Skip to main content

rules

Creates, updates, deletes, gets or lists a rules resource.

Overview

Namerules
TypeResource
Idgoogle.networksecurity.rules

Fields

NameDatatypeDescription
namestringRequired. Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^a-z?$).
descriptionstringOptional. Free-text description of the resource.
applicationMatcherstringOptional. CEL expression for matching on L7/application level criteria.
basicProfilestringRequired. Profile which tells what the primitive action should be.
createTimestringOutput only. Time when the rule was created.
enabledbooleanRequired. Whether the rule is enforced.
priorityintegerRequired. Priority of the rule. Lower number corresponds to higher precedence.
sessionMatcherstringRequired. CEL expression for matching on session criteria.
tlsInspectionEnabledbooleanOptional. Flag to enable TLS inspection of traffic matching on , can only be true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
updateTimestringOutput only. Time when the rule was updated.

Methods

NameAccessible byRequired ParamsDescription
projects_locations_gateway_security_policies_rules_getSELECTgatewaySecurityPoliciesId, locationsId, projectsId, rulesIdGets details of a single GatewaySecurityPolicyRule.
projects_locations_gateway_security_policies_rules_listSELECTgatewaySecurityPoliciesId, locationsId, projectsIdLists GatewaySecurityPolicyRules in a given project and location.
projects_locations_gateway_security_policies_rules_createINSERTgatewaySecurityPoliciesId, locationsId, projectsIdCreates a new GatewaySecurityPolicy in a given project and location.
projects_locations_gateway_security_policies_rules_deleteDELETEgatewaySecurityPoliciesId, locationsId, projectsId, rulesIdDeletes a single GatewaySecurityPolicyRule.
projects_locations_gateway_security_policies_rules_patchUPDATEgatewaySecurityPoliciesId, locationsId, projectsId, rulesIdUpdates the parameters of a single GatewaySecurityPolicyRule.

SELECT examples

Lists GatewaySecurityPolicyRules in a given project and location.

SELECT
name,
description,
applicationMatcher,
basicProfile,
createTime,
enabled,
priority,
sessionMatcher,
tlsInspectionEnabled,
updateTime
FROM google.networksecurity.rules
WHERE gatewaySecurityPoliciesId = '{{ gatewaySecurityPoliciesId }}'
AND locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}';

INSERT example

Use the following StackQL query and manifest file to create a new rules resource.

/*+ create */
INSERT INTO google.networksecurity.rules (
gatewaySecurityPoliciesId,
locationsId,
projectsId,
basicProfile,
name,
enabled,
priority,
description,
sessionMatcher,
applicationMatcher,
tlsInspectionEnabled
)
SELECT 
'{{ gatewaySecurityPoliciesId }}',
'{{ locationsId }}',
'{{ projectsId }}',
'{{ basicProfile }}',
'{{ name }}',
{{ enabled }},
'{{ priority }}',
'{{ description }}',
'{{ sessionMatcher }}',
'{{ applicationMatcher }}',
{{ tlsInspectionEnabled }}
;

UPDATE example

Updates a rules resource.

/*+ update */
UPDATE google.networksecurity.rules
SET 
basicProfile = '{{ basicProfile }}',
name = '{{ name }}',
enabled = true|false,
priority = '{{ priority }}',
description = '{{ description }}',
sessionMatcher = '{{ sessionMatcher }}',
applicationMatcher = '{{ applicationMatcher }}',
tlsInspectionEnabled = true|false
WHERE 
gatewaySecurityPoliciesId = '{{ gatewaySecurityPoliciesId }}'
AND locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}'
AND rulesId = '{{ rulesId }}';

DELETE example

Deletes the specified rules resource.

/*+ delete */
DELETE FROM google.networksecurity.rules
WHERE gatewaySecurityPoliciesId = '{{ gatewaySecurityPoliciesId }}'
AND locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}'
AND rulesId = '{{ rulesId }}';