// Copyright 2022 Luca Casonato. All rights reserved. MIT license. /** * Network Security API Client for Deno * ==================================== * * * * Docs: https://cloud.google.com/networking * Source: https://googleapis.deno.dev/v1/networksecurity:v1.ts */ import { auth, CredentialsClient, GoogleAuth, request } from "/_/base@v1/mod.ts"; export { auth, GoogleAuth }; export type { CredentialsClient }; export class NetworkSecurity { #client: CredentialsClient | undefined; #baseUrl: string; constructor(client?: CredentialsClient, baseUrl: string = "https://networksecurity.googleapis.com/") { this.#client = client; this.#baseUrl = baseUrl; } /** * Adds items to an address group. * * @param addressGroup Required. A name of the AddressGroup to add items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsAddItems(addressGroup: string, req: AddAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:addItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Clones items from one address group to another. * * @param addressGroup Required. A name of the AddressGroup to clone items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsCloneItems(addressGroup: string, req: CloneAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:cloneItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Creates a new address group in a given project and location. * * @param parent Required. The parent resource of the AddressGroup. Must be in the format `projects/*/locations/{location}`. */ async organizationsLocationsAddressGroupsCreate(parent: string, req: AddressGroup, opts: OrganizationsLocationsAddressGroupsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/addressGroups`); if (opts.addressGroupId !== undefined) { url.searchParams.append("addressGroupId", String(opts.addressGroupId)); } if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes an address group. * * @param name Required. A name of the AddressGroup to delete. Must be in the format `projects/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsDelete(name: string, opts: OrganizationsLocationsAddressGroupsDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single address group. * * @param name Required. A name of the AddressGroup to get. Must be in the format `projects/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as AddressGroup; } /** * Lists address groups in a given project and location. * * @param parent Required. The project and location from which the AddressGroups should be listed, specified in the format `projects/*/locations/{location}`. */ async organizationsLocationsAddressGroupsList(parent: string, opts: OrganizationsLocationsAddressGroupsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/addressGroups`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAddressGroupsResponse; } /** * Lists references of an address group. * * @param addressGroup Required. A name of the AddressGroup to clone items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsListReferences(addressGroup: string, opts: OrganizationsLocationsAddressGroupsListReferencesOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:listReferences`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAddressGroupReferencesResponse; } /** * Updates parameters of an address group. * * @param name Required. Name of the AddressGroup resource. It matches pattern `projects/*/locations/{location}/addressGroups/`. */ async organizationsLocationsAddressGroupsPatch(name: string, req: AddressGroup, opts: OrganizationsLocationsAddressGroupsPatchOptions = {}): Promise { opts = serializeOrganizationsLocationsAddressGroupsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Removes items from an address group. * * @param addressGroup Required. A name of the AddressGroup to remove items from. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsRemoveItems(addressGroup: string, req: RemoveAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:removeItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Creates a new FirewallEndpoint in a given project and location. * * @param parent Required. Value for parent. */ async organizationsLocationsFirewallEndpointsCreate(parent: string, req: FirewallEndpoint, opts: OrganizationsLocationsFirewallEndpointsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/firewallEndpoints`); if (opts.firewallEndpointId !== undefined) { url.searchParams.append("firewallEndpointId", String(opts.firewallEndpointId)); } if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single Endpoint. * * @param name Required. Name of the resource */ async organizationsLocationsFirewallEndpointsDelete(name: string, opts: OrganizationsLocationsFirewallEndpointsDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single Endpoint. * * @param name Required. Name of the resource */ async organizationsLocationsFirewallEndpointsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as FirewallEndpoint; } /** * Lists FirewallEndpoints in a given project and location. * * @param parent Required. Parent value for ListEndpointsRequest */ async organizationsLocationsFirewallEndpointsList(parent: string, opts: OrganizationsLocationsFirewallEndpointsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/firewallEndpoints`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListFirewallEndpointsResponse; } /** * Update a single Endpoint. * * @param name Immutable. Identifier. name of resource */ async organizationsLocationsFirewallEndpointsPatch(name: string, req: FirewallEndpoint, opts: OrganizationsLocationsFirewallEndpointsPatchOptions = {}): Promise { opts = serializeOrganizationsLocationsFirewallEndpointsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Starts asynchronous cancellation on a long-running operation. The server * makes a best effort to cancel the operation, but success is not guaranteed. * If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or * other methods to check whether the cancellation succeeded or whether the * operation completed despite cancellation. On successful cancellation, the * operation is not deleted; instead, it becomes an operation with an * Operation.error value with a google.rpc.Status.code of `1`, corresponding * to `Code.CANCELLED`. * * @param name The name of the operation resource to be cancelled. */ async organizationsLocationsOperationsCancel(name: string, req: CancelOperationRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:cancel`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Empty; } /** * Deletes a long-running operation. This method indicates that the client is * no longer interested in the operation result. It does not cancel the * operation. If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. * * @param name The name of the operation resource to be deleted. */ async organizationsLocationsOperationsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Empty; } /** * Gets the latest state of a long-running operation. Clients can use this * method to poll the operation result at intervals as recommended by the API * service. * * @param name The name of the operation resource. */ async organizationsLocationsOperationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Operation; } /** * Lists operations that match the specified filter in the request. If the * server doesn't support this method, it returns `UNIMPLEMENTED`. * * @param name The name of the operation's parent resource. */ async organizationsLocationsOperationsList(name: string, opts: OrganizationsLocationsOperationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }/operations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListOperationsResponse; } /** * Creates a new SecurityProfileGroup in a given organization and location. * * @param parent Required. The parent resource of the SecurityProfileGroup. Must be in the format `projects|organizations/*/locations/{location}`. */ async organizationsLocationsSecurityProfileGroupsCreate(parent: string, req: SecurityProfileGroup, opts: OrganizationsLocationsSecurityProfileGroupsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/securityProfileGroups`); if (opts.securityProfileGroupId !== undefined) { url.searchParams.append("securityProfileGroupId", String(opts.securityProfileGroupId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single SecurityProfileGroup. * * @param name Required. A name of the SecurityProfileGroup to delete. Must be in the format `projects|organizations/*/locations/{location}/securityProfileGroups/{security_profile_group}`. */ async organizationsLocationsSecurityProfileGroupsDelete(name: string, opts: OrganizationsLocationsSecurityProfileGroupsDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.etag !== undefined) { url.searchParams.append("etag", String(opts.etag)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single SecurityProfileGroup. * * @param name Required. A name of the SecurityProfileGroup to get. Must be in the format `projects|organizations/*/locations/{location}/securityProfileGroups/{security_profile_group}`. */ async organizationsLocationsSecurityProfileGroupsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as SecurityProfileGroup; } /** * Lists SecurityProfileGroups in a given organization and location. * * @param parent Required. The project or organization and location from which the SecurityProfileGroups should be listed, specified in the format `projects|organizations/*/locations/{location}`. */ async organizationsLocationsSecurityProfileGroupsList(parent: string, opts: OrganizationsLocationsSecurityProfileGroupsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/securityProfileGroups`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListSecurityProfileGroupsResponse; } /** * Updates the parameters of a single SecurityProfileGroup. * * @param name Immutable. Identifier. Name of the SecurityProfileGroup resource. It matches pattern `projects|organizations/*/locations/{location}/securityProfileGroups/{security_profile_group}`. */ async organizationsLocationsSecurityProfileGroupsPatch(name: string, req: SecurityProfileGroup, opts: OrganizationsLocationsSecurityProfileGroupsPatchOptions = {}): Promise { opts = serializeOrganizationsLocationsSecurityProfileGroupsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Creates a new SecurityProfile in a given organization and location. * * @param parent Required. The parent resource of the SecurityProfile. Must be in the format `projects|organizations/*/locations/{location}`. */ async organizationsLocationsSecurityProfilesCreate(parent: string, req: SecurityProfile, opts: OrganizationsLocationsSecurityProfilesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/securityProfiles`); if (opts.securityProfileId !== undefined) { url.searchParams.append("securityProfileId", String(opts.securityProfileId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single SecurityProfile. * * @param name Required. A name of the SecurityProfile to delete. Must be in the format `projects|organizations/*/locations/{location}/securityProfiles/{security_profile_id}`. */ async organizationsLocationsSecurityProfilesDelete(name: string, opts: OrganizationsLocationsSecurityProfilesDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.etag !== undefined) { url.searchParams.append("etag", String(opts.etag)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single SecurityProfile. * * @param name Required. A name of the SecurityProfile to get. Must be in the format `projects|organizations/*/locations/{location}/securityProfiles/{security_profile_id}`. */ async organizationsLocationsSecurityProfilesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as SecurityProfile; } /** * Lists SecurityProfiles in a given organization and location. * * @param parent Required. The project or organization and location from which the SecurityProfiles should be listed, specified in the format `projects|organizations/*/locations/{location}`. */ async organizationsLocationsSecurityProfilesList(parent: string, opts: OrganizationsLocationsSecurityProfilesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/securityProfiles`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListSecurityProfilesResponse; } /** * Updates the parameters of a single SecurityProfile. * * @param name Immutable. Identifier. Name of the SecurityProfile resource. It matches pattern `projects|organizations/*/locations/{location}/securityProfiles/{security_profile}`. */ async organizationsLocationsSecurityProfilesPatch(name: string, req: SecurityProfile, opts: OrganizationsLocationsSecurityProfilesPatchOptions = {}): Promise { opts = serializeOrganizationsLocationsSecurityProfilesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Adds items to an address group. * * @param addressGroup Required. A name of the AddressGroup to add items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsAddItems(addressGroup: string, req: AddAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:addItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Clones items from one address group to another. * * @param addressGroup Required. A name of the AddressGroup to clone items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsCloneItems(addressGroup: string, req: CloneAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:cloneItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Creates a new address group in a given project and location. * * @param parent Required. The parent resource of the AddressGroup. Must be in the format `projects/*/locations/{location}`. */ async projectsLocationsAddressGroupsCreate(parent: string, req: AddressGroup, opts: ProjectsLocationsAddressGroupsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/addressGroups`); if (opts.addressGroupId !== undefined) { url.searchParams.append("addressGroupId", String(opts.addressGroupId)); } if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single address group. * * @param name Required. A name of the AddressGroup to delete. Must be in the format `projects/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsDelete(name: string, opts: ProjectsLocationsAddressGroupsDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single address group. * * @param name Required. A name of the AddressGroup to get. Must be in the format `projects/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as AddressGroup; } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAddressGroupsGetIamPolicy(resource: string, opts: ProjectsLocationsAddressGroupsGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeGoogleIamV1Policy(data); } /** * Lists address groups in a given project and location. * * @param parent Required. The project and location from which the AddressGroups should be listed, specified in the format `projects/*/locations/{location}`. */ async projectsLocationsAddressGroupsList(parent: string, opts: ProjectsLocationsAddressGroupsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/addressGroups`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAddressGroupsResponse; } /** * Lists references of an address group. * * @param addressGroup Required. A name of the AddressGroup to clone items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsListReferences(addressGroup: string, opts: ProjectsLocationsAddressGroupsListReferencesOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:listReferences`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAddressGroupReferencesResponse; } /** * Updates the parameters of a single address group. * * @param name Required. Name of the AddressGroup resource. It matches pattern `projects/*/locations/{location}/addressGroups/`. */ async projectsLocationsAddressGroupsPatch(name: string, req: AddressGroup, opts: ProjectsLocationsAddressGroupsPatchOptions = {}): Promise { opts = serializeProjectsLocationsAddressGroupsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Removes items from an address group. * * @param addressGroup Required. A name of the AddressGroup to remove items from. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsRemoveItems(addressGroup: string, req: RemoveAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:removeItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAddressGroupsSetIamPolicy(resource: string, req: GoogleIamV1SetIamPolicyRequest): Promise { req = serializeGoogleIamV1SetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeGoogleIamV1Policy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAddressGroupsTestIamPermissions(resource: string, req: GoogleIamV1TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as GoogleIamV1TestIamPermissionsResponse; } /** * Creates a new AuthorizationPolicy in a given project and location. * * @param parent Required. The parent resource of the AuthorizationPolicy. Must be in the format `projects/{project}/locations/{location}`. */ async projectsLocationsAuthorizationPoliciesCreate(parent: string, req: AuthorizationPolicy, opts: ProjectsLocationsAuthorizationPoliciesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/authorizationPolicies`); if (opts.authorizationPolicyId !== undefined) { url.searchParams.append("authorizationPolicyId", String(opts.authorizationPolicyId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single AuthorizationPolicy. * * @param name Required. A name of the AuthorizationPolicy to delete. Must be in the format `projects/{project}/locations/{location}/authorizationPolicies/*`. */ async projectsLocationsAuthorizationPoliciesDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single AuthorizationPolicy. * * @param name Required. A name of the AuthorizationPolicy to get. Must be in the format `projects/{project}/locations/{location}/authorizationPolicies/*`. */ async projectsLocationsAuthorizationPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as AuthorizationPolicy; } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAuthorizationPoliciesGetIamPolicy(resource: string, opts: ProjectsLocationsAuthorizationPoliciesGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeGoogleIamV1Policy(data); } /** * Lists AuthorizationPolicies in a given project and location. * * @param parent Required. The project and location from which the AuthorizationPolicies should be listed, specified in the format `projects/{project}/locations/{location}`. */ async projectsLocationsAuthorizationPoliciesList(parent: string, opts: ProjectsLocationsAuthorizationPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/authorizationPolicies`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAuthorizationPoliciesResponse; } /** * Updates the parameters of a single AuthorizationPolicy. * * @param name Required. Name of the AuthorizationPolicy resource. It matches pattern `projects/{project}/locations/{location}/authorizationPolicies/`. */ async projectsLocationsAuthorizationPoliciesPatch(name: string, req: AuthorizationPolicy, opts: ProjectsLocationsAuthorizationPoliciesPatchOptions = {}): Promise { opts = serializeProjectsLocationsAuthorizationPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAuthorizationPoliciesSetIamPolicy(resource: string, req: GoogleIamV1SetIamPolicyRequest): Promise { req = serializeGoogleIamV1SetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeGoogleIamV1Policy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAuthorizationPoliciesTestIamPermissions(resource: string, req: GoogleIamV1TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as GoogleIamV1TestIamPermissionsResponse; } /** * Creates a new AuthzPolicy in a given project and location. * * @param parent Required. The parent resource of the `AuthzPolicy` resource. Must be in the format `projects/{project}/locations/{location}`. */ async projectsLocationsAuthzPoliciesCreate(parent: string, req: AuthzPolicy, opts: ProjectsLocationsAuthzPoliciesCreateOptions = {}): Promise { req = serializeAuthzPolicy(req); const url = new URL(`${this.#baseUrl}v1/${ parent }/authzPolicies`); if (opts.authzPolicyId !== undefined) { url.searchParams.append("authzPolicyId", String(opts.authzPolicyId)); } if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single AuthzPolicy. * * @param name Required. The name of the `AuthzPolicy` resource to delete. Must be in the format `projects/{project}/locations/{location}/authzPolicies/{authz_policy}`. */ async projectsLocationsAuthzPoliciesDelete(name: string, opts: ProjectsLocationsAuthzPoliciesDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single AuthzPolicy. * * @param name Required. A name of the `AuthzPolicy` resource to get. Must be in the format `projects/{project}/locations/{location}/authzPolicies/{authz_policy}`. */ async projectsLocationsAuthzPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeAuthzPolicy(data); } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAuthzPoliciesGetIamPolicy(resource: string, opts: ProjectsLocationsAuthzPoliciesGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeGoogleIamV1Policy(data); } /** * Lists AuthzPolicies in a given project and location. * * @param parent Required. The project and location from which the `AuthzPolicy` resources are listed, specified in the following format: `projects/{project}/locations/{location}`. */ async projectsLocationsAuthzPoliciesList(parent: string, opts: ProjectsLocationsAuthzPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/authzPolicies`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListAuthzPoliciesResponse(data); } /** * Updates the parameters of a single AuthzPolicy. * * @param name Required. Identifier. Name of the `AuthzPolicy` resource in the following format: `projects/{project}/locations/{location}/authzPolicies/{authz_policy}`. */ async projectsLocationsAuthzPoliciesPatch(name: string, req: AuthzPolicy, opts: ProjectsLocationsAuthzPoliciesPatchOptions = {}): Promise { req = serializeAuthzPolicy(req); opts = serializeProjectsLocationsAuthzPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAuthzPoliciesSetIamPolicy(resource: string, req: GoogleIamV1SetIamPolicyRequest): Promise { req = serializeGoogleIamV1SetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeGoogleIamV1Policy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAuthzPoliciesTestIamPermissions(resource: string, req: GoogleIamV1TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as GoogleIamV1TestIamPermissionsResponse; } /** * Creates a new ClientTlsPolicy in a given project and location. * * @param parent Required. The parent resource of the ClientTlsPolicy. Must be in the format `projects/*/locations/{location}`. */ async projectsLocationsClientTlsPoliciesCreate(parent: string, req: ClientTlsPolicy, opts: ProjectsLocationsClientTlsPoliciesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/clientTlsPolicies`); if (opts.clientTlsPolicyId !== undefined) { url.searchParams.append("clientTlsPolicyId", String(opts.clientTlsPolicyId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single ClientTlsPolicy. * * @param name Required. A name of the ClientTlsPolicy to delete. Must be in the format `projects/*/locations/{location}/clientTlsPolicies/*`. */ async projectsLocationsClientTlsPoliciesDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single ClientTlsPolicy. * * @param name Required. A name of the ClientTlsPolicy to get. Must be in the format `projects/*/locations/{location}/clientTlsPolicies/*`. */ async projectsLocationsClientTlsPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ClientTlsPolicy; } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsClientTlsPoliciesGetIamPolicy(resource: string, opts: ProjectsLocationsClientTlsPoliciesGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeGoogleIamV1Policy(data); } /** * Lists ClientTlsPolicies in a given project and location. * * @param parent Required. The project and location from which the ClientTlsPolicies should be listed, specified in the format `projects/*/locations/{location}`. */ async projectsLocationsClientTlsPoliciesList(parent: string, opts: ProjectsLocationsClientTlsPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/clientTlsPolicies`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListClientTlsPoliciesResponse; } /** * Updates the parameters of a single ClientTlsPolicy. * * @param name Required. Name of the ClientTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}` */ async projectsLocationsClientTlsPoliciesPatch(name: string, req: ClientTlsPolicy, opts: ProjectsLocationsClientTlsPoliciesPatchOptions = {}): Promise { opts = serializeProjectsLocationsClientTlsPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsClientTlsPoliciesSetIamPolicy(resource: string, req: GoogleIamV1SetIamPolicyRequest): Promise { req = serializeGoogleIamV1SetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeGoogleIamV1Policy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsClientTlsPoliciesTestIamPermissions(resource: string, req: GoogleIamV1TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as GoogleIamV1TestIamPermissionsResponse; } /** * Creates a new FirewallEndpointAssociation in a given project and location. * * @param parent Required. Value for parent. */ async projectsLocationsFirewallEndpointAssociationsCreate(parent: string, req: FirewallEndpointAssociation, opts: ProjectsLocationsFirewallEndpointAssociationsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/firewallEndpointAssociations`); if (opts.firewallEndpointAssociationId !== undefined) { url.searchParams.append("firewallEndpointAssociationId", String(opts.firewallEndpointAssociationId)); } if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single FirewallEndpointAssociation. * * @param name Required. Name of the resource */ async projectsLocationsFirewallEndpointAssociationsDelete(name: string, opts: ProjectsLocationsFirewallEndpointAssociationsDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single FirewallEndpointAssociation. * * @param name Required. Name of the resource */ async projectsLocationsFirewallEndpointAssociationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as FirewallEndpointAssociation; } /** * Lists Associations in a given project and location. * * @param parent Required. Parent value for ListAssociationsRequest */ async projectsLocationsFirewallEndpointAssociationsList(parent: string, opts: ProjectsLocationsFirewallEndpointAssociationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/firewallEndpointAssociations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListFirewallEndpointAssociationsResponse; } /** * Update a single FirewallEndpointAssociation. * * @param name Immutable. Identifier. name of resource */ async projectsLocationsFirewallEndpointAssociationsPatch(name: string, req: FirewallEndpointAssociation, opts: ProjectsLocationsFirewallEndpointAssociationsPatchOptions = {}): Promise { opts = serializeProjectsLocationsFirewallEndpointAssociationsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Creates a new GatewaySecurityPolicy in a given project and location. * * @param parent Required. The parent resource of the GatewaySecurityPolicy. Must be in the format `projects/{project}/locations/{location}`. */ async projectsLocationsGatewaySecurityPoliciesCreate(parent: string, req: GatewaySecurityPolicy, opts: ProjectsLocationsGatewaySecurityPoliciesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/gatewaySecurityPolicies`); if (opts.gatewaySecurityPolicyId !== undefined) { url.searchParams.append("gatewaySecurityPolicyId", String(opts.gatewaySecurityPolicyId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single GatewaySecurityPolicy. * * @param name Required. A name of the GatewaySecurityPolicy to delete. Must be in the format `projects/{project}/locations/{location}/gatewaySecurityPolicies/*`. */ async projectsLocationsGatewaySecurityPoliciesDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single GatewaySecurityPolicy. * * @param name Required. A name of the GatewaySecurityPolicy to get. Must be in the format `projects/{project}/locations/{location}/gatewaySecurityPolicies/*`. */ async projectsLocationsGatewaySecurityPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as GatewaySecurityPolicy; } /** * Lists GatewaySecurityPolicies in a given project and location. * * @param parent Required. The project and location from which the GatewaySecurityPolicies should be listed, specified in the format `projects/{project}/locations/{location}`. */ async projectsLocationsGatewaySecurityPoliciesList(parent: string, opts: ProjectsLocationsGatewaySecurityPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/gatewaySecurityPolicies`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListGatewaySecurityPoliciesResponse; } /** * Updates the parameters of a single GatewaySecurityPolicy. * * @param name Required. Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy} gateway_security_policy should match the pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ async projectsLocationsGatewaySecurityPoliciesPatch(name: string, req: GatewaySecurityPolicy, opts: ProjectsLocationsGatewaySecurityPoliciesPatchOptions = {}): Promise { opts = serializeProjectsLocationsGatewaySecurityPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Creates a new GatewaySecurityPolicy in a given project and location. * * @param parent Required. The parent where this rule will be created. Format : projects/{project}/location/{location}/gatewaySecurityPolicies/* */ async projectsLocationsGatewaySecurityPoliciesRulesCreate(parent: string, req: GatewaySecurityPolicyRule, opts: ProjectsLocationsGatewaySecurityPoliciesRulesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/rules`); if (opts.gatewaySecurityPolicyRuleId !== undefined) { url.searchParams.append("gatewaySecurityPolicyRuleId", String(opts.gatewaySecurityPolicyRuleId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single GatewaySecurityPolicyRule. * * @param name Required. A name of the GatewaySecurityPolicyRule to delete. Must be in the format `projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}/rules/*`. */ async projectsLocationsGatewaySecurityPoliciesRulesDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single GatewaySecurityPolicyRule. * * @param name Required. The name of the GatewaySecurityPolicyRule to retrieve. Format: projects/{project}/location/{location}/gatewaySecurityPolicies/*/rules/* */ async projectsLocationsGatewaySecurityPoliciesRulesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as GatewaySecurityPolicyRule; } /** * Lists GatewaySecurityPolicyRules in a given project and location. * * @param parent Required. The project, location and GatewaySecurityPolicy from which the GatewaySecurityPolicyRules should be listed, specified in the format `projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}`. */ async projectsLocationsGatewaySecurityPoliciesRulesList(parent: string, opts: ProjectsLocationsGatewaySecurityPoliciesRulesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/rules`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListGatewaySecurityPolicyRulesResponse; } /** * Updates the parameters of a single GatewaySecurityPolicyRule. * * @param name Required. Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ async projectsLocationsGatewaySecurityPoliciesRulesPatch(name: string, req: GatewaySecurityPolicyRule, opts: ProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions = {}): Promise { opts = serializeProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Gets information about a location. * * @param name Resource name for the location. */ async projectsLocationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Location; } /** * Lists information about the supported locations for this service. * * @param name The resource that owns the locations collection, if applicable. */ async projectsLocationsList(name: string, opts: ProjectsLocationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }/locations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListLocationsResponse; } /** * Starts asynchronous cancellation on a long-running operation. The server * makes a best effort to cancel the operation, but success is not guaranteed. * If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or * other methods to check whether the cancellation succeeded or whether the * operation completed despite cancellation. On successful cancellation, the * operation is not deleted; instead, it becomes an operation with an * Operation.error value with a google.rpc.Status.code of `1`, corresponding * to `Code.CANCELLED`. * * @param name The name of the operation resource to be cancelled. */ async projectsLocationsOperationsCancel(name: string, req: CancelOperationRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:cancel`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Empty; } /** * Deletes a long-running operation. This method indicates that the client is * no longer interested in the operation result. It does not cancel the * operation. If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. * * @param name The name of the operation resource to be deleted. */ async projectsLocationsOperationsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Empty; } /** * Gets the latest state of a long-running operation. Clients can use this * method to poll the operation result at intervals as recommended by the API * service. * * @param name The name of the operation resource. */ async projectsLocationsOperationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Operation; } /** * Lists operations that match the specified filter in the request. If the * server doesn't support this method, it returns `UNIMPLEMENTED`. * * @param name The name of the operation's parent resource. */ async projectsLocationsOperationsList(name: string, opts: ProjectsLocationsOperationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }/operations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListOperationsResponse; } /** * Creates a new ServerTlsPolicy in a given project and location. * * @param parent Required. The parent resource of the ServerTlsPolicy. Must be in the format `projects/*/locations/{location}`. */ async projectsLocationsServerTlsPoliciesCreate(parent: string, req: ServerTlsPolicy, opts: ProjectsLocationsServerTlsPoliciesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/serverTlsPolicies`); if (opts.serverTlsPolicyId !== undefined) { url.searchParams.append("serverTlsPolicyId", String(opts.serverTlsPolicyId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single ServerTlsPolicy. * * @param name Required. A name of the ServerTlsPolicy to delete. Must be in the format `projects/*/locations/{location}/serverTlsPolicies/*`. */ async projectsLocationsServerTlsPoliciesDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single ServerTlsPolicy. * * @param name Required. A name of the ServerTlsPolicy to get. Must be in the format `projects/*/locations/{location}/serverTlsPolicies/*`. */ async projectsLocationsServerTlsPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ServerTlsPolicy; } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsServerTlsPoliciesGetIamPolicy(resource: string, opts: ProjectsLocationsServerTlsPoliciesGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeGoogleIamV1Policy(data); } /** * Lists ServerTlsPolicies in a given project and location. * * @param parent Required. The project and location from which the ServerTlsPolicies should be listed, specified in the format `projects/*/locations/{location}`. */ async projectsLocationsServerTlsPoliciesList(parent: string, opts: ProjectsLocationsServerTlsPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/serverTlsPolicies`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListServerTlsPoliciesResponse; } /** * Updates the parameters of a single ServerTlsPolicy. * * @param name Required. Name of the ServerTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}` */ async projectsLocationsServerTlsPoliciesPatch(name: string, req: ServerTlsPolicy, opts: ProjectsLocationsServerTlsPoliciesPatchOptions = {}): Promise { opts = serializeProjectsLocationsServerTlsPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsServerTlsPoliciesSetIamPolicy(resource: string, req: GoogleIamV1SetIamPolicyRequest): Promise { req = serializeGoogleIamV1SetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeGoogleIamV1Policy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsServerTlsPoliciesTestIamPermissions(resource: string, req: GoogleIamV1TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as GoogleIamV1TestIamPermissionsResponse; } /** * Creates a new TlsInspectionPolicy in a given project and location. * * @param parent Required. The parent resource of the TlsInspectionPolicy. Must be in the format `projects/{project}/locations/{location}`. */ async projectsLocationsTlsInspectionPoliciesCreate(parent: string, req: TlsInspectionPolicy, opts: ProjectsLocationsTlsInspectionPoliciesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/tlsInspectionPolicies`); if (opts.tlsInspectionPolicyId !== undefined) { url.searchParams.append("tlsInspectionPolicyId", String(opts.tlsInspectionPolicyId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single TlsInspectionPolicy. * * @param name Required. A name of the TlsInspectionPolicy to delete. Must be in the format `projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy}`. */ async projectsLocationsTlsInspectionPoliciesDelete(name: string, opts: ProjectsLocationsTlsInspectionPoliciesDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.force !== undefined) { url.searchParams.append("force", String(opts.force)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single TlsInspectionPolicy. * * @param name Required. A name of the TlsInspectionPolicy to get. Must be in the format `projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy}`. */ async projectsLocationsTlsInspectionPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as TlsInspectionPolicy; } /** * Lists TlsInspectionPolicies in a given project and location. * * @param parent Required. The project and location from which the TlsInspectionPolicies should be listed, specified in the format `projects/{project}/locations/{location}`. */ async projectsLocationsTlsInspectionPoliciesList(parent: string, opts: ProjectsLocationsTlsInspectionPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/tlsInspectionPolicies`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListTlsInspectionPoliciesResponse; } /** * Updates the parameters of a single TlsInspectionPolicy. * * @param name Required. Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ async projectsLocationsTlsInspectionPoliciesPatch(name: string, req: TlsInspectionPolicy, opts: ProjectsLocationsTlsInspectionPoliciesPatchOptions = {}): Promise { opts = serializeProjectsLocationsTlsInspectionPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Creates a new UrlList in a given project and location. * * @param parent Required. The parent resource of the UrlList. Must be in the format `projects/*/locations/{location}`. */ async projectsLocationsUrlListsCreate(parent: string, req: UrlList, opts: ProjectsLocationsUrlListsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/urlLists`); if (opts.urlListId !== undefined) { url.searchParams.append("urlListId", String(opts.urlListId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single UrlList. * * @param name Required. A name of the UrlList to delete. Must be in the format `projects/*/locations/{location}/urlLists/*`. */ async projectsLocationsUrlListsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single UrlList. * * @param name Required. A name of the UrlList to get. Must be in the format `projects/*/locations/{location}/urlLists/*`. */ async projectsLocationsUrlListsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as UrlList; } /** * Lists UrlLists in a given project and location. * * @param parent Required. The project and location from which the UrlLists should be listed, specified in the format `projects/{project}/locations/{location}`. */ async projectsLocationsUrlListsList(parent: string, opts: ProjectsLocationsUrlListsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/urlLists`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListUrlListsResponse; } /** * Updates the parameters of a single UrlList. * * @param name Required. Name of the resource provided by the user. Name is of the form projects/{project}/locations/{location}/urlLists/{url_list} url_list should match the pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ async projectsLocationsUrlListsPatch(name: string, req: UrlList, opts: ProjectsLocationsUrlListsPatchOptions = {}): Promise { opts = serializeProjectsLocationsUrlListsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } } /** * Request used by the AddAddressGroupItems method. */ export interface AddAddressGroupItemsRequest { /** * Required. List of items to add. */ items?: string[]; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * AddressGroup is a resource that specifies how a collection of IP/DNS used in * Firewall Policy. */ export interface AddressGroup { /** * Required. Capacity of the Address Group */ capacity?: number; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Optional. List of items. */ items?: string[]; /** * Optional. Set of label tags associated with the AddressGroup resource. */ labels?: { [key: string]: string }; /** * Required. Name of the AddressGroup resource. It matches pattern * `projects/*\/locations/{location}/addressGroups/`. */ name?: string; /** * Optional. List of supported purposes of the Address Group. */ purpose?: | "PURPOSE_UNSPECIFIED" | "DEFAULT" | "CLOUD_ARMOR"[]; /** * Output only. Server-defined fully-qualified URL for this resource. */ readonly selfLink?: string; /** * Required. The type of the Address Group. Possible values are "IPv4" or * "IPV6". */ type?: | "TYPE_UNSPECIFIED" | "IPV4" | "IPV6"; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * AuthorizationPolicy is a resource that specifies how a server should * authorize incoming connections. This resource in itself does not change the * configuration unless it's attached to a target https proxy or endpoint config * selector resource. */ export interface AuthorizationPolicy { /** * Required. The action to take when a rule match is found. Possible values * are "ALLOW" or "DENY". */ action?: | "ACTION_UNSPECIFIED" | "ALLOW" | "DENY"; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Optional. Set of label tags associated with the AuthorizationPolicy * resource. */ labels?: { [key: string]: string }; /** * Required. Name of the AuthorizationPolicy resource. It matches pattern * `projects/{project}/locations/{location}/authorizationPolicies/`. */ name?: string; /** * Optional. List of rules to match. Note that at least one of the rules must * match in order for the action specified in the 'action' field to be taken. * A rule is a match if there is a matching source and destination. If left * blank, the action specified in the `action` field will be applied on every * request. */ rules?: Rule[]; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * `AuthzPolicy` is a resource that allows to forward traffic to a callout * backend designed to scan the traffic for security purposes. */ export interface AuthzPolicy { /** * Required. Can be one of `ALLOW`, `DENY`, `CUSTOM`. When the action is * `CUSTOM`, `customProvider` must be specified. When the action is `ALLOW`, * only requests matching the policy will be allowed. When the action is * `DENY`, only requests matching the policy will be denied. When a request * arrives, the policies are evaluated in the following order: 1. If there is * a `CUSTOM` policy that matches the request, the `CUSTOM` policy is * evaluated using the custom authorization providers and the request is * denied if the provider rejects the request. 2. If there are any `DENY` * policies that match the request, the request is denied. 3. If there are no * `ALLOW` policies for the resource or if any of the `ALLOW` policies match * the request, the request is allowed. 4. Else the request is denied by * default if none of the configured AuthzPolicies with `ALLOW` action match * the request. */ action?: | "AUTHZ_ACTION_UNSPECIFIED" | "ALLOW" | "DENY" | "CUSTOM"; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. Required if the action is `CUSTOM`. Allows delegating * authorization decisions to Cloud IAP or to Service Extensions. One of * `cloudIap` or `authzExtension` must be specified. */ customProvider?: AuthzPolicyCustomProvider; /** * Optional. A human-readable description of the resource. */ description?: string; /** * Optional. A list of authorization HTTP rules to match against the incoming * request. A policy match occurs when at least one HTTP rule matches the * request or when no HTTP rules are specified in the policy. At least one * HTTP Rule is required for Allow or Deny Action. Limited to 5 rules. */ httpRules?: AuthzPolicyAuthzRule[]; /** * Optional. Set of labels associated with the `AuthzPolicy` resource. The * format must comply with [the following * requirements](/compute/docs/labeling-resources#requirements). */ labels?: { [key: string]: string }; /** * Required. Identifier. Name of the `AuthzPolicy` resource in the following * format: * `projects/{project}/locations/{location}/authzPolicies/{authz_policy}`. */ name?: string; /** * Required. Specifies the set of resources to which this policy should be * applied to. */ target?: AuthzPolicyTarget; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } function serializeAuthzPolicy(data: any): AuthzPolicy { return { ...data, httpRules: data["httpRules"] !== undefined ? data["httpRules"].map((item: any) => (serializeAuthzPolicyAuthzRule(item))) : undefined, }; } function deserializeAuthzPolicy(data: any): AuthzPolicy { return { ...data, createTime: data["createTime"] !== undefined ? new Date(data["createTime"]) : undefined, httpRules: data["httpRules"] !== undefined ? data["httpRules"].map((item: any) => (deserializeAuthzPolicyAuthzRule(item))) : undefined, updateTime: data["updateTime"] !== undefined ? new Date(data["updateTime"]) : undefined, }; } /** * Conditions to match against the incoming request. */ export interface AuthzPolicyAuthzRule { /** * Optional. Describes properties of a source of a request. */ from?: AuthzPolicyAuthzRuleFrom; /** * Optional. Describes properties of a target of a request. */ to?: AuthzPolicyAuthzRuleTo; /** * Optional. CEL expression that describes the conditions to be satisfied for * the action. The result of the CEL expression is ANDed with the from and to. * Refer to the CEL language reference for a list of available attributes. */ when?: string; } function serializeAuthzPolicyAuthzRule(data: any): AuthzPolicyAuthzRule { return { ...data, from: data["from"] !== undefined ? serializeAuthzPolicyAuthzRuleFrom(data["from"]) : undefined, }; } function deserializeAuthzPolicyAuthzRule(data: any): AuthzPolicyAuthzRule { return { ...data, from: data["from"] !== undefined ? deserializeAuthzPolicyAuthzRuleFrom(data["from"]) : undefined, }; } /** * Describes properties of one or more sources of a request. */ export interface AuthzPolicyAuthzRuleFrom { /** * Optional. Describes the negated properties of request sources. Matches * requests from sources that do not match the criteria specified in this * field. At least one of sources or notSources must be specified. */ notSources?: AuthzPolicyAuthzRuleFromRequestSource[]; /** * Optional. Describes the properties of a request's sources. At least one of * sources or notSources must be specified. Limited to 1 source. A match * occurs when ANY source (in sources or notSources) matches the request. * Within a single source, the match follows AND semantics across fields and * OR semantics within a single field, i.e. a match occurs when ANY principal * matches AND ANY ipBlocks match. */ sources?: AuthzPolicyAuthzRuleFromRequestSource[]; } function serializeAuthzPolicyAuthzRuleFrom(data: any): AuthzPolicyAuthzRuleFrom { return { ...data, notSources: data["notSources"] !== undefined ? data["notSources"].map((item: any) => (serializeAuthzPolicyAuthzRuleFromRequestSource(item))) : undefined, sources: data["sources"] !== undefined ? data["sources"].map((item: any) => (serializeAuthzPolicyAuthzRuleFromRequestSource(item))) : undefined, }; } function deserializeAuthzPolicyAuthzRuleFrom(data: any): AuthzPolicyAuthzRuleFrom { return { ...data, notSources: data["notSources"] !== undefined ? data["notSources"].map((item: any) => (deserializeAuthzPolicyAuthzRuleFromRequestSource(item))) : undefined, sources: data["sources"] !== undefined ? data["sources"].map((item: any) => (deserializeAuthzPolicyAuthzRuleFromRequestSource(item))) : undefined, }; } /** * Describes the properties of a single source. */ export interface AuthzPolicyAuthzRuleFromRequestSource { /** * Optional. A list of identities derived from the client's certificate. This * field will not match on a request unless mutual TLS is enabled for the * Forwarding rule or Gateway. Each identity is a string whose value is * matched against the URI SAN, or DNS SAN or the subject field in the * client's certificate. The match can be exact, prefix, suffix or a substring * match. One of exact, prefix, suffix or contains must be specified. Limited * to 5 principals. */ principals?: AuthzPolicyAuthzRuleStringMatch[]; /** * Optional. A list of resources to match against the resource of the source * VM of a request. Limited to 5 resources. */ resources?: AuthzPolicyAuthzRuleRequestResource[]; } function serializeAuthzPolicyAuthzRuleFromRequestSource(data: any): AuthzPolicyAuthzRuleFromRequestSource { return { ...data, resources: data["resources"] !== undefined ? data["resources"].map((item: any) => (serializeAuthzPolicyAuthzRuleRequestResource(item))) : undefined, }; } function deserializeAuthzPolicyAuthzRuleFromRequestSource(data: any): AuthzPolicyAuthzRuleFromRequestSource { return { ...data, resources: data["resources"] !== undefined ? data["resources"].map((item: any) => (deserializeAuthzPolicyAuthzRuleRequestResource(item))) : undefined, }; } /** * Determines how a HTTP header should be matched. */ export interface AuthzPolicyAuthzRuleHeaderMatch { /** * Optional. Specifies the name of the header in the request. */ name?: string; /** * Optional. Specifies how the header match will be performed. */ value?: AuthzPolicyAuthzRuleStringMatch; } /** * Describes the properties of a client VM resource accessing the internal * application load balancers. */ export interface AuthzPolicyAuthzRuleRequestResource { /** * Optional. An IAM service account to match against the source service * account of the VM sending the request. */ iamServiceAccount?: AuthzPolicyAuthzRuleStringMatch; /** * Optional. A list of resource tag value permanent IDs to match against the * resource manager tags value associated with the source VM of a request. */ tagValueIdSet?: AuthzPolicyAuthzRuleRequestResourceTagValueIdSet; } function serializeAuthzPolicyAuthzRuleRequestResource(data: any): AuthzPolicyAuthzRuleRequestResource { return { ...data, tagValueIdSet: data["tagValueIdSet"] !== undefined ? serializeAuthzPolicyAuthzRuleRequestResourceTagValueIdSet(data["tagValueIdSet"]) : undefined, }; } function deserializeAuthzPolicyAuthzRuleRequestResource(data: any): AuthzPolicyAuthzRuleRequestResource { return { ...data, tagValueIdSet: data["tagValueIdSet"] !== undefined ? deserializeAuthzPolicyAuthzRuleRequestResourceTagValueIdSet(data["tagValueIdSet"]) : undefined, }; } /** * Describes a set of resource tag value permanent IDs to match against the * resource manager tags value associated with the source VM of a request. */ export interface AuthzPolicyAuthzRuleRequestResourceTagValueIdSet { /** * Required. A list of resource tag value permanent IDs to match against the * resource manager tags value associated with the source VM of a request. The * match follows AND semantics which means all the ids must match. Limited to * 5 matches. */ ids?: bigint[]; } function serializeAuthzPolicyAuthzRuleRequestResourceTagValueIdSet(data: any): AuthzPolicyAuthzRuleRequestResourceTagValueIdSet { return { ...data, ids: data["ids"] !== undefined ? data["ids"].map((item: any) => (String(item))) : undefined, }; } function deserializeAuthzPolicyAuthzRuleRequestResourceTagValueIdSet(data: any): AuthzPolicyAuthzRuleRequestResourceTagValueIdSet { return { ...data, ids: data["ids"] !== undefined ? data["ids"].map((item: any) => (BigInt(item))) : undefined, }; } /** * Determines how a string value should be matched. */ export interface AuthzPolicyAuthzRuleStringMatch { /** * The input string must have the substring specified here. Note: empty * contains match is not allowed, please use regex instead. Examples: * * ``abc`` matches the value ``xyz.abc.def`` */ contains?: string; /** * The input string must match exactly the string specified here. Examples: * * ``abc`` only matches the value ``abc``. */ exact?: string; /** * If true, indicates the exact/prefix/suffix/contains matching should be * case insensitive. For example, the matcher ``data`` will match both input * string ``Data`` and ``data`` if set to true. */ ignoreCase?: boolean; /** * The input string must have the prefix specified here. Note: empty prefix * is not allowed, please use regex instead. Examples: * ``abc`` matches the * value ``abc.xyz`` */ prefix?: string; /** * The input string must have the suffix specified here. Note: empty prefix * is not allowed, please use regex instead. Examples: * ``abc`` matches the * value ``xyz.abc`` */ suffix?: string; } /** * Describes properties of one or more targets of a request. */ export interface AuthzPolicyAuthzRuleTo { /** * Optional. Describes the negated properties of the targets of a request. * Matches requests for operations that do not match the criteria specified in * this field. At least one of operations or notOperations must be specified. */ notOperations?: AuthzPolicyAuthzRuleToRequestOperation[]; /** * Optional. Describes properties of one or more targets of a request. At * least one of operations or notOperations must be specified. Limited to 1 * operation. A match occurs when ANY operation (in operations or * notOperations) matches. Within an operation, the match follows AND * semantics across fields and OR semantics within a field, i.e. a match * occurs when ANY path matches AND ANY header matches and ANY method matches. */ operations?: AuthzPolicyAuthzRuleToRequestOperation[]; } /** * Describes properties of one or more targets of a request. */ export interface AuthzPolicyAuthzRuleToRequestOperation { /** * Optional. A list of headers to match against in http header. */ headerSet?: AuthzPolicyAuthzRuleToRequestOperationHeaderSet; /** * Optional. A list of HTTP Hosts to match against. The match can be one of * exact, prefix, suffix, or contains (substring match). Matches are always * case sensitive unless the ignoreCase is set. Limited to 5 matches. */ hosts?: AuthzPolicyAuthzRuleStringMatch[]; /** * Optional. A list of HTTP methods to match against. Each entry must be a * valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It * only allows exact match and is always case sensitive. */ methods?: string[]; /** * Optional. A list of paths to match against. The match can be one of exact, * prefix, suffix, or contains (substring match). Matches are always case * sensitive unless the ignoreCase is set. Limited to 5 matches. Note that * this path match includes the query parameters. For gRPC services, this * should be a fully-qualified name of the form /package.service/method. */ paths?: AuthzPolicyAuthzRuleStringMatch[]; } /** * Describes a set of HTTP headers to match against. */ export interface AuthzPolicyAuthzRuleToRequestOperationHeaderSet { /** * Required. A list of headers to match against in http header. The match can * be one of exact, prefix, suffix, or contains (substring match). The match * follows AND semantics which means all the headers must match. Matches are * always case sensitive unless the ignoreCase is set. Limited to 5 matches. */ headers?: AuthzPolicyAuthzRuleHeaderMatch[]; } /** * Allows delegating authorization decisions to Cloud IAP or to Service * Extensions. */ export interface AuthzPolicyCustomProvider { /** * Optional. Delegate authorization decision to user authored Service * Extension. Only one of cloudIap or authzExtension can be specified. */ authzExtension?: AuthzPolicyCustomProviderAuthzExtension; /** * Optional. Delegates authorization decisions to Cloud IAP. Applicable only * for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is * not compatible with Cloud IAP settings in the BackendService. Enabling IAP * in both places will result in request failure. Ensure that IAP is enabled * in either the AuthzPolicy or the BackendService but not in both places. */ cloudIap?: AuthzPolicyCustomProviderCloudIap; } /** * Optional. Delegate authorization decision to user authored extension. Only * one of cloudIap or authzExtension can be specified. */ export interface AuthzPolicyCustomProviderAuthzExtension { /** * Required. A list of references to authorization extensions that will be * invoked for requests matching this policy. Limited to 1 custom provider. */ resources?: string[]; } /** * Optional. Delegates authorization decisions to Cloud IAP. Applicable only * for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is * not compatible with Cloud IAP settings in the BackendService. Enabling IAP in * both places will result in request failure. Ensure that IAP is enabled in * either the AuthzPolicy or the BackendService but not in both places. */ export interface AuthzPolicyCustomProviderCloudIap { } /** * Specifies the set of targets to which this policy should be applied to. */ export interface AuthzPolicyTarget { /** * Required. All gateways and forwarding rules referenced by this policy and * extensions must share the same load balancing scheme. Supported values: * `INTERNAL_MANAGED` and `EXTERNAL_MANAGED`. For more information, refer to * [Backend services * overview](https://cloud.google.com/load-balancing/docs/backend-service). */ loadBalancingScheme?: | "LOAD_BALANCING_SCHEME_UNSPECIFIED" | "INTERNAL_MANAGED" | "EXTERNAL_MANAGED" | "INTERNAL_SELF_MANAGED"; /** * Required. A list of references to the Forwarding Rules on which this * policy will be applied. */ resources?: string[]; } /** * The request message for Operations.CancelOperation. */ export interface CancelOperationRequest { } /** * Specification of a TLS certificate provider instance. Workloads may have one * or more CertificateProvider instances (plugins) and one of them is enabled * and configured by specifying this message. Workloads use the values from this * message to locate and load the CertificateProvider instance configuration. */ export interface CertificateProviderInstance { /** * Required. Plugin instance name, used to locate and load * CertificateProvider instance configuration. Set to * "google_cloud_private_spiffe" to use Certificate Authority Service * certificate provider instance. */ pluginInstance?: string; } /** * ClientTlsPolicy is a resource that specifies how a client should * authenticate connections to backends of a service. This resource itself does * not affect configuration unless it is attached to a backend service resource. */ export interface ClientTlsPolicy { /** * Optional. Defines a mechanism to provision client identity (public and * private keys) for peer to peer authentication. The presence of this * dictates mTLS. */ clientCertificate?: GoogleCloudNetworksecurityV1CertificateProvider; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Optional. Set of label tags associated with the resource. */ labels?: { [key: string]: string }; /** * Required. Name of the ClientTlsPolicy resource. It matches the pattern * `projects/*\/locations/{location}/clientTlsPolicies/{client_tls_policy}` */ name?: string; /** * Optional. Defines the mechanism to obtain the Certificate Authority * certificate to validate the server certificate. If empty, client does not * validate the server certificate. */ serverValidationCa?: ValidationCA[]; /** * Optional. Server Name Indication string to present to the server during * TLS handshake. E.g: "secure.example.com". */ sni?: string; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * Request used by the CloneAddressGroupItems method. */ export interface CloneAddressGroupItemsRequest { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; /** * Required. Source address group to clone items from. */ sourceAddressGroup?: string; } /** * CustomInterceptProfile defines the Packet Intercept Endpoint Group used to * intercept traffic to a third-party firewall in a Firewall rule. */ export interface CustomInterceptProfile { /** * Required. The InterceptEndpointGroup to which traffic associated with the * SP should be mirrored. */ interceptEndpointGroup?: string; } /** * CustomMirroringProfile defines an action for mirroring traffic to a * collector's EndpointGroup */ export interface CustomMirroringProfile { /** * Required. The MirroringEndpointGroup to which traffic associated with the * SP should be mirrored. */ mirroringEndpointGroup?: string; } /** * Specification of traffic destination attributes. */ export interface Destination { /** * Required. List of host names to match. Matched against the ":authority" * header in http requests. At least one host should match. Each host can be * an exact match, or a prefix match (example "mydomain.*") or a suffix match * (example "*.myorg.com") or a presence (any) match "*". */ hosts?: string[]; /** * Optional. Match against key:value pair in http header. Provides a flexible * match based on HTTP headers, for potentially advanced use cases. At least * one header should match. Avoid using header matches to make authorization * decisions unless there is a strong guarantee that requests arrive through a * trusted client or proxy. */ httpHeaderMatch?: HttpHeaderMatch; /** * Optional. A list of HTTP methods to match. At least one method should * match. Should not be set for gRPC services. */ methods?: string[]; /** * Required. List of destination ports to match. At least one port should * match. */ ports?: number[]; } /** * A generic empty message that you can re-use to avoid defining duplicated * empty messages in your APIs. A typical example is to use it as the request or * the response type of an API method. For instance: service Foo { rpc * Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } */ export interface Empty { } /** * Represents a textual expression in the Common Expression Language (CEL) * syntax. CEL is a C-like expression language. The syntax and semantics of CEL * are documented at https://github.com/google/cel-spec. Example (Comparison): * title: "Summary size limit" description: "Determines if a summary is less * than 100 chars" expression: "document.summary.size() < 100" Example * (Equality): title: "Requestor is owner" description: "Determines if requestor * is the document owner" expression: "document.owner == * request.auth.claims.email" Example (Logic): title: "Public documents" * description: "Determine whether the document should be publicly visible" * expression: "document.type != 'private' && document.type != 'internal'" * Example (Data Manipulation): title: "Notification string" description: * "Create a notification string with a timestamp." expression: "'New message * received at ' + string(document.create_time)" The exact variables and * functions that may be referenced within an expression are determined by the * service that evaluates it. See the service documentation for additional * information. */ export interface Expr { /** * Optional. Description of the expression. This is a longer text which * describes the expression, e.g. when hovered over it in a UI. */ description?: string; /** * Textual representation of an expression in Common Expression Language * syntax. */ expression?: string; /** * Optional. String indicating the location of the expression for error * reporting, e.g. a file name and a position in the file. */ location?: string; /** * Optional. Title for the expression, i.e. a short string describing its * purpose. This can be used e.g. in UIs which allow to enter the expression. */ title?: string; } /** * Message describing Endpoint object */ export interface FirewallEndpoint { /** * Output only. List of networks that are associated with this endpoint in * the local zone. This is a projection of the FirewallEndpointAssociations * pointing at this endpoint. A network will only appear in this list after * traffic routing is fully configured. Format: * projects/{project}/global/networks/{name}. */ readonly associatedNetworks?: string[]; /** * Output only. List of FirewallEndpointAssociations that are associated to * this endpoint. An association will only appear in this list after traffic * routing is fully configured. */ readonly associations?: FirewallEndpointAssociationReference[]; /** * Required. Project to bill on endpoint uptime usage. */ billingProjectId?: string; /** * Output only. Create time stamp */ readonly createTime?: Date; /** * Optional. Description of the firewall endpoint. Max length 2048 * characters. */ description?: string; /** * Optional. Labels as key value pairs */ labels?: { [key: string]: string }; /** * Immutable. Identifier. name of resource */ name?: string; /** * Output only. Whether reconciling is in progress, recommended per * https://google.aip.dev/128. */ readonly reconciling?: boolean; /** * Output only. Current state of the endpoint. */ readonly state?: | "STATE_UNSPECIFIED" | "CREATING" | "ACTIVE" | "DELETING" | "INACTIVE"; /** * Output only. Update time stamp */ readonly updateTime?: Date; } /** * Message describing Association object */ export interface FirewallEndpointAssociation { /** * Output only. Create time stamp */ readonly createTime?: Date; /** * Optional. Whether the association is disabled. True indicates that traffic * won't be intercepted */ disabled?: boolean; /** * Required. The URL of the FirewallEndpoint that is being associated. */ firewallEndpoint?: string; /** * Optional. Labels as key value pairs */ labels?: { [key: string]: string }; /** * Immutable. Identifier. name of resource */ name?: string; /** * Required. The URL of the network that is being associated. */ network?: string; /** * Output only. Whether reconciling is in progress, recommended per * https://google.aip.dev/128. */ readonly reconciling?: boolean; /** * Output only. Current state of the association. */ readonly state?: | "STATE_UNSPECIFIED" | "CREATING" | "ACTIVE" | "DELETING" | "INACTIVE" | "ORPHAN"; /** * Optional. The URL of the TlsInspectionPolicy that is being associated. */ tlsInspectionPolicy?: string; /** * Output only. Update time stamp */ readonly updateTime?: Date; } /** * This is a subset of the FirewallEndpointAssociation message, containing * fields to be used by the consumer. */ export interface FirewallEndpointAssociationReference { /** * Output only. The resource name of the FirewallEndpointAssociation. Format: * projects/{project}/locations/{location}/firewallEndpointAssociations/{id} */ readonly name?: string; /** * Output only. The VPC network associated. Format: * projects/{project}/global/networks/{name}. */ readonly network?: string; } /** * The GatewaySecurityPolicy resource contains a collection of * GatewaySecurityPolicyRules and associated metadata. */ export interface GatewaySecurityPolicy { /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Required. Name of the resource. Name is of the form * projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy} * gateway_security_policy should match the * pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ name?: string; /** * Optional. Name of a TLS Inspection Policy resource that defines how TLS * inspection will be performed for any rule(s) which enables it. */ tlsInspectionPolicy?: string; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * The GatewaySecurityPolicyRule resource is in a nested collection within a * GatewaySecurityPolicy and represents a traffic matching condition and * associated action to perform. */ export interface GatewaySecurityPolicyRule { /** * Optional. CEL expression for matching on L7/application level criteria. */ applicationMatcher?: string; /** * Required. Profile which tells what the primitive action should be. */ basicProfile?: | "BASIC_PROFILE_UNSPECIFIED" | "ALLOW" | "DENY"; /** * Output only. Time when the rule was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Required. Whether the rule is enforced. */ enabled?: boolean; /** * Required. Immutable. Name of the resource. ame is the full resource name * so * projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} * rule should match the pattern: (^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ name?: string; /** * Required. Priority of the rule. Lower number corresponds to higher * precedence. */ priority?: number; /** * Required. CEL expression for matching on session criteria. */ sessionMatcher?: string; /** * Optional. Flag to enable TLS inspection of traffic matching on , can only * be true if the parent GatewaySecurityPolicy references a * TLSInspectionConfig. */ tlsInspectionEnabled?: boolean; /** * Output only. Time when the rule was updated. */ readonly updateTime?: Date; } /** * Specification of certificate provider. Defines the mechanism to obtain the * certificate and private key for peer to peer authentication. */ export interface GoogleCloudNetworksecurityV1CertificateProvider { /** * The certificate provider instance specification that will be passed to the * data plane, which will be used to load necessary credential information. */ certificateProviderInstance?: CertificateProviderInstance; /** * gRPC specific configuration to access the gRPC server to obtain the cert * and private key. */ grpcEndpoint?: GoogleCloudNetworksecurityV1GrpcEndpoint; } /** * Specification of the GRPC Endpoint. */ export interface GoogleCloudNetworksecurityV1GrpcEndpoint { /** * Required. The target URI of the gRPC endpoint. Only UDS path is supported, * and should start with "unix:". */ targetUri?: string; } /** * Specifies the audit configuration for a service. The configuration * determines which permission types are logged, and what identities, if any, * are exempted from logging. An AuditConfig must have one or more * AuditLogConfigs. If there are AuditConfigs for both `allServices` and a * specific service, the union of the two AuditConfigs is used for that service: * the log_types specified in each AuditConfig are enabled, and the * exempted_members in each AuditLogConfig are exempted. Example Policy with * multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", * "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ * "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": * "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", * "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": * "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For * sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ * logging. It also exempts `jose@example.com` from DATA_READ logging, and * `aliya@example.com` from DATA_WRITE logging. */ export interface GoogleIamV1AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: GoogleIamV1AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, * `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a * special value that covers all services. */ service?: string; } /** * Provides the configuration for logging a type of permissions. Example: { * "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ * "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables * 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from * DATA_READ logging. */ export interface GoogleIamV1AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of * permission. Follows the same format of Binding.members. */ exemptedMembers?: string[]; /** * The log type that this config enables. */ logType?: | "LOG_TYPE_UNSPECIFIED" | "ADMIN_READ" | "DATA_WRITE" | "DATA_READ"; } /** * Associates `members`, or principals, with a `role`. */ export interface GoogleIamV1Binding { /** * The condition that is associated with this binding. If the condition * evaluates to `true`, then this binding applies to the current request. If * the condition evaluates to `false`, then this binding does not apply to the * current request. However, a different role binding might grant the same * role to one or more of the principals in this binding. To learn which * resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Expr; /** * Specifies the principals requesting access for a Google Cloud resource. * `members` can have the following values: * `allUsers`: A special identifier * that represents anyone who is on the internet; with or without a Google * account. * `allAuthenticatedUsers`: A special identifier that represents * anyone who is authenticated with a Google account or a service account. * Does not include identities that come from external identity providers * (IdPs) through identity federation. * `user:{emailid}`: An email address * that represents a specific Google account. For example, `alice@example.com` * . * `serviceAccount:{emailid}`: An email address that represents a Google * service account. For example, `my-other-app@appspot.gserviceaccount.com`. * * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An * identifier for a [Kubernetes service * account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). * For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * * `group:{emailid}`: An email address that represents a Google group. For * example, `admins@example.com`. * `domain:{domain}`: The G Suite domain * (primary) that represents all the users of that domain. For example, * `google.com` or `example.com`. * * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: * A single identity in a workforce identity pool. * * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: * All workforce identities in a group. * * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: * All workforce identities with a specific attribute value. * * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: * All identities in a workforce identity pool. * * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: * A single identity in a workload identity pool. * * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: * A workload identity pool group. * * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: * All identities in a workload identity pool with a certain attribute. * * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: * All identities in a workload identity pool. * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique * identifier) representing a user that has been recently deleted. For * example, `alice@example.com?uid=123456789012345678901`. If the user is * recovered, this value reverts to `user:{emailid}` and the recovered user * retains the role in the binding. * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus * unique identifier) representing a service account that has been recently * deleted. For example, * `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If * the service account is undeleted, this value reverts to * `serviceAccount:{emailid}` and the undeleted service account retains the * role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email * address (plus unique identifier) representing a Google group that has been * recently deleted. For example, * `admins@example.com?uid=123456789012345678901`. If the group is recovered, * this value reverts to `group:{emailid}` and the recovered group retains the * role in the binding. * * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: * Deleted single identity in a workforce identity pool. For example, * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. */ members?: string[]; /** * Role that is assigned to the list of `members`, or principals. For * example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview * of the IAM roles and permissions, see the [IAM * documentation](https://cloud.google.com/iam/docs/roles-overview). For a * list of the available pre-defined roles, see * [here](https://cloud.google.com/iam/docs/understanding-roles). */ role?: string; } /** * An Identity and Access Management (IAM) policy, which specifies access * controls for Google Cloud resources. A `Policy` is a collection of * `bindings`. A `binding` binds one or more `members`, or principals, to a * single `role`. Principals can be user accounts, service accounts, Google * groups, and domains (such as G Suite). A `role` is a named list of * permissions; each `role` can be an IAM predefined role or a user-created * custom role. For some types of Google Cloud resources, a `binding` can also * specify a `condition`, which is a logical expression that allows access to a * resource only if the expression evaluates to `true`. A condition can add * constraints based on attributes of the request, the resource, or both. To * learn which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). * **JSON example:** ``` { "bindings": [ { "role": * "roles/resourcemanager.organizationAdmin", "members": [ * "user:mike@example.com", "group:admins@example.com", "domain:google.com", * "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": * "roles/resourcemanager.organizationViewer", "members": [ * "user:eve@example.com" ], "condition": { "title": "expirable access", * "description": "Does not grant access after Sep 2020", "expression": * "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": * "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: * - user:mike@example.com - group:admins@example.com - domain:google.com - * serviceAccount:my-project-id@appspot.gserviceaccount.com role: * roles/resourcemanager.organizationAdmin - members: - user:eve@example.com * role: roles/resourcemanager.organizationViewer condition: title: expirable * access description: Does not grant access after Sep 2020 expression: * request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= * version: 3 ``` For a description of IAM and its features, see the [IAM * documentation](https://cloud.google.com/iam/docs/). */ export interface GoogleIamV1Policy { /** * Specifies cloud audit logging configuration for this policy. */ auditConfigs?: GoogleIamV1AuditConfig[]; /** * Associates a list of `members`, or principals, with a `role`. Optionally, * may specify a `condition` that determines how and when the `bindings` are * applied. Each of the `bindings` must contain at least one principal. The * `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of * these principals can be Google groups. Each occurrence of a principal * counts towards these limits. For example, if the `bindings` grant 50 * different roles to `user:alice@example.com`, and not to any other * principal, then you can add another 1,450 principals to the `bindings` in * the `Policy`. */ bindings?: GoogleIamV1Binding[]; /** * `etag` is used for optimistic concurrency control as a way to help prevent * simultaneous updates of a policy from overwriting each other. It is * strongly suggested that systems make use of the `etag` in the * read-modify-write cycle to perform policy updates in order to avoid race * conditions: An `etag` is returned in the response to `getIamPolicy`, and * systems are expected to put that etag in the request to `setIamPolicy` to * ensure that their change will be applied to the same version of the policy. * **Important:** If you use IAM Conditions, you must include the `etag` field * whenever you call `setIamPolicy`. If you omit this field, then IAM allows * you to overwrite a version `3` policy with a version `1` policy, and all of * the conditions in the version `3` policy are lost. */ etag?: Uint8Array; /** * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. * Requests that specify an invalid value are rejected. Any operation that * affects conditional role bindings must specify version `3`. This * requirement applies to the following operations: * Getting a policy that * includes a conditional role binding * Adding a conditional role binding to * a policy * Changing a conditional role binding in a policy * Removing any * role binding, with or without a condition, from a policy that includes * conditions **Important:** If you use IAM Conditions, you must include the * `etag` field whenever you call `setIamPolicy`. If you omit this field, then * IAM allows you to overwrite a version `3` policy with a version `1` policy, * and all of the conditions in the version `3` policy are lost. If a policy * does not include any conditions, operations on that policy may specify any * valid version or leave the field unset. To learn which resources support * conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ version?: number; } function serializeGoogleIamV1Policy(data: any): GoogleIamV1Policy { return { ...data, etag: data["etag"] !== undefined ? encodeBase64(data["etag"]) : undefined, }; } function deserializeGoogleIamV1Policy(data: any): GoogleIamV1Policy { return { ...data, etag: data["etag"] !== undefined ? decodeBase64(data["etag"] as string) : undefined, }; } /** * Request message for `SetIamPolicy` method. */ export interface GoogleIamV1SetIamPolicyRequest { /** * REQUIRED: The complete policy to be applied to the `resource`. The size of * the policy is limited to a few 10s of KB. An empty policy is a valid policy * but certain Google Cloud services (such as Projects) might reject them. */ policy?: GoogleIamV1Policy; /** * OPTIONAL: A FieldMask specifying which fields of the policy to modify. * Only the fields in the mask will be modified. If no mask is provided, the * following default mask is used: `paths: "bindings, etag"` */ updateMask?: string /* FieldMask */; } function serializeGoogleIamV1SetIamPolicyRequest(data: any): GoogleIamV1SetIamPolicyRequest { return { ...data, policy: data["policy"] !== undefined ? serializeGoogleIamV1Policy(data["policy"]) : undefined, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeGoogleIamV1SetIamPolicyRequest(data: any): GoogleIamV1SetIamPolicyRequest { return { ...data, policy: data["policy"] !== undefined ? deserializeGoogleIamV1Policy(data["policy"]) : undefined, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Request message for `TestIamPermissions` method. */ export interface GoogleIamV1TestIamPermissionsRequest { /** * The set of permissions to check for the `resource`. Permissions with * wildcards (such as `*` or `storage.*`) are not allowed. For more * information see [IAM * Overview](https://cloud.google.com/iam/docs/overview#permissions). */ permissions?: string[]; } /** * Response message for `TestIamPermissions` method. */ export interface GoogleIamV1TestIamPermissionsResponse { /** * A subset of `TestPermissionsRequest.permissions` that the caller is * allowed. */ permissions?: string[]; } /** * Specification of HTTP header match attributes. */ export interface HttpHeaderMatch { /** * Required. The name of the HTTP header to match. For matching against the * HTTP request's authority, use a headerMatch with the header name * ":authority". For matching a request's method, use the headerName * ":method". */ headerName?: string; /** * Required. The value of the header must match the regular expression * specified in regexMatch. For regular expression grammar, please see: * en.cppreference.com/w/cpp/regex/ecmascript For matching against a port * specified in the HTTP request, use a headerMatch with headerName set to * Host and a regular expression that satisfies the RFC2616 Host header's port * specifier. */ regexMatch?: string; } /** * Response of the ListAddressGroupReferences method. */ export interface ListAddressGroupReferencesResponse { /** * A list of references that matches the specified filter in the request. */ addressGroupReferences?: ListAddressGroupReferencesResponseAddressGroupReference[]; /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; } /** * The Reference of AddressGroup. */ export interface ListAddressGroupReferencesResponseAddressGroupReference { /** * FirewallPolicy that is using the Address Group. */ firewallPolicy?: string; /** * Rule priority of the FirewallPolicy that is using the Address Group. */ rulePriority?: number; /** * Cloud Armor SecurityPolicy that is using the Address Group. */ securityPolicy?: string; } /** * Response returned by the ListAddressGroups method. */ export interface ListAddressGroupsResponse { /** * List of AddressGroups resources. */ addressGroups?: AddressGroup[]; /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; } /** * Response returned by the ListAuthorizationPolicies method. */ export interface ListAuthorizationPoliciesResponse { /** * List of AuthorizationPolicies resources. */ authorizationPolicies?: AuthorizationPolicy[]; /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; } /** * Message for response to listing `AuthzPolicy` resources. */ export interface ListAuthzPoliciesResponse { /** * The list of `AuthzPolicy` resources. */ authzPolicies?: AuthzPolicy[]; /** * A token identifying a page of results that the server returns. */ nextPageToken?: string; /** * Locations that could not be reached. */ unreachable?: string[]; } function serializeListAuthzPoliciesResponse(data: any): ListAuthzPoliciesResponse { return { ...data, authzPolicies: data["authzPolicies"] !== undefined ? data["authzPolicies"].map((item: any) => (serializeAuthzPolicy(item))) : undefined, }; } function deserializeListAuthzPoliciesResponse(data: any): ListAuthzPoliciesResponse { return { ...data, authzPolicies: data["authzPolicies"] !== undefined ? data["authzPolicies"].map((item: any) => (deserializeAuthzPolicy(item))) : undefined, }; } /** * Response returned by the ListClientTlsPolicies method. */ export interface ListClientTlsPoliciesResponse { /** * List of ClientTlsPolicy resources. */ clientTlsPolicies?: ClientTlsPolicy[]; /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; } /** * Message for response to listing Associations */ export interface ListFirewallEndpointAssociationsResponse { /** * The list of Association */ firewallEndpointAssociations?: FirewallEndpointAssociation[]; /** * A token identifying a page of results the server should return. */ nextPageToken?: string; /** * Locations that could not be reached. */ unreachable?: string[]; } /** * Message for response to listing Endpoints */ export interface ListFirewallEndpointsResponse { /** * The list of Endpoint */ firewallEndpoints?: FirewallEndpoint[]; /** * A token identifying a page of results the server should return. */ nextPageToken?: string; /** * Locations that could not be reached. */ unreachable?: string[]; } /** * Response returned by the ListGatewaySecurityPolicies method. */ export interface ListGatewaySecurityPoliciesResponse { /** * List of GatewaySecurityPolicies resources. */ gatewaySecurityPolicies?: GatewaySecurityPolicy[]; /** * If there might be more results than those appearing in this response, then * 'next_page_token' is included. To get the next set of results, call this * method again using the value of 'next_page_token' as 'page_token'. */ nextPageToken?: string; /** * Locations that could not be reached. */ unreachable?: string[]; } /** * Response returned by the ListGatewaySecurityPolicyRules method. */ export interface ListGatewaySecurityPolicyRulesResponse { /** * List of GatewaySecurityPolicyRule resources. */ gatewaySecurityPolicyRules?: GatewaySecurityPolicyRule[]; /** * If there might be more results than those appearing in this response, then * 'next_page_token' is included. To get the next set of results, call this * method again using the value of 'next_page_token' as 'page_token'. */ nextPageToken?: string; /** * Locations that could not be reached. */ unreachable?: string[]; } /** * The response message for Locations.ListLocations. */ export interface ListLocationsResponse { /** * A list of locations that matches the specified filter in the request. */ locations?: Location[]; /** * The standard List next-page token. */ nextPageToken?: string; } /** * The response message for Operations.ListOperations. */ export interface ListOperationsResponse { /** * The standard List next-page token. */ nextPageToken?: string; /** * A list of operations that matches the specified filter in the request. */ operations?: Operation[]; } /** * Response returned by the ListSecurityProfileGroups method. */ export interface ListSecurityProfileGroupsResponse { /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; /** * List of SecurityProfileGroups resources. */ securityProfileGroups?: SecurityProfileGroup[]; } /** * Response returned by the ListSecurityProfiles method. */ export interface ListSecurityProfilesResponse { /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; /** * List of SecurityProfile resources. */ securityProfiles?: SecurityProfile[]; } /** * Response returned by the ListServerTlsPolicies method. */ export interface ListServerTlsPoliciesResponse { /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; /** * List of ServerTlsPolicy resources. */ serverTlsPolicies?: ServerTlsPolicy[]; } /** * Response returned by the ListTlsInspectionPolicies method. */ export interface ListTlsInspectionPoliciesResponse { /** * If there might be more results than those appearing in this response, then * 'next_page_token' is included. To get the next set of results, call this * method again using the value of 'next_page_token' as 'page_token'. */ nextPageToken?: string; /** * List of TlsInspectionPolicies resources. */ tlsInspectionPolicies?: TlsInspectionPolicy[]; /** * Locations that could not be reached. */ unreachable?: string[]; } /** * Response returned by the ListUrlLists method. */ export interface ListUrlListsResponse { /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; /** * Locations that could not be reached. */ unreachable?: string[]; /** * List of UrlList resources. */ urlLists?: UrlList[]; } /** * A resource that represents a Google Cloud location. */ export interface Location { /** * The friendly name for this location, typically a nearby city name. For * example, "Tokyo". */ displayName?: string; /** * Cross-service attributes for the location. For example * {"cloud.googleapis.com/region": "us-east1"} */ labels?: { [key: string]: string }; /** * The canonical id for this location. For example: `"us-east1"`. */ locationId?: string; /** * Service-specific metadata. For example the available capacity at the given * location. */ metadata?: { [key: string]: any }; /** * Resource name for the location, which may vary between implementations. * For example: `"projects/example-project/locations/us-east1"` */ name?: string; } /** * Specification of the MTLSPolicy. */ export interface MTLSPolicy { /** * Required if the policy is to be used with Traffic Director. For * Application Load Balancers it must be empty. Defines the mechanism to * obtain the Certificate Authority certificate to validate the client * certificate. */ clientValidationCa?: ValidationCA[]; /** * When the client presents an invalid certificate or no certificate to the * load balancer, the `client_validation_mode` specifies how the client * connection is handled. Required if the policy is to be used with the * Application Load Balancers. For Traffic Director it must be empty. */ clientValidationMode?: | "CLIENT_VALIDATION_MODE_UNSPECIFIED" | "ALLOW_INVALID_OR_MISSING_CLIENT_CERT" | "REJECT_INVALID"; /** * Reference to the TrustConfig from certificatemanager.googleapis.com * namespace. If specified, the chain validation will be performed against * certificates configured in the given TrustConfig. Allowed only if the * policy is to be used with Application Load Balancers. */ clientValidationTrustConfig?: string; } /** * This resource represents a long-running operation that is the result of a * network API call. */ export interface Operation { /** * If the value is `false`, it means the operation is still in progress. If * `true`, the operation is completed, and either `error` or `response` is * available. */ done?: boolean; /** * The error result of the operation in case of failure or cancellation. */ error?: Status; /** * Service-specific metadata associated with the operation. It typically * contains progress information and common metadata such as create time. Some * services might not provide such metadata. Any method that returns a * long-running operation should document the metadata type, if any. */ metadata?: { [key: string]: any }; /** * The server-assigned name, which is only unique within the same service * that originally returns it. If you use the default HTTP mapping, the `name` * should be a resource name ending with `operations/{unique_id}`. */ name?: string; /** * The normal, successful response of the operation. If the original method * returns no data on success, such as `Delete`, the response is * `google.protobuf.Empty`. If the original method is standard * `Get`/`Create`/`Update`, the response should be the resource. For other * methods, the response should have the type `XxxResponse`, where `Xxx` is * the original method name. For example, if the original method name is * `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. */ response?: { [key: string]: any }; } /** * Represents the metadata of the long-running operation. */ export interface OperationMetadata { /** * Output only. API version used to start the operation. */ readonly apiVersion?: string; /** * Output only. The time the operation was created. */ readonly createTime?: Date; /** * Output only. The time the operation finished running. */ readonly endTime?: Date; /** * Output only. Identifies whether the user has requested cancellation of the * operation. Operations that have successfully been cancelled have * Operation.error value with a google.rpc.Status.code of 1, corresponding to * `Code.CANCELLED`. */ readonly requestedCancellation?: boolean; /** * Output only. Human-readable status of the operation, if any. */ readonly statusMessage?: string; /** * Output only. Server-defined resource path for the target of the operation. */ readonly target?: string; /** * Output only. Name of the verb executed by the operation. */ readonly verb?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsAddressGroupsCreate. */ export interface OrganizationsLocationsAddressGroupsCreateOptions { /** * Required. Short name of the AddressGroup resource to be created. This * value should be 1-63 characters long, containing only letters, numbers, * hyphens, and underscores, and should not start with a number. E.g. * "authz_policy". */ addressGroupId?: string; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsAddressGroupsDelete. */ export interface OrganizationsLocationsAddressGroupsDeleteOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsAddressGroupsList. */ export interface OrganizationsLocationsAddressGroupsListOptions { /** * Maximum number of AddressGroups to return per call. */ pageSize?: number; /** * The value returned by the last `ListAddressGroupsResponse` Indicates that * this is a continuation of a prior `ListAddressGroups` call, and that the * system should return the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsAddressGroupsListReferences. */ export interface OrganizationsLocationsAddressGroupsListReferencesOptions { /** * The maximum number of references to return. If unspecified, server will * pick an appropriate default. Server may return fewer items than requested. * A caller should only rely on response's next_page_token to determine if * there are more AddressGroupUsers left to be queried. */ pageSize?: number; /** * The next_page_token value returned from a previous List request, if any. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsAddressGroupsPatch. */ export interface OrganizationsLocationsAddressGroupsPatchOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; /** * Optional. Field mask is used to specify the fields to be overwritten in * the AddressGroup resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeOrganizationsLocationsAddressGroupsPatchOptions(data: any): OrganizationsLocationsAddressGroupsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeOrganizationsLocationsAddressGroupsPatchOptions(data: any): OrganizationsLocationsAddressGroupsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#organizationsLocationsFirewallEndpointsCreate. */ export interface OrganizationsLocationsFirewallEndpointsCreateOptions { /** * Required. Id of the requesting object. If auto-generating Id server-side, * remove this field and firewall_endpoint_id from the method_signature of * Create RPC. */ firewallEndpointId?: string; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsFirewallEndpointsDelete. */ export interface OrganizationsLocationsFirewallEndpointsDeleteOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes after the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsFirewallEndpointsList. */ export interface OrganizationsLocationsFirewallEndpointsListOptions { /** * Optional. Filtering results */ filter?: string; /** * Hint for how to order the results */ orderBy?: string; /** * Optional. Requested page size. Server may return fewer items than * requested. If unspecified, server will pick an appropriate default. */ pageSize?: number; /** * A token identifying a page of results the server should return. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsFirewallEndpointsPatch. */ export interface OrganizationsLocationsFirewallEndpointsPatchOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; /** * Required. Field mask is used to specify the fields to be overwritten in * the Endpoint resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeOrganizationsLocationsFirewallEndpointsPatchOptions(data: any): OrganizationsLocationsFirewallEndpointsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeOrganizationsLocationsFirewallEndpointsPatchOptions(data: any): OrganizationsLocationsFirewallEndpointsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for NetworkSecurity#organizationsLocationsOperationsList. */ export interface OrganizationsLocationsOperationsListOptions { /** * The standard list filter. */ filter?: string; /** * The standard list page size. */ pageSize?: number; /** * The standard list page token. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsSecurityProfileGroupsCreate. */ export interface OrganizationsLocationsSecurityProfileGroupsCreateOptions { /** * Required. Short name of the SecurityProfileGroup resource to be created. * This value should be 1-63 characters long, containing only letters, * numbers, hyphens, and underscores, and should not start with a number. E.g. * "security_profile_group1". */ securityProfileGroupId?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsSecurityProfileGroupsDelete. */ export interface OrganizationsLocationsSecurityProfileGroupsDeleteOptions { /** * Optional. If client provided etag is out of date, delete will return * FAILED_PRECONDITION error. */ etag?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsSecurityProfileGroupsList. */ export interface OrganizationsLocationsSecurityProfileGroupsListOptions { /** * Maximum number of SecurityProfileGroups to return per call. */ pageSize?: number; /** * The value returned by the last `ListSecurityProfileGroupsResponse` * Indicates that this is a continuation of a prior * `ListSecurityProfileGroups` call, and that the system should return the * next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsSecurityProfileGroupsPatch. */ export interface OrganizationsLocationsSecurityProfileGroupsPatchOptions { /** * Required. Field mask is used to specify the fields to be overwritten in * the SecurityProfileGroup resource by the update. The fields specified in * the update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. */ updateMask?: string /* FieldMask */; } function serializeOrganizationsLocationsSecurityProfileGroupsPatchOptions(data: any): OrganizationsLocationsSecurityProfileGroupsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeOrganizationsLocationsSecurityProfileGroupsPatchOptions(data: any): OrganizationsLocationsSecurityProfileGroupsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#organizationsLocationsSecurityProfilesCreate. */ export interface OrganizationsLocationsSecurityProfilesCreateOptions { /** * Required. Short name of the SecurityProfile resource to be created. This * value should be 1-63 characters long, containing only letters, numbers, * hyphens, and underscores, and should not start with a number. E.g. * "security_profile1". */ securityProfileId?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsSecurityProfilesDelete. */ export interface OrganizationsLocationsSecurityProfilesDeleteOptions { /** * Optional. If client provided etag is out of date, delete will return * FAILED_PRECONDITION error. */ etag?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsSecurityProfilesList. */ export interface OrganizationsLocationsSecurityProfilesListOptions { /** * Maximum number of SecurityProfiles to return per call. */ pageSize?: number; /** * The value returned by the last `ListSecurityProfilesResponse` Indicates * that this is a continuation of a prior `ListSecurityProfiles` call, and * that the system should return the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsSecurityProfilesPatch. */ export interface OrganizationsLocationsSecurityProfilesPatchOptions { /** * Required. Field mask is used to specify the fields to be overwritten in * the SecurityProfile resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. */ updateMask?: string /* FieldMask */; } function serializeOrganizationsLocationsSecurityProfilesPatchOptions(data: any): OrganizationsLocationsSecurityProfilesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeOrganizationsLocationsSecurityProfilesPatchOptions(data: any): OrganizationsLocationsSecurityProfilesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for NetworkSecurity#projectsLocationsAddressGroupsCreate. */ export interface ProjectsLocationsAddressGroupsCreateOptions { /** * Required. Short name of the AddressGroup resource to be created. This * value should be 1-63 characters long, containing only letters, numbers, * hyphens, and underscores, and should not start with a number. E.g. * "authz_policy". */ addressGroupId?: string; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for NetworkSecurity#projectsLocationsAddressGroupsDelete. */ export interface ProjectsLocationsAddressGroupsDeleteOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsAddressGroupsGetIamPolicy. */ export interface ProjectsLocationsAddressGroupsGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for NetworkSecurity#projectsLocationsAddressGroupsList. */ export interface ProjectsLocationsAddressGroupsListOptions { /** * Maximum number of AddressGroups to return per call. */ pageSize?: number; /** * The value returned by the last `ListAddressGroupsResponse` Indicates that * this is a continuation of a prior `ListAddressGroups` call, and that the * system should return the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsAddressGroupsListReferences. */ export interface ProjectsLocationsAddressGroupsListReferencesOptions { /** * The maximum number of references to return. If unspecified, server will * pick an appropriate default. Server may return fewer items than requested. * A caller should only rely on response's next_page_token to determine if * there are more AddressGroupUsers left to be queried. */ pageSize?: number; /** * The next_page_token value returned from a previous List request, if any. */ pageToken?: string; } /** * Additional options for NetworkSecurity#projectsLocationsAddressGroupsPatch. */ export interface ProjectsLocationsAddressGroupsPatchOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; /** * Optional. Field mask is used to specify the fields to be overwritten in * the AddressGroup resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsAddressGroupsPatchOptions(data: any): ProjectsLocationsAddressGroupsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsAddressGroupsPatchOptions(data: any): ProjectsLocationsAddressGroupsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsAuthorizationPoliciesCreate. */ export interface ProjectsLocationsAuthorizationPoliciesCreateOptions { /** * Required. Short name of the AuthorizationPolicy resource to be created. * This value should be 1-63 characters long, containing only letters, * numbers, hyphens, and underscores, and should not start with a number. E.g. * "authz_policy". */ authorizationPolicyId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsAuthorizationPoliciesGetIamPolicy. */ export interface ProjectsLocationsAuthorizationPoliciesGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for * NetworkSecurity#projectsLocationsAuthorizationPoliciesList. */ export interface ProjectsLocationsAuthorizationPoliciesListOptions { /** * Maximum number of AuthorizationPolicies to return per call. */ pageSize?: number; /** * The value returned by the last `ListAuthorizationPoliciesResponse` * Indicates that this is a continuation of a prior * `ListAuthorizationPolicies` call, and that the system should return the * next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsAuthorizationPoliciesPatch. */ export interface ProjectsLocationsAuthorizationPoliciesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the AuthorizationPolicy resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsAuthorizationPoliciesPatchOptions(data: any): ProjectsLocationsAuthorizationPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsAuthorizationPoliciesPatchOptions(data: any): ProjectsLocationsAuthorizationPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for NetworkSecurity#projectsLocationsAuthzPoliciesCreate. */ export interface ProjectsLocationsAuthzPoliciesCreateOptions { /** * Required. User-provided ID of the `AuthzPolicy` resource to be created. */ authzPolicyId?: string; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server can ignore * the request if it has already been completed. The server guarantees that * for at least 60 minutes since the first request. For example, consider a * situation where you make an initial request and the request times out. If * you make the request again with the same request ID, the server can check * if original operation with the same request ID was received, and if so, * ignores the second request. This prevents clients from accidentally * creating duplicate commitments. The request ID must be a valid UUID with * the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for NetworkSecurity#projectsLocationsAuthzPoliciesDelete. */ export interface ProjectsLocationsAuthzPoliciesDeleteOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server can ignore * the request if it has already been completed. The server guarantees that * for at least 60 minutes after the first request. For example, consider a * situation where you make an initial request and the request times out. If * you make the request again with the same request ID, the server can check * if original operation with the same request ID was received, and if so, * ignores the second request. This prevents clients from accidentally * creating duplicate commitments. The request ID must be a valid UUID with * the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsAuthzPoliciesGetIamPolicy. */ export interface ProjectsLocationsAuthzPoliciesGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for NetworkSecurity#projectsLocationsAuthzPoliciesList. */ export interface ProjectsLocationsAuthzPoliciesListOptions { /** * Optional. Filtering results. */ filter?: string; /** * Optional. Hint for how to order the results. */ orderBy?: string; /** * Optional. Requested page size. The server might return fewer items than * requested. If unspecified, the server picks an appropriate default. */ pageSize?: number; /** * Optional. A token identifying a page of results that the server returns. */ pageToken?: string; } /** * Additional options for NetworkSecurity#projectsLocationsAuthzPoliciesPatch. */ export interface ProjectsLocationsAuthzPoliciesPatchOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server can ignore * the request if it has already been completed. The server guarantees that * for at least 60 minutes since the first request. For example, consider a * situation where you make an initial request and the request times out. If * you make the request again with the same request ID, the server can check * if original operation with the same request ID was received, and if so, * ignores the second request. This prevents clients from accidentally * creating duplicate commitments. The request ID must be a valid UUID with * the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; /** * Required. Used to specify the fields to be overwritten in the * `AuthzPolicy` resource by the update. The fields specified in the * `update_mask` are relative to the resource, not the full request. A field * is overwritten if it is in the mask. If the user does not specify a mask, * then all fields are overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsAuthzPoliciesPatchOptions(data: any): ProjectsLocationsAuthzPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsAuthzPoliciesPatchOptions(data: any): ProjectsLocationsAuthzPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsClientTlsPoliciesCreate. */ export interface ProjectsLocationsClientTlsPoliciesCreateOptions { /** * Required. Short name of the ClientTlsPolicy resource to be created. This * value should be 1-63 characters long, containing only letters, numbers, * hyphens, and underscores, and should not start with a number. E.g. * "client_mtls_policy". */ clientTlsPolicyId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsClientTlsPoliciesGetIamPolicy. */ export interface ProjectsLocationsClientTlsPoliciesGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for * NetworkSecurity#projectsLocationsClientTlsPoliciesList. */ export interface ProjectsLocationsClientTlsPoliciesListOptions { /** * Maximum number of ClientTlsPolicies to return per call. */ pageSize?: number; /** * The value returned by the last `ListClientTlsPoliciesResponse` Indicates * that this is a continuation of a prior `ListClientTlsPolicies` call, and * that the system should return the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsClientTlsPoliciesPatch. */ export interface ProjectsLocationsClientTlsPoliciesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the ClientTlsPolicy resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsClientTlsPoliciesPatchOptions(data: any): ProjectsLocationsClientTlsPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsClientTlsPoliciesPatchOptions(data: any): ProjectsLocationsClientTlsPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsFirewallEndpointAssociationsCreate. */ export interface ProjectsLocationsFirewallEndpointAssociationsCreateOptions { /** * Optional. Id of the requesting object. If auto-generating Id server-side, * remove this field and firewall_endpoint_association_id from the * method_signature of Create RPC. */ firewallEndpointAssociationId?: string; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsFirewallEndpointAssociationsDelete. */ export interface ProjectsLocationsFirewallEndpointAssociationsDeleteOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes after the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsFirewallEndpointAssociationsList. */ export interface ProjectsLocationsFirewallEndpointAssociationsListOptions { /** * Optional. Filtering results */ filter?: string; /** * Hint for how to order the results */ orderBy?: string; /** * Optional. Requested page size. Server may return fewer items than * requested. If unspecified, server will pick an appropriate default. */ pageSize?: number; /** * A token identifying a page of results the server should return. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsFirewallEndpointAssociationsPatch. */ export interface ProjectsLocationsFirewallEndpointAssociationsPatchOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; /** * Required. Field mask is used to specify the fields to be overwritten in * the Association resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsFirewallEndpointAssociationsPatchOptions(data: any): ProjectsLocationsFirewallEndpointAssociationsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsFirewallEndpointAssociationsPatchOptions(data: any): ProjectsLocationsFirewallEndpointAssociationsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesCreate. */ export interface ProjectsLocationsGatewaySecurityPoliciesCreateOptions { /** * Required. Short name of the GatewaySecurityPolicy resource to be created. * This value should be 1-63 characters long, containing only letters, * numbers, hyphens, and underscores, and should not start with a number. E.g. * "gateway_security_policy1". */ gatewaySecurityPolicyId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesList. */ export interface ProjectsLocationsGatewaySecurityPoliciesListOptions { /** * Maximum number of GatewaySecurityPolicies to return per call. */ pageSize?: number; /** * The value returned by the last 'ListGatewaySecurityPoliciesResponse' * Indicates that this is a continuation of a prior * 'ListGatewaySecurityPolicies' call, and that the system should return the * next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesPatch. */ export interface ProjectsLocationsGatewaySecurityPoliciesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the GatewaySecurityPolicy resource by the update. The fields specified in * the update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsGatewaySecurityPoliciesPatchOptions(data: any): ProjectsLocationsGatewaySecurityPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsGatewaySecurityPoliciesPatchOptions(data: any): ProjectsLocationsGatewaySecurityPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesRulesCreate. */ export interface ProjectsLocationsGatewaySecurityPoliciesRulesCreateOptions { /** * The ID to use for the rule, which will become the final component of the * rule's resource name. This value should be 4-63 characters, and valid * characters are /a-z-/. */ gatewaySecurityPolicyRuleId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesRulesList. */ export interface ProjectsLocationsGatewaySecurityPoliciesRulesListOptions { /** * Maximum number of GatewaySecurityPolicyRules to return per call. */ pageSize?: number; /** * The value returned by the last 'ListGatewaySecurityPolicyRulesResponse' * Indicates that this is a continuation of a prior * 'ListGatewaySecurityPolicyRules' call, and that the system should return * the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesRulesPatch. */ export interface ProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the GatewaySecurityPolicy resource by the update. The fields specified in * the update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions(data: any): ProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions(data: any): ProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for NetworkSecurity#projectsLocationsList. */ export interface ProjectsLocationsListOptions { /** * A filter to narrow down results to a preferred subset. The filtering * language accepts strings like `"displayName=tokyo"`, and is documented in * more detail in [AIP-160](https://google.aip.dev/160). */ filter?: string; /** * The maximum number of results to return. If not set, the service selects a * default. */ pageSize?: number; /** * A page token received from the `next_page_token` field in the response. * Send that page token to receive the subsequent page. */ pageToken?: string; } /** * Additional options for NetworkSecurity#projectsLocationsOperationsList. */ export interface ProjectsLocationsOperationsListOptions { /** * The standard list filter. */ filter?: string; /** * The standard list page size. */ pageSize?: number; /** * The standard list page token. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsServerTlsPoliciesCreate. */ export interface ProjectsLocationsServerTlsPoliciesCreateOptions { /** * Required. Short name of the ServerTlsPolicy resource to be created. This * value should be 1-63 characters long, containing only letters, numbers, * hyphens, and underscores, and should not start with a number. E.g. * "server_mtls_policy". */ serverTlsPolicyId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsServerTlsPoliciesGetIamPolicy. */ export interface ProjectsLocationsServerTlsPoliciesGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for * NetworkSecurity#projectsLocationsServerTlsPoliciesList. */ export interface ProjectsLocationsServerTlsPoliciesListOptions { /** * Maximum number of ServerTlsPolicies to return per call. */ pageSize?: number; /** * The value returned by the last `ListServerTlsPoliciesResponse` Indicates * that this is a continuation of a prior `ListServerTlsPolicies` call, and * that the system should return the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsServerTlsPoliciesPatch. */ export interface ProjectsLocationsServerTlsPoliciesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the ServerTlsPolicy resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsServerTlsPoliciesPatchOptions(data: any): ProjectsLocationsServerTlsPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsServerTlsPoliciesPatchOptions(data: any): ProjectsLocationsServerTlsPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsTlsInspectionPoliciesCreate. */ export interface ProjectsLocationsTlsInspectionPoliciesCreateOptions { /** * Required. Short name of the TlsInspectionPolicy resource to be created. * This value should be 1-63 characters long, containing only letters, * numbers, hyphens, and underscores, and should not start with a number. E.g. * "tls_inspection_policy1". */ tlsInspectionPolicyId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsTlsInspectionPoliciesDelete. */ export interface ProjectsLocationsTlsInspectionPoliciesDeleteOptions { /** * If set to true, any rules for this TlsInspectionPolicy will also be * deleted. (Otherwise, the request will only work if the TlsInspectionPolicy * has no rules.) */ force?: boolean; } /** * Additional options for * NetworkSecurity#projectsLocationsTlsInspectionPoliciesList. */ export interface ProjectsLocationsTlsInspectionPoliciesListOptions { /** * Maximum number of TlsInspectionPolicies to return per call. */ pageSize?: number; /** * The value returned by the last 'ListTlsInspectionPoliciesResponse' * Indicates that this is a continuation of a prior * 'ListTlsInspectionPolicies' call, and that the system should return the * next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsTlsInspectionPoliciesPatch. */ export interface ProjectsLocationsTlsInspectionPoliciesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the TlsInspectionPolicy resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsTlsInspectionPoliciesPatchOptions(data: any): ProjectsLocationsTlsInspectionPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsTlsInspectionPoliciesPatchOptions(data: any): ProjectsLocationsTlsInspectionPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for NetworkSecurity#projectsLocationsUrlListsCreate. */ export interface ProjectsLocationsUrlListsCreateOptions { /** * Required. Short name of the UrlList resource to be created. This value * should be 1-63 characters long, containing only letters, numbers, hyphens, * and underscores, and should not start with a number. E.g. "url_list". */ urlListId?: string; } /** * Additional options for NetworkSecurity#projectsLocationsUrlListsList. */ export interface ProjectsLocationsUrlListsListOptions { /** * Maximum number of UrlLists to return per call. */ pageSize?: number; /** * The value returned by the last `ListUrlListsResponse` Indicates that this * is a continuation of a prior `ListUrlLists` call, and that the system * should return the next page of data. */ pageToken?: string; } /** * Additional options for NetworkSecurity#projectsLocationsUrlListsPatch. */ export interface ProjectsLocationsUrlListsPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the UrlList resource by the update. The fields specified in the update_mask * are relative to the resource, not the full request. A field will be * overwritten if it is in the mask. If the user does not provide a mask then * all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsUrlListsPatchOptions(data: any): ProjectsLocationsUrlListsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsUrlListsPatchOptions(data: any): ProjectsLocationsUrlListsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Request used by the RemoveAddressGroupItems method. */ export interface RemoveAddressGroupItemsRequest { /** * Required. List of items to remove. */ items?: string[]; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Specification of rules. */ export interface Rule { /** * Optional. List of attributes for the traffic destination. All of the * destinations must match. A destination is a match if a request matches all * the specified hosts, ports, methods and headers. If not set, the action * specified in the 'action' field will be applied without any rule checks for * the destination. */ destinations?: Destination[]; /** * Optional. List of attributes for the traffic source. All of the sources * must match. A source is a match if both principals and ip_blocks match. If * not set, the action specified in the 'action' field will be applied without * any rule checks for the source. */ sources?: Source[]; } /** * SecurityProfile is a resource that defines the behavior for one of many * ProfileTypes. */ export interface SecurityProfile { /** * Output only. Resource creation timestamp. */ readonly createTime?: Date; /** * The custom TPPI configuration for the SecurityProfile. */ customInterceptProfile?: CustomInterceptProfile; /** * The custom Packet Mirroring v2 configuration for the SecurityProfile. */ customMirroringProfile?: CustomMirroringProfile; /** * Optional. An optional description of the profile. Max length 512 * characters. */ description?: string; /** * Output only. This checksum is computed by the server based on the value of * other fields, and may be sent on update and delete requests to ensure the * client has an up-to-date value before proceeding. */ readonly etag?: string; /** * Optional. Labels as key value pairs. */ labels?: { [key: string]: string }; /** * Immutable. Identifier. Name of the SecurityProfile resource. It matches * pattern * `projects|organizations/*\/locations/{location}/securityProfiles/{security_profile}`. */ name?: string; /** * The threat prevention configuration for the SecurityProfile. */ threatPreventionProfile?: ThreatPreventionProfile; /** * Immutable. The single ProfileType that the SecurityProfile resource * configures. */ type?: | "PROFILE_TYPE_UNSPECIFIED" | "THREAT_PREVENTION" | "CUSTOM_MIRRORING" | "CUSTOM_INTERCEPT"; /** * Output only. Last resource update timestamp. */ readonly updateTime?: Date; } /** * SecurityProfileGroup is a resource that defines the behavior for various * ProfileTypes. */ export interface SecurityProfileGroup { /** * Output only. Resource creation timestamp. */ readonly createTime?: Date; /** * Optional. Reference to a SecurityProfile with the CustomIntercept * configuration. */ customInterceptProfile?: string; /** * Optional. Reference to a SecurityProfile with the CustomMirroring * configuration. */ customMirroringProfile?: string; /** * Optional. An optional description of the profile group. Max length 2048 * characters. */ description?: string; /** * Output only. This checksum is computed by the server based on the value of * other fields, and may be sent on update and delete requests to ensure the * client has an up-to-date value before proceeding. */ readonly etag?: string; /** * Optional. Labels as key value pairs. */ labels?: { [key: string]: string }; /** * Immutable. Identifier. Name of the SecurityProfileGroup resource. It * matches pattern * `projects|organizations/*\/locations/{location}/securityProfileGroups/{security_profile_group}`. */ name?: string; /** * Optional. Reference to a SecurityProfile with the ThreatPrevention * configuration. */ threatPreventionProfile?: string; /** * Output only. Last resource update timestamp. */ readonly updateTime?: Date; } /** * ServerTlsPolicy is a resource that specifies how a server should * authenticate incoming requests. This resource itself does not affect * configuration unless it is attached to a target HTTPS proxy or endpoint * config selector resource. ServerTlsPolicy in the form accepted by Application * Load Balancers can be attached only to TargetHttpsProxy with an `EXTERNAL`, * `EXTERNAL_MANAGED` or `INTERNAL_MANAGED` load balancing scheme. Traffic * Director compatible ServerTlsPolicies can be attached to EndpointPolicy and * TargetHttpsProxy with Traffic Director `INTERNAL_SELF_MANAGED` load balancing * scheme. */ export interface ServerTlsPolicy { /** * This field applies only for Traffic Director policies. It is must be set * to false for Application Load Balancer policies. Determines if server * allows plaintext connections. If set to true, server allows plain text * connections. By default, it is set to false. This setting is not exclusive * of other encryption modes. For example, if `allow_open` and `mtls_policy` * are set, server allows both plain text and mTLS connections. See * documentation of other encryption modes to confirm compatibility. Consider * using it if you wish to upgrade in place your deployment to TLS while * having mixed TLS and non-TLS traffic reaching port :80. */ allowOpen?: boolean; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Free-text description of the resource. */ description?: string; /** * Set of label tags associated with the resource. */ labels?: { [key: string]: string }; /** * This field is required if the policy is used with Application Load * Balancers. This field can be empty for Traffic Director. Defines a * mechanism to provision peer validation certificates for peer to peer * authentication (Mutual TLS - mTLS). If not specified, client certificate * will not be requested. The connection is treated as TLS and not mTLS. If * `allow_open` and `mtls_policy` are set, server allows both plain text and * mTLS connections. */ mtlsPolicy?: MTLSPolicy; /** * Required. Name of the ServerTlsPolicy resource. It matches the pattern * `projects/*\/locations/{location}/serverTlsPolicies/{server_tls_policy}` */ name?: string; /** * Optional if policy is to be used with Traffic Director. For Application * Load Balancers must be empty. Defines a mechanism to provision server * identity (public and private keys). Cannot be combined with `allow_open` as * a permissive mode that allows both plain text and TLS is not supported. */ serverCertificate?: GoogleCloudNetworksecurityV1CertificateProvider; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * Defines what action to take for a specific severity match. */ export interface SeverityOverride { /** * Required. Threat action override. */ action?: | "THREAT_ACTION_UNSPECIFIED" | "DEFAULT_ACTION" | "ALLOW" | "ALERT" | "DENY"; /** * Required. Severity level to match. */ severity?: | "SEVERITY_UNSPECIFIED" | "INFORMATIONAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"; } /** * Specification of traffic source attributes. */ export interface Source { /** * Optional. List of CIDR ranges to match based on source IP address. At * least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR * (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone * should be avoided. The IP addresses of any load balancers or proxies should * be considered untrusted. */ ipBlocks?: string[]; /** * Optional. List of peer identities to match for authorization. At least one * principal should match. Each peer can be an exact match, or a prefix match * (example, "namespace/*") or a suffix match (example, "*\/service-account") * or a presence match "*". Authorization based on the principal name without * certificate validation (configured by ServerTlsPolicy resource) is * considered insecure. */ principals?: string[]; } /** * The `Status` type defines a logical error model that is suitable for * different programming environments, including REST APIs and RPC APIs. It is * used by [gRPC](https://github.com/grpc). Each `Status` message contains three * pieces of data: error code, error message, and error details. You can find * out more about this error model and how to work with it in the [API Design * Guide](https://cloud.google.com/apis/design/errors). */ export interface Status { /** * The status code, which should be an enum value of google.rpc.Code. */ code?: number; /** * A list of messages that carry the error details. There is a common set of * message types for APIs to use. */ details?: { [key: string]: any }[]; /** * A developer-facing error message, which should be in English. Any * user-facing error message should be localized and sent in the * google.rpc.Status.details field, or localized by the client. */ message?: string; } /** * Defines what action to take for a specific threat_id match. */ export interface ThreatOverride { /** * Required. Threat action override. For some threat types, only a subset of * actions applies. */ action?: | "THREAT_ACTION_UNSPECIFIED" | "DEFAULT_ACTION" | "ALLOW" | "ALERT" | "DENY"; /** * Required. Vendor-specific ID of a threat to override. */ threatId?: string; /** * Output only. Type of the threat (read only). */ readonly type?: | "THREAT_TYPE_UNSPECIFIED" | "UNKNOWN" | "VULNERABILITY" | "ANTIVIRUS" | "SPYWARE" | "DNS"; } /** * ThreatPreventionProfile defines an action for specific threat signatures or * severity levels. */ export interface ThreatPreventionProfile { /** * Optional. Configuration for overriding threats actions by severity match. */ severityOverrides?: SeverityOverride[]; /** * Optional. Configuration for overriding threats actions by threat_id match. * If a threat is matched both by configuration provided in severity_overrides * and threat_overrides, the threat_overrides action is applied. */ threatOverrides?: ThreatOverride[]; } /** * The TlsInspectionPolicy resource contains references to CA pools in * Certificate Authority Service and associated metadata. */ export interface TlsInspectionPolicy { /** * Required. A CA pool resource used to issue interception certificates. The * CA pool string has a relative resource path following the form * "projects/{project}/locations/{location}/caPools/{ca_pool}". */ caPool?: string; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. List of custom TLS cipher suites selected. This field is valid * only if the selected tls_feature_profile is CUSTOM. The * compute.SslPoliciesService.ListAvailableFeatures method returns the set of * features that can be specified in this list. Note that Secure Web Proxy * does not yet honor this field. */ customTlsFeatures?: string[]; /** * Optional. Free-text description of the resource. */ description?: string; /** * Optional. If FALSE (the default), use our default set of public CAs in * addition to any CAs specified in trust_config. These public CAs are * currently based on the Mozilla Root Program and are subject to change over * time. If TRUE, do not accept our default set of public CAs. Only CAs * specified in trust_config will be accepted. This defaults to FALSE (use * public CAs in addition to trust_config) for backwards compatibility, but * trusting public root CAs is *not recommended* unless the traffic in * question is outbound to public web servers. When possible, prefer setting * this to "false" and explicitly specifying trusted CAs and certificates in a * TrustConfig. Note that Secure Web Proxy does not yet honor this field. */ excludePublicCaSet?: boolean; /** * Optional. Minimum TLS version that the firewall should use when * negotiating connections with both clients and servers. If this is not set, * then the default value is to allow the broadest set of clients and servers * (TLS 1.0 or higher). Setting this to more restrictive values may improve * security, but may also prevent the firewall from connecting to some clients * or servers. Note that Secure Web Proxy does not yet honor this field. */ minTlsVersion?: | "TLS_VERSION_UNSPECIFIED" | "TLS_1_0" | "TLS_1_1" | "TLS_1_2" | "TLS_1_3"; /** * Required. Name of the resource. Name is of the form * projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} * tls_inspection_policy should match the * pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ name?: string; /** * Optional. The selected Profile. If this is not set, then the default value * is to allow the broadest set of clients and servers ("PROFILE_COMPATIBLE"). * Setting this to more restrictive values may improve security, but may also * prevent the TLS inspection proxy from connecting to some clients or * servers. Note that Secure Web Proxy does not yet honor this field. */ tlsFeatureProfile?: | "PROFILE_UNSPECIFIED" | "PROFILE_COMPATIBLE" | "PROFILE_MODERN" | "PROFILE_RESTRICTED" | "PROFILE_CUSTOM"; /** * Optional. A TrustConfig resource used when making a connection to the TLS * server. This is a relative resource path following the form * "projects/{project}/locations/{location}/trustConfigs/{trust_config}". This * is necessary to intercept TLS connections to servers with certificates * signed by a private CA or self-signed certificates. Note that Secure Web * Proxy does not yet honor this field. */ trustConfig?: string; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * UrlList proto helps users to set reusable, independently manageable lists of * hosts, host patterns, URLs, URL patterns. */ export interface UrlList { /** * Output only. Time when the security policy was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Required. Name of the resource provided by the user. Name is of the form * projects/{project}/locations/{location}/urlLists/{url_list} url_list should * match the pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ name?: string; /** * Output only. Time when the security policy was updated. */ readonly updateTime?: Date; /** * Required. FQDNs and URLs. */ values?: string[]; } /** * Specification of ValidationCA. Defines the mechanism to obtain the * Certificate Authority certificate to validate the peer certificate. */ export interface ValidationCA { /** * The certificate provider instance specification that will be passed to the * data plane, which will be used to load necessary credential information. */ certificateProviderInstance?: CertificateProviderInstance; /** * gRPC specific configuration to access the gRPC server to obtain the CA * certificate. */ grpcEndpoint?: GoogleCloudNetworksecurityV1GrpcEndpoint; } function decodeBase64(b64: string): Uint8Array { const binString = atob(b64); const size = binString.length; const bytes = new Uint8Array(size); for (let i = 0; i < size; i++) { bytes[i] = binString.charCodeAt(i); } return bytes; } const base64abc = ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","0","1","2","3","4","5","6","7","8","9","+","/"]; /** * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727 * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation * @param data */ function encodeBase64(uint8: Uint8Array): string { let result = "", i; const l = uint8.length; for (i = 2; i < l; i += 3) { result += base64abc[uint8[i - 2] >> 2]; result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)]; result += base64abc[((uint8[i - 1] & 0x0f) << 2) | (uint8[i] >> 6)]; result += base64abc[uint8[i] & 0x3f]; } if (i === l + 1) { // 1 octet yet to write result += base64abc[uint8[i - 2] >> 2]; result += base64abc[(uint8[i - 2] & 0x03) << 4]; result += "=="; } if (i === l) { // 2 octets yet to write result += base64abc[uint8[i - 2] >> 2]; result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)]; result += base64abc[(uint8[i - 1] & 0x0f) << 2]; result += "="; } return result; }