Class: Google::Apis::ComputeAlpha::BackendServiceTlsSettings

Inherits:

Object

• Object
• Google::Apis::ComputeAlpha::BackendServiceTlsSettings

Includes:

Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport

Defined in:

lib/google/apis/compute_alpha/classes.rb,
lib/google/apis/compute_alpha/representations.rb,
lib/google/apis/compute_alpha/representations.rb

Instance Attribute Summary

• #authentication_config ⇒ String

  Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace.

• #identity ⇒ String

  Assigns the Managed Identity for the BackendService Workload.

• #sni ⇒ String

  Server Name Indication - see RFC3546 section 3.1.

• #subject_alt_names ⇒ Array<Google::Apis::ComputeAlpha::BackendServiceTlsSettingsSubjectAltName>

  A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend.

Instance Method Summary

• #initialize(**args) ⇒ BackendServiceTlsSettings constructor

  A new instance of BackendServiceTlsSettings.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ BackendServiceTlsSettings

Returns a new instance of BackendServiceTlsSettings.

# File 'lib/google/apis/compute_alpha/classes.rb', line 6817

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#authentication_config ⇒ String

Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE. Corresponds to the JSON property authenticationConfig

Returns:

• (String)

# File 'lib/google/apis/compute_alpha/classes.rb', line 6758

def authentication_config
  @authentication_config
end

#identity ⇒ String

Assigns the Managed Identity for the BackendService Workload. Use this property to configure the load balancer back-end to use certificates and roots of trust provisioned by the Managed Workload Identity system. The identity property is the fully-specified SPIFFE ID to use in the SVID presented by the Load Balancer Workload. The SPIFFE ID must be a resource starting with the trustDomain property value, followed by the path to the Managed Workload Identity. Supported SPIFFE ID format:

• ///ns//sa/ The Trust Domain within the Managed Identity must refer to a valid Workload Identity Pool. The TrustConfig and CertificateIssuanceConfig will be inherited from the Workload Identity Pool. Restrictions:

• If you set the identity property, you cannot manually set the following fields:

• tlsSettings.sni

• tlsSettings.subjectAltNames

• tlsSettings.authenticationConfig

When defining a identity for a RegionBackendServices, the corresponding Workload Identity Pool must have a ca_pool configured in the same region. The system will set up a read-onlytlsSettings.authenticationConfig for the Managed Identity. Corresponds to the JSON property identity

Returns:

• (String)

# File 'lib/google/apis/compute_alpha/classes.rb', line 6791

def identity
  @identity
end

#sni ⇒ String

Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port. When both sni and subjectAltNames[] are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames[]. Corresponds to the JSON property sni

Returns:

• (String)

# File 'lib/google/apis/compute_alpha/classes.rb', line 6804

def sni
  @sni
end

#subject_alt_names ⇒ Array<Google::Apis::ComputeAlpha::BackendServiceTlsSettingsSubjectAltName>

A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames[] are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames[]. Corresponds to the JSON property subjectAltNames

Returns:

• (Array<Google::Apis::ComputeAlpha::BackendServiceTlsSettingsSubjectAltName>)

# File 'lib/google/apis/compute_alpha/classes.rb', line 6815

def subject_alt_names
  @subject_alt_names
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/compute_alpha/classes.rb', line 6822

def update!(**args)
  @authentication_config = args[:authentication_config] if args.key?(:authentication_config)
  @identity = args[:identity] if args.key?(:identity)
  @sni = args[:sni] if args.key?(:sni)
  @subject_alt_names = args[:subject_alt_names] if args.key?(:subject_alt_names)
end