external_access_rules
Creates, updates, deletes, gets or lists an external_access_rules resource.
Overview
| Name | external_access_rules |
| Type | Resource |
| Id | google.vmwareengine.external_access_rules |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name of this external access rule. Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. For example: projects/my-project/locations/us-central1/networkPolicies/my-policy/externalAccessRules/my-rule |
action | string | The action that the external access rule performs. |
createTime | string (google-datetime) | Output only. Creation time of this resource. |
description | string | User-provided description for this external access rule. |
destinationIpRanges | array | If destination ranges are specified, the external access rule applies only to the traffic that has a destination IP address in these ranges. The specified IP addresses must have reserved external IP addresses in the scope of the parent network policy. To match all external IP addresses in the scope of the parent network policy, specify 0.0.0.0/0. To match a specific external IP address, specify it using the IpRange.external_address property. |
destinationPorts | array | A list of destination ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: ["22"], ["80","443"], or ["12345-12349"]. To match all destination ports, specify ["0-65535"]. |
ipProtocol | string | The IP protocol to which the external access rule applies. This value can be one of the following three protocol strings (not case-sensitive): tcp, udp, or icmp. |
priority | integer (int32) | External access rule priority, which determines the external access rule to use when multiple rules apply. If multiple rules have the same priority, their ordering is non-deterministic. If specific ordering is required, assign unique priorities to enforce such ordering. The external access rule priority is an integer from 100 to 4096, both inclusive. Lower integers indicate higher precedence. For example, a rule with priority 100 has higher precedence than a rule with priority 101. |
sourceIpRanges | array | If source ranges are specified, the external access rule applies only to traffic that has a source IP address in these ranges. These ranges can either be expressed in the CIDR format or as an IP address. As only inbound rules are supported, ExternalAddress resources cannot be the source IP addresses of an external access rule. To match all source addresses, specify 0.0.0.0/0. |
sourcePorts | array | A list of source ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: ["22"], ["80","443"], or ["12345-12349"]. To match all source ports, specify ["0-65535"]. |
state | string | Output only. The state of the resource. |
uid | string | Output only. System-generated unique identifier for the resource. |
updateTime | string (google-datetime) | Output only. Last update time of this resource. |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name of this external access rule. Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. For example: projects/my-project/locations/us-central1/networkPolicies/my-policy/externalAccessRules/my-rule |
action | string | The action that the external access rule performs. |
createTime | string (google-datetime) | Output only. Creation time of this resource. |
description | string | User-provided description for this external access rule. |
destinationIpRanges | array | If destination ranges are specified, the external access rule applies only to the traffic that has a destination IP address in these ranges. The specified IP addresses must have reserved external IP addresses in the scope of the parent network policy. To match all external IP addresses in the scope of the parent network policy, specify 0.0.0.0/0. To match a specific external IP address, specify it using the IpRange.external_address property. |
destinationPorts | array | A list of destination ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: ["22"], ["80","443"], or ["12345-12349"]. To match all destination ports, specify ["0-65535"]. |
ipProtocol | string | The IP protocol to which the external access rule applies. This value can be one of the following three protocol strings (not case-sensitive): tcp, udp, or icmp. |
priority | integer (int32) | External access rule priority, which determines the external access rule to use when multiple rules apply. If multiple rules have the same priority, their ordering is non-deterministic. If specific ordering is required, assign unique priorities to enforce such ordering. The external access rule priority is an integer from 100 to 4096, both inclusive. Lower integers indicate higher precedence. For example, a rule with priority 100 has higher precedence than a rule with priority 101. |
sourceIpRanges | array | If source ranges are specified, the external access rule applies only to traffic that has a source IP address in these ranges. These ranges can either be expressed in the CIDR format or as an IP address. As only inbound rules are supported, ExternalAddress resources cannot be the source IP addresses of an external access rule. To match all source addresses, specify 0.0.0.0/0. |
sourcePorts | array | A list of source ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: ["22"], ["80","443"], or ["12345-12349"]. To match all source ports, specify ["0-65535"]. |
state | string | Output only. The state of the resource. |
uid | string | Output only. System-generated unique identifier for the resource. |
updateTime | string (google-datetime) | Output only. Last update time of this resource. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | projectsId, locationsId, networkPoliciesId, externalAccessRulesId | Gets details of a single external access rule. | |
list | select | projectsId, locationsId, networkPoliciesId | pageSize, pageToken, filter, orderBy | Lists ExternalAccessRule resources in the specified network policy. |
create | insert | projectsId, locationsId, networkPoliciesId | externalAccessRuleId, requestId | Creates a new external access rule in a given network policy. |
patch | update | projectsId, locationsId, networkPoliciesId, externalAccessRulesId | updateMask, requestId | Updates the parameters of a single external access rule. Only fields specified in update_mask are applied. |
delete | delete | projectsId, locationsId, networkPoliciesId, externalAccessRulesId | requestId | Deletes a single external access rule. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
externalAccessRulesId | string | |
locationsId | string | |
networkPoliciesId | string | |
projectsId | string | |
externalAccessRuleId | string | |
filter | string | |
orderBy | string | |
pageSize | integer (int32) | |
pageToken | string | |
requestId | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- get
- list
Gets details of a single external access rule.
SELECT
name,
action,
createTime,
description,
destinationIpRanges,
destinationPorts,
ipProtocol,
priority,
sourceIpRanges,
sourcePorts,
state,
uid,
updateTime
FROM google.vmwareengine.external_access_rules
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND networkPoliciesId = '{{ networkPoliciesId }}' -- required
AND externalAccessRulesId = '{{ externalAccessRulesId }}' -- required;
Lists ExternalAccessRule resources in the specified network policy.
SELECT
name,
action,
createTime,
description,
destinationIpRanges,
destinationPorts,
ipProtocol,
priority,
sourceIpRanges,
sourcePorts,
state,
uid,
updateTime
FROM google.vmwareengine.external_access_rules
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND networkPoliciesId = '{{ networkPoliciesId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND filter = '{{ filter }}'
AND orderBy = '{{ orderBy }}';
INSERT examples
- create
- Manifest
Creates a new external access rule in a given network policy.
INSERT INTO google.vmwareengine.external_access_rules (
data__description,
data__priority,
data__action,
data__ipProtocol,
data__sourceIpRanges,
data__sourcePorts,
data__destinationIpRanges,
data__destinationPorts,
projectsId,
locationsId,
networkPoliciesId,
externalAccessRuleId,
requestId
)
SELECT
'{{ description }}',
{{ priority }},
'{{ action }}',
'{{ ipProtocol }}',
'{{ sourceIpRanges }}',
'{{ sourcePorts }}',
'{{ destinationIpRanges }}',
'{{ destinationPorts }}',
'{{ projectsId }}',
'{{ locationsId }}',
'{{ networkPoliciesId }}',
'{{ externalAccessRuleId }}',
'{{ requestId }}'
RETURNING
name,
done,
error,
metadata,
response
;
# Description fields are for documentation purposes
- name: external_access_rules
props:
- name: projectsId
value: string
description: Required parameter for the external_access_rules resource.
- name: locationsId
value: string
description: Required parameter for the external_access_rules resource.
- name: networkPoliciesId
value: string
description: Required parameter for the external_access_rules resource.
- name: description
value: string
description: >
User-provided description for this external access rule.
- name: priority
value: integer
description: >
External access rule priority, which determines the external access rule to use when multiple rules apply. If multiple rules have the same priority, their ordering is non-deterministic. If specific ordering is required, assign unique priorities to enforce such ordering. The external access rule priority is an integer from 100 to 4096, both inclusive. Lower integers indicate higher precedence. For example, a rule with priority `100` has higher precedence than a rule with priority `101`.
- name: action
value: string
description: >
The action that the external access rule performs.
valid_values: ['ACTION_UNSPECIFIED', 'ALLOW', 'DENY']
- name: ipProtocol
value: string
description: >
The IP protocol to which the external access rule applies. This value can be one of the following three protocol strings (not case-sensitive): `tcp`, `udp`, or `icmp`.
- name: sourceIpRanges
value: array
description: >
If source ranges are specified, the external access rule applies only to traffic that has a source IP address in these ranges. These ranges can either be expressed in the CIDR format or as an IP address. As only inbound rules are supported, `ExternalAddress` resources cannot be the source IP addresses of an external access rule. To match all source addresses, specify `0.0.0.0/0`.
- name: sourcePorts
value: array
description: >
A list of source ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: `["22"]`, `["80","443"]`, or `["12345-12349"]`. To match all source ports, specify `["0-65535"]`.
- name: destinationIpRanges
value: array
description: >
If destination ranges are specified, the external access rule applies only to the traffic that has a destination IP address in these ranges. The specified IP addresses must have reserved external IP addresses in the scope of the parent network policy. To match all external IP addresses in the scope of the parent network policy, specify `0.0.0.0/0`. To match a specific external IP address, specify it using the `IpRange.external_address` property.
- name: destinationPorts
value: array
description: >
A list of destination ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: `["22"]`, `["80","443"]`, or `["12345-12349"]`. To match all destination ports, specify `["0-65535"]`.
- name: externalAccessRuleId
value: string
- name: requestId
value: string
UPDATE examples
- patch
Updates the parameters of a single external access rule. Only fields specified in update_mask are applied.
UPDATE google.vmwareengine.external_access_rules
SET
data__description = '{{ description }}',
data__priority = {{ priority }},
data__action = '{{ action }}',
data__ipProtocol = '{{ ipProtocol }}',
data__sourceIpRanges = '{{ sourceIpRanges }}',
data__sourcePorts = '{{ sourcePorts }}',
data__destinationIpRanges = '{{ destinationIpRanges }}',
data__destinationPorts = '{{ destinationPorts }}'
WHERE
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND networkPoliciesId = '{{ networkPoliciesId }}' --required
AND externalAccessRulesId = '{{ externalAccessRulesId }}' --required
AND updateMask = '{{ updateMask}}'
AND requestId = '{{ requestId}}'
RETURNING
name,
done,
error,
metadata,
response;
DELETE examples
- delete
Deletes a single external access rule.
DELETE FROM google.vmwareengine.external_access_rules
WHERE projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND networkPoliciesId = '{{ networkPoliciesId }}' --required
AND externalAccessRulesId = '{{ externalAccessRulesId }}' --required
AND requestId = '{{ requestId }}';