$schema: "http://json-schema.org/draft-06/schema#"

title: networksecurity v1 ServerTlsPolicy export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
  COMMENT:
    type: object
    description: User specified info ignored by gcloud import.
    additionalProperties: false
    properties:
      template-id:
        type: string
      region:
        type: string
      description:
        type: string
      date:
        type: string
      version:
        type: string
  UNKNOWN:
    type: array
    description: Unknown API fields that cannot be imported.
    items:
      type: string
  allowOpen:
    description: |-
      This field applies only for Traffic Director policies. It is must be set
      to false for external HTTPS load balancer policies. Determines if server
      allows plaintext connections. If set to true, server allows plain text
      connections. By default, it is set to false. This setting is not exclusive
      of other encryption modes. For example, if `allow_open` and `mtls_policy`
      are set, server allows both plain text and mTLS connections. See
      documentation of other encryption modes to confirm compatibility. Consider
      using it if you wish to upgrade in place your deployment to TLS while
      having mixed TLS and non-TLS traffic reaching port :80.
    type: boolean
  description:
    description: Free-text description of the resource.
    type: string
  labels:
    description: Set of label tags associated with the resource.
    $ref: LabelsValue.yaml
  mtlsPolicy:
    description: |-
      This field is required if the policy is used with external HTTPS load
      balancers. This field can be empty for Traffic Director. Defines a
      mechanism to provision peer validation certificates for peer to peer
      authentication (Mutual TLS - mTLS). If not specified, client certificate
      will not be requested. The connection is treated as TLS and not mTLS. If
      `allow_open` and `mtls_policy` are set, server allows both plain text and
      mTLS connections.
    $ref: MTLSPolicy.yaml
  name:
    description: |-
      Name of the ServerTlsPolicy resource. It matches the pattern
      `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}`
    type: string
  serverCertificate:
    description: |-
      Optional if policy is to be used with Traffic Director. For external HTTPS
      load balancer must be empty. Defines a mechanism to provision server
      identity (public and private keys). Cannot be combined with `allow_open`
      as a permissive mode that allows both plain text and TLS is not supported.
    $ref: GoogleCloudNetworksecurityV1CertificateProvider.yaml