firewall_policies
Creates, updates, deletes, gets or lists a firewall_policies resource.
Overview
| Name | firewall_policies |
| Type | Resource |
| Id | google.compute.firewall_policies |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
id | string (uint64) | [Output Only] The unique identifier for the resource. This identifier is defined by the server. |
name | string | Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy. |
associations | array | A list of associations that belong to this firewall policy. |
creationTimestamp | string | [Output Only] Creation timestamp in RFC3339 text format. |
description | string | An optional description of this resource. Provide this property when you create the resource. |
displayName | string | Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. (pattern: a-z?) |
fingerprint | string (byte) | Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy. |
kind | string | [Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies (default: compute#firewallPolicy) |
packetMirroringRules | array | A list of packet mirroring rules that belong to this policy. |
parent | string | [Output Only] The parent of the firewall policy. This field is not applicable to network firewall policies. |
region | string | [Output Only] URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body. |
ruleTupleCount | integer (int32) | [Output Only] Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. |
rules | array | A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added. |
selfLink | string | [Output Only] Server-defined URL for the resource. |
selfLinkWithId | string | [Output Only] Server-defined URL for this resource with the resource id. |
shortName | string | User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. (pattern: a-z?) |
Successful response
| Name | Datatype | Description |
|---|---|---|
id | string | [Output Only] Unique identifier for the resource; defined by the server. |
items | array | A list of FirewallPolicy resources. |
kind | string | [Output Only] Type of resource. Always compute#firewallPolicyList for listsof FirewallPolicies (default: compute#firewallPolicyList) |
nextPageToken | string | [Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results. |
warning | object | [Output Only] Informational warning message. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | project, region, firewallPolicy | Returns the specified network firewall policy. | |
list | select | project, region | filter, maxResults, orderBy, pageToken, returnPartialSuccess | Lists all the network firewall policies that have been configured for the specified project in the given region. |
insert | insert | project, region | requestId | Creates a new network firewall policy in the specified project and region. |
patch | update | project, region, firewallPolicy | requestId | Patches the specified network firewall policy. |
delete | delete | project, region, firewallPolicy | requestId | Deletes the specified network firewall policy. |
move | exec | firewallPolicy | parentId, requestId | Moves the specified firewall policy. |
clone_rules | exec | project, region, firewallPolicy | requestId, sourceFirewallPolicy | Copies rules to the specified network firewall policy. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
firewallPolicy | string | |
project | string | |
region | string | |
filter | string | |
maxResults | integer (uint32) | |
orderBy | string | |
pageToken | string | |
parentId | string | |
requestId | string | |
returnPartialSuccess | boolean | |
sourceFirewallPolicy | string |
SELECT examples
- get
- list
Returns the specified network firewall policy.
SELECT
id,
name,
associations,
creationTimestamp,
description,
displayName,
fingerprint,
kind,
packetMirroringRules,
parent,
region,
ruleTupleCount,
rules,
selfLink,
selfLinkWithId,
shortName
FROM google.compute.firewall_policies
WHERE project = '{{ project }}' -- required
AND region = '{{ region }}' -- required
AND firewallPolicy = '{{ firewallPolicy }}' -- required;
Lists all the network firewall policies that have been configured for the specified project in the given region.
SELECT
id,
items,
kind,
nextPageToken,
warning
FROM google.compute.firewall_policies
WHERE project = '{{ project }}' -- required
AND region = '{{ region }}' -- required
AND filter = '{{ filter }}'
AND maxResults = '{{ maxResults }}'
AND orderBy = '{{ orderBy }}'
AND pageToken = '{{ pageToken }}'
AND returnPartialSuccess = '{{ returnPartialSuccess }}';
INSERT examples
- insert
- Manifest
Creates a new network firewall policy in the specified project and region.
INSERT INTO google.compute.firewall_policies (
data__kind,
data__id,
data__creationTimestamp,
data__name,
data__description,
data__rules,
data__packetMirroringRules,
data__fingerprint,
data__selfLink,
data__selfLinkWithId,
data__associations,
data__ruleTupleCount,
data__shortName,
data__displayName,
data__parent,
data__region,
project,
region,
requestId
)
SELECT
'{{ kind }}',
'{{ id }}',
'{{ creationTimestamp }}',
'{{ name }}',
'{{ description }}',
'{{ rules }}',
'{{ packetMirroringRules }}',
'{{ fingerprint }}',
'{{ selfLink }}',
'{{ selfLinkWithId }}',
'{{ associations }}',
{{ ruleTupleCount }},
'{{ shortName }}',
'{{ displayName }}',
'{{ parent }}',
'{{ region }}',
'{{ project }}',
'{{ region }}',
'{{ requestId }}'
RETURNING
id,
name,
clientOperationId,
creationTimestamp,
description,
endTime,
error,
httpErrorMessage,
httpErrorStatusCode,
insertTime,
instancesBulkInsertOperationMetadata,
kind,
operationGroupId,
operationType,
progress,
region,
selfLink,
setCommonInstanceMetadataOperationMetadata,
startTime,
status,
statusMessage,
targetId,
targetLink,
user,
warnings,
zone
;
# Description fields are for documentation purposes
- name: firewall_policies
props:
- name: project
value: string
description: Required parameter for the firewall_policies resource.
- name: region
value: string
description: Required parameter for the firewall_policies resource.
- name: kind
value: string
description: >
[Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies
default: compute#firewallPolicy
- name: id
value: string
description: >
[Output Only] The unique identifier for the resource. This identifier is defined by the server.
- name: creationTimestamp
value: string
description: >
[Output Only] Creation timestamp in RFC3339 text format.
- name: name
value: string
description: >
Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.
- name: description
value: string
description: >
An optional description of this resource. Provide this property when you create the resource.
- name: rules
value: array
description: >
A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.
- name: packetMirroringRules
value: array
description: >
A list of packet mirroring rules that belong to this policy.
- name: fingerprint
value: string
description: >
Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.
- name: selfLink
value: string
description: >
[Output Only] Server-defined URL for the resource.
- name: selfLinkWithId
value: string
description: >
[Output Only] Server-defined URL for this resource with the resource id.
- name: associations
value: array
description: >
A list of associations that belong to this firewall policy.
- name: ruleTupleCount
value: integer
description: >
[Output Only] Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
- name: shortName
value: string
description: >
User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
- name: displayName
value: string
description: >
Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
- name: parent
value: string
description: >
[Output Only] The parent of the firewall policy. This field is not applicable to network firewall policies.
- name: region
value: string
description: >
[Output Only] URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
- name: requestId
value: string
UPDATE examples
- patch
Patches the specified network firewall policy.
UPDATE google.compute.firewall_policies
SET
data__kind = '{{ kind }}',
data__id = '{{ id }}',
data__creationTimestamp = '{{ creationTimestamp }}',
data__name = '{{ name }}',
data__description = '{{ description }}',
data__rules = '{{ rules }}',
data__packetMirroringRules = '{{ packetMirroringRules }}',
data__fingerprint = '{{ fingerprint }}',
data__selfLink = '{{ selfLink }}',
data__selfLinkWithId = '{{ selfLinkWithId }}',
data__associations = '{{ associations }}',
data__ruleTupleCount = {{ ruleTupleCount }},
data__shortName = '{{ shortName }}',
data__displayName = '{{ displayName }}',
data__parent = '{{ parent }}',
data__region = '{{ region }}'
WHERE
project = '{{ project }}' --required
AND region = '{{ region }}' --required
AND firewallPolicy = '{{ firewallPolicy }}' --required
AND requestId = '{{ requestId}}'
RETURNING
id,
name,
clientOperationId,
creationTimestamp,
description,
endTime,
error,
httpErrorMessage,
httpErrorStatusCode,
insertTime,
instancesBulkInsertOperationMetadata,
kind,
operationGroupId,
operationType,
progress,
region,
selfLink,
setCommonInstanceMetadataOperationMetadata,
startTime,
status,
statusMessage,
targetId,
targetLink,
user,
warnings,
zone;
DELETE examples
- delete
Deletes the specified network firewall policy.
DELETE FROM google.compute.firewall_policies
WHERE project = '{{ project }}' --required
AND region = '{{ region }}' --required
AND firewallPolicy = '{{ firewallPolicy }}' --required
AND requestId = '{{ requestId }}';
Lifecycle Methods
- move
- clone_rules
Moves the specified firewall policy.
EXEC google.compute.firewall_policies.move
@firewallPolicy='{{ firewallPolicy }}' --required,
@parentId='{{ parentId }}',
@requestId='{{ requestId }}';
Copies rules to the specified network firewall policy.
EXEC google.compute.firewall_policies.clone_rules
@project='{{ project }}' --required,
@region='{{ region }}' --required,
@firewallPolicy='{{ firewallPolicy }}' --required,
@requestId='{{ requestId }}',
@sourceFirewallPolicy='{{ sourceFirewallPolicy }}';