davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a19e592eb77a02d54847c63adf45457282262e22
novafarma/gcloud auth application-default login/google-cloud-sdk/lib/googlecloudsdk/schemas/compute/alpha/BackendServiceTlsSettings.yaml

75 lines
3.3 KiB
YAML
Raw Blame History

$schema: "http://json-schema.org/draft-06/schema#"
title: compute alpha BackendServiceTlsSettings export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
COMMENT:
type: object
description: User specified info ignored by gcloud import.
additionalProperties: false
properties:
template-id:
type: string
region:
type: string
description:
type: string
date:
type: string
version:
type: string
UNKNOWN:
type: array
description: Unknown API fields that cannot be imported.
items:
type: string
authenticationConfig:
description: |-
Reference to the BackendAuthenticationConfig resource from the
networksecurity.googleapis.com namespace. Can be used in authenticating
TLS connections to the backend, as specified by the authenticationMode
field. Can only be specified if authenticationMode is not NONE.
type: string
identity:
description: |-
Assigns the Managed Identity for the RegionBackendService Workload. Use
this property to configure the load balancer back-end to use certificates
and roots of trust provisioned by the Managed Workload Identity system.
The `managedIdentity` property is the fully-specified SPIFFE ID to use in
the SVID presented by the Load Balancer Workload. The SPIFFE ID must be a
resource starting with the "spiffe" scheme identifier, followed by the
"trustDomain" property value, followed by the path to the Managed Workload
Identity. Supported SPIFFE ID format: -
spiffe://<trust_domain>/ns/<namespace>/sa/<subject> The Trust Domain
within the Managed Identity must refer to a valid Workload Identity Pool.
The TrustConfig and CertificateIssuanceConfig will be inherited from the
Workload Identity Pool. Restrictions: - If you set the `managedIdentity`
property, you cannot manually set the following
type: string
sni:
description: |-
Server Name Indication - see RFC3546 section 3.1. If set, the load
balancer sends this string as the SNI hostname in the TLS connection to
the backend, and requires that this string match a Subject Alternative
Name (SAN) in the backend's server certificate. With a Regional Internet
NEG backend, if the SNI is specified here, the load balancer uses it
regardless of whether the Regional Internet NEG is specified with FQDN or
IP address and port. When both sni and subjectAltNames[] are specified,
the load balancer matches the backend certificate's SAN only to
subjectAltNames[].
type: string
subjectAltNames:
description: |-
A list of Subject Alternative Names (SANs) that the Load Balancer verifies
during a TLS handshake with the backend. When the server presents its
X.509 certificate to the Load Balancer, the Load Balancer inspects the
certificate's SAN field, and requires that at least one SAN match one of
the subjectAltNames in the list. This field is limited to 5 entries. When
both sni and subjectAltNames[] are specified, the load balancer matches
the backend certificate's SAN only to subjectAltNames[].
type: array
items:
$ref: BackendServiceTlsSettingsSubjectAltName.yaml
Reference in New Issue View Git Blame Copy Permalink