String]
              #     Required. The name of the HTTP header to match. For matching
              #     against the HTTP request's authority, use a headerMatch
              #     with the header name ":authority". For matching a
              #     request's method, use the headerName ":method".
              class HttpHeaderMatch
                include ::Google::Protobuf::MessageExts
                extend ::Google::Protobuf::MessageExts::ClassMethods
              end
            end
          end

          # @!attribute [rw] key
          #   @return [::String]
          # @!attribute [rw] value
          #   @return [::String]
          class LabelsEntry
            include ::Google::Protobuf::MessageExts
            extend ::Google::Protobuf::MessageExts::ClassMethods
          end

          # Possible values that define what action to take.
          module Action
            # Default value.
            ACTION_UNSPECIFIED = 0

            # Grant access.
            ALLOW = 1

            # Deny access.
            DENY = 2
          end
        end

        # Request used with the ListAuthorizationPolicies method.
        # @!attribute [rw] parent
        #   @return [::String]
        #     Required. The project and location from which the AuthorizationPolicies
        #     should be listed, specified in the format
        #     `projects/{project}/locations/{location}`.
        # @!attribute [rw] page_size
        #   @return [::Integer]
        #     Maximum number of AuthorizationPolicies to return per call.
        # @!attribute [rw] page_token
        #   @return [::String]
        #     The value returned by the last
        #     `ListAuthorizationPoliciesResponse` Indicates that this is a
        #     continuation of a prior `ListAuthorizationPolicies` call, and
        #     that the system should return the next page of data.
        class ListAuthorizationPoliciesRequest
          include ::Google::Protobuf::MessageExts
          extend ::Google::Protobuf::MessageExts::ClassMethods
        end

        # Response returned by the ListAuthorizationPolicies method.
        # @!attribute [rw] authorization_policies
        #   @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy>]
        #     List of AuthorizationPolicies resources.
        # @!attribute [rw] next_page_token
        #   @return [::String]
        #     If there might be more results than those appearing in this response, then
        #     `next_page_token` is included. To get the next set of results, call this
        #     method again using the value of `next_page_token` as `page_token`.
        class ListAuthorizationPoliciesResponse
          include ::Google::Protobuf::MessageExts
          extend ::Google::Protobuf::MessageExts::ClassMethods
        end

        # Request used by the GetAuthorizationPolicy method.
        # @!attribute [rw] name
        #   @return [::String]
        #     Required. A name of the AuthorizationPolicy to get. Must be in the format
        #     `projects/{project}/locations/{location}/authorizationPolicies/*`.
        class GetAuthorizationPolicyRequest
          include ::Google::Protobuf::MessageExts
          extend ::Google::Protobuf::MessageExts::ClassMethods
        end

        # Request used by the CreateAuthorizationPolicy method.
        # @!attribute [rw] parent
        #   @return [::String]
        #     Required. The parent resource of the AuthorizationPolicy. Must be in the
        #     format `projects/{project}/locations/{location}`.
        # @!attribute [rw] authorization_policy_id
        #   @return [::String]
        #     Required. Short name of the AuthorizationPolicy resource to be created.
        #     This value should be 1-63 characters long, containing only
        #     letters, numbers, hyphens, and underscores, and should not start
        #     with a number. E.g. "authz_policy".
        # @!attribute [rw] authorization_policy
        #   @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy]
        #     Required. AuthorizationPolicy resource to be created.
        class CreateAuthorizationPolicyRequest
          include ::Google::Protobuf::MessageExts
          extend ::Google::Protobuf::MessageExts::ClassMethods
        end

        # Request used by the UpdateAuthorizationPolicy method.
        # @!attribute [rw] update_mask
        #   @return [::Google::Protobuf::FieldMask]
        #     Optional. Field mask is used to specify the fields to be overwritten in the
        #     AuthorizationPolicy resource by the update.
        #     The fields specified in the update_mask are relative to the resource, not
        #     the full request. A field will be overwritten if it is in the mask. If the
        #     user does not provide a mask then all fields will be overwritten.
        # @!attribute [rw] authorization_policy
        #   @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy]
        #     Required. Updated AuthorizationPolicy resource.
        class UpdateAuthorizationPolicyRequest
          include ::Google::Protobuf::MessageExts
          extend ::Google::Protobuf::MessageExts::ClassMethods
        end

        # Request used by the DeleteAuthorizationPolicy method.
        # @!attribute [rw] name
        #   @return [::String]
        #     Required. A name of the AuthorizationPolicy to delete. Must be in the format
        #     `projects/{project}/locations/{location}/authorizationPolicies/*`.
        class DeleteAuthorizationPolicyRequest
          include ::Google::Protobuf::MessageExts
          extend ::Google::Protobuf::MessageExts::ClassMethods
        end
      end
    end
  end
end