Class: Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::Principal

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/networksecurity/v1/authz_policy.rb

Overview

Describes the properties of a principal to be matched against.

Defined Under Namespace

Modules: PrincipalSelector

Instance Attribute Summary collapse

Instance Attribute Details

#principal::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::StringMatch

Returns Required. A non-empty string whose value is matched against the principal value based on the principal_selector. Only exact match can be applied for CLIENT_CERT_URI_SAN, CLIENT_CERT_DNS_NAME_SAN, CLIENT_CERT_COMMON_NAME selectors.

Returns:



258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
# File 'proto_docs/google/cloud/networksecurity/v1/authz_policy.rb', line 258

class Principal
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The principal value the principal rule will match against.
  module PrincipalSelector
    # Unspecified principal selector. It will be treated as
    # CLIENT_CERT_URI_SAN by default.
    PRINCIPAL_SELECTOR_UNSPECIFIED = 0

    # The principal rule is matched against a list of URI SANs in the
    # validated client's certificate. A match happens when there is any
    # exact URI SAN value match. This is the default principal selector.
    CLIENT_CERT_URI_SAN = 1

    # The principal rule is matched against a list of DNS Name SANs in the
    # validated client's certificate. A match happens when there is any
    # exact DNS Name SAN value match.
    # This is only applicable for Application Load Balancers
    # except for classic Global External Application load balancer.
    # CLIENT_CERT_DNS_NAME_SAN is not supported for INTERNAL_SELF_MANAGED
    # load balancing scheme.
    CLIENT_CERT_DNS_NAME_SAN = 2

    # The principal rule is matched against the common name in the client's
    # certificate. Authorization against multiple common names in the
    # client certificate is not supported. Requests with multiple common
    # names in the client certificate will be rejected if
    # CLIENT_CERT_COMMON_NAME is set as the principal selector. A match
    # happens when there is an exact common name value match.
    # This is only applicable for Application Load Balancers
    # except for global external Application Load Balancer and
    # classic Application Load Balancer.
    # CLIENT_CERT_COMMON_NAME is not supported for INTERNAL_SELF_MANAGED
    # load balancing scheme.
    CLIENT_CERT_COMMON_NAME = 3
  end
end

#principal_selector::Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::Principal::PrincipalSelector

Returns Optional. An enum to decide what principal value the principal rule will match against. If not specified, the PrincipalSelector is CLIENT_CERT_URI_SAN.

Returns:



258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
# File 'proto_docs/google/cloud/networksecurity/v1/authz_policy.rb', line 258

class Principal
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The principal value the principal rule will match against.
  module PrincipalSelector
    # Unspecified principal selector. It will be treated as
    # CLIENT_CERT_URI_SAN by default.
    PRINCIPAL_SELECTOR_UNSPECIFIED = 0

    # The principal rule is matched against a list of URI SANs in the
    # validated client's certificate. A match happens when there is any
    # exact URI SAN value match. This is the default principal selector.
    CLIENT_CERT_URI_SAN = 1

    # The principal rule is matched against a list of DNS Name SANs in the
    # validated client's certificate. A match happens when there is any
    # exact DNS Name SAN value match.
    # This is only applicable for Application Load Balancers
    # except for classic Global External Application load balancer.
    # CLIENT_CERT_DNS_NAME_SAN is not supported for INTERNAL_SELF_MANAGED
    # load balancing scheme.
    CLIENT_CERT_DNS_NAME_SAN = 2

    # The principal rule is matched against the common name in the client's
    # certificate. Authorization against multiple common names in the
    # client certificate is not supported. Requests with multiple common
    # names in the client certificate will be rejected if
    # CLIENT_CERT_COMMON_NAME is set as the principal selector. A match
    # happens when there is an exact common name value match.
    # This is only applicable for Application Load Balancers
    # except for global external Application Load Balancer and
    # classic Application Load Balancer.
    # CLIENT_CERT_COMMON_NAME is not supported for INTERNAL_SELF_MANAGED
    # load balancing scheme.
    CLIENT_CERT_COMMON_NAME = 3
  end
end