class Google::Cloud::AppEngine::V1::Firewall::Client

Client for the Firewall service.

Firewall resources are used to define a collection of access control rules for an Application. Each rule is defined with a position which specifies the rule's order in the sequence of rules, an IP range to be matched against requests, and an action to take upon matching requests.

Every request is evaluated against the Firewall rules in priority order. Processesing stops at the first rule which matches the request's IP address. A final rule always specifies an action that applies to all remaining IP addresses. The default final rule for a newly-created application will be set to “allow” if not otherwise specified by the user.

Attributes

firewall_stub[R]

@private

Public Class Methods

configure() { |configure| ... } click to toggle source

Configure the Firewall Client class.

See {::Google::Cloud::AppEngine::V1::Firewall::Client::Configuration} for a description of the configuration fields.

@example

# Modify the configuration for all Firewall clients
::Google::Cloud::AppEngine::V1::Firewall::Client.configure do |config|
  config.timeout = 10.0
end

@yield [config] Configure the Client client. @yieldparam config [Client::Configuration]

@return [Client::Configuration]

# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 63
def self.configure
  @configure ||= begin
    namespace = ["Google", "Cloud", "AppEngine", "V1"]
    parent_config = while namespace.any?
                      parent_name = namespace.join "::"
                      parent_const = const_get parent_name
                      break parent_const.configure if parent_const.respond_to? :configure
                      namespace.pop
                    end
    default_config = Client::Configuration.new parent_config

    default_config
  end
  yield @configure if block_given?
  @configure
end
new() { |config| ... } click to toggle source

Create a new Firewall client object.

@example

# Create a client using the default configuration
client = ::Google::Cloud::AppEngine::V1::Firewall::Client.new

# Create a client using a custom configuration
client = ::Google::Cloud::AppEngine::V1::Firewall::Client.new do |config|
  config.timeout = 10.0
end

@yield [config] Configure the Firewall client. @yieldparam config [Client::Configuration]

# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 116
def initialize
  # These require statements are intentionally placed here to initialize
  # the gRPC module only when it's required.
  # See https://github.com/googleapis/toolkit/issues/446
  require "gapic/grpc"
  require "google/appengine/v1/appengine_services_pb"

  # Create the configuration object
  @config = Configuration.new Client.configure

  # Yield the configuration if needed
  yield @config if block_given?

  # Create credentials
  credentials = @config.credentials
  # Use self-signed JWT if the endpoint is unchanged from default,
  # but only if the default endpoint does not have a region prefix.
  enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
                           !@config.endpoint.split(".").first.include?("-")
  credentials ||= Credentials.default scope: @config.scope,
                                      enable_self_signed_jwt: enable_self_signed_jwt
  if credentials.is_a?(::String) || credentials.is_a?(::Hash)
    credentials = Credentials.new credentials, scope: @config.scope
  end
  @quota_project_id = @config.quota_project
  @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id

  @firewall_stub = ::Gapic::ServiceStub.new(
    ::Google::Cloud::AppEngine::V1::Firewall::Stub,
    credentials:  credentials,
    endpoint:     @config.endpoint,
    channel_args: @config.channel_args,
    interceptors: @config.interceptors
  )
end

Public Instance Methods

batch_update_ingress_rules(request, options = nil) { |response, operation| ... } click to toggle source

Replaces the entire firewall ruleset in one bulk operation. This overrides and replaces the rules of an existing firewall with the new rules.

If the final rule does not match traffic with the '*' wildcard IP range, then an “allow all” rule is explicitly added to the end of the list.

@overload batch_update_ingress_rules(request, options = nil)

Pass arguments to `batch_update_ingress_rules` via a request object, either of type
{::Google::Cloud::AppEngine::V1::BatchUpdateIngressRulesRequest} or an equivalent Hash.

@param request [::Google::Cloud::AppEngine::V1::BatchUpdateIngressRulesRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload batch_update_ingress_rules(name: nil, ingress_rules: nil)

Pass arguments to `batch_update_ingress_rules` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Name of the Firewall collection to set.
  Example: `apps/myapp/firewall/ingressRules`.
@param ingress_rules [::Array<::Google::Cloud::AppEngine::V1::FirewallRule, ::Hash>]
  A list of FirewallRules to replace the existing set.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::AppEngine::V1::BatchUpdateIngressRulesResponse] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::AppEngine::V1::BatchUpdateIngressRulesResponse]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 268
def batch_update_ingress_rules request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::BatchUpdateIngressRulesRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.batch_update_ingress_rules.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::AppEngine::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.batch_update_ingress_rules.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.batch_update_ingress_rules.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @firewall_stub.call_rpc :batch_update_ingress_rules, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
configure() { |config| ... } click to toggle source

Configure the Firewall Client instance.

The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on {Client.configure}.

See {::Google::Cloud::AppEngine::V1::Firewall::Client::Configuration} for a description of the configuration fields.

@yield [config] Configure the Client client. @yieldparam config [Client::Configuration]

@return [Client::Configuration]

# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 95
def configure
  yield @config if block_given?
  @config
end
create_ingress_rule(request, options = nil) { |response, operation| ... } click to toggle source

Creates a firewall rule for the application.

@overload create_ingress_rule(request, options = nil)

Pass arguments to `create_ingress_rule` via a request object, either of type
{::Google::Cloud::AppEngine::V1::CreateIngressRuleRequest} or an equivalent Hash.

@param request [::Google::Cloud::AppEngine::V1::CreateIngressRuleRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload create_ingress_rule(parent: nil, rule: nil)

Pass arguments to `create_ingress_rule` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Name of the parent Firewall collection in which to create a new rule.
  Example: `apps/myapp/firewall/ingressRules`.
@param rule [::Google::Cloud::AppEngine::V1::FirewallRule, ::Hash]
  A FirewallRule containing the new resource.

  The user may optionally provide a position at which the new rule will be
  placed. The positions define a sequential list starting at 1. If a rule
  already exists at the given position, rules greater than the provided
  position will be moved forward by one.

  If no position is provided, the server will place the rule as the second to
  last rule in the sequence before the required default allow-all or deny-all
  rule.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::AppEngine::V1::FirewallRule] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::AppEngine::V1::FirewallRule]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 348
def create_ingress_rule request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::CreateIngressRuleRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.create_ingress_rule.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::AppEngine::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.create_ingress_rule.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.create_ingress_rule.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @firewall_stub.call_rpc :create_ingress_rule, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
delete_ingress_rule(request, options = nil) { |response, operation| ... } click to toggle source

Deletes the specified firewall rule.

@overload delete_ingress_rule(request, options = nil)

Pass arguments to `delete_ingress_rule` via a request object, either of type
{::Google::Cloud::AppEngine::V1::DeleteIngressRuleRequest} or an equivalent Hash.

@param request [::Google::Cloud::AppEngine::V1::DeleteIngressRuleRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload delete_ingress_rule(name: nil)

Pass arguments to `delete_ingress_rule` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Name of the Firewall resource to delete.
  Example: `apps/myapp/firewall/ingressRules/100`.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Protobuf::Empty] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Protobuf::Empty]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 559
def delete_ingress_rule request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::DeleteIngressRuleRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.delete_ingress_rule.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::AppEngine::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.delete_ingress_rule.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.delete_ingress_rule.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @firewall_stub.call_rpc :delete_ingress_rule, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
get_ingress_rule(request, options = nil) { |response, operation| ... } click to toggle source

Gets the specified firewall rule.

@overload get_ingress_rule(request, options = nil)

Pass arguments to `get_ingress_rule` via a request object, either of type
{::Google::Cloud::AppEngine::V1::GetIngressRuleRequest} or an equivalent Hash.

@param request [::Google::Cloud::AppEngine::V1::GetIngressRuleRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload get_ingress_rule(name: nil)

Pass arguments to `get_ingress_rule` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Name of the Firewall resource to retrieve.
  Example: `apps/myapp/firewall/ingressRules/100`.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::AppEngine::V1::FirewallRule] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::AppEngine::V1::FirewallRule]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 417
def get_ingress_rule request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::GetIngressRuleRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_ingress_rule.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::AppEngine::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_ingress_rule.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_ingress_rule.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @firewall_stub.call_rpc :get_ingress_rule, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
list_ingress_rules(request, options = nil) { |response, operation| ... } click to toggle source

Lists the firewall rules of an application.

@overload list_ingress_rules(request, options = nil)

Pass arguments to `list_ingress_rules` via a request object, either of type
{::Google::Cloud::AppEngine::V1::ListIngressRulesRequest} or an equivalent Hash.

@param request [::Google::Cloud::AppEngine::V1::ListIngressRulesRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload list_ingress_rules(parent: nil, page_size: nil, page_token: nil, matching_address: nil)

Pass arguments to `list_ingress_rules` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Name of the Firewall collection to retrieve.
  Example: `apps/myapp/firewall/ingressRules`.
@param page_size [::Integer]
  Maximum results to return per page.
@param page_token [::String]
  Continuation token for fetching the next page of results.
@param matching_address [::String]
  A valid IP Address. If set, only rules matching this address will be
  returned. The first returned rule will be the rule that fires on requests
  from this IP.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::AppEngine::V1::FirewallRule>] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Gapic::PagedEnumerable<::Google::Cloud::AppEngine::V1::FirewallRule>]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 192
def list_ingress_rules request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::ListIngressRulesRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.list_ingress_rules.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::AppEngine::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.list_ingress_rules.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.list_ingress_rules.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @firewall_stub.call_rpc :list_ingress_rules, request, options: options do |response, operation|
    response = ::Gapic::PagedEnumerable.new @firewall_stub, :list_ingress_rules, request, response, operation, options
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
update_ingress_rule(request, options = nil) { |response, operation| ... } click to toggle source

Updates the specified firewall rule.

@overload update_ingress_rule(request, options = nil)

Pass arguments to `update_ingress_rule` via a request object, either of type
{::Google::Cloud::AppEngine::V1::UpdateIngressRuleRequest} or an equivalent Hash.

@param request [::Google::Cloud::AppEngine::V1::UpdateIngressRuleRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload update_ingress_rule(name: nil, rule: nil, update_mask: nil)

Pass arguments to `update_ingress_rule` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Name of the Firewall resource to update.
  Example: `apps/myapp/firewall/ingressRules/100`.
@param rule [::Google::Cloud::AppEngine::V1::FirewallRule, ::Hash]
  A FirewallRule containing the updated resource
@param update_mask [::Google::Protobuf::FieldMask, ::Hash]
  Standard field mask for the set of fields to be updated.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::AppEngine::V1::FirewallRule] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::AppEngine::V1::FirewallRule]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 490
def update_ingress_rule request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::UpdateIngressRuleRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.update_ingress_rule.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::AppEngine::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.update_ingress_rule.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.update_ingress_rule.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @firewall_stub.call_rpc :update_ingress_rule, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end