|
5513 | 5513 | } |
5514 | 5514 | } |
5515 | 5515 | }, |
5516 | | - "revision": "20250721", |
| 5516 | + "revision": "20250804", |
5517 | 5517 | "rootUrl": "https://networksecurity.googleapis.com/", |
5518 | 5518 | "schemas": { |
5519 | 5519 | "AddAddressGroupItemsRequest": { |
|
5830 | 5830 | "id": "AuthzPolicyAuthzRuleFromRequestSource", |
5831 | 5831 | "properties": { |
5832 | 5832 | "ipBlocks": { |
5833 | | - "description": "Optional. A list of IP addresses or IP address ranges to match against the source IP address of the request. Limited to 5 ip_blocks.", |
| 5833 | + "description": "Optional. A list of IP addresses or IP address ranges to match against the source IP address of the request. Limited to 10 ip_blocks per Authorization Policy", |
5834 | 5834 | "items": { |
5835 | 5835 | "$ref": "AuthzPolicyAuthzRuleIpBlock" |
5836 | 5836 | }, |
5837 | 5837 | "type": "array" |
5838 | 5838 | }, |
5839 | 5839 | "principals": { |
5840 | | - "description": "Optional. A list of identities derived from the client's certificate. This field will not match on a request unless frontend mutual TLS is enabled for the forwarding rule or Gateway and the client certificate has been successfully validated by mTLS. Each identity is a string whose value is matched against a list of URI SANs, DNS Name SANs, or the common name in the client's certificate. A match happens when any principal matches with the rule. Limited to 5 principals.", |
| 5840 | + "description": "Optional. A list of identities derived from the client's certificate. This field will not match on a request unless frontend mutual TLS is enabled for the forwarding rule or Gateway and the client certificate has been successfully validated by mTLS. Each identity is a string whose value is matched against a list of URI SANs, DNS Name SANs, or the common name in the client's certificate. A match happens when any principal matches with the rule. Limited to 50 principals per Authorization Policy for Regional Internal Application Load Balancer, Regional External Application Load Balancer, Cross-region Internal Application Load Balancer, and Cloud Service Mesh. Limited to 25 principals per Authorization Policy for Global External Application Load Balancer.", |
5841 | 5841 | "items": { |
5842 | 5842 | "$ref": "AuthzPolicyAuthzRulePrincipal" |
5843 | 5843 | }, |
5844 | 5844 | "type": "array" |
5845 | 5845 | }, |
5846 | 5846 | "resources": { |
5847 | | - "description": "Optional. A list of resources to match against the resource of the source VM of a request. Limited to 5 resources.", |
| 5847 | + "description": "Optional. A list of resources to match against the resource of the source VM of a request. Limited to 10 resources per Authorization Policy.", |
5848 | 5848 | "items": { |
5849 | 5849 | "$ref": "AuthzPolicyAuthzRuleRequestResource" |
5850 | 5850 | }, |
|
5902 | 5902 | ], |
5903 | 5903 | "enumDescriptions": [ |
5904 | 5904 | "Unspecified principal selector. It will be treated as CLIENT_CERT_URI_SAN by default.", |
5905 | | - "The principal rule is matched against a list of URI SANs in the validated client’s certificate. A match happens when there is any exact URI SAN value match. This is the default principal selector.", |
5906 | | - "The principal rule is matched against a list of DNS Name SANs in the validated client’s certificate. A match happens when there is any exact DNS Name SAN value match.", |
5907 | | - "The principal rule is matched against the common name in the client’s certificate. Authorization against multiple common names in the client certificate is not supported. Requests with multiple common names in the client certificate will be rejected if CLIENT_CERT_COMMON_NAME is set as the principal selector. A match happens when there is an exact common name value match. This is only applicable for Application Load Balancers except for classic Global External Application load balancer. CLIENT_CERT_COMMON_NAME is not supported for INTERNAL_SELF_MANAGED load balancing scheme." |
| 5905 | + "The principal rule is matched against a list of URI SANs in the validated client's certificate. A match happens when there is any exact URI SAN value match. This is the default principal selector.", |
| 5906 | + "The principal rule is matched against a list of DNS Name SANs in the validated client's certificate. A match happens when there is any exact DNS Name SAN value match.", |
| 5907 | + "The principal rule is matched against the common name in the client's certificate. Authorization against multiple common names in the client certificate is not supported. Requests with multiple common names in the client certificate will be rejected if CLIENT_CERT_COMMON_NAME is set as the principal selector. A match happens when there is an exact common name value match. This is only applicable for Application Load Balancers except for classic Global External Application load balancer. CLIENT_CERT_COMMON_NAME is not supported for INTERNAL_SELF_MANAGED load balancing scheme." |
5908 | 5908 | ], |
5909 | 5909 | "type": "string" |
5910 | 5910 | } |
|
5931 | 5931 | "id": "AuthzPolicyAuthzRuleRequestResourceTagValueIdSet", |
5932 | 5932 | "properties": { |
5933 | 5933 | "ids": { |
5934 | | - "description": "Required. A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.", |
| 5934 | + "description": "Required. A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 ids in the Tag value id set.", |
5935 | 5935 | "items": { |
5936 | 5936 | "format": "int64", |
5937 | 5937 | "type": "string" |
|
5998 | 5998 | "description": "Optional. A list of headers to match against in http header." |
5999 | 5999 | }, |
6000 | 6000 | "hosts": { |
6001 | | - "description": "Optional. A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches.", |
| 6001 | + "description": "Optional. A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 10 hosts per Authorization Policy.", |
6002 | 6002 | "items": { |
6003 | 6003 | "$ref": "AuthzPolicyAuthzRuleStringMatch" |
6004 | 6004 | }, |
6005 | 6005 | "type": "array" |
6006 | 6006 | }, |
6007 | 6007 | "methods": { |
6008 | | - "description": "Optional. A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.", |
| 6008 | + "description": "Optional. A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. Limited to 10 methods per Authorization Policy.", |
6009 | 6009 | "items": { |
6010 | 6010 | "type": "string" |
6011 | 6011 | }, |
6012 | 6012 | "type": "array" |
6013 | 6013 | }, |
6014 | 6014 | "paths": { |
6015 | | - "description": "Optional. A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method.", |
| 6015 | + "description": "Optional. A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 10 paths per Authorization Policy. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method.", |
6016 | 6016 | "items": { |
6017 | 6017 | "$ref": "AuthzPolicyAuthzRuleStringMatch" |
6018 | 6018 | }, |
|
6026 | 6026 | "id": "AuthzPolicyAuthzRuleToRequestOperationHeaderSet", |
6027 | 6027 | "properties": { |
6028 | 6028 | "headers": { |
6029 | | - "description": "Required. A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches.", |
| 6029 | + "description": "Required. A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 10 headers per Authorization Policy.", |
6030 | 6030 | "items": { |
6031 | 6031 | "$ref": "AuthzPolicyAuthzRuleHeaderMatch" |
6032 | 6032 | }, |
|
6298 | 6298 | "type": "object" |
6299 | 6299 | }, |
6300 | 6300 | "DnsThreatDetector": { |
6301 | | - "description": "Message describing DnsThreatDetector object", |
| 6301 | + "description": "Message describing DnsThreatDetector object.", |
6302 | 6302 | "id": "DnsThreatDetector", |
6303 | 6303 | "properties": { |
6304 | 6304 | "createTime": { |
|
7456 | 7456 | "type": "object" |
7457 | 7457 | }, |
7458 | 7458 | "ListDnsThreatDetectorsResponse": { |
7459 | | - "description": "Message for response to listing DnsThreatDetectors", |
| 7459 | + "description": "Message for response to listing DnsThreatDetectors.", |
7460 | 7460 | "id": "ListDnsThreatDetectorsResponse", |
7461 | 7461 | "properties": { |
7462 | 7462 | "dnsThreatDetectors": { |
|
0 commit comments