/
computesecuritypolicy_types.go
151 lines (123 loc) · 6.66 KB
/
computesecuritypolicy_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
//
// ----------------------------------------------------------------------------
//
// This file is automatically generated by Config Connector and manual
// changes will be clobbered when the file is regenerated.
//
// ----------------------------------------------------------------------------
// *** DISCLAIMER ***
// Config Connector's go-client for CRDs is currently in ALPHA, which means
// that future versions of the go-client may include breaking changes.
// Please try it out and give us feedback!
package v1beta1
import (
"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/k8s/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type SecuritypolicyAdaptiveProtectionConfig struct {
/* Layer 7 DDoS Defense Config of this security policy. */
// +optional
Layer7DdosDefenseConfig *SecuritypolicyLayer7DdosDefenseConfig `json:"layer7DdosDefenseConfig,omitempty"`
}
type SecuritypolicyConfig struct {
/* Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior). */
SrcIpRanges []string `json:"srcIpRanges"`
}
type SecuritypolicyExpr struct {
/* Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported. */
Expression string `json:"expression"`
}
type SecuritypolicyLayer7DdosDefenseConfig struct {
/* If set to true, enables CAAP for L7 DDoS detection. */
// +optional
Enable *bool `json:"enable,omitempty"`
/* Rule visibility. Supported values include: "STANDARD", "PREMIUM". */
// +optional
RuleVisibility *string `json:"ruleVisibility,omitempty"`
}
type SecuritypolicyMatch struct {
/* The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified. */
// +optional
Config *SecuritypolicyConfig `json:"config,omitempty"`
/* User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. */
// +optional
Expr *SecuritypolicyExpr `json:"expr,omitempty"`
/* Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config. */
// +optional
VersionedExpr *string `json:"versionedExpr,omitempty"`
}
type SecuritypolicyRule struct {
/* Action to take when match matches the request. Valid values: "allow" : allow access to target, "deny(status)" : deny access to target, returns the HTTP response code specified (valid values are 403, 404 and 502). */
Action string `json:"action"`
/* An optional description of this rule. Max size is 64. */
// +optional
Description *string `json:"description,omitempty"`
/* A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced. */
Match SecuritypolicyMatch `json:"match"`
/* When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such. */
// +optional
Preview *bool `json:"preview,omitempty"`
/* An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order. */
Priority int `json:"priority"`
}
type ComputeSecurityPolicySpec struct {
/* Adaptive Protection Config of this security policy. */
// +optional
AdaptiveProtectionConfig *SecuritypolicyAdaptiveProtectionConfig `json:"adaptiveProtectionConfig,omitempty"`
/* An optional description of this security policy. Max size is 2048. */
// +optional
Description *string `json:"description,omitempty"`
/* Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */
// +optional
ResourceID *string `json:"resourceID,omitempty"`
/* The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added. */
// +optional
Rule []SecuritypolicyRule `json:"rule,omitempty"`
}
type ComputeSecurityPolicyStatus struct {
/* Conditions represent the latest available observations of the
ComputeSecurityPolicy's current state. */
Conditions []v1alpha1.Condition `json:"conditions,omitempty"`
/* Fingerprint of this resource. */
Fingerprint string `json:"fingerprint,omitempty"`
/* ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */
ObservedGeneration int `json:"observedGeneration,omitempty"`
/* The URI of the created resource. */
SelfLink string `json:"selfLink,omitempty"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ComputeSecurityPolicy is the Schema for the compute API
// +k8s:openapi-gen=true
type ComputeSecurityPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ComputeSecurityPolicySpec `json:"spec,omitempty"`
Status ComputeSecurityPolicyStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ComputeSecurityPolicyList contains a list of ComputeSecurityPolicy
type ComputeSecurityPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ComputeSecurityPolicy `json:"items"`
}
func init() {
SchemeBuilder.Register(&ComputeSecurityPolicy{}, &ComputeSecurityPolicyList{})
}