Skip to main content

security_actions

Creates, updates, deletes, gets or lists a security_actions resource.

Overview

Namesecurity_actions
TypeResource
Idgoogle.apigee.security_actions

Fields

NameDatatypeDescription
namestringImmutable. This field is ignored during creation as per AIP-133. Please set the security_action_id field in the CreateSecurityActionRequest when creating a new SecurityAction. Format: organizations/{org}/environments/{env}/securityActions/{security_action}
descriptionstringOptional. An optional user provided description of the SecurityAction.
allowobjectMessage that should be set in case of an Allow Action. This does not have any fields.
apiProxiesarrayOptional. If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
conditionConfigobjectThe following are a list of conditions. A valid SecurityAction must contain at least one condition. Within a condition, each element is ORed. Across conditions elements are ANDed. For example if a SecurityAction has the following: ip_address_ranges: ["ip1", "ip2"] and bot_reasons: ["Flooder", "Robot Abuser"] then this is interpreted as: enforce the action if the incoming request has ((ip_address_ranges = "ip1" OR ip_address_ranges = "ip2") AND (bot_reasons="Flooder" OR bot_reasons="Robot Abuser")). Conditions other than ip_address_ranges and bot_reasons cannot be ANDed.
createTimestringOutput only. The create time for this SecurityAction.
denyobjectMessage that should be set in case of a Deny Action.
expireTimestringThe expiration for this SecurityAction.
flagobjectThe message that should be set in the case of a Flag action.
statestringRequired. Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced.
ttlstringInput only. The TTL for this SecurityAction.
updateTimestringOutput only. The update time for this SecurityAction. This reflects when this SecurityAction changed states.

Methods

NameAccessible byRequired ParamsDescription
organizations_environments_security_actions_getSELECTenvironmentsId, organizationsId, securityActionsIdGet a SecurityAction by name.
organizations_environments_security_actions_listSELECTenvironmentsId, organizationsIdReturns a list of SecurityActions. This returns both enabled and disabled actions.
organizations_environments_security_actions_createINSERTenvironmentsId, organizationsIdCreateSecurityAction creates a SecurityAction.
organizations_environments_security_actions_disableEXECenvironmentsId, organizationsId, securityActionsIdDisable a SecurityAction. The state of the SecurityAction after disabling is DISABLED. DisableSecurityAction can be called on SecurityActions in the state ENABLED; SecurityActions in a different state (including DISABLED) return an error.
organizations_environments_security_actions_enableEXECenvironmentsId, organizationsId, securityActionsIdEnable a SecurityAction. The state of the SecurityAction after enabling is ENABLED. EnableSecurityAction can be called on SecurityActions in the state DISABLED; SecurityActions in a different state (including `ENABLED) return an error.

SELECT examples

Returns a list of SecurityActions. This returns both enabled and disabled actions.

SELECT
name,
description,
allow,
apiProxies,
conditionConfig,
createTime,
deny,
expireTime,
flag,
state,
ttl,
updateTime
FROM google.apigee.security_actions
WHERE environmentsId = '{{ environmentsId }}'
AND organizationsId = '{{ organizationsId }}';

INSERT example

Use the following StackQL query and manifest file to create a new security_actions resource.

/*+ create */
INSERT INTO google.apigee.security_actions (
environmentsId,
organizationsId,
state,
conditionConfig,
allow,
name,
description,
deny,
ttl,
flag,
expireTime,
apiProxies
)
SELECT 
'{{ environmentsId }}',
'{{ organizationsId }}',
'{{ state }}',
'{{ conditionConfig }}',
'{{ allow }}',
'{{ name }}',
'{{ description }}',
'{{ deny }}',
'{{ ttl }}',
'{{ flag }}',
'{{ expireTime }}',
'{{ apiProxies }}'
;