Google Cloud Armor · Capability

Google Cloud Armor API

Provides programmatic access to manage security policies, rules, and threat intelligence configurations for protecting applications from DDoS attacks and web-based threats.

Run with Naftiko GoogleCloudArmorAPI

What You Can Do

GET
Listsecuritypolicies — Google Cloud Armor List security policies
/projects/{project}/global/securityPolicies
POST
Createsecuritypolicy — Google Cloud Armor Create a security policy
/projects/{project}/global/securityPolicies
GET
Getsecuritypolicy — Google Cloud Armor Get a security policy
/projects/{project}/global/securityPolicies/{securityPolicy}
PATCH
Patchsecuritypolicy — Google Cloud Armor Update a security policy
/projects/{project}/global/securityPolicies/{securityPolicy}
DELETE
Deletesecuritypolicy — Google Cloud Armor Delete a security policy
/projects/{project}/global/securityPolicies/{securityPolicy}
POST
Addsecuritypolicyrule — Google Cloud Armor Add a rule to a security policy
/projects/{project}/global/securityPolicies/{securityPolicy}/addRule
POST
Removesecuritypolicyrule — Google Cloud Armor Remove a rule from a security policy
/projects/{project}/global/securityPolicies/{securityPolicy}/removeRule

MCP Tools

listsecuritypolicies

Google Cloud Armor List security policies

read-only idempotent
createsecuritypolicy

Google Cloud Armor Create a security policy

getsecuritypolicy

Google Cloud Armor Get a security policy

read-only idempotent
patchsecuritypolicy

Google Cloud Armor Update a security policy

deletesecuritypolicy

Google Cloud Armor Delete a security policy

idempotent
addsecuritypolicyrule

Google Cloud Armor Add a rule to a security policy

removesecuritypolicyrule

Google Cloud Armor Remove a rule from a security policy

Capability Spec

google-cloud-armor-capability.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Google Cloud Armor API
  description: Provides programmatic access to manage security policies, rules, and threat intelligence configurations for
    protecting applications from DDoS attacks and web-based threats.
  tags:
  - Google
  - Cloud
  - Armor
  - API
  created: '2026-05-06'
  modified: '2026-05-06'
capability:
  consumes:
  - type: http
    namespace: google-cloud-armor
    baseUri: https://compute.googleapis.com/compute/v1
    description: Google Cloud Armor API HTTP API.
    authentication:
      type: bearer
      token: '{{GOOGLE_CLOUD_ARMOR_TOKEN}}'
    resources:
    - name: projects-project-global-securitypolicies
      path: /projects/{project}/global/securityPolicies
      operations:
      - name: listsecuritypolicies
        method: GET
        description: Google Cloud Armor List security policies
        inputParameters:
        - name: project
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createsecuritypolicy
        method: POST
        description: Google Cloud Armor Create a security policy
        inputParameters:
        - name: project
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: projects-project-global-securitypolicies-securit
      path: /projects/{project}/global/securityPolicies/{securityPolicy}
      operations:
      - name: getsecuritypolicy
        method: GET
        description: Google Cloud Armor Get a security policy
        inputParameters:
        - name: project
          in: path
          type: string
          required: true
        - name: securityPolicy
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: patchsecuritypolicy
        method: PATCH
        description: Google Cloud Armor Update a security policy
        inputParameters:
        - name: project
          in: path
          type: string
          required: true
        - name: securityPolicy
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deletesecuritypolicy
        method: DELETE
        description: Google Cloud Armor Delete a security policy
        inputParameters:
        - name: project
          in: path
          type: string
          required: true
        - name: securityPolicy
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: projects-project-global-securitypolicies-securit
      path: /projects/{project}/global/securityPolicies/{securityPolicy}/addRule
      operations:
      - name: addsecuritypolicyrule
        method: POST
        description: Google Cloud Armor Add a rule to a security policy
        inputParameters:
        - name: project
          in: path
          type: string
          required: true
        - name: securityPolicy
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: projects-project-global-securitypolicies-securit
      path: /projects/{project}/global/securityPolicies/{securityPolicy}/removeRule
      operations:
      - name: removesecuritypolicyrule
        method: POST
        description: Google Cloud Armor Remove a rule from a security policy
        inputParameters:
        - name: project
          in: path
          type: string
          required: true
        - name: securityPolicy
          in: path
          type: string
          required: true
        - name: priority
          in: query
          type: integer
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    port: 8080
    namespace: google-cloud-armor-rest
    description: REST adapter for Google Cloud Armor API.
    resources:
    - path: /projects/{project}/global/securityPolicies
      name: listsecuritypolicies
      operations:
      - method: GET
        name: listsecuritypolicies
        description: Google Cloud Armor List security policies
        call: google-cloud-armor.listsecuritypolicies
        with:
          project: rest.project
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{project}/global/securityPolicies
      name: createsecuritypolicy
      operations:
      - method: POST
        name: createsecuritypolicy
        description: Google Cloud Armor Create a security policy
        call: google-cloud-armor.createsecuritypolicy
        with:
          project: rest.project
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{project}/global/securityPolicies/{securityPolicy}
      name: getsecuritypolicy
      operations:
      - method: GET
        name: getsecuritypolicy
        description: Google Cloud Armor Get a security policy
        call: google-cloud-armor.getsecuritypolicy
        with:
          project: rest.project
          securityPolicy: rest.securityPolicy
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{project}/global/securityPolicies/{securityPolicy}
      name: patchsecuritypolicy
      operations:
      - method: PATCH
        name: patchsecuritypolicy
        description: Google Cloud Armor Update a security policy
        call: google-cloud-armor.patchsecuritypolicy
        with:
          project: rest.project
          securityPolicy: rest.securityPolicy
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{project}/global/securityPolicies/{securityPolicy}
      name: deletesecuritypolicy
      operations:
      - method: DELETE
        name: deletesecuritypolicy
        description: Google Cloud Armor Delete a security policy
        call: google-cloud-armor.deletesecuritypolicy
        with:
          project: rest.project
          securityPolicy: rest.securityPolicy
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{project}/global/securityPolicies/{securityPolicy}/addRule
      name: addsecuritypolicyrule
      operations:
      - method: POST
        name: addsecuritypolicyrule
        description: Google Cloud Armor Add a rule to a security policy
        call: google-cloud-armor.addsecuritypolicyrule
        with:
          project: rest.project
          securityPolicy: rest.securityPolicy
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{project}/global/securityPolicies/{securityPolicy}/removeRule
      name: removesecuritypolicyrule
      operations:
      - method: POST
        name: removesecuritypolicyrule
        description: Google Cloud Armor Remove a rule from a security policy
        call: google-cloud-armor.removesecuritypolicyrule
        with:
          project: rest.project
          securityPolicy: rest.securityPolicy
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    port: 9090
    namespace: google-cloud-armor-mcp
    transport: http
    description: MCP adapter for Google Cloud Armor API for AI agent use.
    tools:
    - name: listsecuritypolicies
      description: Google Cloud Armor List security policies
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: google-cloud-armor.listsecuritypolicies
      with:
        project: tools.project
      inputParameters:
      - name: project
        type: string
        description: project
        required: true
      outputParameters:
      - type: object
        mapping: $.
    - name: createsecuritypolicy
      description: Google Cloud Armor Create a security policy
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: google-cloud-armor.createsecuritypolicy
      with:
        project: tools.project
      inputParameters:
      - name: project
        type: string
        description: project
        required: true
      outputParameters:
      - type: object
        mapping: $.
    - name: getsecuritypolicy
      description: Google Cloud Armor Get a security policy
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: google-cloud-armor.getsecuritypolicy
      with:
        project: tools.project
        securityPolicy: tools.securityPolicy
      inputParameters:
      - name: project
        type: string
        description: project
        required: true
      - name: securityPolicy
        type: string
        description: securityPolicy
        required: true
      outputParameters:
      - type: object
        mapping: $.
    - name: patchsecuritypolicy
      description: Google Cloud Armor Update a security policy
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: google-cloud-armor.patchsecuritypolicy
      with:
        project: tools.project
        securityPolicy: tools.securityPolicy
      inputParameters:
      - name: project
        type: string
        description: project
        required: true
      - name: securityPolicy
        type: string
        description: securityPolicy
        required: true
      outputParameters:
      - type: object
        mapping: $.
    - name: deletesecuritypolicy
      description: Google Cloud Armor Delete a security policy
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: google-cloud-armor.deletesecuritypolicy
      with:
        project: tools.project
        securityPolicy: tools.securityPolicy
      inputParameters:
      - name: project
        type: string
        description: project
        required: true
      - name: securityPolicy
        type: string
        description: securityPolicy
        required: true
      outputParameters:
      - type: object
        mapping: $.
    - name: addsecuritypolicyrule
      description: Google Cloud Armor Add a rule to a security policy
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: google-cloud-armor.addsecuritypolicyrule
      with:
        project: tools.project
        securityPolicy: tools.securityPolicy
      inputParameters:
      - name: project
        type: string
        description: project
        required: true
      - name: securityPolicy
        type: string
        description: securityPolicy
        required: true
      outputParameters:
      - type: object
        mapping: $.
    - name: removesecuritypolicyrule
      description: Google Cloud Armor Remove a rule from a security policy
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: google-cloud-armor.removesecuritypolicyrule
      with:
        project: tools.project
        securityPolicy: tools.securityPolicy
        priority: tools.priority
      inputParameters:
      - name: project
        type: string
        description: project
        required: true
      - name: securityPolicy
        type: string
        description: securityPolicy
        required: true
      - name: priority
        type: integer
        description: priority
        required: true
      outputParameters:
      - type: object
        mapping: $.
binds:
- namespace: env
  keys:
    GOOGLE_CLOUD_ARMOR_TOKEN: GOOGLE_CLOUD_ARMOR_TOKEN