Class: Google::Cloud::Sql::V1::IpConfiguration

Inherits:

Object

• Object
• Google::Cloud::Sql::V1::IpConfiguration

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb

Overview

IP Management configuration.

Defined Under Namespace

Modules: CaMode, ServerCertificateRotationMode, SslMode

Instance Attribute Summary

• #allocated_ip_range ⇒ ::String

  The name of the allocated ip range for the private ip Cloud SQL instance.

• #authorized_networks ⇒ ::Array<::Google::Cloud::Sql::V1::AclEntry>

  The list of external networks that are allowed to connect to the instance using the IP.

• #custom_subject_alternative_names ⇒ ::Array<::String>

  Optional.

• #enable_private_path_for_google_cloud_services ⇒ ::Google::Protobuf::BoolValue

  Controls connectivity to private IP instances from Google services, such as BigQuery.

• #ipv4_enabled ⇒ ::Google::Protobuf::BoolValue

  Whether the instance is assigned a public IP address or not.

• #private_network ⇒ ::String

  The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP.

• #psc_config ⇒ ::Google::Cloud::Sql::V1::PscConfig

  PSC settings for this instance.

• #require_ssl ⇒ ::Google::Protobuf::BoolValue

  Use ssl_mode instead.

• #server_ca_mode ⇒ ::Google::Cloud::Sql::V1::IpConfiguration::CaMode

  Specify what type of CA is used for the server certificate.

• #server_ca_pool ⇒ ::String

  Optional.

• #server_certificate_rotation_mode ⇒ ::Google::Cloud::Sql::V1::IpConfiguration::ServerCertificateRotationMode

  Optional.

• #ssl_mode ⇒ ::Google::Cloud::Sql::V1::IpConfiguration::SslMode

  Specify how SSL/TLS is enforced in database connections.

Instance Attribute Details

#allocated_ip_range ⇒ ::String

Returns The name of the allocated ip range for the private ip Cloud SQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?..

Returns:

• (::String) —

  The name of the allocated ip range for the private ip Cloud SQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#authorized_networks ⇒ ::Array<::Google::Cloud::Sql::V1::AclEntry>

Returns The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: 157.197.200.0/24).

Returns:

• (::Array<::Google::Cloud::Sql::V1::AclEntry>) —

  The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: 157.197.200.0/24).

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#custom_subject_alternative_names ⇒ ::Array<::String>

Returns Optional. Custom Subject Alternative Name(SAN)s for a Cloud SQL instance.

Returns:

• (::Array<::String>) —

  Optional. Custom Subject Alternative Name(SAN)s for a Cloud SQL instance.

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#enable_private_path_for_google_cloud_services ⇒ ::Google::Protobuf::BoolValue

Returns Controls connectivity to private IP instances from Google services, such as BigQuery.

Returns:

• (::Google::Protobuf::BoolValue) —

  Controls connectivity to private IP instances from Google services, such as BigQuery.

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#ipv4_enabled ⇒ ::Google::Protobuf::BoolValue

Returns Whether the instance is assigned a public IP address or not.

Returns:

• (::Google::Protobuf::BoolValue) —

  Whether the instance is assigned a public IP address or not.

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#private_network ⇒ ::String

Returns The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, /projects/myProject/global/networks/default. This setting can be updated, but it cannot be removed after it is set.

Returns:

• (::String) —

  The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, /projects/myProject/global/networks/default. This setting can be updated, but it cannot be removed after it is set.

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#psc_config ⇒ ::Google::Cloud::Sql::V1::PscConfig

Returns PSC settings for this instance.

Returns:

• (::Google::Cloud::Sql::V1::PscConfig) —

  PSC settings for this instance.

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#require_ssl ⇒ ::Google::Protobuf::BoolValue

Returns Use ssl_mode instead.

Whether SSL/TLS connections over IP are enforced. If set to false, then allow both non-SSL/non-TLS and SSL/TLS connections. For SSL/TLS connections, the client certificate won't be verified. If set to true, then only allow connections encrypted with SSL/TLS and with valid client certificates. If you want to enforce SSL/TLS without enforcing the requirement for valid client certificates, then use the ssl_mode flag instead of the require_ssl flag.

Returns:

• (::Google::Protobuf::BoolValue) —

  Use ssl_mode instead.

  Whether SSL/TLS connections over IP are enforced. If set to false, then allow both non-SSL/non-TLS and SSL/TLS connections. For SSL/TLS connections, the client certificate won't be verified. If set to true, then only allow connections encrypted with SSL/TLS and with valid client certificates. If you want to enforce SSL/TLS without enforcing the requirement for valid client certificates, then use the ssl_mode flag instead of the require_ssl flag.

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#server_ca_mode ⇒ ::Google::Cloud::Sql::V1::IpConfiguration::CaMode

Returns Specify what type of CA is used for the server certificate.

Returns:

• (::Google::Cloud::Sql::V1::IpConfiguration::CaMode) —

  Specify what type of CA is used for the server certificate.

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#server_ca_pool ⇒ ::String

Returns Optional. The resource name of the server CA pool for an instance with CUSTOMER_MANAGED_CAS_CA as the server_ca_mode. Format: projects/{PROJECT}/locations/{REGION}/caPools/{CA_POOL_ID}.

Returns:

• (::String) —

  Optional. The resource name of the server CA pool for an instance with CUSTOMER_MANAGED_CAS_CA as the server_ca_mode. Format: projects/{PROJECT}/locations/{REGION}/caPools/{CA_POOL_ID}

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#server_certificate_rotation_mode ⇒ ::Google::Cloud::Sql::V1::IpConfiguration::ServerCertificateRotationMode

Returns Optional. Controls the automatic server certificate rotation feature. This feature is disabled by default. When enabled, the server certificate will be automatically rotated during Cloud SQL scheduled maintenance or self-service maintenance updates up to six months before it expires. This setting can only be set if server_ca_mode is either GOOGLE_MANAGED_CAS_CA or CUSTOMER_MANAGED_CAS_CA.

Returns:

• (::Google::Cloud::Sql::V1::IpConfiguration::ServerCertificateRotationMode) —

  Optional. Controls the automatic server certificate rotation feature. This feature is disabled by default. When enabled, the server certificate will be automatically rotated during Cloud SQL scheduled maintenance or self-service maintenance updates up to six months before it expires. This setting can only be set if server_ca_mode is either GOOGLE_MANAGED_CAS_CA or CUSTOMER_MANAGED_CAS_CA.

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end

#ssl_mode ⇒ ::Google::Cloud::Sql::V1::IpConfiguration::SslMode

Returns Specify how SSL/TLS is enforced in database connections. If you must use the require_ssl flag for backward compatibility, then only the following value pairs are valid:

For PostgreSQL and MySQL:

• ssl_mode=ALLOW_UNENCRYPTED_AND_ENCRYPTED and require_ssl=false
• ssl_mode=ENCRYPTED_ONLY and require_ssl=false
• ssl_mode=TRUSTED_CLIENT_CERTIFICATE_REQUIRED and require_ssl=true

For SQL Server:

• ssl_mode=ALLOW_UNENCRYPTED_AND_ENCRYPTED and require_ssl=false
• ssl_mode=ENCRYPTED_ONLY and require_ssl=true

The value of ssl_mode has priority over the value of require_ssl.

For example, for the pair ssl_mode=ENCRYPTED_ONLY and require_ssl=false, ssl_mode=ENCRYPTED_ONLY means accept only SSL connections, while require_ssl=false means accept both non-SSL and SSL connections. In this case, MySQL and PostgreSQL databases respect ssl_mode and accepts only SSL connections.

Returns:

• (::Google::Cloud::Sql::V1::IpConfiguration::SslMode) —

  Specify how SSL/TLS is enforced in database connections. If you must use the require_ssl flag for backward compatibility, then only the following value pairs are valid:

  For PostgreSQL and MySQL:

  • ssl_mode=ALLOW_UNENCRYPTED_AND_ENCRYPTED and require_ssl=false
  • ssl_mode=ENCRYPTED_ONLY and require_ssl=false
  • ssl_mode=TRUSTED_CLIENT_CERTIFICATE_REQUIRED and require_ssl=true

  For SQL Server:

  • ssl_mode=ALLOW_UNENCRYPTED_AND_ENCRYPTED and require_ssl=false
  • ssl_mode=ENCRYPTED_ONLY and require_ssl=true

  The value of ssl_mode has priority over the value of require_ssl.

  For example, for the pair ssl_mode=ENCRYPTED_ONLY and require_ssl=false, ssl_mode=ENCRYPTED_ONLY means accept only SSL connections, while require_ssl=false means accept both non-SSL and SSL connections. In this case, MySQL and PostgreSQL databases respect ssl_mode and accepts only SSL connections.

# File 'proto_docs/google/cloud/sql/v1/cloud_sql_resources.rb', line 861

class IpConfiguration
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The SSL options for database connections.
  module SslMode
    # The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0

    # Allow non-SSL/non-TLS and SSL/TLS connections.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1

    # Only allow connections encrypted with SSL/TLS.
    # For SSL connections to MySQL and PostgreSQL, the client certificate
    # isn't verified.
    #
    # When this value is used, the legacy `require_ssl` flag must be false or
    # cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2

    # Only allow connections encrypted with SSL/TLS and with valid
    # client certificates.
    #
    # When this value is used, the legacy `require_ssl` flag must be true or
    # cleared to avoid the conflict between values of two flags.
    # PostgreSQL clients or users that connect using IAM database
    # authentication must use either the
    # [Cloud SQL Auth
    # Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    # [Cloud SQL
    # Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    # to enforce client identity verification.
    #
    # Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3
  end

  # Various Certificate Authority (CA) modes for certificate signing.
  module CaMode
    # CA mode is unspecified. It is effectively the same as
    # `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0

    # Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1

    # Google-managed regional CA part of root CA hierarchy hosted on Google
    # Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2

    # Customer-managed CA hosted on Google Cloud's Certificate Authority
    # Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3
  end

  # Settings for automatic server certificate rotation.
  module ServerCertificateRotationMode
    # Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0

    # No automatic server certificate rotation. The user must [manage server
    # certificate
    # rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    # on their side.
    NO_AUTOMATIC_ROTATION = 1

    # Automatic server certificate rotation during Cloud SQL scheduled
    # maintenance or self-service maintenance updates. Requires
    # `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    # `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2
  end
end