Class: OCI::Waas::Models::PolicyConfig

Inherits:

Object

• Object
• OCI::Waas::Models::PolicyConfig

Defined in:

lib/oci/waas/models/policy_config.rb

Overview

The configuration details for the WAAS policy.

Constant Summary

TLS_PROTOCOLS_ENUM =

[
  TLS_PROTOCOLS_TLS_V1 = 'TLS_V1'.freeze,
  TLS_PROTOCOLS_TLS_V1_1 = 'TLS_V1_1'.freeze,
  TLS_PROTOCOLS_TLS_V1_2 = 'TLS_V1_2'.freeze,
  TLS_PROTOCOLS_TLS_V1_3 = 'TLS_V1_3'.freeze,
  TLS_PROTOCOLS_UNKNOWN_ENUM_VALUE = 'UNKNOWN_ENUM_VALUE'.freeze
].freeze

CLIENT_ADDRESS_HEADER_ENUM =

[
  CLIENT_ADDRESS_HEADER_X_FORWARDED_FOR = 'X_FORWARDED_FOR'.freeze,
  CLIENT_ADDRESS_HEADER_X_CLIENT_IP = 'X_CLIENT_IP'.freeze,
  CLIENT_ADDRESS_HEADER_X_REAL_IP = 'X_REAL_IP'.freeze,
  CLIENT_ADDRESS_HEADER_CLIENT_IP = 'CLIENT_IP'.freeze,
  CLIENT_ADDRESS_HEADER_TRUE_CLIENT_IP = 'TRUE_CLIENT_IP'.freeze,
  CLIENT_ADDRESS_HEADER_UNKNOWN_ENUM_VALUE = 'UNKNOWN_ENUM_VALUE'.freeze
].freeze

CIPHER_GROUP_ENUM =

[
  CIPHER_GROUP_DEFAULT = 'DEFAULT'.freeze,
  CIPHER_GROUP_UNKNOWN_ENUM_VALUE = 'UNKNOWN_ENUM_VALUE'.freeze
].freeze

Instance Attribute Summary

• #certificate_id ⇒ String

  The OCID of the SSL certificate to use if HTTPS is supported.

• #cipher_group ⇒ String

  The set cipher group for the configured TLS protocol.

• #client_address_header ⇒ String

  Specifies an HTTP header name which is treated as the connecting client’s IP address.

• #is_behind_cdn ⇒ BOOLEAN

  Enabling ‘isBehindCdn` allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.

• #is_cache_control_respected ⇒ BOOLEAN

  Enable or disable automatic content caching based on the response ‘cache-control` header.

• #is_https_enabled ⇒ BOOLEAN

  Enable or disable HTTPS support.

• #is_https_forced ⇒ BOOLEAN

  Force HTTP to HTTPS redirection.

• #is_origin_compression_enabled ⇒ BOOLEAN

  Enable or disable GZIP compression of origin responses.

• #is_response_buffering_enabled ⇒ BOOLEAN

  Enable or disable buffering of responses from the origin.

• #tls_protocols ⇒ Array<String>

  A list of allowed TLS protocols.

Class Method Summary

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .swagger_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(other) ⇒ Object

  Checks equality by comparing each attribute.

• #build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• #eql?(other) ⇒ Boolean
• #hash ⇒ Fixnum

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ PolicyConfig constructor

  Initializes the object.

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #to_s ⇒ String

  Returns the string representation of the object.

Constructor Details

#initialize(attributes = {}) ⇒ PolicyConfig

Initializes the object

Parameters:

• attributes (Hash) (defaults to: {}) —

  Model attributes in the form of hash

Options Hash (attributes):

• :certificate_id (String) —

  The value to assign to the #certificate_id property

• :is_https_enabled (BOOLEAN) —

  The value to assign to the #is_https_enabled property

• :is_https_forced (BOOLEAN) —

  The value to assign to the #is_https_forced property

• :tls_protocols (Array<String>) —

  The value to assign to the #tls_protocols property

• :is_origin_compression_enabled (BOOLEAN) —

  The value to assign to the #is_origin_compression_enabled property

• :is_behind_cdn (BOOLEAN) —

  The value to assign to the #is_behind_cdn property

• :client_address_header (String) —

  The value to assign to the #client_address_header property

• :is_cache_control_respected (BOOLEAN) —

  The value to assign to the #is_cache_control_respected property

• :is_response_buffering_enabled (BOOLEAN) —

  The value to assign to the #is_response_buffering_enabled property

• :cipher_group (String) —

  The value to assign to the #cipher_group property

# File 'lib/oci/waas/models/policy_config.rb', line 151

def initialize(attributes = {})
  return unless attributes.is_a?(Hash)

  # convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }

  self.certificate_id = attributes[:'certificateId'] if attributes[:'certificateId']

  raise 'You cannot provide both :certificateId and :certificate_id' if attributes.key?(:'certificateId') && attributes.key?(:'certificate_id')

  self.certificate_id = attributes[:'certificate_id'] if attributes[:'certificate_id']

  self.is_https_enabled = attributes[:'isHttpsEnabled'] unless attributes[:'isHttpsEnabled'].nil?

  raise 'You cannot provide both :isHttpsEnabled and :is_https_enabled' if attributes.key?(:'isHttpsEnabled') && attributes.key?(:'is_https_enabled')

  self.is_https_enabled = attributes[:'is_https_enabled'] unless attributes[:'is_https_enabled'].nil?

  self.is_https_forced = attributes[:'isHttpsForced'] unless attributes[:'isHttpsForced'].nil?

  raise 'You cannot provide both :isHttpsForced and :is_https_forced' if attributes.key?(:'isHttpsForced') && attributes.key?(:'is_https_forced')

  self.is_https_forced = attributes[:'is_https_forced'] unless attributes[:'is_https_forced'].nil?

  self.tls_protocols = attributes[:'tlsProtocols'] if attributes[:'tlsProtocols']

  raise 'You cannot provide both :tlsProtocols and :tls_protocols' if attributes.key?(:'tlsProtocols') && attributes.key?(:'tls_protocols')

  self.tls_protocols = attributes[:'tls_protocols'] if attributes[:'tls_protocols']

  self.is_origin_compression_enabled = attributes[:'isOriginCompressionEnabled'] unless attributes[:'isOriginCompressionEnabled'].nil?
  self.is_origin_compression_enabled = true if is_origin_compression_enabled.nil? && !attributes.key?(:'isOriginCompressionEnabled') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isOriginCompressionEnabled and :is_origin_compression_enabled' if attributes.key?(:'isOriginCompressionEnabled') && attributes.key?(:'is_origin_compression_enabled')

  self.is_origin_compression_enabled = attributes[:'is_origin_compression_enabled'] unless attributes[:'is_origin_compression_enabled'].nil?
  self.is_origin_compression_enabled = true if is_origin_compression_enabled.nil? && !attributes.key?(:'isOriginCompressionEnabled') && !attributes.key?(:'is_origin_compression_enabled') # rubocop:disable Style/StringLiterals

  self.is_behind_cdn = attributes[:'isBehindCdn'] unless attributes[:'isBehindCdn'].nil?
  self.is_behind_cdn = false if is_behind_cdn.nil? && !attributes.key?(:'isBehindCdn') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isBehindCdn and :is_behind_cdn' if attributes.key?(:'isBehindCdn') && attributes.key?(:'is_behind_cdn')

  self.is_behind_cdn = attributes[:'is_behind_cdn'] unless attributes[:'is_behind_cdn'].nil?
  self.is_behind_cdn = false if is_behind_cdn.nil? && !attributes.key?(:'isBehindCdn') && !attributes.key?(:'is_behind_cdn') # rubocop:disable Style/StringLiterals

  self.client_address_header = attributes[:'clientAddressHeader'] if attributes[:'clientAddressHeader']

  raise 'You cannot provide both :clientAddressHeader and :client_address_header' if attributes.key?(:'clientAddressHeader') && attributes.key?(:'client_address_header')

  self.client_address_header = attributes[:'client_address_header'] if attributes[:'client_address_header']

  self.is_cache_control_respected = attributes[:'isCacheControlRespected'] unless attributes[:'isCacheControlRespected'].nil?
  self.is_cache_control_respected = false if is_cache_control_respected.nil? && !attributes.key?(:'isCacheControlRespected') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isCacheControlRespected and :is_cache_control_respected' if attributes.key?(:'isCacheControlRespected') && attributes.key?(:'is_cache_control_respected')

  self.is_cache_control_respected = attributes[:'is_cache_control_respected'] unless attributes[:'is_cache_control_respected'].nil?
  self.is_cache_control_respected = false if is_cache_control_respected.nil? && !attributes.key?(:'isCacheControlRespected') && !attributes.key?(:'is_cache_control_respected') # rubocop:disable Style/StringLiterals

  self.is_response_buffering_enabled = attributes[:'isResponseBufferingEnabled'] unless attributes[:'isResponseBufferingEnabled'].nil?
  self.is_response_buffering_enabled = false if is_response_buffering_enabled.nil? && !attributes.key?(:'isResponseBufferingEnabled') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isResponseBufferingEnabled and :is_response_buffering_enabled' if attributes.key?(:'isResponseBufferingEnabled') && attributes.key?(:'is_response_buffering_enabled')

  self.is_response_buffering_enabled = attributes[:'is_response_buffering_enabled'] unless attributes[:'is_response_buffering_enabled'].nil?
  self.is_response_buffering_enabled = false if is_response_buffering_enabled.nil? && !attributes.key?(:'isResponseBufferingEnabled') && !attributes.key?(:'is_response_buffering_enabled') # rubocop:disable Style/StringLiterals

  self.cipher_group = attributes[:'cipherGroup'] if attributes[:'cipherGroup']
  self.cipher_group = "DEFAULT" if cipher_group.nil? && !attributes.key?(:'cipherGroup') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :cipherGroup and :cipher_group' if attributes.key?(:'cipherGroup') && attributes.key?(:'cipher_group')

  self.cipher_group = attributes[:'cipher_group'] if attributes[:'cipher_group']
  self.cipher_group = "DEFAULT" if cipher_group.nil? && !attributes.key?(:'cipherGroup') && !attributes.key?(:'cipher_group') # rubocop:disable Style/StringLiterals
end

Instance Attribute Details

#certificate_id ⇒ String

The OCID of the SSL certificate to use if HTTPS is supported.

Returns:

• (String)

# File 'lib/oci/waas/models/policy_config.rb', line 34

def certificate_id
  @certificate_id
end

#cipher_group ⇒ String

The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

• DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ‘ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA`

Returns:

• (String)

# File 'lib/oci/waas/models/policy_config.rb', line 97

def cipher_group
  @cipher_group
end

#client_address_header ⇒ String

Specifies an HTTP header name which is treated as the connecting client’s IP address. Applicable only if ‘isBehindCdn` is enabled.

The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client’s true IP address. It uses the last IP address in the header’s value as the true IP address.

Example: ‘X-Client-Ip: 11.1.1.1, 13.3.3.3`

In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.

• X_FORWARDED_FOR: Corresponds to ‘X-Forwarded-For` header name.

• X_CLIENT_IP: Corresponds to ‘X-Client-Ip` header name.

• X_REAL_IP: Corresponds to ‘X-Real-Ip` header name.

• CLIENT_IP: Corresponds to ‘Client-Ip` header name.

• TRUE_CLIENT_IP: Corresponds to ‘True-Client-Ip` header name.

Returns:

• (String)

# File 'lib/oci/waas/models/policy_config.rb', line 84

def client_address_header
  @client_address_header
end

#is_behind_cdn ⇒ BOOLEAN

Enabling ‘isBehindCdn` allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.

Returns:

• (BOOLEAN)

# File 'lib/oci/waas/models/policy_config.rb', line 64

def is_behind_cdn
  @is_behind_cdn
end

#is_cache_control_respected ⇒ BOOLEAN

Enable or disable automatic content caching based on the response ‘cache-control` header. This feature enables the origin to act as a proxy cache. Caching is usually defined using `cache-control` header. For example `cache-control: max-age=120` means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.

Returns:

• (BOOLEAN)

# File 'lib/oci/waas/models/policy_config.rb', line 88

def is_cache_control_respected
  @is_cache_control_respected
end

#is_https_enabled ⇒ BOOLEAN

Enable or disable HTTPS support. If true, a ‘certificateId` is required. If unspecified, defaults to `false`.

Returns:

• (BOOLEAN)

# File 'lib/oci/waas/models/policy_config.rb', line 38

def is_https_enabled
  @is_https_enabled
end

#is_https_forced ⇒ BOOLEAN

Force HTTP to HTTPS redirection. If unspecified, defaults to ‘false`.

Returns:

• (BOOLEAN)

# File 'lib/oci/waas/models/policy_config.rb', line 42

def is_https_forced
  @is_https_forced
end

#is_origin_compression_enabled ⇒ BOOLEAN

Enable or disable GZIP compression of origin responses. If enabled, the header ‘Accept-Encoding: gzip` is sent to origin, otherwise, the empty `Accept-Encoding:` header is used.

Returns:

• (BOOLEAN)

# File 'lib/oci/waas/models/policy_config.rb', line 60

def is_origin_compression_enabled
  @is_origin_compression_enabled
end

#is_response_buffering_enabled ⇒ BOOLEAN

Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.

Returns:

• (BOOLEAN)

# File 'lib/oci/waas/models/policy_config.rb', line 92

def is_response_buffering_enabled
  @is_response_buffering_enabled
end

#tls_protocols ⇒ Array<String>

A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

• TLS_V1: corresponds to TLS 1.0 specification.

• TLS_V1_1: corresponds to TLS 1.1 specification.

• TLS_V1_2: corresponds to TLS 1.2 specification.

• TLS_V1_3: corresponds to TLS 1.3 specification.

Enabled TLS protocols must go in a row. For example if ‘TLS_v1_1` and `TLS_V1_3` are enabled, `TLS_V1_2` must be enabled too.

Returns:

• (Array<String>)

# File 'lib/oci/waas/models/policy_config.rb', line 56

def tls_protocols
  @tls_protocols
end

Class Method Details

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/oci/waas/models/policy_config.rb', line 100

def self.attribute_map
  {
    # rubocop:disable Style/SymbolLiteral
    'certificate_id': :'certificateId',
    'is_https_enabled': :'isHttpsEnabled',
    'is_https_forced': :'isHttpsForced',
    'tls_protocols': :'tlsProtocols',
    'is_origin_compression_enabled': :'isOriginCompressionEnabled',
    'is_behind_cdn': :'isBehindCdn',
    'client_address_header': :'clientAddressHeader',
    'is_cache_control_respected': :'isCacheControlRespected',
    'is_response_buffering_enabled': :'isResponseBufferingEnabled',
    'cipher_group': :'cipherGroup'
    # rubocop:enable Style/SymbolLiteral
  }
end

.swagger_types ⇒ Object

Attribute type mapping.

# File 'lib/oci/waas/models/policy_config.rb', line 118

def self.swagger_types
  {
    # rubocop:disable Style/SymbolLiteral
    'certificate_id': :'String',
    'is_https_enabled': :'BOOLEAN',
    'is_https_forced': :'BOOLEAN',
    'tls_protocols': :'Array<String>',
    'is_origin_compression_enabled': :'BOOLEAN',
    'is_behind_cdn': :'BOOLEAN',
    'client_address_header': :'String',
    'is_cache_control_respected': :'BOOLEAN',
    'is_response_buffering_enabled': :'BOOLEAN',
    'cipher_group': :'String'
    # rubocop:enable Style/SymbolLiteral
  }
end

Instance Method Details

#==(other) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

• other (Object) —

  the other object to be compared

# File 'lib/oci/waas/models/policy_config.rb', line 281

def ==(other)
  return true if equal?(other)

  self.class == other.class &&
    certificate_id == other.certificate_id &&
    is_https_enabled == other.is_https_enabled &&
    is_https_forced == other.is_https_forced &&
    tls_protocols == other.tls_protocols &&
    is_origin_compression_enabled == other.is_origin_compression_enabled &&
    is_behind_cdn == other.is_behind_cdn &&
    client_address_header == other.client_address_header &&
    is_cache_control_respected == other.is_cache_control_respected &&
    is_response_buffering_enabled == other.is_response_buffering_enabled &&
    cipher_group == other.cipher_group
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/oci/waas/models/policy_config.rb', line 320

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)

  self.class.swagger_types.each_pair do |key, type|
    if type =~ /^Array<(.*)>/i
      # check to ensure the input is an array given that the the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        public_method("#{key}=").call(
          attributes[self.class.attribute_map[key]]
            .map { |v| OCI::Internal::Util.convert_to_type(Regexp.last_match(1), v) }
        )
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      public_method("#{key}=").call(
        OCI::Internal::Util.convert_to_type(type, attributes[self.class.attribute_map[key]])
      )
    end
    # or else data not found in attributes(hash), not an issue as the data can be optional
  end

  self
end

#eql?(other) ⇒ Boolean

Parameters:

• other (Object) —

  the other object to be compared

Returns:

• (Boolean)

See Also:

• `==` method

# File 'lib/oci/waas/models/policy_config.rb', line 300

def eql?(other)
  self == other
end

#hash ⇒ Fixnum

Calculates hash code according to all attributes.

Returns:

• (Fixnum) —

  Hash code

# File 'lib/oci/waas/models/policy_config.rb', line 309

def hash
  [certificate_id, is_https_enabled, is_https_forced, tls_protocols, is_origin_compression_enabled, is_behind_cdn, client_address_header, is_cache_control_respected, is_response_buffering_enabled, cipher_group].hash
end

#to_hash ⇒ Hash

Returns the object in the form of hash

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/oci/waas/models/policy_config.rb', line 353

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = public_method(attr).call
    next if value.nil? && !instance_variable_defined?("@#{attr}")

    hash[param] = _to_hash(value)
  end
  hash
end

#to_s ⇒ String

Returns the string representation of the object

Returns:

• (String) —

  String presentation of the object

# File 'lib/oci/waas/models/policy_config.rb', line 347

def to_s
  to_hash.to_s
end