Skip to main content

external_access_rules

Creates, updates, deletes, gets or lists a external_access_rules resource.

Overview

Nameexternal_access_rules
TypeResource
Idgoogle.vmwareengine.external_access_rules

Fields

NameDatatypeDescription
namestringOutput only. The resource name of this external access rule. Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. For example: projects/my-project/locations/us-central1/networkPolicies/my-policy/externalAccessRules/my-rule
descriptionstringUser-provided description for this external access rule.
actionstringThe action that the external access rule performs.
createTimestringOutput only. Creation time of this resource.
destinationIpRangesarrayIf destination ranges are specified, the external access rule applies only to the traffic that has a destination IP address in these ranges. The specified IP addresses must have reserved external IP addresses in the scope of the parent network policy. To match all external IP addresses in the scope of the parent network policy, specify 0.0.0.0/0. To match a specific external IP address, specify it using the IpRange.external_address property.
destinationPortsarrayA list of destination ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: ["22"], ["80","443"], or ["12345-12349"]. To match all destination ports, specify ["0-65535"].
ipProtocolstringThe IP protocol to which the external access rule applies. This value can be one of the following three protocol strings (not case-sensitive): tcp, udp, or icmp.
priorityintegerExternal access rule priority, which determines the external access rule to use when multiple rules apply. If multiple rules have the same priority, their ordering is non-deterministic. If specific ordering is required, assign unique priorities to enforce such ordering. The external access rule priority is an integer from 100 to 4096, both inclusive. Lower integers indicate higher precedence. For example, a rule with priority 100 has higher precedence than a rule with priority 101.
sourceIpRangesarrayIf source ranges are specified, the external access rule applies only to traffic that has a source IP address in these ranges. These ranges can either be expressed in the CIDR format or as an IP address. As only inbound rules are supported, ExternalAddress resources cannot be the source IP addresses of an external access rule. To match all source addresses, specify 0.0.0.0/0.
sourcePortsarrayA list of source ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: ["22"], ["80","443"], or ["12345-12349"]. To match all source ports, specify ["0-65535"].
statestringOutput only. The state of the resource.
uidstringOutput only. System-generated unique identifier for the resource.
updateTimestringOutput only. Last update time of this resource.

Methods

NameAccessible byRequired ParamsDescription
getSELECTexternalAccessRulesId, locationsId, networkPoliciesId, projectsIdGets details of a single external access rule.
listSELECTlocationsId, networkPoliciesId, projectsIdLists ExternalAccessRule resources in the specified network policy.
createINSERTlocationsId, networkPoliciesId, projectsIdCreates a new external access rule in a given network policy.
deleteDELETEexternalAccessRulesId, locationsId, networkPoliciesId, projectsIdDeletes a single external access rule.
patchUPDATEexternalAccessRulesId, locationsId, networkPoliciesId, projectsIdUpdates the parameters of a single external access rule. Only fields specified in update_mask are applied.

SELECT examples

Lists ExternalAccessRule resources in the specified network policy.

SELECT
name,
description,
action,
createTime,
destinationIpRanges,
destinationPorts,
ipProtocol,
priority,
sourceIpRanges,
sourcePorts,
state,
uid,
updateTime
FROM google.vmwareengine.external_access_rules
WHERE locationsId = '{{ locationsId }}'
AND networkPoliciesId = '{{ networkPoliciesId }}'
AND projectsId = '{{ projectsId }}';

INSERT example

Use the following StackQL query and manifest file to create a new external_access_rules resource.

/*+ create */
INSERT INTO google.vmwareengine.external_access_rules (
locationsId,
networkPoliciesId,
projectsId,
description,
priority,
action,
ipProtocol,
sourceIpRanges,
sourcePorts,
destinationIpRanges,
destinationPorts
)
SELECT 
'{{ locationsId }}',
'{{ networkPoliciesId }}',
'{{ projectsId }}',
'{{ description }}',
'{{ priority }}',
'{{ action }}',
'{{ ipProtocol }}',
'{{ sourceIpRanges }}',
'{{ sourcePorts }}',
'{{ destinationIpRanges }}',
'{{ destinationPorts }}'
;

UPDATE example

Updates a external_access_rules resource.

/*+ update */
UPDATE google.vmwareengine.external_access_rules
SET 
description = '{{ description }}',
priority = '{{ priority }}',
action = '{{ action }}',
ipProtocol = '{{ ipProtocol }}',
sourceIpRanges = '{{ sourceIpRanges }}',
sourcePorts = '{{ sourcePorts }}',
destinationIpRanges = '{{ destinationIpRanges }}',
destinationPorts = '{{ destinationPorts }}'
WHERE 
externalAccessRulesId = '{{ externalAccessRulesId }}'
AND locationsId = '{{ locationsId }}'
AND networkPoliciesId = '{{ networkPoliciesId }}'
AND projectsId = '{{ projectsId }}';

DELETE example

Deletes the specified external_access_rules resource.

/*+ delete */
DELETE FROM google.vmwareengine.external_access_rules
WHERE externalAccessRulesId = '{{ externalAccessRulesId }}'
AND locationsId = '{{ locationsId }}'
AND networkPoliciesId = '{{ networkPoliciesId }}'
AND projectsId = '{{ projectsId }}';