blob: cbdf65b8a7043faff3358b3343cedabe23e72b15 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
syntax = "proto3";
package yandex.cloud.vpc.v1;
import "google/protobuf/timestamp.proto";
import "yandex/cloud/validation.proto";
option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/vpc/v1;vpc";
option java_package = "yandex.cloud.api.vpc.v1";
message SecurityGroup {
enum Status {
STATUS_UNSPECIFIED = 0;
// Security group is being created.
CREATING = 1;
// Security is active and it's rules are applied to the network interfaces.
ACTIVE = 2;
// Security group is updating. Updating is a long operation because we must update all instances in SG.
UPDATING = 3;
// Instance is being deleted.
DELETING = 4;
}
// ID of the security group.
string id = 1;
// ID of the folder that the security group belongs to.
string folder_id = 2;
// Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
google.protobuf.Timestamp created_at = 3;
// Name of the security group. 1-63 characters long.
string name = 4;
// Description of the security group. 0-256 characters long.
string description = 5;
// Resource labels as `` key:value `` pairs. Maximum of 64 per resource.
map<string, string> labels = 6;
// ID of the network that the security group belongs to.
string network_id = 7;
// Security group status.
Status status = 8;
// List of the security group rules.
repeated SecurityGroupRule rules = 9;
// Flag that indicates that the security group is the default for the network.
bool default_for_network = 10;
}
message SecurityGroupRule {
// ID of the rule.
string id = 1; //generated by api server after rule creation
// Description of the rule. 0-256 characters long.
string description = 2;
// Resource labels as `` key:value `` pairs. Maximum of 64 per resource.
map<string, string> labels = 3;
// The direction of network traffic allowed by this rule.
Direction direction = 4 [(required) = true];
// The range of ports that allow traffic to pass through. Null value means any.
PortRange ports = 5;
// Protocol name. Null value means any protocol.
// Values from [IANA](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).
string protocol_name = 6;
// Protocol number from [IANA protocol numbers](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).
int64 protocol_number = 7;
oneof target {
// Target of the security rule.
option (exactly_one) = true;
// CIDR blocks to allow to recieve or send traffic.
CidrBlocks cidr_blocks = 8;
// ID of the security group to add rule to.
string security_group_id = 9;
// Predefined target. See [security groups rules](/docs/vpc/concepts/security-groups#security-groups-rules) for more information.
string predefined_target = 10;
}
enum Direction {
DIRECTION_UNSPECIFIED = 0;
// Allows ingress traffic.
INGRESS = 1;
// Allows egress traffic.
EGRESS = 2;
}
}
message PortRange {
// The lowest port in the range.
int64 from_port = 1 [(value) = "0-65535"];
// The highest port in the range.
int64 to_port = 2 [(value) = "0-65535"];
}
message CidrBlocks {
// IPv4 CIDR blocks to allow traffic to.
repeated string v4_cidr_blocks = 1;
// IPv6 CIDR blocks to allow traffic to.
repeated string v6_cidr_blocks = 2;
}
|
