Class: Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Source

Inherits:

Object

Object
Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Source

show all

Extended by:: Protobuf::MessageExts::ClassMethods

Includes:: Protobuf::MessageExts

Defined in:: proto_docs/google/cloud/networksecurity/v1beta1/authorization_policy.rb

Overview

Specification of traffic source attributes.

Instance Attribute Summary collapse

#ip_blocks ⇒ ::Array<::String>
Optional.
#principals ⇒ ::Array<::String>
Optional.

Instance Attribute Details

#ip_blocks ⇒ `::Array<::String>`

Returns Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.

Returns:

(::Array<::String>) —
Optional. List of CIDR ranges to match based on source IP address. At least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone should be avoided. The IP addresses of any load balancers or proxies should be considered untrusted.

# File 'proto_docs/google/cloud/networksecurity/v1beta1/authorization_policy.rb', line 94

class Source
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#principals ⇒ `::Array<::String>`

Returns Optional. List of peer identities to match for authorization. At least one principal should match. Each peer can be an exact match, or a prefix match (example, "namespace/") or a suffix match (example, "/service-account") or a presence match "*". Authorization based on the principal name without certificate validation (configured by ServerTlsPolicy resource) is considered insecure.