ComputeSecurityPolicySecurityPolicyRule class
One entry in rule[]. Rules are evaluated from highest priority
(lowest numeric value) to lowest priority. The first match wins
and its action is enforced. Cloud Armor REQUIRES a default rule
at priority 2147483647 matching all traffic ('*') -- if you
omit it the provider injects one with SecurityPolicyRuleAction.allow,
which silently disables a deny-list policy. Always author the
default rule explicitly.
- Annotations
-
- @immutable
Constructors
-
ComputeSecurityPolicySecurityPolicyRule({required TfArg<
int> priority, required SecurityPolicyRuleAction action, required ComputeSecurityPolicySecurityPolicyRuleMatch match, TfArg<String> ? description, TfArg<bool> ? preview, ComputeSecurityPolicySecurityPolicyRuleRateLimitOptions? rateLimitOptions, ComputeSecurityPolicySecurityPolicyRuleRedirectOptions? redirectOptions, ComputeSecurityPolicySecurityPolicyRuleHeaderAction? headerAction}) -
const
Properties
- action → SecurityPolicyRuleAction
-
What Cloud Armor does when this rule matches. Certain actions
require sibling blocks:
rateBasedBan/throttleneed rateLimitOptions,redirectneeds redirectOptions.final -
description
→ TfArg<
String> ? -
Free-form description. Max 64 chars per the schema.
final
- hashCode → int
-
The hash code for this object.
no setterinherited
- headerAction → ComputeSecurityPolicySecurityPolicyRuleHeaderAction?
-
Optional header rewrites applied alongside the match action
(e.g. tagging a request with an internal
X-Cloud-Armor-Ruleheader for downstream observability).final - match → ComputeSecurityPolicySecurityPolicyRuleMatch
-
Match condition. Pick exactly one of
ComputeSecurityPolicySecurityPolicyRuleMatch.config (versioned predicate over
source IPs) or ComputeSecurityPolicySecurityPolicyRuleMatch.expr (CEL expression).
final
-
preview
→ TfArg<
bool> ? -
Staging flag. When
true, the rule's action is NOT enforced but matches are logged with apreview: trueannotation -- use to validate a new rule against production traffic before flipping it live.final -
priority
→ TfArg<
int> -
Unique positive integer indicating evaluation order. Lower =
higher priority. Reserve
2147483647for the default rule.final - rateLimitOptions → ComputeSecurityPolicySecurityPolicyRuleRateLimitOptions?
-
Required when action is SecurityPolicyRuleAction.rateBasedBan
or SecurityPolicyRuleAction.throttle; forbidden otherwise.
final
- redirectOptions → ComputeSecurityPolicySecurityPolicyRuleRedirectOptions?
-
Required when action is SecurityPolicyRuleAction.redirect;
forbidden otherwise.
final
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
Methods
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
toArgMap(
) → Map< String, Object?> -
toString(
) → String -
A string representation of this object.
inherited
Operators
-
operator ==(
Object other) → bool -
The equality operator.
inherited