Class: Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb

Overview

ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. This resource itself does not affect configuration unless it is attached to a target HTTPS proxy or endpoint config selector resource.

ServerTlsPolicy in the form accepted by Application Load Balancers can be attached only to TargetHttpsProxy with an EXTERNAL, EXTERNAL_MANAGED or INTERNAL_MANAGED load balancing scheme. Traffic Director compatible ServerTlsPolicies can be attached to EndpointPolicy and TargetHttpsProxy with Traffic Director INTERNAL_SELF_MANAGED load balancing scheme.

Defined Under Namespace

Classes: LabelsEntry, MTLSPolicy

Instance Attribute Summary collapse

Instance Attribute Details

#allow_open::Boolean

Returns This field applies only for Traffic Director policies. It is must be set to false for Application Load Balancer policies.

Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.

Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.

Returns:

  • (::Boolean)

    This field applies only for Traffic Director policies. It is must be set to false for Application Load Balancer policies.

    Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.

    Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 81

class ServerTlsPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Specification of the MTLSPolicy.
  # @!attribute [rw] client_validation_mode
  #   @return [::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode]
  #     When the client presents an invalid certificate or no certificate to the
  #     load balancer, the `client_validation_mode` specifies how the client
  #     connection is handled.
  #
  #     Required if the policy is to be used with the Application Load
  #     Balancers. For Traffic Director it must be empty.
  # @!attribute [rw] client_validation_ca
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>]
  #     Required if the policy is to be used with Traffic Director. For
  #     Application Load Balancers it must be empty.
  #
  #     Defines the mechanism to obtain the Certificate Authority certificate to
  #     validate the client certificate.
  # @!attribute [rw] client_validation_trust_config
  #   @return [::String]
  #     Reference to the TrustConfig from certificatemanager.googleapis.com
  #     namespace.
  #
  #     If specified, the chain validation will be performed against certificates
  #     configured in the given TrustConfig.
  #
  #     Allowed only if the policy is to be used with Application Load
  #     Balancers.
  class MTLSPolicy
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Mutual TLS certificate validation mode.
    module ClientValidationMode
      # Not allowed.
      CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

      # Allow connection even if certificate chain validation
      # of the client certificate failed or no client certificate was
      # presented. The proof of possession of the private key is always checked
      # if client certificate was presented. This mode requires the backend to
      # implement processing of data extracted from a client certificate to
      # authenticate the peer, or to reject connections if the client
      # certificate fingerprint is missing.
      ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

      # Require a client certificate and allow connection to the backend only
      # if validation of the client certificate passed.
      #
      # If set, requires a reference to non-empty TrustConfig specified in
      # `client_validation_trust_config`.
      REJECT_INVALID = 2
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#create_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. The timestamp when the resource was created.

Returns:



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 81

class ServerTlsPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Specification of the MTLSPolicy.
  # @!attribute [rw] client_validation_mode
  #   @return [::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode]
  #     When the client presents an invalid certificate or no certificate to the
  #     load balancer, the `client_validation_mode` specifies how the client
  #     connection is handled.
  #
  #     Required if the policy is to be used with the Application Load
  #     Balancers. For Traffic Director it must be empty.
  # @!attribute [rw] client_validation_ca
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>]
  #     Required if the policy is to be used with Traffic Director. For
  #     Application Load Balancers it must be empty.
  #
  #     Defines the mechanism to obtain the Certificate Authority certificate to
  #     validate the client certificate.
  # @!attribute [rw] client_validation_trust_config
  #   @return [::String]
  #     Reference to the TrustConfig from certificatemanager.googleapis.com
  #     namespace.
  #
  #     If specified, the chain validation will be performed against certificates
  #     configured in the given TrustConfig.
  #
  #     Allowed only if the policy is to be used with Application Load
  #     Balancers.
  class MTLSPolicy
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Mutual TLS certificate validation mode.
    module ClientValidationMode
      # Not allowed.
      CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

      # Allow connection even if certificate chain validation
      # of the client certificate failed or no client certificate was
      # presented. The proof of possession of the private key is always checked
      # if client certificate was presented. This mode requires the backend to
      # implement processing of data extracted from a client certificate to
      # authenticate the peer, or to reject connections if the client
      # certificate fingerprint is missing.
      ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

      # Require a client certificate and allow connection to the backend only
      # if validation of the client certificate passed.
      #
      # If set, requires a reference to non-empty TrustConfig specified in
      # `client_validation_trust_config`.
      REJECT_INVALID = 2
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#description::String

Returns Free-text description of the resource.

Returns:

  • (::String)

    Free-text description of the resource.



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 81

class ServerTlsPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Specification of the MTLSPolicy.
  # @!attribute [rw] client_validation_mode
  #   @return [::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode]
  #     When the client presents an invalid certificate or no certificate to the
  #     load balancer, the `client_validation_mode` specifies how the client
  #     connection is handled.
  #
  #     Required if the policy is to be used with the Application Load
  #     Balancers. For Traffic Director it must be empty.
  # @!attribute [rw] client_validation_ca
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>]
  #     Required if the policy is to be used with Traffic Director. For
  #     Application Load Balancers it must be empty.
  #
  #     Defines the mechanism to obtain the Certificate Authority certificate to
  #     validate the client certificate.
  # @!attribute [rw] client_validation_trust_config
  #   @return [::String]
  #     Reference to the TrustConfig from certificatemanager.googleapis.com
  #     namespace.
  #
  #     If specified, the chain validation will be performed against certificates
  #     configured in the given TrustConfig.
  #
  #     Allowed only if the policy is to be used with Application Load
  #     Balancers.
  class MTLSPolicy
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Mutual TLS certificate validation mode.
    module ClientValidationMode
      # Not allowed.
      CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

      # Allow connection even if certificate chain validation
      # of the client certificate failed or no client certificate was
      # presented. The proof of possession of the private key is always checked
      # if client certificate was presented. This mode requires the backend to
      # implement processing of data extracted from a client certificate to
      # authenticate the peer, or to reject connections if the client
      # certificate fingerprint is missing.
      ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

      # Require a client certificate and allow connection to the backend only
      # if validation of the client certificate passed.
      #
      # If set, requires a reference to non-empty TrustConfig specified in
      # `client_validation_trust_config`.
      REJECT_INVALID = 2
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#labels::Google::Protobuf::Map{::String => ::String}

Returns Set of label tags associated with the resource.

Returns:

  • (::Google::Protobuf::Map{::String => ::String})

    Set of label tags associated with the resource.



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 81

class ServerTlsPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Specification of the MTLSPolicy.
  # @!attribute [rw] client_validation_mode
  #   @return [::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode]
  #     When the client presents an invalid certificate or no certificate to the
  #     load balancer, the `client_validation_mode` specifies how the client
  #     connection is handled.
  #
  #     Required if the policy is to be used with the Application Load
  #     Balancers. For Traffic Director it must be empty.
  # @!attribute [rw] client_validation_ca
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>]
  #     Required if the policy is to be used with Traffic Director. For
  #     Application Load Balancers it must be empty.
  #
  #     Defines the mechanism to obtain the Certificate Authority certificate to
  #     validate the client certificate.
  # @!attribute [rw] client_validation_trust_config
  #   @return [::String]
  #     Reference to the TrustConfig from certificatemanager.googleapis.com
  #     namespace.
  #
  #     If specified, the chain validation will be performed against certificates
  #     configured in the given TrustConfig.
  #
  #     Allowed only if the policy is to be used with Application Load
  #     Balancers.
  class MTLSPolicy
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Mutual TLS certificate validation mode.
    module ClientValidationMode
      # Not allowed.
      CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

      # Allow connection even if certificate chain validation
      # of the client certificate failed or no client certificate was
      # presented. The proof of possession of the private key is always checked
      # if client certificate was presented. This mode requires the backend to
      # implement processing of data extracted from a client certificate to
      # authenticate the peer, or to reject connections if the client
      # certificate fingerprint is missing.
      ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

      # Require a client certificate and allow connection to the backend only
      # if validation of the client certificate passed.
      #
      # If set, requires a reference to non-empty TrustConfig specified in
      # `client_validation_trust_config`.
      REJECT_INVALID = 2
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#mtls_policy::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy

Returns This field is required if the policy is used with Application Load Balancers. This field can be empty for Traffic Director.

Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections.

Returns:

  • (::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy)

    This field is required if the policy is used with Application Load Balancers. This field can be empty for Traffic Director.

    Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections.



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 81

class ServerTlsPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Specification of the MTLSPolicy.
  # @!attribute [rw] client_validation_mode
  #   @return [::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode]
  #     When the client presents an invalid certificate or no certificate to the
  #     load balancer, the `client_validation_mode` specifies how the client
  #     connection is handled.
  #
  #     Required if the policy is to be used with the Application Load
  #     Balancers. For Traffic Director it must be empty.
  # @!attribute [rw] client_validation_ca
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>]
  #     Required if the policy is to be used with Traffic Director. For
  #     Application Load Balancers it must be empty.
  #
  #     Defines the mechanism to obtain the Certificate Authority certificate to
  #     validate the client certificate.
  # @!attribute [rw] client_validation_trust_config
  #   @return [::String]
  #     Reference to the TrustConfig from certificatemanager.googleapis.com
  #     namespace.
  #
  #     If specified, the chain validation will be performed against certificates
  #     configured in the given TrustConfig.
  #
  #     Allowed only if the policy is to be used with Application Load
  #     Balancers.
  class MTLSPolicy
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Mutual TLS certificate validation mode.
    module ClientValidationMode
      # Not allowed.
      CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

      # Allow connection even if certificate chain validation
      # of the client certificate failed or no client certificate was
      # presented. The proof of possession of the private key is always checked
      # if client certificate was presented. This mode requires the backend to
      # implement processing of data extracted from a client certificate to
      # authenticate the peer, or to reject connections if the client
      # certificate fingerprint is missing.
      ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

      # Require a client certificate and allow connection to the backend only
      # if validation of the client certificate passed.
      #
      # If set, requires a reference to non-empty TrustConfig specified in
      # `client_validation_trust_config`.
      REJECT_INVALID = 2
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#name::String

Returns Required. Name of the ServerTlsPolicy resource. It matches the pattern projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}.

Returns:

  • (::String)

    Required. Name of the ServerTlsPolicy resource. It matches the pattern projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 81

class ServerTlsPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Specification of the MTLSPolicy.
  # @!attribute [rw] client_validation_mode
  #   @return [::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode]
  #     When the client presents an invalid certificate or no certificate to the
  #     load balancer, the `client_validation_mode` specifies how the client
  #     connection is handled.
  #
  #     Required if the policy is to be used with the Application Load
  #     Balancers. For Traffic Director it must be empty.
  # @!attribute [rw] client_validation_ca
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>]
  #     Required if the policy is to be used with Traffic Director. For
  #     Application Load Balancers it must be empty.
  #
  #     Defines the mechanism to obtain the Certificate Authority certificate to
  #     validate the client certificate.
  # @!attribute [rw] client_validation_trust_config
  #   @return [::String]
  #     Reference to the TrustConfig from certificatemanager.googleapis.com
  #     namespace.
  #
  #     If specified, the chain validation will be performed against certificates
  #     configured in the given TrustConfig.
  #
  #     Allowed only if the policy is to be used with Application Load
  #     Balancers.
  class MTLSPolicy
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Mutual TLS certificate validation mode.
    module ClientValidationMode
      # Not allowed.
      CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

      # Allow connection even if certificate chain validation
      # of the client certificate failed or no client certificate was
      # presented. The proof of possession of the private key is always checked
      # if client certificate was presented. This mode requires the backend to
      # implement processing of data extracted from a client certificate to
      # authenticate the peer, or to reject connections if the client
      # certificate fingerprint is missing.
      ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

      # Require a client certificate and allow connection to the backend only
      # if validation of the client certificate passed.
      #
      # If set, requires a reference to non-empty TrustConfig specified in
      # `client_validation_trust_config`.
      REJECT_INVALID = 2
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#server_certificate::Google::Cloud::NetworkSecurity::V1::CertificateProvider

Returns Optional if policy is to be used with Traffic Director. For Application Load Balancers must be empty.

Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported.

Returns:

  • (::Google::Cloud::NetworkSecurity::V1::CertificateProvider)

    Optional if policy is to be used with Traffic Director. For Application Load Balancers must be empty.

    Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported.



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 81

class ServerTlsPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Specification of the MTLSPolicy.
  # @!attribute [rw] client_validation_mode
  #   @return [::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode]
  #     When the client presents an invalid certificate or no certificate to the
  #     load balancer, the `client_validation_mode` specifies how the client
  #     connection is handled.
  #
  #     Required if the policy is to be used with the Application Load
  #     Balancers. For Traffic Director it must be empty.
  # @!attribute [rw] client_validation_ca
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>]
  #     Required if the policy is to be used with Traffic Director. For
  #     Application Load Balancers it must be empty.
  #
  #     Defines the mechanism to obtain the Certificate Authority certificate to
  #     validate the client certificate.
  # @!attribute [rw] client_validation_trust_config
  #   @return [::String]
  #     Reference to the TrustConfig from certificatemanager.googleapis.com
  #     namespace.
  #
  #     If specified, the chain validation will be performed against certificates
  #     configured in the given TrustConfig.
  #
  #     Allowed only if the policy is to be used with Application Load
  #     Balancers.
  class MTLSPolicy
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Mutual TLS certificate validation mode.
    module ClientValidationMode
      # Not allowed.
      CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

      # Allow connection even if certificate chain validation
      # of the client certificate failed or no client certificate was
      # presented. The proof of possession of the private key is always checked
      # if client certificate was presented. This mode requires the backend to
      # implement processing of data extracted from a client certificate to
      # authenticate the peer, or to reject connections if the client
      # certificate fingerprint is missing.
      ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

      # Require a client certificate and allow connection to the backend only
      # if validation of the client certificate passed.
      #
      # If set, requires a reference to non-empty TrustConfig specified in
      # `client_validation_trust_config`.
      REJECT_INVALID = 2
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#update_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. The timestamp when the resource was updated.

Returns:



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 81

class ServerTlsPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Specification of the MTLSPolicy.
  # @!attribute [rw] client_validation_mode
  #   @return [::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode]
  #     When the client presents an invalid certificate or no certificate to the
  #     load balancer, the `client_validation_mode` specifies how the client
  #     connection is handled.
  #
  #     Required if the policy is to be used with the Application Load
  #     Balancers. For Traffic Director it must be empty.
  # @!attribute [rw] client_validation_ca
  #   @return [::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>]
  #     Required if the policy is to be used with Traffic Director. For
  #     Application Load Balancers it must be empty.
  #
  #     Defines the mechanism to obtain the Certificate Authority certificate to
  #     validate the client certificate.
  # @!attribute [rw] client_validation_trust_config
  #   @return [::String]
  #     Reference to the TrustConfig from certificatemanager.googleapis.com
  #     namespace.
  #
  #     If specified, the chain validation will be performed against certificates
  #     configured in the given TrustConfig.
  #
  #     Allowed only if the policy is to be used with Application Load
  #     Balancers.
  class MTLSPolicy
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Mutual TLS certificate validation mode.
    module ClientValidationMode
      # Not allowed.
      CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

      # Allow connection even if certificate chain validation
      # of the client certificate failed or no client certificate was
      # presented. The proof of possession of the private key is always checked
      # if client certificate was presented. This mode requires the backend to
      # implement processing of data extracted from a client certificate to
      # authenticate the peer, or to reject connections if the client
      # certificate fingerprint is missing.
      ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

      # Require a client certificate and allow connection to the backend only
      # if validation of the client certificate passed.
      #
      # If set, requires a reference to non-empty TrustConfig specified in
      # `client_validation_trust_config`.
      REJECT_INVALID = 2
    end
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end