Enum AuthzPolicy.AuthzRule.Principal.PrincipalSelector (0.94.0) 

public enum AuthzPolicy.AuthzRule.Principal.PrincipalSelector extends Enum<AuthzPolicy.AuthzRule.Principal.PrincipalSelector> implements ProtocolMessageEnum

The principal value the principal rule will match against.

Protobuf enum google.cloud.networksecurity.v1.AuthzPolicy.AuthzRule.Principal.PrincipalSelector

Implements

ProtocolMessageEnum

Static Fields

Name Description
CLIENT_CERT_COMMON_NAME

The principal rule is matched against the common name in the client's certificate. Authorization against multiple common names in the client certificate is not supported. Requests with multiple common names in the client certificate will be rejected if CLIENT_CERT_COMMON_NAME is set as the principal selector. A match happens when there is an exact common name value match. This is only applicable for Application Load Balancers except for global external Application Load Balancer and classic Application Load Balancer. CLIENT_CERT_COMMON_NAME is not supported for INTERNAL_SELF_MANAGED load balancing scheme.

CLIENT_CERT_COMMON_NAME = 3;
CLIENT_CERT_COMMON_NAME_VALUE

The principal rule is matched against the common name in the client's certificate. Authorization against multiple common names in the client certificate is not supported. Requests with multiple common names in the client certificate will be rejected if CLIENT_CERT_COMMON_NAME is set as the principal selector. A match happens when there is an exact common name value match. This is only applicable for Application Load Balancers except for global external Application Load Balancer and classic Application Load Balancer. CLIENT_CERT_COMMON_NAME is not supported for INTERNAL_SELF_MANAGED load balancing scheme.

CLIENT_CERT_COMMON_NAME = 3;
CLIENT_CERT_DNS_NAME_SAN

The principal rule is matched against a list of DNS Name SANs in the validated client's certificate. A match happens when there is any exact DNS Name SAN value match. This is only applicable for Application Load Balancers except for classic Global External Application load balancer. CLIENT_CERT_DNS_NAME_SAN is not supported for INTERNAL_SELF_MANAGED load balancing scheme.

CLIENT_CERT_DNS_NAME_SAN = 2;
CLIENT_CERT_DNS_NAME_SAN_VALUE

The principal rule is matched against a list of DNS Name SANs in the validated client's certificate. A match happens when there is any exact DNS Name SAN value match. This is only applicable for Application Load Balancers except for classic Global External Application load balancer. CLIENT_CERT_DNS_NAME_SAN is not supported for INTERNAL_SELF_MANAGED load balancing scheme.

CLIENT_CERT_DNS_NAME_SAN = 2;
CLIENT_CERT_URI_SAN

The principal rule is matched against a list of URI SANs in the validated client's certificate. A match happens when there is any exact URI SAN value match. This is the default principal selector.

CLIENT_CERT_URI_SAN = 1;
CLIENT_CERT_URI_SAN_VALUE

The principal rule is matched against a list of URI SANs in the validated client's certificate. A match happens when there is any exact URI SAN value match. This is the default principal selector.

CLIENT_CERT_URI_SAN = 1;
PRINCIPAL_SELECTOR_UNSPECIFIED

Unspecified principal selector. It will be treated as CLIENT_CERT_URI_SAN by default.

PRINCIPAL_SELECTOR_UNSPECIFIED = 0;
PRINCIPAL_SELECTOR_UNSPECIFIED_VALUE

Unspecified principal selector. It will be treated as CLIENT_CERT_URI_SAN by default.

PRINCIPAL_SELECTOR_UNSPECIFIED = 0;
UNRECOGNIZED

Static Methods

Name Description
forNumber(int value)
getDescriptor()
internalGetValueMap()
valueOf(Descriptors.EnumValueDescriptor desc)
valueOf(int value)

Deprecated. Use #forNumber(int) instead.
valueOf(String name)
values()

Methods

Name Description
getDescriptorForType()
getNumber()
getValueDescriptor()