class Google::Cloud::AppEngine::V1::Firewall::Client
Client
for the Firewall
service.
Firewall
resources are used to define a collection of access control rules for an Application
. Each rule is defined with a position which specifies the rule's order in the sequence of rules, an IP range to be matched against requests, and an action to take upon matching requests.
Every request is evaluated against the Firewall
rules in priority order. Processesing stops at the first rule which matches the request's IP address. A final rule always specifies an action that applies to all remaining IP addresses. The default final rule for a newly-created application will be set to “allow” if not otherwise specified by the user.
Attributes
@private
Public Class Methods
Configure the Firewall
Client
class.
See {::Google::Cloud::AppEngine::V1::Firewall::Client::Configuration} for a description of the configuration fields.
@example
# Modify the configuration for all Firewall clients ::Google::Cloud::AppEngine::V1::Firewall::Client.configure do |config| config.timeout = 10.0 end
@yield [config] Configure the Client
client. @yieldparam config [Client::Configuration]
@return [Client::Configuration]
# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 63 def self.configure @configure ||= begin namespace = ["Google", "Cloud", "AppEngine", "V1"] parent_config = while namespace.any? parent_name = namespace.join "::" parent_const = const_get parent_name break parent_const.configure if parent_const.respond_to? :configure namespace.pop end default_config = Client::Configuration.new parent_config default_config end yield @configure if block_given? @configure end
Create a new Firewall
client object.
@example
# Create a client using the default configuration client = ::Google::Cloud::AppEngine::V1::Firewall::Client.new # Create a client using a custom configuration client = ::Google::Cloud::AppEngine::V1::Firewall::Client.new do |config| config.timeout = 10.0 end
@yield [config] Configure the Firewall
client. @yieldparam config [Client::Configuration]
# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 116 def initialize # These require statements are intentionally placed here to initialize # the gRPC module only when it's required. # See https://github.com/googleapis/toolkit/issues/446 require "gapic/grpc" require "google/appengine/v1/appengine_services_pb" # Create the configuration object @config = Configuration.new Client.configure # Yield the configuration if needed yield @config if block_given? # Create credentials credentials = @config.credentials # Use self-signed JWT if the endpoint is unchanged from default, # but only if the default endpoint does not have a region prefix. enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint && !@config.endpoint.split(".").first.include?("-") credentials ||= Credentials.default scope: @config.scope, enable_self_signed_jwt: enable_self_signed_jwt if credentials.is_a?(::String) || credentials.is_a?(::Hash) credentials = Credentials.new credentials, scope: @config.scope end @quota_project_id = @config.quota_project @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id @firewall_stub = ::Gapic::ServiceStub.new( ::Google::Cloud::AppEngine::V1::Firewall::Stub, credentials: credentials, endpoint: @config.endpoint, channel_args: @config.channel_args, interceptors: @config.interceptors ) end
Public Instance Methods
Replaces the entire firewall ruleset in one bulk operation. This overrides and replaces the rules of an existing firewall with the new rules.
If the final rule does not match traffic with the '*' wildcard IP range, then an “allow all” rule is explicitly added to the end of the list.
@overload batch_update_ingress_rules
(request, options = nil)
Pass arguments to `batch_update_ingress_rules` via a request object, either of type {::Google::Cloud::AppEngine::V1::BatchUpdateIngressRulesRequest} or an equivalent Hash. @param request [::Google::Cloud::AppEngine::V1::BatchUpdateIngressRulesRequest, ::Hash] A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash. @param options [::Gapic::CallOptions, ::Hash] Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
@overload batch_update_ingress_rules
(name: nil, ingress_rules: nil)
Pass arguments to `batch_update_ingress_rules` via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above). @param name [::String] Name of the Firewall collection to set. Example: `apps/myapp/firewall/ingressRules`. @param ingress_rules [::Array<::Google::Cloud::AppEngine::V1::FirewallRule, ::Hash>] A list of FirewallRules to replace the existing set.
@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::AppEngine::V1::BatchUpdateIngressRulesResponse] @yieldparam operation [::GRPC::ActiveCall::Operation]
@return [::Google::Cloud::AppEngine::V1::BatchUpdateIngressRulesResponse]
@raise [::Google::Cloud::Error] if the RPC is aborted.
# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 268 def batch_update_ingress_rules request, options = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::BatchUpdateIngressRulesRequest # Converts hash and nil to an options object options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h # Customize the options with defaults metadata = @config.rpcs.batch_update_ingress_rules.metadata.to_h # Set x-goog-api-client and x-goog-user-project headers metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::AppEngine::V1::VERSION metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = { "name" => request.name } request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") metadata[:"x-goog-request-params"] ||= request_params_header options.apply_defaults timeout: @config.rpcs.batch_update_ingress_rules.timeout, metadata: metadata, retry_policy: @config.rpcs.batch_update_ingress_rules.retry_policy options.apply_defaults timeout: @config.timeout, metadata: @config.metadata, retry_policy: @config.retry_policy @firewall_stub.call_rpc :batch_update_ingress_rules, request, options: options do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end
Configure the Firewall
Client
instance.
The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on {Client.configure}.
See {::Google::Cloud::AppEngine::V1::Firewall::Client::Configuration} for a description of the configuration fields.
@yield [config] Configure the Client
client. @yieldparam config [Client::Configuration]
@return [Client::Configuration]
# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 95 def configure yield @config if block_given? @config end
Creates a firewall rule for the application.
@overload create_ingress_rule
(request, options = nil)
Pass arguments to `create_ingress_rule` via a request object, either of type {::Google::Cloud::AppEngine::V1::CreateIngressRuleRequest} or an equivalent Hash. @param request [::Google::Cloud::AppEngine::V1::CreateIngressRuleRequest, ::Hash] A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash. @param options [::Gapic::CallOptions, ::Hash] Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
@overload create_ingress_rule
(parent: nil, rule: nil)
Pass arguments to `create_ingress_rule` via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above). @param parent [::String] Name of the parent Firewall collection in which to create a new rule. Example: `apps/myapp/firewall/ingressRules`. @param rule [::Google::Cloud::AppEngine::V1::FirewallRule, ::Hash] A FirewallRule containing the new resource. The user may optionally provide a position at which the new rule will be placed. The positions define a sequential list starting at 1. If a rule already exists at the given position, rules greater than the provided position will be moved forward by one. If no position is provided, the server will place the rule as the second to last rule in the sequence before the required default allow-all or deny-all rule.
@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::AppEngine::V1::FirewallRule] @yieldparam operation [::GRPC::ActiveCall::Operation]
@return [::Google::Cloud::AppEngine::V1::FirewallRule]
@raise [::Google::Cloud::Error] if the RPC is aborted.
# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 348 def create_ingress_rule request, options = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::CreateIngressRuleRequest # Converts hash and nil to an options object options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h # Customize the options with defaults metadata = @config.rpcs.create_ingress_rule.metadata.to_h # Set x-goog-api-client and x-goog-user-project headers metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::AppEngine::V1::VERSION metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = { "parent" => request.parent } request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") metadata[:"x-goog-request-params"] ||= request_params_header options.apply_defaults timeout: @config.rpcs.create_ingress_rule.timeout, metadata: metadata, retry_policy: @config.rpcs.create_ingress_rule.retry_policy options.apply_defaults timeout: @config.timeout, metadata: @config.metadata, retry_policy: @config.retry_policy @firewall_stub.call_rpc :create_ingress_rule, request, options: options do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end
Deletes the specified firewall rule.
@overload delete_ingress_rule
(request, options = nil)
Pass arguments to `delete_ingress_rule` via a request object, either of type {::Google::Cloud::AppEngine::V1::DeleteIngressRuleRequest} or an equivalent Hash. @param request [::Google::Cloud::AppEngine::V1::DeleteIngressRuleRequest, ::Hash] A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash. @param options [::Gapic::CallOptions, ::Hash] Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
@overload delete_ingress_rule
(name: nil)
Pass arguments to `delete_ingress_rule` via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above). @param name [::String] Name of the Firewall resource to delete. Example: `apps/myapp/firewall/ingressRules/100`.
@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Protobuf::Empty] @yieldparam operation [::GRPC::ActiveCall::Operation]
@return [::Google::Protobuf::Empty]
@raise [::Google::Cloud::Error] if the RPC is aborted.
# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 559 def delete_ingress_rule request, options = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::DeleteIngressRuleRequest # Converts hash and nil to an options object options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h # Customize the options with defaults metadata = @config.rpcs.delete_ingress_rule.metadata.to_h # Set x-goog-api-client and x-goog-user-project headers metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::AppEngine::V1::VERSION metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = { "name" => request.name } request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") metadata[:"x-goog-request-params"] ||= request_params_header options.apply_defaults timeout: @config.rpcs.delete_ingress_rule.timeout, metadata: metadata, retry_policy: @config.rpcs.delete_ingress_rule.retry_policy options.apply_defaults timeout: @config.timeout, metadata: @config.metadata, retry_policy: @config.retry_policy @firewall_stub.call_rpc :delete_ingress_rule, request, options: options do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end
Gets the specified firewall rule.
@overload get_ingress_rule
(request, options = nil)
Pass arguments to `get_ingress_rule` via a request object, either of type {::Google::Cloud::AppEngine::V1::GetIngressRuleRequest} or an equivalent Hash. @param request [::Google::Cloud::AppEngine::V1::GetIngressRuleRequest, ::Hash] A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash. @param options [::Gapic::CallOptions, ::Hash] Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
@overload get_ingress_rule
(name: nil)
Pass arguments to `get_ingress_rule` via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above). @param name [::String] Name of the Firewall resource to retrieve. Example: `apps/myapp/firewall/ingressRules/100`.
@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::AppEngine::V1::FirewallRule] @yieldparam operation [::GRPC::ActiveCall::Operation]
@return [::Google::Cloud::AppEngine::V1::FirewallRule]
@raise [::Google::Cloud::Error] if the RPC is aborted.
# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 417 def get_ingress_rule request, options = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::GetIngressRuleRequest # Converts hash and nil to an options object options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h # Customize the options with defaults metadata = @config.rpcs.get_ingress_rule.metadata.to_h # Set x-goog-api-client and x-goog-user-project headers metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::AppEngine::V1::VERSION metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = { "name" => request.name } request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") metadata[:"x-goog-request-params"] ||= request_params_header options.apply_defaults timeout: @config.rpcs.get_ingress_rule.timeout, metadata: metadata, retry_policy: @config.rpcs.get_ingress_rule.retry_policy options.apply_defaults timeout: @config.timeout, metadata: @config.metadata, retry_policy: @config.retry_policy @firewall_stub.call_rpc :get_ingress_rule, request, options: options do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end
Lists the firewall rules of an application.
@overload list_ingress_rules
(request, options = nil)
Pass arguments to `list_ingress_rules` via a request object, either of type {::Google::Cloud::AppEngine::V1::ListIngressRulesRequest} or an equivalent Hash. @param request [::Google::Cloud::AppEngine::V1::ListIngressRulesRequest, ::Hash] A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash. @param options [::Gapic::CallOptions, ::Hash] Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
@overload list_ingress_rules
(parent: nil, page_size: nil, page_token: nil, matching_address: nil)
Pass arguments to `list_ingress_rules` via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above). @param parent [::String] Name of the Firewall collection to retrieve. Example: `apps/myapp/firewall/ingressRules`. @param page_size [::Integer] Maximum results to return per page. @param page_token [::String] Continuation token for fetching the next page of results. @param matching_address [::String] A valid IP Address. If set, only rules matching this address will be returned. The first returned rule will be the rule that fires on requests from this IP.
@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::AppEngine::V1::FirewallRule>] @yieldparam operation [::GRPC::ActiveCall::Operation]
@return [::Gapic::PagedEnumerable<::Google::Cloud::AppEngine::V1::FirewallRule>]
@raise [::Google::Cloud::Error] if the RPC is aborted.
# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 192 def list_ingress_rules request, options = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::ListIngressRulesRequest # Converts hash and nil to an options object options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h # Customize the options with defaults metadata = @config.rpcs.list_ingress_rules.metadata.to_h # Set x-goog-api-client and x-goog-user-project headers metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::AppEngine::V1::VERSION metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = { "parent" => request.parent } request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") metadata[:"x-goog-request-params"] ||= request_params_header options.apply_defaults timeout: @config.rpcs.list_ingress_rules.timeout, metadata: metadata, retry_policy: @config.rpcs.list_ingress_rules.retry_policy options.apply_defaults timeout: @config.timeout, metadata: @config.metadata, retry_policy: @config.retry_policy @firewall_stub.call_rpc :list_ingress_rules, request, options: options do |response, operation| response = ::Gapic::PagedEnumerable.new @firewall_stub, :list_ingress_rules, request, response, operation, options yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end
Updates the specified firewall rule.
@overload update_ingress_rule
(request, options = nil)
Pass arguments to `update_ingress_rule` via a request object, either of type {::Google::Cloud::AppEngine::V1::UpdateIngressRuleRequest} or an equivalent Hash. @param request [::Google::Cloud::AppEngine::V1::UpdateIngressRuleRequest, ::Hash] A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash. @param options [::Gapic::CallOptions, ::Hash] Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
@overload update_ingress_rule
(name: nil, rule: nil, update_mask: nil)
Pass arguments to `update_ingress_rule` via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above). @param name [::String] Name of the Firewall resource to update. Example: `apps/myapp/firewall/ingressRules/100`. @param rule [::Google::Cloud::AppEngine::V1::FirewallRule, ::Hash] A FirewallRule containing the updated resource @param update_mask [::Google::Protobuf::FieldMask, ::Hash] Standard field mask for the set of fields to be updated.
@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::AppEngine::V1::FirewallRule] @yieldparam operation [::GRPC::ActiveCall::Operation]
@return [::Google::Cloud::AppEngine::V1::FirewallRule]
@raise [::Google::Cloud::Error] if the RPC is aborted.
# File lib/google/cloud/app_engine/v1/firewall/client.rb, line 490 def update_ingress_rule request, options = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AppEngine::V1::UpdateIngressRuleRequest # Converts hash and nil to an options object options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h # Customize the options with defaults metadata = @config.rpcs.update_ingress_rule.metadata.to_h # Set x-goog-api-client and x-goog-user-project headers metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::AppEngine::V1::VERSION metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = { "name" => request.name } request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") metadata[:"x-goog-request-params"] ||= request_params_header options.apply_defaults timeout: @config.rpcs.update_ingress_rule.timeout, metadata: metadata, retry_policy: @config.rpcs.update_ingress_rule.retry_policy options.apply_defaults timeout: @config.timeout, metadata: @config.metadata, retry_policy: @config.retry_policy @firewall_stub.call_rpc :update_ingress_rule, request, options: options do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end