473 lines
13 KiB
PHP
473 lines
13 KiB
PHP
<?php
|
|
/*
|
|
* Copyright 2014 Google Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
|
* use this file except in compliance with the License. You may obtain a copy of
|
|
* the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
* License for the specific language governing permissions and limitations under
|
|
* the License.
|
|
*/
|
|
|
|
namespace Google\Service\Compute;
|
|
|
|
class FirewallPolicyRule extends \Google\Collection
|
|
{
|
|
public const DIRECTION_EGRESS = 'EGRESS';
|
|
public const DIRECTION_INGRESS = 'INGRESS';
|
|
public const TARGET_TYPE_INSTANCES = 'INSTANCES';
|
|
public const TARGET_TYPE_INTERNAL_MANAGED_LB = 'INTERNAL_MANAGED_LB';
|
|
protected $collection_key = 'targetServiceAccounts';
|
|
/**
|
|
* The Action to perform when the client connection triggers the rule. Valid
|
|
* actions for firewall rules are: "allow", "deny",
|
|
* "apply_security_profile_group" and "goto_next". Valid actions for packet
|
|
* mirroring rules are: "mirror", "do_not_mirror" and "goto_next".
|
|
*
|
|
* @var string
|
|
*/
|
|
public $action;
|
|
/**
|
|
* An optional description for this resource.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $description;
|
|
/**
|
|
* The direction in which this rule applies.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $direction;
|
|
/**
|
|
* Denotes whether the firewall policy rule is disabled. When set to true, the
|
|
* firewall policy rule is not enforced and traffic behaves as if it did not
|
|
* exist. If this is unspecified, the firewall policy rule will be enabled.
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $disabled;
|
|
/**
|
|
* Denotes whether to enable logging for a particular rule. If logging is
|
|
* enabled, logs will be exported to the configured export destination in
|
|
* Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot
|
|
* enable logging on "goto_next" rules.
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $enableLogging;
|
|
/**
|
|
* Output only. [Output only] Type of the resource.
|
|
* Returnscompute#firewallPolicyRule for firewall rules
|
|
* andcompute#packetMirroringRule for packet mirroring rules.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $kind;
|
|
protected $matchType = FirewallPolicyRuleMatcher::class;
|
|
protected $matchDataType = '';
|
|
/**
|
|
* An integer indicating the priority of a rule in the list. The priority must
|
|
* be a positive value between 0 and 2147483647. Rules are evaluated from
|
|
* highest to lowest priority where 0 is the highest priority and 2147483647
|
|
* is the lowest priority.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $priority;
|
|
/**
|
|
* An optional name for the rule. This field is not a unique identifier and
|
|
* can be updated.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $ruleName;
|
|
/**
|
|
* Output only. [Output Only] Calculation of the complexity of a single
|
|
* firewall policy rule.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $ruleTupleCount;
|
|
/**
|
|
* A fully-qualified URL of a SecurityProfile resource instance. Example: http
|
|
* s://networksecurity.googleapis.com/v1/projects/{project}/locations/{locatio
|
|
* n}/securityProfileGroups/my-security-profile-group Must be specified if
|
|
* action is one of 'apply_security_profile_group' or 'mirror'. Cannot be
|
|
* specified for other actions.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $securityProfileGroup;
|
|
/**
|
|
* A list of forwarding rules to which this rule applies. This field allows
|
|
* you to control which load balancers get this rule. For example, the
|
|
* following are valid values: - https://www.googleapis.com/compu
|
|
* te/v1/projects/project/global/forwardingRules/forwardingRule - https:/
|
|
* /www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRu
|
|
* les/forwardingRule - projects/project/global/
|
|
* forwardingRules/forwardingRule -
|
|
* projects/project/regions/region/forwardingRules/ forwardingRule
|
|
*
|
|
* @var string[]
|
|
*/
|
|
public $targetForwardingRules;
|
|
/**
|
|
* A list of network resource URLs to which this rule applies. This field
|
|
* allows you to control which network's VMs get this rule. If this field is
|
|
* left blank, all VMs within the organization will receive the rule.
|
|
*
|
|
* @var string[]
|
|
*/
|
|
public $targetResources;
|
|
protected $targetSecureTagsType = FirewallPolicyRuleSecureTag::class;
|
|
protected $targetSecureTagsDataType = 'array';
|
|
/**
|
|
* A list of service accounts indicating the sets of instances that are
|
|
* applied with this rule.
|
|
*
|
|
* @var string[]
|
|
*/
|
|
public $targetServiceAccounts;
|
|
/**
|
|
* Target types of the firewall policy rule. Default value is INSTANCES.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $targetType;
|
|
/**
|
|
* Boolean flag indicating if the traffic should be TLS decrypted. Can be set
|
|
* only if action = 'apply_security_profile_group' and cannot be set for other
|
|
* actions.
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $tlsInspect;
|
|
|
|
/**
|
|
* The Action to perform when the client connection triggers the rule. Valid
|
|
* actions for firewall rules are: "allow", "deny",
|
|
* "apply_security_profile_group" and "goto_next". Valid actions for packet
|
|
* mirroring rules are: "mirror", "do_not_mirror" and "goto_next".
|
|
*
|
|
* @param string $action
|
|
*/
|
|
public function setAction($action)
|
|
{
|
|
$this->action = $action;
|
|
}
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getAction()
|
|
{
|
|
return $this->action;
|
|
}
|
|
/**
|
|
* An optional description for this resource.
|
|
*
|
|
* @param string $description
|
|
*/
|
|
public function setDescription($description)
|
|
{
|
|
$this->description = $description;
|
|
}
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getDescription()
|
|
{
|
|
return $this->description;
|
|
}
|
|
/**
|
|
* The direction in which this rule applies.
|
|
*
|
|
* Accepted values: EGRESS, INGRESS
|
|
*
|
|
* @param self::DIRECTION_* $direction
|
|
*/
|
|
public function setDirection($direction)
|
|
{
|
|
$this->direction = $direction;
|
|
}
|
|
/**
|
|
* @return self::DIRECTION_*
|
|
*/
|
|
public function getDirection()
|
|
{
|
|
return $this->direction;
|
|
}
|
|
/**
|
|
* Denotes whether the firewall policy rule is disabled. When set to true, the
|
|
* firewall policy rule is not enforced and traffic behaves as if it did not
|
|
* exist. If this is unspecified, the firewall policy rule will be enabled.
|
|
*
|
|
* @param bool $disabled
|
|
*/
|
|
public function setDisabled($disabled)
|
|
{
|
|
$this->disabled = $disabled;
|
|
}
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function getDisabled()
|
|
{
|
|
return $this->disabled;
|
|
}
|
|
/**
|
|
* Denotes whether to enable logging for a particular rule. If logging is
|
|
* enabled, logs will be exported to the configured export destination in
|
|
* Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot
|
|
* enable logging on "goto_next" rules.
|
|
*
|
|
* @param bool $enableLogging
|
|
*/
|
|
public function setEnableLogging($enableLogging)
|
|
{
|
|
$this->enableLogging = $enableLogging;
|
|
}
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function getEnableLogging()
|
|
{
|
|
return $this->enableLogging;
|
|
}
|
|
/**
|
|
* Output only. [Output only] Type of the resource.
|
|
* Returnscompute#firewallPolicyRule for firewall rules
|
|
* andcompute#packetMirroringRule for packet mirroring rules.
|
|
*
|
|
* @param string $kind
|
|
*/
|
|
public function setKind($kind)
|
|
{
|
|
$this->kind = $kind;
|
|
}
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getKind()
|
|
{
|
|
return $this->kind;
|
|
}
|
|
/**
|
|
* A match condition that incoming traffic is evaluated against. If it
|
|
* evaluates to true, the corresponding 'action' is enforced.
|
|
*
|
|
* @param FirewallPolicyRuleMatcher $match
|
|
*/
|
|
public function setMatch(FirewallPolicyRuleMatcher $match)
|
|
{
|
|
$this->match = $match;
|
|
}
|
|
/**
|
|
* @return FirewallPolicyRuleMatcher
|
|
*/
|
|
public function getMatch()
|
|
{
|
|
return $this->match;
|
|
}
|
|
/**
|
|
* An integer indicating the priority of a rule in the list. The priority must
|
|
* be a positive value between 0 and 2147483647. Rules are evaluated from
|
|
* highest to lowest priority where 0 is the highest priority and 2147483647
|
|
* is the lowest priority.
|
|
*
|
|
* @param int $priority
|
|
*/
|
|
public function setPriority($priority)
|
|
{
|
|
$this->priority = $priority;
|
|
}
|
|
/**
|
|
* @return int
|
|
*/
|
|
public function getPriority()
|
|
{
|
|
return $this->priority;
|
|
}
|
|
/**
|
|
* An optional name for the rule. This field is not a unique identifier and
|
|
* can be updated.
|
|
*
|
|
* @param string $ruleName
|
|
*/
|
|
public function setRuleName($ruleName)
|
|
{
|
|
$this->ruleName = $ruleName;
|
|
}
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getRuleName()
|
|
{
|
|
return $this->ruleName;
|
|
}
|
|
/**
|
|
* Output only. [Output Only] Calculation of the complexity of a single
|
|
* firewall policy rule.
|
|
*
|
|
* @param int $ruleTupleCount
|
|
*/
|
|
public function setRuleTupleCount($ruleTupleCount)
|
|
{
|
|
$this->ruleTupleCount = $ruleTupleCount;
|
|
}
|
|
/**
|
|
* @return int
|
|
*/
|
|
public function getRuleTupleCount()
|
|
{
|
|
return $this->ruleTupleCount;
|
|
}
|
|
/**
|
|
* A fully-qualified URL of a SecurityProfile resource instance. Example: http
|
|
* s://networksecurity.googleapis.com/v1/projects/{project}/locations/{locatio
|
|
* n}/securityProfileGroups/my-security-profile-group Must be specified if
|
|
* action is one of 'apply_security_profile_group' or 'mirror'. Cannot be
|
|
* specified for other actions.
|
|
*
|
|
* @param string $securityProfileGroup
|
|
*/
|
|
public function setSecurityProfileGroup($securityProfileGroup)
|
|
{
|
|
$this->securityProfileGroup = $securityProfileGroup;
|
|
}
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getSecurityProfileGroup()
|
|
{
|
|
return $this->securityProfileGroup;
|
|
}
|
|
/**
|
|
* A list of forwarding rules to which this rule applies. This field allows
|
|
* you to control which load balancers get this rule. For example, the
|
|
* following are valid values: - https://www.googleapis.com/compu
|
|
* te/v1/projects/project/global/forwardingRules/forwardingRule - https:/
|
|
* /www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRu
|
|
* les/forwardingRule - projects/project/global/
|
|
* forwardingRules/forwardingRule -
|
|
* projects/project/regions/region/forwardingRules/ forwardingRule
|
|
*
|
|
* @param string[] $targetForwardingRules
|
|
*/
|
|
public function setTargetForwardingRules($targetForwardingRules)
|
|
{
|
|
$this->targetForwardingRules = $targetForwardingRules;
|
|
}
|
|
/**
|
|
* @return string[]
|
|
*/
|
|
public function getTargetForwardingRules()
|
|
{
|
|
return $this->targetForwardingRules;
|
|
}
|
|
/**
|
|
* A list of network resource URLs to which this rule applies. This field
|
|
* allows you to control which network's VMs get this rule. If this field is
|
|
* left blank, all VMs within the organization will receive the rule.
|
|
*
|
|
* @param string[] $targetResources
|
|
*/
|
|
public function setTargetResources($targetResources)
|
|
{
|
|
$this->targetResources = $targetResources;
|
|
}
|
|
/**
|
|
* @return string[]
|
|
*/
|
|
public function getTargetResources()
|
|
{
|
|
return $this->targetResources;
|
|
}
|
|
/**
|
|
* A list of secure tags that controls which instances the firewall rule
|
|
* applies to. If targetSecureTag are specified, then the firewall rule
|
|
* applies only to instances in the VPC network that have one of those
|
|
* EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE
|
|
* state, then this rule will be ignored.targetSecureTag may not be set at the
|
|
* same time astargetServiceAccounts. If neither targetServiceAccounts
|
|
* nortargetSecureTag are specified, the firewall rule applies to all
|
|
* instances on the specified network. Maximum number of target label tags
|
|
* allowed is 256.
|
|
*
|
|
* @param FirewallPolicyRuleSecureTag[] $targetSecureTags
|
|
*/
|
|
public function setTargetSecureTags($targetSecureTags)
|
|
{
|
|
$this->targetSecureTags = $targetSecureTags;
|
|
}
|
|
/**
|
|
* @return FirewallPolicyRuleSecureTag[]
|
|
*/
|
|
public function getTargetSecureTags()
|
|
{
|
|
return $this->targetSecureTags;
|
|
}
|
|
/**
|
|
* A list of service accounts indicating the sets of instances that are
|
|
* applied with this rule.
|
|
*
|
|
* @param string[] $targetServiceAccounts
|
|
*/
|
|
public function setTargetServiceAccounts($targetServiceAccounts)
|
|
{
|
|
$this->targetServiceAccounts = $targetServiceAccounts;
|
|
}
|
|
/**
|
|
* @return string[]
|
|
*/
|
|
public function getTargetServiceAccounts()
|
|
{
|
|
return $this->targetServiceAccounts;
|
|
}
|
|
/**
|
|
* Target types of the firewall policy rule. Default value is INSTANCES.
|
|
*
|
|
* Accepted values: INSTANCES, INTERNAL_MANAGED_LB
|
|
*
|
|
* @param self::TARGET_TYPE_* $targetType
|
|
*/
|
|
public function setTargetType($targetType)
|
|
{
|
|
$this->targetType = $targetType;
|
|
}
|
|
/**
|
|
* @return self::TARGET_TYPE_*
|
|
*/
|
|
public function getTargetType()
|
|
{
|
|
return $this->targetType;
|
|
}
|
|
/**
|
|
* Boolean flag indicating if the traffic should be TLS decrypted. Can be set
|
|
* only if action = 'apply_security_profile_group' and cannot be set for other
|
|
* actions.
|
|
*
|
|
* @param bool $tlsInspect
|
|
*/
|
|
public function setTlsInspect($tlsInspect)
|
|
{
|
|
$this->tlsInspect = $tlsInspect;
|
|
}
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function getTlsInspect()
|
|
{
|
|
return $this->tlsInspect;
|
|
}
|
|
}
|
|
|
|
// Adding a class alias for backwards compatibility with the previous class name.
|
|
class_alias(FirewallPolicyRule::class, 'Google_Service_Compute_FirewallPolicyRule');
|