Class: OCI::Waas::Models::PolicyConfig

Inherits:
Object
  • Object
show all
Defined in:
lib/oci/waas/models/policy_config.rb

Overview

The configuration details for the WAAS policy.

Constant Summary collapse

TLS_PROTOCOLS_ENUM =
[
  TLS_PROTOCOLS_TLS_V1 = 'TLS_V1'.freeze,
  TLS_PROTOCOLS_TLS_V1_1 = 'TLS_V1_1'.freeze,
  TLS_PROTOCOLS_TLS_V1_2 = 'TLS_V1_2'.freeze,
  TLS_PROTOCOLS_TLS_V1_3 = 'TLS_V1_3'.freeze,
  TLS_PROTOCOLS_UNKNOWN_ENUM_VALUE = 'UNKNOWN_ENUM_VALUE'.freeze
].freeze
CLIENT_ADDRESS_HEADER_ENUM =
[
  CLIENT_ADDRESS_HEADER_X_FORWARDED_FOR = 'X_FORWARDED_FOR'.freeze,
  CLIENT_ADDRESS_HEADER_X_CLIENT_IP = 'X_CLIENT_IP'.freeze,
  CLIENT_ADDRESS_HEADER_X_REAL_IP = 'X_REAL_IP'.freeze,
  CLIENT_ADDRESS_HEADER_CLIENT_IP = 'CLIENT_IP'.freeze,
  CLIENT_ADDRESS_HEADER_TRUE_CLIENT_IP = 'TRUE_CLIENT_IP'.freeze,
  CLIENT_ADDRESS_HEADER_UNKNOWN_ENUM_VALUE = 'UNKNOWN_ENUM_VALUE'.freeze
].freeze
CIPHER_GROUP_ENUM =
[
  CIPHER_GROUP_DEFAULT = 'DEFAULT'.freeze,
  CIPHER_GROUP_UNKNOWN_ENUM_VALUE = 'UNKNOWN_ENUM_VALUE'.freeze
].freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(attributes = {}) ⇒ PolicyConfig

Initializes the object

Parameters:

  • attributes (Hash) (defaults to: {})

    Model attributes in the form of hash

Options Hash (attributes):



179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
# File 'lib/oci/waas/models/policy_config.rb', line 179

def initialize(attributes = {})
  return unless attributes.is_a?(Hash)

  # convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }

  self.certificate_id = attributes[:'certificateId'] if attributes[:'certificateId']

  raise 'You cannot provide both :certificateId and :certificate_id' if attributes.key?(:'certificateId') && attributes.key?(:'certificate_id')

  self.certificate_id = attributes[:'certificate_id'] if attributes[:'certificate_id']

  self.is_https_enabled = attributes[:'isHttpsEnabled'] unless attributes[:'isHttpsEnabled'].nil?

  raise 'You cannot provide both :isHttpsEnabled and :is_https_enabled' if attributes.key?(:'isHttpsEnabled') && attributes.key?(:'is_https_enabled')

  self.is_https_enabled = attributes[:'is_https_enabled'] unless attributes[:'is_https_enabled'].nil?

  self.is_https_forced = attributes[:'isHttpsForced'] unless attributes[:'isHttpsForced'].nil?

  raise 'You cannot provide both :isHttpsForced and :is_https_forced' if attributes.key?(:'isHttpsForced') && attributes.key?(:'is_https_forced')

  self.is_https_forced = attributes[:'is_https_forced'] unless attributes[:'is_https_forced'].nil?

  self.tls_protocols = attributes[:'tlsProtocols'] if attributes[:'tlsProtocols']

  raise 'You cannot provide both :tlsProtocols and :tls_protocols' if attributes.key?(:'tlsProtocols') && attributes.key?(:'tls_protocols')

  self.tls_protocols = attributes[:'tls_protocols'] if attributes[:'tls_protocols']

  self.is_origin_compression_enabled = attributes[:'isOriginCompressionEnabled'] unless attributes[:'isOriginCompressionEnabled'].nil?
  self.is_origin_compression_enabled = true if is_origin_compression_enabled.nil? && !attributes.key?(:'isOriginCompressionEnabled') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isOriginCompressionEnabled and :is_origin_compression_enabled' if attributes.key?(:'isOriginCompressionEnabled') && attributes.key?(:'is_origin_compression_enabled')

  self.is_origin_compression_enabled = attributes[:'is_origin_compression_enabled'] unless attributes[:'is_origin_compression_enabled'].nil?
  self.is_origin_compression_enabled = true if is_origin_compression_enabled.nil? && !attributes.key?(:'isOriginCompressionEnabled') && !attributes.key?(:'is_origin_compression_enabled') # rubocop:disable Style/StringLiterals

  self.is_behind_cdn = attributes[:'isBehindCdn'] unless attributes[:'isBehindCdn'].nil?
  self.is_behind_cdn = false if is_behind_cdn.nil? && !attributes.key?(:'isBehindCdn') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isBehindCdn and :is_behind_cdn' if attributes.key?(:'isBehindCdn') && attributes.key?(:'is_behind_cdn')

  self.is_behind_cdn = attributes[:'is_behind_cdn'] unless attributes[:'is_behind_cdn'].nil?
  self.is_behind_cdn = false if is_behind_cdn.nil? && !attributes.key?(:'isBehindCdn') && !attributes.key?(:'is_behind_cdn') # rubocop:disable Style/StringLiterals

  self.client_address_header = attributes[:'clientAddressHeader'] if attributes[:'clientAddressHeader']

  raise 'You cannot provide both :clientAddressHeader and :client_address_header' if attributes.key?(:'clientAddressHeader') && attributes.key?(:'client_address_header')

  self.client_address_header = attributes[:'client_address_header'] if attributes[:'client_address_header']

  self.is_cache_control_respected = attributes[:'isCacheControlRespected'] unless attributes[:'isCacheControlRespected'].nil?
  self.is_cache_control_respected = false if is_cache_control_respected.nil? && !attributes.key?(:'isCacheControlRespected') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isCacheControlRespected and :is_cache_control_respected' if attributes.key?(:'isCacheControlRespected') && attributes.key?(:'is_cache_control_respected')

  self.is_cache_control_respected = attributes[:'is_cache_control_respected'] unless attributes[:'is_cache_control_respected'].nil?
  self.is_cache_control_respected = false if is_cache_control_respected.nil? && !attributes.key?(:'isCacheControlRespected') && !attributes.key?(:'is_cache_control_respected') # rubocop:disable Style/StringLiterals

  self.is_response_buffering_enabled = attributes[:'isResponseBufferingEnabled'] unless attributes[:'isResponseBufferingEnabled'].nil?
  self.is_response_buffering_enabled = false if is_response_buffering_enabled.nil? && !attributes.key?(:'isResponseBufferingEnabled') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isResponseBufferingEnabled and :is_response_buffering_enabled' if attributes.key?(:'isResponseBufferingEnabled') && attributes.key?(:'is_response_buffering_enabled')

  self.is_response_buffering_enabled = attributes[:'is_response_buffering_enabled'] unless attributes[:'is_response_buffering_enabled'].nil?
  self.is_response_buffering_enabled = false if is_response_buffering_enabled.nil? && !attributes.key?(:'isResponseBufferingEnabled') && !attributes.key?(:'is_response_buffering_enabled') # rubocop:disable Style/StringLiterals

  self.cipher_group = attributes[:'cipherGroup'] if attributes[:'cipherGroup']
  self.cipher_group = "DEFAULT" if cipher_group.nil? && !attributes.key?(:'cipherGroup') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :cipherGroup and :cipher_group' if attributes.key?(:'cipherGroup') && attributes.key?(:'cipher_group')

  self.cipher_group = attributes[:'cipher_group'] if attributes[:'cipher_group']
  self.cipher_group = "DEFAULT" if cipher_group.nil? && !attributes.key?(:'cipherGroup') && !attributes.key?(:'cipher_group') # rubocop:disable Style/StringLiterals

  self.load_balancing_method = attributes[:'loadBalancingMethod'] if attributes[:'loadBalancingMethod']

  raise 'You cannot provide both :loadBalancingMethod and :load_balancing_method' if attributes.key?(:'loadBalancingMethod') && attributes.key?(:'load_balancing_method')

  self.load_balancing_method = attributes[:'load_balancing_method'] if attributes[:'load_balancing_method']

  self.websocket_path_prefixes = attributes[:'websocketPathPrefixes'] if attributes[:'websocketPathPrefixes']

  raise 'You cannot provide both :websocketPathPrefixes and :websocket_path_prefixes' if attributes.key?(:'websocketPathPrefixes') && attributes.key?(:'websocket_path_prefixes')

  self.websocket_path_prefixes = attributes[:'websocket_path_prefixes'] if attributes[:'websocket_path_prefixes']

  self.is_sni_enabled = attributes[:'isSniEnabled'] unless attributes[:'isSniEnabled'].nil?
  self.is_sni_enabled = false if is_sni_enabled.nil? && !attributes.key?(:'isSniEnabled') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isSniEnabled and :is_sni_enabled' if attributes.key?(:'isSniEnabled') && attributes.key?(:'is_sni_enabled')

  self.is_sni_enabled = attributes[:'is_sni_enabled'] unless attributes[:'is_sni_enabled'].nil?
  self.is_sni_enabled = false if is_sni_enabled.nil? && !attributes.key?(:'isSniEnabled') && !attributes.key?(:'is_sni_enabled') # rubocop:disable Style/StringLiterals

  self.health_checks = attributes[:'healthChecks'] if attributes[:'healthChecks']

  raise 'You cannot provide both :healthChecks and :health_checks' if attributes.key?(:'healthChecks') && attributes.key?(:'health_checks')

  self.health_checks = attributes[:'health_checks'] if attributes[:'health_checks']
end

Instance Attribute Details

#certificate_idString

The OCID of the SSL certificate to use if HTTPS is supported.

Returns:

  • (String)


35
36
37
# File 'lib/oci/waas/models/policy_config.rb', line 35

def certificate_id
  @certificate_id
end

#cipher_groupString

The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only. - DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

Returns:

  • (String)


98
99
100
# File 'lib/oci/waas/models/policy_config.rb', line 98

def cipher_group
  @cipher_group
end

#client_address_headerString

Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.

Example: X-Client-Ip: 11.1.1.1, 13.3.3.3

In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.

  • X_FORWARDED_FOR: Corresponds to X-Forwarded-For header name.

  • X_CLIENT_IP: Corresponds to X-Client-Ip header name.

  • X_REAL_IP: Corresponds to X-Real-Ip header name.

  • CLIENT_IP: Corresponds to Client-Ip header name.

  • TRUE_CLIENT_IP: Corresponds to True-Client-Ip header name.

Returns:

  • (String)


85
86
87
# File 'lib/oci/waas/models/policy_config.rb', line 85

def client_address_header
  @client_address_header
end

#health_checksOCI::Waas::Models::HealthCheck



113
114
115
# File 'lib/oci/waas/models/policy_config.rb', line 113

def health_checks
  @health_checks
end

#is_behind_cdnBOOLEAN

Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.

Returns:

  • (BOOLEAN)


65
66
67
# File 'lib/oci/waas/models/policy_config.rb', line 65

def is_behind_cdn
  @is_behind_cdn
end

#is_cache_control_respectedBOOLEAN

Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.

Returns:

  • (BOOLEAN)


89
90
91
# File 'lib/oci/waas/models/policy_config.rb', line 89

def is_cache_control_respected
  @is_cache_control_respected
end

#is_https_enabledBOOLEAN

Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.

Returns:

  • (BOOLEAN)


39
40
41
# File 'lib/oci/waas/models/policy_config.rb', line 39

def is_https_enabled
  @is_https_enabled
end

#is_https_forcedBOOLEAN

Force HTTP to HTTPS redirection. If unspecified, defaults to false.

Returns:

  • (BOOLEAN)


43
44
45
# File 'lib/oci/waas/models/policy_config.rb', line 43

def is_https_forced
  @is_https_forced
end

#is_origin_compression_enabledBOOLEAN

Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.

Returns:

  • (BOOLEAN)


61
62
63
# File 'lib/oci/waas/models/policy_config.rb', line 61

def is_origin_compression_enabled
  @is_origin_compression_enabled
end

#is_response_buffering_enabledBOOLEAN

Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.

Returns:

  • (BOOLEAN)


93
94
95
# File 'lib/oci/waas/models/policy_config.rb', line 93

def is_response_buffering_enabled
  @is_response_buffering_enabled
end

#is_sni_enabledBOOLEAN

SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.

Returns:

  • (BOOLEAN)


110
111
112
# File 'lib/oci/waas/models/policy_config.rb', line 110

def is_sni_enabled
  @is_sni_enabled
end

#load_balancing_methodOCI::Waas::Models::LoadBalancingMethod

An object that represents a load balancing method and its properties.



102
103
104
# File 'lib/oci/waas/models/policy_config.rb', line 102

def load_balancing_method
  @load_balancing_method
end

#tls_protocolsArray<String>

A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted. - TLS_V1: corresponds to TLS 1.0 specification.

  • TLS_V1_1: corresponds to TLS 1.1 specification.

  • TLS_V1_2: corresponds to TLS 1.2 specification.

  • TLS_V1_3: corresponds to TLS 1.3 specification.

Enabled TLS protocols must go in a row. For example if TLS_v1_1 and TLS_V1_3 are enabled, TLS_V1_2 must be enabled too.

Returns:

  • (Array<String>)


57
58
59
# File 'lib/oci/waas/models/policy_config.rb', line 57

def tls_protocols
  @tls_protocols
end

#websocket_path_prefixesArray<String>

ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.

Returns:

  • (Array<String>)


106
107
108
# File 'lib/oci/waas/models/policy_config.rb', line 106

def websocket_path_prefixes
  @websocket_path_prefixes
end

Class Method Details

.attribute_mapObject

Attribute mapping from ruby-style variable name to JSON key.



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# File 'lib/oci/waas/models/policy_config.rb', line 116

def self.attribute_map
  {
    # rubocop:disable Style/SymbolLiteral
    'certificate_id': :'certificateId',
    'is_https_enabled': :'isHttpsEnabled',
    'is_https_forced': :'isHttpsForced',
    'tls_protocols': :'tlsProtocols',
    'is_origin_compression_enabled': :'isOriginCompressionEnabled',
    'is_behind_cdn': :'isBehindCdn',
    'client_address_header': :'clientAddressHeader',
    'is_cache_control_respected': :'isCacheControlRespected',
    'is_response_buffering_enabled': :'isResponseBufferingEnabled',
    'cipher_group': :'cipherGroup',
    'load_balancing_method': :'loadBalancingMethod',
    'websocket_path_prefixes': :'websocketPathPrefixes',
    'is_sni_enabled': :'isSniEnabled',
    'health_checks': :'healthChecks'
    # rubocop:enable Style/SymbolLiteral
  }
end

.swagger_typesObject

Attribute type mapping.



138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# File 'lib/oci/waas/models/policy_config.rb', line 138

def self.swagger_types
  {
    # rubocop:disable Style/SymbolLiteral
    'certificate_id': :'String',
    'is_https_enabled': :'BOOLEAN',
    'is_https_forced': :'BOOLEAN',
    'tls_protocols': :'Array<String>',
    'is_origin_compression_enabled': :'BOOLEAN',
    'is_behind_cdn': :'BOOLEAN',
    'client_address_header': :'String',
    'is_cache_control_respected': :'BOOLEAN',
    'is_response_buffering_enabled': :'BOOLEAN',
    'cipher_group': :'String',
    'load_balancing_method': :'OCI::Waas::Models::LoadBalancingMethod',
    'websocket_path_prefixes': :'Array<String>',
    'is_sni_enabled': :'BOOLEAN',
    'health_checks': :'OCI::Waas::Models::HealthCheck'
    # rubocop:enable Style/SymbolLiteral
  }
end

Instance Method Details

#==(other) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

  • other (Object)

    the other object to be compared



335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
# File 'lib/oci/waas/models/policy_config.rb', line 335

def ==(other)
  return true if equal?(other)

  self.class == other.class &&
    certificate_id == other.certificate_id &&
    is_https_enabled == other.is_https_enabled &&
    is_https_forced == other.is_https_forced &&
    tls_protocols == other.tls_protocols &&
    is_origin_compression_enabled == other.is_origin_compression_enabled &&
    is_behind_cdn == other.is_behind_cdn &&
    client_address_header == other.client_address_header &&
    is_cache_control_respected == other.is_cache_control_respected &&
    is_response_buffering_enabled == other.is_response_buffering_enabled &&
    cipher_group == other.cipher_group &&
    load_balancing_method == other.load_balancing_method &&
    websocket_path_prefixes == other.websocket_path_prefixes &&
    is_sni_enabled == other.is_sni_enabled &&
    health_checks == other.health_checks
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

  • attributes (Hash)

    Model attributes in the form of hash

Returns:

  • (Object)

    Returns the model itself



378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
# File 'lib/oci/waas/models/policy_config.rb', line 378

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)

  self.class.swagger_types.each_pair do |key, type|
    if type =~ /^Array<(.*)>/i
      # check to ensure the input is an array given that the the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        public_method("#{key}=").call(
          attributes[self.class.attribute_map[key]]
            .map { |v| OCI::Internal::Util.convert_to_type(Regexp.last_match(1), v) }
        )
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      public_method("#{key}=").call(
        OCI::Internal::Util.convert_to_type(type, attributes[self.class.attribute_map[key]])
      )
    end
    # or else data not found in attributes(hash), not an issue as the data can be optional
  end

  self
end

#eql?(other) ⇒ Boolean

Parameters:

  • other (Object)

    the other object to be compared

Returns:

  • (Boolean)

See Also:

  • `==` method


358
359
360
# File 'lib/oci/waas/models/policy_config.rb', line 358

def eql?(other)
  self == other
end

#hashFixnum

Calculates hash code according to all attributes.

Returns:

  • (Fixnum)

    Hash code



367
368
369
# File 'lib/oci/waas/models/policy_config.rb', line 367

def hash
  [certificate_id, is_https_enabled, is_https_forced, tls_protocols, is_origin_compression_enabled, is_behind_cdn, client_address_header, is_cache_control_respected, is_response_buffering_enabled, cipher_group, load_balancing_method, websocket_path_prefixes, is_sni_enabled, health_checks].hash
end

#to_hashHash

Returns the object in the form of hash

Returns:

  • (Hash)

    Returns the object in the form of hash



411
412
413
414
415
416
417
418
419
420
# File 'lib/oci/waas/models/policy_config.rb', line 411

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = public_method(attr).call
    next if value.nil? && !instance_variable_defined?("@#{attr}")

    hash[param] = _to_hash(value)
  end
  hash
end

#to_sString

Returns the string representation of the object

Returns:

  • (String)

    String presentation of the object



405
406
407
# File 'lib/oci/waas/models/policy_config.rb', line 405

def to_s
  to_hash.to_s
end