Class: Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb

Overview

Specification of the MTLSPolicy.

Defined Under Namespace

Modules: ClientValidationMode

Instance Attribute Summary collapse

Instance Attribute Details

#client_validation_ca::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>

Returns Required if the policy is to be used with Traffic Director. For Application Load Balancers it must be empty.

Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.

Returns:

  • (::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>)

    Required if the policy is to be used with Traffic Director. For Application Load Balancers it must be empty.

    Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.



111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 111

class MTLSPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Mutual TLS certificate validation mode.
  module ClientValidationMode
    # Not allowed.
    CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

    # Allow connection even if certificate chain validation
    # of the client certificate failed or no client certificate was
    # presented. The proof of possession of the private key is always checked
    # if client certificate was presented. This mode requires the backend to
    # implement processing of data extracted from a client certificate to
    # authenticate the peer, or to reject connections if the client
    # certificate fingerprint is missing.
    ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

    # Require a client certificate and allow connection to the backend only
    # if validation of the client certificate passed.
    #
    # If set, requires a reference to non-empty TrustConfig specified in
    # `client_validation_trust_config`.
    REJECT_INVALID = 2
  end
end

#client_validation_mode::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode

Returns When the client presents an invalid certificate or no certificate to the load balancer, the client_validation_mode specifies how the client connection is handled.

Required if the policy is to be used with the Application Load Balancers. For Traffic Director it must be empty.

Returns:



111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 111

class MTLSPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Mutual TLS certificate validation mode.
  module ClientValidationMode
    # Not allowed.
    CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

    # Allow connection even if certificate chain validation
    # of the client certificate failed or no client certificate was
    # presented. The proof of possession of the private key is always checked
    # if client certificate was presented. This mode requires the backend to
    # implement processing of data extracted from a client certificate to
    # authenticate the peer, or to reject connections if the client
    # certificate fingerprint is missing.
    ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

    # Require a client certificate and allow connection to the backend only
    # if validation of the client certificate passed.
    #
    # If set, requires a reference to non-empty TrustConfig specified in
    # `client_validation_trust_config`.
    REJECT_INVALID = 2
  end
end

#client_validation_trust_config::String

Returns Reference to the TrustConfig from certificatemanager.googleapis.com namespace.

If specified, the chain validation will be performed against certificates configured in the given TrustConfig.

Allowed only if the policy is to be used with Application Load Balancers.

Returns:

  • (::String)

    Reference to the TrustConfig from certificatemanager.googleapis.com namespace.

    If specified, the chain validation will be performed against certificates configured in the given TrustConfig.

    Allowed only if the policy is to be used with Application Load Balancers.



111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 111

class MTLSPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Mutual TLS certificate validation mode.
  module ClientValidationMode
    # Not allowed.
    CLIENT_VALIDATION_MODE_UNSPECIFIED = 0

    # Allow connection even if certificate chain validation
    # of the client certificate failed or no client certificate was
    # presented. The proof of possession of the private key is always checked
    # if client certificate was presented. This mode requires the backend to
    # implement processing of data extracted from a client certificate to
    # authenticate the peer, or to reject connections if the client
    # certificate fingerprint is missing.
    ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1

    # Require a client certificate and allow connection to the backend only
    # if validation of the client certificate passed.
    #
    # If set, requires a reference to non-empty TrustConfig specified in
    # `client_validation_trust_config`.
    REJECT_INVALID = 2
  end
end