58 lines
2.9 KiB
YAML
58 lines
2.9 KiB
YAML
- release_tracks: [ALPHA, GA]
|
|
help_text:
|
|
brief: Create a Firewall Policy.
|
|
description: Create a reCAPTCHA Firewall Policy.
|
|
examples: |
|
|
To create a new reCAPTCHA firewall policy covering the path "/login/*" for all requests with a
|
|
reCAPTCHA Lite score of >= 0.5 to allow the requests and set the header 'foo' to the value
|
|
'bar':
|
|
|
|
$ {command} --path='/login/*' --condition='recaptcha.assessment_type == AssessmentType.LITE
|
|
&& recaptcha.score >= 0.5' --actions=allow,set_header=foo=bar
|
|
|
|
request:
|
|
collection: recaptchaenterprise.projects.firewallpolicies
|
|
|
|
arguments:
|
|
resource:
|
|
spec: !REF googlecloudsdk.command_lib.recaptcha.resources:project
|
|
is_parent_resource: true
|
|
help_text: |
|
|
The cloud project in which the reCAPTCHA Firewall Policy is created.
|
|
|
|
params:
|
|
- arg_name: description
|
|
api_field: googleCloudRecaptchaenterpriseV1FirewallPolicy.description
|
|
help_text: |
|
|
A description of what this policy aims to achieve, for convenience purposes. The description
|
|
can at most include 256 UTF-8 characters.
|
|
- arg_name: path
|
|
api_field: googleCloudRecaptchaenterpriseV1FirewallPolicy.path
|
|
help_text: |
|
|
The path for which this policy applies, specified as a glob pattern. For more information on
|
|
glob, see the manual page: https://man7.org/linux/man-pages/man7/glob.7.html.
|
|
- arg_name: condition
|
|
api_field: googleCloudRecaptchaenterpriseV1FirewallPolicy.condition
|
|
help_text: |
|
|
A CEL (Common Expression Language) conditional expression that specifies if this policy
|
|
applies to an incoming user request. If this condition evaluates to true and the requested
|
|
path matched the path pattern, the associated actions should be executed by the caller. The
|
|
condition string is checked for CEL syntax correctness on creation. For more information,
|
|
see the CEL spec: https://github.com/google/cel-spec and its language definition:
|
|
https://github.com/google/cel-spec/blob/master/doc/langdef.md
|
|
- arg_name: actions
|
|
api_field: googleCloudRecaptchaenterpriseV1FirewallPolicy.actions
|
|
processor: googlecloudsdk.command_lib.recaptcha.firewall_policies_util:ParseFirewallActions
|
|
help_text: |
|
|
The actions that the caller should take regarding the user. There should be at most 1
|
|
terminal action. A terminal action is any action that forces a response, such as Allow,
|
|
Block or Substitute. If it makes sense for it to happen multple times, such as SetHeader,
|
|
the action is non-terminal.
|
|
|
|
Examples:
|
|
* Block and set the header with key foo to value bar
|
|
** --actions=block,set_header=foo=bar
|
|
* Substitute with path google.com and set two headers, one with key key1 to value value1 and
|
|
one with key key2 to value value2
|
|
** --actions=substitute=google.com,set_header=key1=value1,set_header=key2=value2
|