$schema: "http://json-schema.org/draft-06/schema#"

title: networkservices v1beta1 EndpointPolicy export schema
description: A gcloud export/import command YAML validation schema.
type: object
required:
- endpointMatcher
- type
additionalProperties: false
properties:
  COMMENT:
    type: object
    description: User specified info ignored by gcloud import.
    additionalProperties: false
    properties:
      template-id:
        type: string
      region:
        type: string
      description:
        type: string
      date:
        type: string
      version:
        type: string
  UNKNOWN:
    type: array
    description: Unknown API fields that cannot be imported.
    items:
      type: string
  authorizationPolicy:
    description: |-
      This field specifies the URL of AuthorizationPolicy resource that applies
      authorization policies to the inbound traffic at the matched endpoints.
      Refer to Authorization. If this field is not specified, authorization is
      disabled(no authz checks) for this endpoint.
    type: string
  clientTlsPolicy:
    description: |-
      A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set
      to specify the authentication for traffic from the proxy to the actual
      endpoints. More specifically, it is applied to the outgoing traffic from
      the proxy to the endpoint. This is typically used for sidecar model where
      the proxy identifies itself as endpoint to the control plane, with the
      connection between sidecar and endpoint requiring authentication. If this
      field is not set, authentication is disabled(open). Applicable only when
      EndpointPolicyType is SIDECAR_PROXY.
    type: string
  description:
    description: |-
      A free-text description of the resource. Max length 1024 characters.
    type: string
  endpointMatcher:
    description: |-
      A matcher that selects endpoints to which the policies should be applied.
    $ref: EndpointMatcher.yaml
  labels:
    description: Set of label tags associated with the EndpointPolicy resource.
    $ref: LabelsValue.yaml
  name:
    description: |-
      Identifier. Name of the EndpointPolicy resource. It matches pattern
      `projects/{project}/locations/global/endpointPolicies/{endpoint_policy}` .
    type: string
  securityPolicy:
    description: |-
      A URL referring to a SecurityPolicy resource. SecurityPolicy is used to
      enforce rate limiting policy on the inbound traffic at the identified
      backends. If this field is not set, rate limiting is disabled for this
      endpoint.
    type: string
  serverTlsPolicy:
    description: |-
      A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to
      determine the authentication policy to be applied to terminate the inbound
      traffic at the identified backends. If this field is not set,
      authentication is disabled(open) for this endpoint.
    type: string
  trafficPortSelector:
    description: |-
      Port selector for the (matched) endpoints. If no port selector is
      provided, the matched config is applied to all ports.
    $ref: TrafficPortSelector.yaml
  type:
    description: |-
      The type of endpoint policy. This is primarily used to validate the
      configuration.
    type: string
    enum:
    - ENDPOINT_POLICY_TYPE_UNSPECIFIED
    - GRPC_SERVER
    - SIDECAR_PROXY