Skip to content

Commit efa3e04

Browse files
gcf-owl-bot[bot]gcf-owl-bot[bot]
authored
feat: [networksecurity] Publish proto definitions for AuthzPolicy, TlsInspectionPolicy, GatewaySecurityPolicy, GatewaySecurityPolicyRule, and UrlList (#7862)
* feat: Publish proto definitions for AuthzPolicy, TlsInspectionPolicy, GatewaySecurityPolicy, GatewaySecurityPolicyRule, and UrlList feat: Publish proto definitions for Intercept, Mirroring and SecurityProfileGroup feat: Publish proto definitions for SSG docs: Update and cleanup docs PiperOrigin-RevId: 889789965 Source-Link: googleapis/googleapis@a4d528d Source-Link: googleapis/googleapis-gen@0b793c6 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLW5ldHdvcmtzZWN1cml0eS8uT3dsQm90LnlhbWwiLCJoIjoiMGI3OTNjNmNmMGY4MWZhMGFiNWFlMzk4ZTZiMWJhNjYwNzg4ZTBlYyJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
1 parent 5d3b138 commit efa3e04

159 files changed

Lines changed: 168552 additions & 8962 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

packages/google-cloud-networksecurity/README.md

Lines changed: 96 additions & 1 deletion
Large diffs are not rendered by default.

packages/google-cloud-networksecurity/protos/google/cloud/networksecurity/v1/address_group.proto

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Copyright 2025 Google LLC
1+
// Copyright 2026 Google LLC
22
//
33
// Licensed under the Apache License, Version 2.0 (the "License");
44
// you may not use this file except in compliance with the License.
@@ -19,8 +19,11 @@ package google.cloud.networksecurity.v1;
1919
import "google/api/annotations.proto";
2020
import "google/api/client.proto";
2121
import "google/api/field_behavior.proto";
22+
import "google/api/field_info.proto";
2223
import "google/api/resource.proto";
24+
import "google/cloud/networksecurity/v1/common.proto";
2325
import "google/longrunning/operations.proto";
26+
import "google/protobuf/empty.proto";
2427
import "google/protobuf/field_mask.proto";
2528
import "google/protobuf/timestamp.proto";
2629

@@ -31,10 +34,6 @@ option java_outer_classname = "AddressGroupProto";
3134
option java_package = "com.google.cloud.networksecurity.v1";
3235
option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1";
3336
option ruby_package = "Google::Cloud::NetworkSecurity::V1";
34-
option (google.api.resource_definition) = {
35-
type: "networksecurity.googleapis.com/OrganizationLocation"
36-
pattern: "organizations/{organization}/locations/{location}"
37-
};
3837

3938
// AddressGroup is a resource that manages a collection of IP or Domain Names,
4039
// it can be used in Firewall Policy to represent allow or deny traffic from

packages/google-cloud-networksecurity/protos/google/cloud/networksecurity/v1/authorization_policy.proto

Lines changed: 49 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Copyright 2025 Google LLC
1+
// Copyright 2026 Google LLC
22
//
33
// Licensed under the Apache License, Version 2.0 (the "License");
44
// you may not use this file except in compliance with the License.
@@ -43,19 +43,19 @@ message AuthorizationPolicy {
4343
message Rule {
4444
// Specification of traffic source attributes.
4545
message Source {
46-
// Optional. List of peer identities to match for authorization. At least one
47-
// principal should match. Each peer can be an exact match, or a prefix
48-
// match (example, "namespace/*") or a suffix match (example,
46+
// Optional. List of peer identities to match for authorization. At least
47+
// one principal should match. Each peer can be an exact match, or a
48+
// prefix match (example, "namespace/*") or a suffix match (example,
4949
// "*/service-account") or a presence match "*". Authorization based on
5050
// the principal name without certificate validation (configured by
5151
// ServerTlsPolicy resource) is considered insecure.
5252
repeated string principals = 1 [(google.api.field_behavior) = OPTIONAL];
5353

54-
// Optional. List of CIDR ranges to match based on source IP address. At least one
55-
// IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
56-
// "1.2.3.0/24") are supported. Authorization based on source IP alone
57-
// should be avoided. The IP addresses of any load balancers or proxies
58-
// should be considered untrusted.
54+
// Optional. List of CIDR ranges to match based on source IP address. At
55+
// least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR
56+
// (e.g., "1.2.3.0/24") are supported. Authorization based on source IP
57+
// alone should be avoided. The IP addresses of any load balancers or
58+
// proxies should be considered untrusted.
5959
repeated string ip_blocks = 2 [(google.api.field_behavior) = OPTIONAL];
6060
}
6161

@@ -81,39 +81,42 @@ message AuthorizationPolicy {
8181
string header_name = 1 [(google.api.field_behavior) = REQUIRED];
8282
}
8383

84-
// Required. List of host names to match. Matched against the ":authority" header in
85-
// http requests. At least one host should match. Each host can be an
86-
// exact match, or a prefix match (example "mydomain.*") or a suffix
84+
// Required. List of host names to match. Matched against the ":authority"
85+
// header in http requests. At least one host should match. Each host can
86+
// be an exact match, or a prefix match (example "mydomain.*") or a suffix
8787
// match (example "*.myorg.com") or a presence (any) match "*".
8888
repeated string hosts = 1 [(google.api.field_behavior) = REQUIRED];
8989

90-
// Required. List of destination ports to match. At least one port should match.
90+
// Required. List of destination ports to match. At least one port should
91+
// match.
9192
repeated uint32 ports = 2 [(google.api.field_behavior) = REQUIRED];
9293

9394
// Optional. A list of HTTP methods to match. At least one method should
9495
// match. Should not be set for gRPC services.
9596
repeated string methods = 4 [(google.api.field_behavior) = OPTIONAL];
9697

97-
// Optional. Match against key:value pair in http header. Provides a flexible match
98-
// based on HTTP headers, for potentially advanced use cases. At least one
99-
// header should match. Avoid using header matches to make authorization
100-
// decisions unless there is a strong guarantee that requests arrive
101-
// through a trusted client or proxy.
102-
HttpHeaderMatch http_header_match = 5 [(google.api.field_behavior) = OPTIONAL];
98+
// Optional. Match against key:value pair in http header. Provides a
99+
// flexible match based on HTTP headers, for potentially advanced use
100+
// cases. At least one header should match. Avoid using header matches to
101+
// make authorization decisions unless there is a strong guarantee that
102+
// requests arrive through a trusted client or proxy.
103+
HttpHeaderMatch http_header_match = 5
104+
[(google.api.field_behavior) = OPTIONAL];
103105
}
104106

105-
// Optional. List of attributes for the traffic source. All of the sources must match.
106-
// A source is a match if both principals and ip_blocks match. If not set,
107-
// the action specified in the 'action' field will be applied without any
108-
// rule checks for the source.
107+
// Optional. List of attributes for the traffic source. All of the sources
108+
// must match. A source is a match if both principals and ip_blocks match.
109+
// If not set, the action specified in the 'action' field will be applied
110+
// without any rule checks for the source.
109111
repeated Source sources = 1 [(google.api.field_behavior) = OPTIONAL];
110112

111-
// Optional. List of attributes for the traffic destination. All of the destinations
112-
// must match. A destination is a match if a request matches all the
113-
// specified hosts, ports, methods and headers. If not set, the
113+
// Optional. List of attributes for the traffic destination. All of the
114+
// destinations must match. A destination is a match if a request matches
115+
// all the specified hosts, ports, methods and headers. If not set, the
114116
// action specified in the 'action' field will be applied without any rule
115117
// checks for the destination.
116-
repeated Destination destinations = 2 [(google.api.field_behavior) = OPTIONAL];
118+
repeated Destination destinations = 2
119+
[(google.api.field_behavior) = OPTIONAL];
117120
}
118121

119122
// Possible values that define what action to take.
@@ -138,22 +141,26 @@ message AuthorizationPolicy {
138141
string description = 2 [(google.api.field_behavior) = OPTIONAL];
139142

140143
// Output only. The timestamp when the resource was created.
141-
google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
144+
google.protobuf.Timestamp create_time = 3
145+
[(google.api.field_behavior) = OUTPUT_ONLY];
142146

143147
// Output only. The timestamp when the resource was updated.
144-
google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
148+
google.protobuf.Timestamp update_time = 4
149+
[(google.api.field_behavior) = OUTPUT_ONLY];
145150

146-
// Optional. Set of label tags associated with the AuthorizationPolicy resource.
151+
// Optional. Set of label tags associated with the AuthorizationPolicy
152+
// resource.
147153
map<string, string> labels = 5 [(google.api.field_behavior) = OPTIONAL];
148154

149155
// Required. The action to take when a rule match is found. Possible values
150156
// are "ALLOW" or "DENY".
151157
Action action = 6 [(google.api.field_behavior) = REQUIRED];
152158

153-
// Optional. List of rules to match. Note that at least one of the rules must match in
154-
// order for the action specified in the 'action' field to be taken. A rule is
155-
// a match if there is a matching source and destination. If left blank, the
156-
// action specified in the `action` field will be applied on every request.
159+
// Optional. List of rules to match. Note that at least one of the rules must
160+
// match in order for the action specified in the 'action' field to be taken.
161+
// A rule is a match if there is a matching source and destination. If left
162+
// blank, the action specified in the `action` field will be applied on every
163+
// request.
157164
repeated Rule rules = 7 [(google.api.field_behavior) = OPTIONAL];
158165
}
159166

@@ -220,7 +227,8 @@ message CreateAuthorizationPolicyRequest {
220227
string authorization_policy_id = 2 [(google.api.field_behavior) = REQUIRED];
221228

222229
// Required. AuthorizationPolicy resource to be created.
223-
AuthorizationPolicy authorization_policy = 3 [(google.api.field_behavior) = REQUIRED];
230+
AuthorizationPolicy authorization_policy = 3
231+
[(google.api.field_behavior) = REQUIRED];
224232
}
225233

226234
// Request used by the UpdateAuthorizationPolicy method.
@@ -230,16 +238,18 @@ message UpdateAuthorizationPolicyRequest {
230238
// The fields specified in the update_mask are relative to the resource, not
231239
// the full request. A field will be overwritten if it is in the mask. If the
232240
// user does not provide a mask then all fields will be overwritten.
233-
google.protobuf.FieldMask update_mask = 1 [(google.api.field_behavior) = OPTIONAL];
241+
google.protobuf.FieldMask update_mask = 1
242+
[(google.api.field_behavior) = OPTIONAL];
234243

235244
// Required. Updated AuthorizationPolicy resource.
236-
AuthorizationPolicy authorization_policy = 2 [(google.api.field_behavior) = REQUIRED];
245+
AuthorizationPolicy authorization_policy = 2
246+
[(google.api.field_behavior) = REQUIRED];
237247
}
238248

239249
// Request used by the DeleteAuthorizationPolicy method.
240250
message DeleteAuthorizationPolicyRequest {
241-
// Required. A name of the AuthorizationPolicy to delete. Must be in the format
242-
// `projects/{project}/locations/{location}/authorizationPolicies/*`.
251+
// Required. A name of the AuthorizationPolicy to delete. Must be in the
252+
// format `projects/{project}/locations/{location}/authorizationPolicies/*`.
243253
string name = 1 [
244254
(google.api.field_behavior) = REQUIRED,
245255
(google.api.resource_reference) = {

0 commit comments

Comments
 (0)