security_actions
Creates, updates, deletes, gets or lists a security_actions resource.
Overview
| Name | security_actions |
| Type | Resource |
| Id | google.apigee.security_actions |
Fields
The following fields are returned by SELECT queries:
- organizations_environments_security_actions_get
- organizations_environments_security_actions_list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. This field is ignored during creation as per AIP-133. Please set the security_action_id field in the CreateSecurityActionRequest when creating a new SecurityAction. Format: organizations/{org}/environments/{env}/securityActions/{security_action} |
allow | object | Allow a request through if it matches this SecurityAction. (id: GoogleCloudApigeeV1SecurityActionAllow) |
apiProxies | array | Optional. If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later. |
conditionConfig | object | Required. A valid SecurityAction must contain at least one condition. (id: GoogleCloudApigeeV1SecurityActionConditionConfig) |
createTime | string (google-datetime) | Output only. The create time for this SecurityAction. |
deny | object | Deny a request through if it matches this SecurityAction. (id: GoogleCloudApigeeV1SecurityActionDeny) |
description | string | Optional. An optional user provided description of the SecurityAction. |
expireTime | string (google-datetime) | The expiration for this SecurityAction. |
flag | object | Flag a request through if it matches this SecurityAction. (id: GoogleCloudApigeeV1SecurityActionFlag) |
state | string | Required. Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. |
ttl | string (google-duration) | Input only. The TTL for this SecurityAction. |
updateTime | string (google-datetime) | Output only. The update time for this SecurityAction. This reflects when this SecurityAction changed states. |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Immutable. This field is ignored during creation as per AIP-133. Please set the security_action_id field in the CreateSecurityActionRequest when creating a new SecurityAction. Format: organizations/{org}/environments/{env}/securityActions/{security_action} |
allow | object | Allow a request through if it matches this SecurityAction. (id: GoogleCloudApigeeV1SecurityActionAllow) |
apiProxies | array | Optional. If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later. |
conditionConfig | object | Required. A valid SecurityAction must contain at least one condition. (id: GoogleCloudApigeeV1SecurityActionConditionConfig) |
createTime | string (google-datetime) | Output only. The create time for this SecurityAction. |
deny | object | Deny a request through if it matches this SecurityAction. (id: GoogleCloudApigeeV1SecurityActionDeny) |
description | string | Optional. An optional user provided description of the SecurityAction. |
expireTime | string (google-datetime) | The expiration for this SecurityAction. |
flag | object | Flag a request through if it matches this SecurityAction. (id: GoogleCloudApigeeV1SecurityActionFlag) |
state | string | Required. Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. |
ttl | string (google-duration) | Input only. The TTL for this SecurityAction. |
updateTime | string (google-datetime) | Output only. The update time for this SecurityAction. This reflects when this SecurityAction changed states. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
organizations_environments_security_actions_get | select | organizationsId, environmentsId, securityActionsId | Get a SecurityAction by name. | |
organizations_environments_security_actions_list | select | organizationsId, environmentsId | pageSize, pageToken, filter | Returns a list of SecurityActions. This returns both enabled and disabled actions. |
organizations_environments_security_actions_create | insert | organizationsId, environmentsId | securityActionId | CreateSecurityAction creates a SecurityAction. |
organizations_environments_security_actions_patch | update | organizationsId, environmentsId, securityActionsId | updateMask | Update a SecurityAction. |
organizations_environments_security_actions_delete | delete | organizationsId, environmentsId, securityActionsId | Delete a SecurityAction. | |
organizations_environments_security_actions_enable | exec | organizationsId, environmentsId, securityActionsId | Enable a SecurityAction. The state of the SecurityAction after enabling is ENABLED. EnableSecurityAction can be called on SecurityActions in the state DISABLED; SecurityActions in a different state (including `ENABLED) return an error. | |
organizations_environments_security_actions_disable | exec | organizationsId, environmentsId, securityActionsId | Disable a SecurityAction. The state of the SecurityAction after disabling is DISABLED. DisableSecurityAction can be called on SecurityActions in the state ENABLED; SecurityActions in a different state (including DISABLED) return an error. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
environmentsId | string | |
organizationsId | string | |
securityActionsId | string | |
filter | string | |
pageSize | integer (int32) | |
pageToken | string | |
securityActionId | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- organizations_environments_security_actions_get
- organizations_environments_security_actions_list
Get a SecurityAction by name.
SELECT
name,
allow,
apiProxies,
conditionConfig,
createTime,
deny,
description,
expireTime,
flag,
state,
ttl,
updateTime
FROM google.apigee.security_actions
WHERE organizationsId = '{{ organizationsId }}' -- required
AND environmentsId = '{{ environmentsId }}' -- required
AND securityActionsId = '{{ securityActionsId }}' -- required;
Returns a list of SecurityActions. This returns both enabled and disabled actions.
SELECT
name,
allow,
apiProxies,
conditionConfig,
createTime,
deny,
description,
expireTime,
flag,
state,
ttl,
updateTime
FROM google.apigee.security_actions
WHERE organizationsId = '{{ organizationsId }}' -- required
AND environmentsId = '{{ environmentsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND filter = '{{ filter }}';
INSERT examples
- organizations_environments_security_actions_create
- Manifest
CreateSecurityAction creates a SecurityAction.
INSERT INTO google.apigee.security_actions (
data__name,
data__description,
data__state,
data__allow,
data__deny,
data__flag,
data__expireTime,
data__ttl,
data__apiProxies,
data__conditionConfig,
organizationsId,
environmentsId,
securityActionId
)
SELECT
'{{ name }}',
'{{ description }}',
'{{ state }}',
'{{ allow }}',
'{{ deny }}',
'{{ flag }}',
'{{ expireTime }}',
'{{ ttl }}',
'{{ apiProxies }}',
'{{ conditionConfig }}',
'{{ organizationsId }}',
'{{ environmentsId }}',
'{{ securityActionId }}'
RETURNING
name,
allow,
apiProxies,
conditionConfig,
createTime,
deny,
description,
expireTime,
flag,
state,
ttl,
updateTime
;
# Description fields are for documentation purposes
- name: security_actions
props:
- name: organizationsId
value: string
description: Required parameter for the security_actions resource.
- name: environmentsId
value: string
description: Required parameter for the security_actions resource.
- name: name
value: string
description: >
Immutable. This field is ignored during creation as per AIP-133. Please set the `security_action_id` field in the CreateSecurityActionRequest when creating a new SecurityAction. Format: organizations/{org}/environments/{env}/securityActions/{security_action}
- name: description
value: string
description: >
Optional. An optional user provided description of the SecurityAction.
- name: state
value: string
description: >
Required. Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced.
valid_values: ['STATE_UNSPECIFIED', 'ENABLED', 'DISABLED']
- name: allow
value: object
description: >
Allow a request through if it matches this SecurityAction.
- name: deny
value: object
description: >
Deny a request through if it matches this SecurityAction.
- name: flag
value: object
description: >
Flag a request through if it matches this SecurityAction.
- name: expireTime
value: string
description: >
The expiration for this SecurityAction.
- name: ttl
value: string
description: >
Input only. The TTL for this SecurityAction.
- name: apiProxies
value: array
description: >
Optional. If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
- name: conditionConfig
value: object
description: >
Required. A valid SecurityAction must contain at least one condition.
- name: securityActionId
value: string
UPDATE examples
- organizations_environments_security_actions_patch
Update a SecurityAction.
UPDATE google.apigee.security_actions
SET
data__name = '{{ name }}',
data__description = '{{ description }}',
data__state = '{{ state }}',
data__allow = '{{ allow }}',
data__deny = '{{ deny }}',
data__flag = '{{ flag }}',
data__expireTime = '{{ expireTime }}',
data__ttl = '{{ ttl }}',
data__apiProxies = '{{ apiProxies }}',
data__conditionConfig = '{{ conditionConfig }}'
WHERE
organizationsId = '{{ organizationsId }}' --required
AND environmentsId = '{{ environmentsId }}' --required
AND securityActionsId = '{{ securityActionsId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
allow,
apiProxies,
conditionConfig,
createTime,
deny,
description,
expireTime,
flag,
state,
ttl,
updateTime;
DELETE examples
- organizations_environments_security_actions_delete
Delete a SecurityAction.
DELETE FROM google.apigee.security_actions
WHERE organizationsId = '{{ organizationsId }}' --required
AND environmentsId = '{{ environmentsId }}' --required
AND securityActionsId = '{{ securityActionsId }}' --required;
Lifecycle Methods
- organizations_environments_security_actions_enable
- organizations_environments_security_actions_disable
Enable a SecurityAction. The state of the SecurityAction after enabling is ENABLED. EnableSecurityAction can be called on SecurityActions in the state DISABLED; SecurityActions in a different state (including `ENABLED) return an error.
EXEC google.apigee.security_actions.organizations_environments_security_actions_enable
@organizationsId='{{ organizationsId }}' --required,
@environmentsId='{{ environmentsId }}' --required,
@securityActionsId='{{ securityActionsId }}' --required;
Disable a SecurityAction. The state of the SecurityAction after disabling is DISABLED. DisableSecurityAction can be called on SecurityActions in the state ENABLED; SecurityActions in a different state (including DISABLED) return an error.
EXEC google.apigee.security_actions.organizations_environments_security_actions_disable
@organizationsId='{{ organizationsId }}' --required,
@environmentsId='{{ environmentsId }}' --required,
@securityActionsId='{{ securityActionsId }}' --required;