Version
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
tessl/golang-cloud-google-com--go--compute
tessl install tessl/golang-cloud-google-com--go--compute@1.53.0Go client library for Google Cloud Compute Engine API providing programmatic access to manage virtual machines, disks, networks, and other compute resources
security.mddocs/clients/
Security Clients
Security clients manage Cloud Armor security policies, SSL certificates, and SSL/TLS policies to protect applications and enforce security standards.
Security Policies Client
The SecurityPoliciesClient manages Cloud Armor security policies for DDoS protection and application security.
Client Creation
func NewSecurityPoliciesRESTClient(ctx context.Context, opts ...option.ClientOption) (*SecurityPoliciesClient, error)Example:
import (
"context"
compute "cloud.google.com/go/compute/apiv1"
)
ctx := context.Background()
client, err := compute.NewSecurityPoliciesRESTClient(ctx)
if err != nil {
// handle error
}
defer client.Close()Security Policy Operations
// Get retrieves a specific security policy
func (c *SecurityPoliciesClient) Get(ctx context.Context, req *computepb.GetSecurityPolicyRequest, opts ...gax.CallOption) (*computepb.SecurityPolicy, error)
// List returns an iterator over security policies
func (c *SecurityPoliciesClient) List(ctx context.Context, req *computepb.ListSecurityPoliciesRequest, opts ...gax.CallOption) *SecurityPolicyIterator
// AggregatedList returns an iterator over security policies across all regions
func (c *SecurityPoliciesClient) AggregatedList(ctx context.Context, req *computepb.AggregatedListSecurityPoliciesRequest, opts ...gax.CallOption) *SecurityPoliciesScopedListPairIterator
// Insert creates a new security policy
func (c *SecurityPoliciesClient) Insert(ctx context.Context, req *computepb.InsertSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// Patch partially updates a security policy
func (c *SecurityPoliciesClient) Patch(ctx context.Context, req *computepb.PatchSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// Delete deletes a security policy
func (c *SecurityPoliciesClient) Delete(ctx context.Context, req *computepb.DeleteSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)Example - Create Security Policy with Rules:
import (
"cloud.google.com/go/compute/apiv1/computepb"
"google.golang.org/protobuf/proto"
)
insertReq := &computepb.InsertSecurityPolicyRequest{
Project: "my-project",
SecurityPolicyResource: &computepb.SecurityPolicy{
Name: proto.String("my-security-policy"),
Description: proto.String("Blocks malicious traffic"),
Rules: []*computepb.SecurityPolicyRule{
{
Priority: proto.Int32(1000),
Match: &computepb.SecurityPolicyRuleMatcher{
VersionedExpr: proto.String("SRC_IPS_V1"),
Config: &computepb.SecurityPolicyRuleMatcherConfig{
SrcIpRanges: []string{"192.0.2.0/24"},
},
},
Action: proto.String("deny(403)"),
Description: proto.String("Block suspicious IP range"),
},
{
Priority: proto.Int32(2147483647),
Match: &computepb.SecurityPolicyRuleMatcher{
VersionedExpr: proto.String("SRC_IPS_V1"),
Config: &computepb.SecurityPolicyRuleMatcherConfig{
SrcIpRanges: []string{"*"},
},
},
Action: proto.String("allow"),
Description: proto.String("Default rule"),
},
},
},
}
op, err := client.Insert(ctx, insertReq)Rule Management
// AddRule adds a rule to a security policy
func (c *SecurityPoliciesClient) AddRule(ctx context.Context, req *computepb.AddRuleSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// PatchRule updates a rule in a security policy
func (c *SecurityPoliciesClient) PatchRule(ctx context.Context, req *computepb.PatchRuleSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// RemoveRule removes a rule from a security policy
func (c *SecurityPoliciesClient) RemoveRule(ctx context.Context, req *computepb.RemoveRuleSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// GetRule retrieves a specific rule from a security policy
func (c *SecurityPoliciesClient) GetRule(ctx context.Context, req *computepb.GetRuleSecurityPolicyRequest, opts ...gax.CallOption) (*computepb.SecurityPolicyRule, error)Example - Add Rule to Existing Policy:
addRuleReq := &computepb.AddRuleSecurityPolicyRequest{
Project: "my-project",
SecurityPolicy: "my-security-policy",
SecurityPolicyRuleResource: &computepb.SecurityPolicyRule{
Priority: proto.Int32(500),
Match: &computepb.SecurityPolicyRuleMatcher{
Expr: &computepb.Expr{
Expression: proto.String("origin.region_code == 'CN'"),
},
},
Action: proto.String("deny(403)"),
Description: proto.String("Block traffic from specific region"),
},
}
op, err := client.AddRule(ctx, addRuleReq)SSL Certificates Client
The SslCertificatesClient manages SSL certificates for HTTPS Load Balancers.
Client Creation
func NewSslCertificatesRESTClient(ctx context.Context, opts ...option.ClientOption) (*SslCertificatesClient, error)SSL Certificate Operations
// Get retrieves a specific SSL certificate
func (c *SslCertificatesClient) Get(ctx context.Context, req *computepb.GetSslCertificateRequest, opts ...gax.CallOption) (*computepb.SslCertificate, error)
// List returns an iterator over SSL certificates
func (c *SslCertificatesClient) List(ctx context.Context, req *computepb.ListSslCertificatesRequest, opts ...gax.CallOption) *SslCertificateIterator
// AggregatedList returns an iterator over SSL certificates across all regions
func (c *SslCertificatesClient) AggregatedList(ctx context.Context, req *computepb.AggregatedListSslCertificatesRequest, opts ...gax.CallOption) *SslCertificatesScopedListPairIterator
// Insert creates a new SSL certificate
func (c *SslCertificatesClient) Insert(ctx context.Context, req *computepb.InsertSslCertificateRequest, opts ...gax.CallOption) (*Operation, error)
// Delete deletes an SSL certificate
func (c *SslCertificatesClient) Delete(ctx context.Context, req *computepb.DeleteSslCertificateRequest, opts ...gax.CallOption) (*Operation, error)Example - Upload Self-Managed Certificate:
insertReq := &computepb.InsertSslCertificateRequest{
Project: "my-project",
SslCertificateResource: &computepb.SslCertificate{
Name: proto.String("my-ssl-cert"),
Certificate: proto.String("-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"),
PrivateKey: proto.String("-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"),
Description: proto.String("SSL certificate for example.com"),
},
}
op, err := client.Insert(ctx, insertReq)Example - Create Google-Managed Certificate:
insertReq := &computepb.InsertSslCertificateRequest{
Project: "my-project",
SslCertificateResource: &computepb.SslCertificate{
Name: proto.String("managed-cert"),
Type: proto.String("MANAGED"),
Managed: &computepb.SslCertificateManagedSslCertificate{
Domains: []string{"example.com", "www.example.com"},
},
Description: proto.String("Google-managed certificate"),
},
}
op, err := client.Insert(ctx, insertReq)SSL Policies Client
The SslPoliciesClient manages SSL/TLS policies that define cipher suites and TLS versions.
Client Creation
func NewSslPoliciesRESTClient(ctx context.Context, opts ...option.ClientOption) (*SslPoliciesClient, error)SSL Policy Operations
// Get retrieves a specific SSL policy
func (c *SslPoliciesClient) Get(ctx context.Context, req *computepb.GetSslPolicyRequest, opts ...gax.CallOption) (*computepb.SslPolicy, error)
// List returns an iterator over SSL policies
func (c *SslPoliciesClient) List(ctx context.Context, req *computepb.ListSslPoliciesRequest, opts ...gax.CallOption) *SslPolicyIterator
// AggregatedList returns an iterator over SSL policies across all regions
func (c *SslPoliciesClient) AggregatedList(ctx context.Context, req *computepb.AggregatedListSslPoliciesRequest, opts ...gax.CallOption) *SslPoliciesScopedListPairIterator
// Insert creates a new SSL policy
func (c *SslPoliciesClient) Insert(ctx context.Context, req *computepb.InsertSslPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// Patch partially updates an SSL policy
func (c *SslPoliciesClient) Patch(ctx context.Context, req *computepb.PatchSslPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// Delete deletes an SSL policy
func (c *SslPoliciesClient) Delete(ctx context.Context, req *computepb.DeleteSslPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// ListAvailableFeatures lists available SSL policy features
func (c *SslPoliciesClient) ListAvailableFeatures(ctx context.Context, req *computepb.ListAvailableFeaturesSslPoliciesRequest, opts ...gax.CallOption) (*computepb.SslPoliciesListAvailableFeaturesResponse, error)Example - Create SSL Policy with Modern TLS:
insertReq := &computepb.InsertSslPolicyRequest{
Project: "my-project",
SslPolicyResource: &computepb.SslPolicy{
Name: proto.String("modern-tls-policy"),
Profile: proto.String("MODERN"),
MinTlsVersion: proto.String("TLS_1_2"),
Description: proto.String("Modern TLS policy with strong ciphers"),
},
}
op, err := client.Insert(ctx, insertReq)Example - Create Custom SSL Policy:
insertReq := &computepb.InsertSslPolicyRequest{
Project: "my-project",
SslPolicyResource: &computepb.SslPolicy{
Name: proto.String("custom-tls-policy"),
Profile: proto.String("CUSTOM"),
MinTlsVersion: proto.String("TLS_1_3"),
CustomFeatures: []string{
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
},
Description: proto.String("Custom TLS 1.3 policy"),
},
}
op, err := client.Insert(ctx, insertReq)Organization Security Policies Client
The OrganizationSecurityPoliciesClient manages organization-level security policies.
Client Creation
func NewOrganizationSecurityPoliciesRESTClient(ctx context.Context, opts ...option.ClientOption) (*OrganizationSecurityPoliciesClient, error)Organization Security Policy Operations
// Get retrieves an organization security policy
func (c *OrganizationSecurityPoliciesClient) Get(ctx context.Context, req *computepb.GetOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*computepb.SecurityPolicy, error)
// List returns an iterator over organization security policies
func (c *OrganizationSecurityPoliciesClient) List(ctx context.Context, req *computepb.ListOrganizationSecurityPoliciesRequest, opts ...gax.CallOption) *SecurityPolicyIterator
// Insert creates a new organization security policy
func (c *OrganizationSecurityPoliciesClient) Insert(ctx context.Context, req *computepb.InsertOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// Patch partially updates an organization security policy
func (c *OrganizationSecurityPoliciesClient) Patch(ctx context.Context, req *computepb.PatchOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// Delete deletes an organization security policy
func (c *OrganizationSecurityPoliciesClient) Delete(ctx context.Context, req *computepb.DeleteOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// Move moves an organization security policy
func (c *OrganizationSecurityPoliciesClient) Move(ctx context.Context, req *computepb.MoveOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)Organization Policy Rules
// AddRule adds a rule to an organization security policy
func (c *OrganizationSecurityPoliciesClient) AddRule(ctx context.Context, req *computepb.AddRuleOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// PatchRule updates a rule in an organization security policy
func (c *OrganizationSecurityPoliciesClient) PatchRule(ctx context.Context, req *computepb.PatchRuleOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// RemoveRule removes a rule from an organization security policy
func (c *OrganizationSecurityPoliciesClient) RemoveRule(ctx context.Context, req *computepb.RemoveRuleOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// GetRule retrieves a specific rule from an organization security policy
func (c *OrganizationSecurityPoliciesClient) GetRule(ctx context.Context, req *computepb.GetRuleOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*computepb.SecurityPolicyRule, error)Association Management
// AddAssociation adds an association to an organization security policy
func (c *OrganizationSecurityPoliciesClient) AddAssociation(ctx context.Context, req *computepb.AddAssociationOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// RemoveAssociation removes an association from an organization security policy
func (c *OrganizationSecurityPoliciesClient) RemoveAssociation(ctx context.Context, req *computepb.RemoveAssociationOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*Operation, error)
// ListAssociations lists associations of an organization security policy
func (c *OrganizationSecurityPoliciesClient) ListAssociations(ctx context.Context, req *computepb.ListAssociationsOrganizationSecurityPolicyRequest, opts ...gax.CallOption) (*computepb.OrganizationSecurityPoliciesListAssociationsResponse, error)Network Edge Security Services Client
The NetworkEdgeSecurityServicesClient manages network edge security services.
Client Creation
func NewNetworkEdgeSecurityServicesRESTClient(ctx context.Context, opts ...option.ClientOption) (*NetworkEdgeSecurityServicesClient, error)Network Edge Security Service Operations
// Get retrieves a network edge security service
func (c *NetworkEdgeSecurityServicesClient) Get(ctx context.Context, req *computepb.GetNetworkEdgeSecurityServiceRequest, opts ...gax.CallOption) (*computepb.NetworkEdgeSecurityService, error)
// AggregatedList returns an iterator over network edge security services
func (c *NetworkEdgeSecurityServicesClient) AggregatedList(ctx context.Context, req *computepb.AggregatedListNetworkEdgeSecurityServicesRequest, opts ...gax.CallOption) *NetworkEdgeSecurityServicesScopedListPairIterator
// Insert creates a new network edge security service
func (c *NetworkEdgeSecurityServicesClient) Insert(ctx context.Context, req *computepb.InsertNetworkEdgeSecurityServiceRequest, opts ...gax.CallOption) (*Operation, error)
// Patch partially updates a network edge security service
func (c *NetworkEdgeSecurityServicesClient) Patch(ctx context.Context, req *computepb.PatchNetworkEdgeSecurityServiceRequest, opts ...gax.CallOption) (*Operation, error)
// Delete deletes a network edge security service
func (c *NetworkEdgeSecurityServicesClient) Delete(ctx context.Context, req *computepb.DeleteNetworkEdgeSecurityServiceRequest, opts ...gax.CallOption) (*Operation, error)Key Types
Security Policy Type
type SecurityPolicy struct {
AdaptiveProtectionConfig *SecurityPolicyAdaptiveProtectionConfig
AdvancedOptionsConfig *SecurityPolicyAdvancedOptionsConfig
Associations []*SecurityPolicyAssociation
CloudArmorConfig *SecurityPolicyCloudArmorConfig
CreationTimestamp *string
DdosProtectionConfig *SecurityPolicyDdosProtectionConfig
Description *string
Fingerprint *string
Id *uint64
Kind *string
LabelFingerprint *string
Labels map[string]string
Name *string
RecaptchaOptionsConfig *SecurityPolicyRecaptchaOptionsConfig
Region *string
Rules []*SecurityPolicyRule
SelfLink *string
Type *string
}
type SecurityPolicyRule struct {
Action *string
Description *string
Direction *string
EnableLogging *bool
HeaderAction *SecurityPolicyRuleHttpHeaderAction
Kind *string
Match *SecurityPolicyRuleMatcher
NetworkMatch *SecurityPolicyRuleNetworkMatcher
PreconfiguredWafConfig *SecurityPolicyRulePreconfiguredWafConfig
Preview *bool
Priority *int32
RateLimitOptions *SecurityPolicyRuleRateLimitOptions
RedirectOptions *SecurityPolicyRuleRedirectOptions
RuleNumber *int64
RuleTupleCount *int32
TargetResources []string
TargetServiceAccounts []string
}SSL Certificate Type
type SslCertificate struct {
Certificate *string
CreationTimestamp *string
Description *string
ExpireTime *string
Id *uint64
Kind *string
Managed *SslCertificateManagedSslCertificate
Name *string
PrivateKey *string
Region *string
SelfLink *string
SelfManaged *SslCertificateSelfManagedSslCertificate
SubjectAlternativeNames []string
Type *string
}
type SslCertificateManagedSslCertificate struct {
DomainStatus map[string]string
Domains []string
Status *string
}SSL Policy Type
type SslPolicy struct {
CreationTimestamp *string
CustomFeatures []string
Description *string
EnabledFeatures []string
Fingerprint *string
Id *uint64
Kind *string
MinTlsVersion *string
Name *string
Profile *string
Region *string
SelfLink *string
Warnings []*Warnings
}Regional Variants
For regional security resources:
- RegionSecurityPoliciesClient - Regional security policies
- RegionSslCertificatesClient - Regional SSL certificates
- RegionSslPoliciesClient - Regional SSL policies
See Regional Clients Documentation for details.
Related Clients
For network-level firewall policies:
- FirewallPoliciesClient - Hierarchical firewall policies
- NetworkFirewallPoliciesClient - Network firewall policies
- RegionalNetworkFirewallPoliciesClient - Regional network firewall policies
See Network Clients Documentation for firewall rules.