$schema: "http://json-schema.org/draft-06/schema#"

title: compute beta AuthenticationPolicy export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
  COMMENT:
    type: object
    description: User specified info ignored by gcloud import.
    additionalProperties: false
    properties:
      template-id:
        type: string
      region:
        type: string
      description:
        type: string
      date:
        type: string
      version:
        type: string
  UNKNOWN:
    type: array
    description: Unknown API fields that cannot be imported.
    items:
      type: string
  origins:
    description: |-
      List of authentication methods that can be used for origin authentication.
      Similar to peers, these will be evaluated in order the first valid one
      will be used to set origin identity. If none of these methods pass, the
      request will be rejected with authentication failed error (401). Leave the
      list empty if origin authentication is not required.
    type: array
    items:
      $ref: OriginAuthenticationMethod.yaml
  peers:
    description: |-
      List of authentication methods that can be used for peer
      authentication. They will be evaluated in order the first valid one
      will be used to set peer identity. If none of these methods pass, the
      request will be rejected with authentication failed error (401). Leave
      the list empty if peer authentication is not required.
    type: array
    items:
      $ref: PeerAuthenticationMethod.yaml
  principalBinding:
    description: |-
      Define whether peer or origin identity should be used for
      principal. Default value is USE_PEER. If peer (or origin) identity
      is not available, either because peer/origin authentication is not
      defined, or failed, principal will be left unset. In other words,
      binding rule does not affect the decision to accept or reject
      request. This field can be set to one of the following: USE_PEER:
      Principal will be set to the identity from peer authentication.
      USE_ORIGIN: Principal will be set to the identity from origin
      authentication.
    type: string
    enum:
    - INVALID
    - USE_ORIGIN
    - USE_PEER
  serverTlsContext:
    description: |-
      Configures the mechanism to obtain server-side security
      certificates and identity information.
    $ref: TlsContext.yaml