77 lines
3.1 KiB
YAML
77 lines
3.1 KiB
YAML
$schema: "http://json-schema.org/draft-06/schema#"
|
|
|
|
title: compute alpha SecuritySettings export schema
|
|
description: A gcloud export/import command YAML validation schema.
|
|
type: object
|
|
additionalProperties: false
|
|
properties:
|
|
COMMENT:
|
|
type: object
|
|
description: User specified info ignored by gcloud import.
|
|
additionalProperties: false
|
|
properties:
|
|
template-id:
|
|
type: string
|
|
region:
|
|
type: string
|
|
description:
|
|
type: string
|
|
date:
|
|
type: string
|
|
version:
|
|
type: string
|
|
UNKNOWN:
|
|
type: array
|
|
description: Unknown API fields that cannot be imported.
|
|
items:
|
|
type: string
|
|
authentication:
|
|
description: '[Deprecated] Use clientTlsPolicy instead.'
|
|
type: string
|
|
authenticationPolicy:
|
|
description: |-
|
|
[Deprecated] Authentication policy defines what authentication methods can
|
|
be accepted on backends, and if authenticated, which method/certificate
|
|
will set the request principal. request principal.
|
|
$ref: AuthenticationPolicy.yaml
|
|
authorizationConfig:
|
|
description: |-
|
|
[Deprecated] Authorization config defines the Role Based Access Control
|
|
(RBAC) config. Authorization config defines the Role Based Access Control
|
|
(RBAC) config.
|
|
$ref: AuthorizationConfig.yaml
|
|
awsV4Authentication:
|
|
description: |-
|
|
The configuration needed to generate a signature for access to private
|
|
storage buckets that support AWS's Signature Version 4 for authentication.
|
|
Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends.
|
|
$ref: AWSV4Signature.yaml
|
|
clientTlsPolicy:
|
|
description: |-
|
|
A URL referring to a networksecurity.ClientTlsPolicy resource that
|
|
describes how clients should authenticate with this service's backends.
|
|
clientTlsPolicy only applies to a global BackendService with the
|
|
loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank,
|
|
communications are not encrypted.
|
|
type: string
|
|
clientTlsSettings:
|
|
description: '[Deprecated] TLS Settings for the backend service.'
|
|
$ref: ClientTlsSettings.yaml
|
|
subjectAltNames:
|
|
description: |-
|
|
A list of Subject Alternative Names (SANs) that the client verifies during
|
|
a mutual TLS handshake with an server/endpoint for this BackendService.
|
|
When the server presents its X.509 certificate to the client, the client
|
|
inspects the certificate's subjectAltName field. If the field contains one
|
|
of the specified values, the communication continues. Otherwise, it fails.
|
|
This additional check enables the client to verify that the server is
|
|
authorized to run the requested service. Note that the contents of the
|
|
server certificate's subjectAltName field are configured by the Public Key
|
|
Infrastructure which provisions server identities. Only applies to a
|
|
global BackendService with loadBalancingScheme set to
|
|
INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached
|
|
clientTlsPolicy with clientCertificate (mTLS mode).
|
|
type: array
|
|
items:
|
|
type: string
|