GS2-Guard GS2-Deploy/CDK リファレンス

GS2-Deployのスタックの作成に使用するテンプレートのフォーマットと、CDKによる各種言語のテンプレート出力の実装例

エンティティ

Namespace

ネームスペース

ネームスペースは一つのプロジェクトで同じサービスを異なる用途で複数利用できるようにするための仕組みです。
GS2 のサービスは基本的にネームスペースというレイヤーがあり、ネームスペースが異なれば同じサービスでもまったく別のデータ空間として取り扱われます。

そのため、各サービスの利用を開始するにあたってネームスペースを作成する必要があります。

有効化条件必須デフォルト値の制限説明
namestring
~ 128文字ネームスペース名
descriptionstring~ 1024文字説明文
blockingPolicyBlockingPolicyModel
ブロッキングポリシー

GetAttr

!GetAttrタグで取得可能なリソースの生成結果

説明
ItemNamespace作成したネームスペース

実装例

Type: GS2::Guard::Namespace
Properties:
  Name: namespace-0001
  Description: null
  BlockingPolicy: 
    PassServices: 
    - account
    DefaultRestriction: Deny
    LocationDetection: Disable
    AnonymousIpDetection: Disable
    HostingProviderIpDetection: Disable
    ReputationIpDetection: Disable
    IpAddressesDetection: Enable
    IpAddresses: 
    - 192.168.0.0/24
    IpAddressRestriction: Allow
import (
    "github.com/gs2io/gs2-golang-cdk/core"
    "github.com/gs2io/gs2-golang-cdk/guard"
    "github.com/openlyinc/pointy"
)

SampleStack := core.NewStack()
guard.NewNamespace(
    &SampleStack,
    "namespace-0001",
    guard.BlockingPolicyModel{
        PassServices: []string{
            "account",
        },
        DefaultRestriction: guard.BlockingPolicyModelDefaultRestrictionDeny,
        LocationDetection: guard.BlockingPolicyModelLocationDetectionDisable,
        AnonymousIpDetection: guard.BlockingPolicyModelAnonymousIpDetectionDisable,
        HostingProviderIpDetection: guard.BlockingPolicyModelHostingProviderIpDetectionDisable,
        ReputationIpDetection: guard.BlockingPolicyModelReputationIpDetectionDisable,
        IpAddressesDetection: guard.BlockingPolicyModelIpAddressesDetectionEnable,
        IpAddresses: []string{
            "192.168.0.0/24",
        },
        IpAddressRestriction: guard.BlockingPolicyModelIpAddressRestrictionAllow.Pointer(),
    },
    guard.NamespaceOptions{},
)

println(SampleStack.Yaml())  // Generate Template
class SampleStack extends \Gs2Cdk\Core\Model\Stack
{
    function __construct() {
        parent::__construct();
        new \Gs2Cdk\Guard\Model\Namespace_(
            stack: $this,
            name: "namespace-0001",
            blockingPolicy: new \Gs2Cdk\Guard\Model\BlockingPolicyModel(
                passServices: [
                    "account",
                ],
                defaultRestriction: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelDefaultRestriction::DENY,
                locationDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelLocationDetection::DISABLE,
                anonymousIpDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelAnonymousIpDetection::DISABLE,
                hostingProviderIpDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelHostingProviderIpDetection::DISABLE,
                reputationIpDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelReputationIpDetection::DISABLE,
                ipAddressesDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelIpAddressesDetection::ENABLE,
                options: new \Gs2Cdk\Guard\Model\Options\BlockingPolicyModelOptions(
                    ipAddresses: [
                        "192.168.0.0/24",
                    ],
                    ipAddressRestriction: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelIpAddressRestriction::ALLOW
                )
            )
        );
    }
}

print((new SampleStack())->yaml());  // Generate Template
class SampleStack extends io.gs2.cdk.core.model.Stack
{
    public SampleStack() {
        super();
        new io.gs2.cdk.guard.model.Namespace(
                this,
                "namespace-0001",
                new io.gs2.cdk.guard.model.BlockingPolicyModel(
                Arrays.asList(
                    "account"
                ),
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelDefaultRestriction.DENY,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelLocationDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelAnonymousIpDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelHostingProviderIpDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelReputationIpDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelIpAddressesDetection.ENABLE,
                new io.gs2.cdk.guard.model.options.BlockingPolicyModelOptions()
                    .withIpAddresses(
                        Arrays.asList(
                            "192.168.0.0/24"
                        )
                    )
                    .withIpAddressRestriction(
                        io.gs2.cdk.guard.model.enums.BlockingPolicyModelIpAddressRestriction.ALLOW
                    )
            )
        );
    }
}

System.out.println(new SampleStack().yaml());  // Generate Template
public class SampleStack : Gs2Cdk.Core.Model.Stack
{
    public SampleStack() {
        new Gs2Cdk.Gs2Guard.Model.Namespace(
            stack: this,
            name: "namespace-0001",
            blockingPolicy: new Gs2Cdk.Gs2Guard.Model.BlockingPolicyModel(
                passServices: new string[]
                {
                    "account"
                },
                defaultRestriction: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelDefaultRestriction.Deny,
                locationDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelLocationDetection.Disable,
                anonymousIpDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelAnonymousIpDetection.Disable,
                hostingProviderIpDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelHostingProviderIpDetection.Disable,
                reputationIpDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelReputationIpDetection.Disable,
                ipAddressesDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelIpAddressesDetection.Enable,
                options: new Gs2Cdk.Gs2Guard.Model.Options.BlockingPolicyModelOptions
                {
                    ipAddresses = new string[]
                    {
                        "192.168.0.0/24"
                    },
                    ipAddressRestriction = Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelIpAddressRestriction.Allow
                }
            )
        );
    }
}

Debug.Log(new SampleStack().Yaml());  // Generate Template
import core from "@/gs2cdk/core";
import guard from "@/gs2cdk/guard";

class SampleStack extends core.Stack
{
    public constructor() {
        super();
        new guard.model.Namespace(
            this,
            "namespace-0001",
            new guard.model.BlockingPolicyModel(
                [
                    "account",
                ],
                guard.model.BlockingPolicyModelDefaultRestriction.DENY,
                guard.model.BlockingPolicyModelLocationDetection.DISABLE,
                guard.model.BlockingPolicyModelAnonymousIpDetection.DISABLE,
                guard.model.BlockingPolicyModelHostingProviderIpDetection.DISABLE,
                guard.model.BlockingPolicyModelReputationIpDetection.DISABLE,
                guard.model.BlockingPolicyModelIpAddressesDetection.ENABLE,
                {
                    ipAddresses:
                    [
                        "192.168.0.0/24",
                    ],
                    ipAddressRestriction:
                    guard.model.BlockingPolicyModelIpAddressRestriction.ALLOW
                }
            )
        );
    }
}

console.log(new SampleStack().yaml());  // Generate Template
from gs2_cdk import Stack, core, guard

class SampleStack(Stack):

    def __init__(self):
        super().__init__()
        guard.Namespace(
            stack=self,
            name='namespace-0001',
            blocking_policy=guard.BlockingPolicyModel(
            pass_services=[
                'account',
            ],
            default_restriction=guard.BlockingPolicyModelDefaultRestriction.DENY,
            location_detection=guard.BlockingPolicyModelLocationDetection.DISABLE,
            anonymous_ip_detection=guard.BlockingPolicyModelAnonymousIpDetection.DISABLE,
            hosting_provider_ip_detection=guard.BlockingPolicyModelHostingProviderIpDetection.DISABLE,
            reputation_ip_detection=guard.BlockingPolicyModelReputationIpDetection.DISABLE,
            ip_addresses_detection=guard.BlockingPolicyModelIpAddressesDetection.ENABLE,
            options=guard.BlockingPolicyModelOptions(
                ip_addresses=[
                    '192.168.0.0/24',
                ],
                ip_address_restriction=guard.BlockingPolicyModelIpAddressRestriction.ALLOW,
            )
        ),
        )

print(SampleStack().yaml())  # Generate Template

BlockingPolicyModel

ブロッキングポリシー

有効化条件必須デフォルト値の制限説明
passServicesList<string>
1 ~ 100 itemsアクセス可能なGS2サービスのリスト
defaultRestriction文字列列挙型
enum {
  “Allow”,
  “Deny”
}
“Allow”~ 128文字制限の方針
定義説明
“Allow”条件に一致しないアクセスを許可
“Deny”条件に一致しないアクセスを拒否
locationDetection文字列列挙型
enum {
  “Enable”,
  “Disable”
}
“Disable”~ 128文字アクセス元国検知
定義説明
“Enable”有効
“Disable”無効
locationsList<string>{locationDetection} == “Enable”
[]1 ~ 100 itemsアクセスを検知する国リスト
locationDetection が “Enable” であれば必須
locationRestriction文字列列挙型
enum {
  “Allow”,
  “Deny”
}
{locationDetection} == “Enable”
~ 128文字国リストにマッチした際の挙動
locationDetection が “Enable” であれば必須
anonymousIpDetection文字列列挙型
enum {
  “Enable”,
  “Disable”
}
“Disable”~ 128文字匿名IPサービス検知
定義説明
“Enable”有効
“Disable”無効
anonymousIpRestriction文字列列挙型
enum {
  “Deny”
}
{anonymousIpDetection} == “Enable”
“Deny”~ 128文字匿名IPサービス検知時の挙動
anonymousIpDetection が “Enable” であれば必須
hostingProviderIpDetection文字列列挙型
enum {
  “Enable”,
  “Disable”
}
“Disable”~ 128文字ホスティングサービス検知
定義説明
“Enable”有効
“Disable”無効
hostingProviderIpRestriction文字列列挙型
enum {
  “Deny”
}
{hostingProviderIpDetection} == “Enable”
“Deny”~ 128文字ホスティングサービス検知時の挙動
hostingProviderIpDetection が “Enable” であれば必須
reputationIpDetection文字列列挙型
enum {
  “Enable”,
  “Disable”
}
“Disable”~ 128文字悪意のあるアクセス元IP検知
定義説明
“Enable”有効
“Disable”無効
reputationIpRestriction文字列列挙型
enum {
  “Deny”
}
{reputationIpDetection} == “Enable”
“Deny”~ 128文字悪意のあるアクセス元IP検知時の挙動
reputationIpDetection が “Enable” であれば必須
ipAddressesDetection文字列列挙型
enum {
  “Enable”,
  “Disable”
}
“Disable”~ 128文字アクセス元IP検知
定義説明
“Enable”有効
“Disable”無効
ipAddressesList<string>{ipAddressesDetection} == “Enable”~ 100 itemsIPリスト
ipAddressesDetection が “Enable” であれば有効
ipAddressRestriction文字列列挙型
enum {
  “Allow”,
  “Deny”
}
{ipAddressesDetection} == “Enable”
~ 128文字IPアドレスリストにマッチした際の挙動
ipAddressesDetection が “Enable” であれば必須