68 lines
2.7 KiB
YAML
68 lines
2.7 KiB
YAML
$schema: "http://json-schema.org/draft-06/schema#"
|
|
|
|
title: networksecurity v1 ServerTlsPolicy export schema
|
|
description: A gcloud export/import command YAML validation schema.
|
|
type: object
|
|
additionalProperties: false
|
|
properties:
|
|
COMMENT:
|
|
type: object
|
|
description: User specified info ignored by gcloud import.
|
|
additionalProperties: false
|
|
properties:
|
|
template-id:
|
|
type: string
|
|
region:
|
|
type: string
|
|
description:
|
|
type: string
|
|
date:
|
|
type: string
|
|
version:
|
|
type: string
|
|
UNKNOWN:
|
|
type: array
|
|
description: Unknown API fields that cannot be imported.
|
|
items:
|
|
type: string
|
|
allowOpen:
|
|
description: |-
|
|
This field applies only for Traffic Director policies. It is must be set
|
|
to false for external HTTPS load balancer policies. Determines if server
|
|
allows plaintext connections. If set to true, server allows plain text
|
|
connections. By default, it is set to false. This setting is not exclusive
|
|
of other encryption modes. For example, if `allow_open` and `mtls_policy`
|
|
are set, server allows both plain text and mTLS connections. See
|
|
documentation of other encryption modes to confirm compatibility. Consider
|
|
using it if you wish to upgrade in place your deployment to TLS while
|
|
having mixed TLS and non-TLS traffic reaching port :80.
|
|
type: boolean
|
|
description:
|
|
description: Free-text description of the resource.
|
|
type: string
|
|
labels:
|
|
description: Set of label tags associated with the resource.
|
|
$ref: LabelsValue.yaml
|
|
mtlsPolicy:
|
|
description: |-
|
|
This field is required if the policy is used with external HTTPS load
|
|
balancers. This field can be empty for Traffic Director. Defines a
|
|
mechanism to provision peer validation certificates for peer to peer
|
|
authentication (Mutual TLS - mTLS). If not specified, client certificate
|
|
will not be requested. The connection is treated as TLS and not mTLS. If
|
|
`allow_open` and `mtls_policy` are set, server allows both plain text and
|
|
mTLS connections.
|
|
$ref: MTLSPolicy.yaml
|
|
name:
|
|
description: |-
|
|
Name of the ServerTlsPolicy resource. It matches the pattern
|
|
`projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}`
|
|
type: string
|
|
serverCertificate:
|
|
description: |-
|
|
Optional if policy is to be used with Traffic Director. For external HTTPS
|
|
load balancer must be empty. Defines a mechanism to provision server
|
|
identity (public and private keys). Cannot be combined with `allow_open`
|
|
as a permissive mode that allows both plain text and TLS is not supported.
|
|
$ref: GoogleCloudNetworksecurityV1CertificateProvider.yaml
|