Class: Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy
- Inherits:
-
Object
- Object
- Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy
- Extended by:
- Protobuf::MessageExts::ClassMethods
- Includes:
- Protobuf::MessageExts
- Defined in:
- proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb
Overview
Specification of the MTLSPolicy.
Defined Under Namespace
Modules: ClientValidationMode
Instance Attribute Summary collapse
-
#client_validation_ca ⇒ ::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>
Required if the policy is to be used with Traffic Director.
-
#client_validation_mode ⇒ ::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode
When the client presents an invalid certificate or no certificate to the load balancer, the
client_validation_modespecifies how the client connection is handled. -
#client_validation_trust_config ⇒ ::String
Reference to the TrustConfig from certificatemanager.googleapis.com namespace.
Instance Attribute Details
#client_validation_ca ⇒ ::Array<::Google::Cloud::NetworkSecurity::V1::ValidationCA>
Returns Required if the policy is to be used with Traffic Director. For Application Load Balancers it must be empty.
Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 111 class MTLSPolicy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Mutual TLS certificate validation mode. module ClientValidationMode # Not allowed. CLIENT_VALIDATION_MODE_UNSPECIFIED = 0 # Allow connection even if certificate chain validation # of the client certificate failed or no client certificate was # presented. The proof of possession of the private key is always checked # if client certificate was presented. This mode requires the backend to # implement processing of data extracted from a client certificate to # authenticate the peer, or to reject connections if the client # certificate fingerprint is missing. ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1 # Require a client certificate and allow connection to the backend only # if validation of the client certificate passed. # # If set, requires a reference to non-empty TrustConfig specified in # `client_validation_trust_config`. REJECT_INVALID = 2 end end |
#client_validation_mode ⇒ ::Google::Cloud::NetworkSecurity::V1::ServerTlsPolicy::MTLSPolicy::ClientValidationMode
Returns When the client presents an invalid certificate or no certificate to the
load balancer, the client_validation_mode specifies how the client
connection is handled.
Required if the policy is to be used with the Application Load Balancers. For Traffic Director it must be empty.
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 111 class MTLSPolicy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Mutual TLS certificate validation mode. module ClientValidationMode # Not allowed. CLIENT_VALIDATION_MODE_UNSPECIFIED = 0 # Allow connection even if certificate chain validation # of the client certificate failed or no client certificate was # presented. The proof of possession of the private key is always checked # if client certificate was presented. This mode requires the backend to # implement processing of data extracted from a client certificate to # authenticate the peer, or to reject connections if the client # certificate fingerprint is missing. ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1 # Require a client certificate and allow connection to the backend only # if validation of the client certificate passed. # # If set, requires a reference to non-empty TrustConfig specified in # `client_validation_trust_config`. REJECT_INVALID = 2 end end |
#client_validation_trust_config ⇒ ::String
Returns Reference to the TrustConfig from certificatemanager.googleapis.com namespace.
If specified, the chain validation will be performed against certificates configured in the given TrustConfig.
Allowed only if the policy is to be used with Application Load Balancers.
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'proto_docs/google/cloud/networksecurity/v1/server_tls_policy.rb', line 111 class MTLSPolicy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Mutual TLS certificate validation mode. module ClientValidationMode # Not allowed. CLIENT_VALIDATION_MODE_UNSPECIFIED = 0 # Allow connection even if certificate chain validation # of the client certificate failed or no client certificate was # presented. The proof of possession of the private key is always checked # if client certificate was presented. This mode requires the backend to # implement processing of data extracted from a client certificate to # authenticate the peer, or to reject connections if the client # certificate fingerprint is missing. ALLOW_INVALID_OR_MISSING_CLIENT_CERT = 1 # Require a client certificate and allow connection to the backend only # if validation of the client certificate passed. # # If set, requires a reference to non-empty TrustConfig specified in # `client_validation_trust_config`. REJECT_INVALID = 2 end end |