BackendAuthenticationConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)BackendAuthenticationConfig message groups the TrustConfig together with other settings that control how the load balancer authenticates, and expresses its identity to, the backend:
trustConfigis the attached TrustConfig.wellKnownRootsindicates whether the load balance should trust backend server certificates that are issued by public certificate authorities, in addition to certificates trusted by the TrustConfig.clientCertificateis a client certificate that the load balancer uses to express its identity to the backend, if the connection to the backend uses mTLS.
You can attach the BackendAuthenticationConfig to the load balancer's BackendService directly determining how that BackendService negotiates TLS.
Attributes |
|
|---|---|
| Name | Description |
name |
str
Required. Name of the BackendAuthenticationConfig resource. It matches the pattern projects/*/locations/{location}/backendAuthenticationConfigs/{backend_authentication_config}
|
description |
str
Optional. Free-text description of the resource. |
create_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The timestamp when the resource was created. |
update_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The timestamp when the resource was updated. |
labels |
MutableMapping[str, str]
Set of label tags associated with the resource. |
client_certificate |
str
Optional. A reference to a certificatemanager.googleapis.com.Certificate resource. This is a relative resource path following the form "projects/{project}/locations/{location}/certificates/{certificate}". Used by a BackendService to negotiate mTLS when the backend connection uses TLS and the backend requests a client certificate. Must have a CLIENT_AUTH scope. |
trust_config |
str
Optional. A reference to a TrustConfig resource from the certificatemanager.googleapis.com namespace. This is a relative resource path following the form "projects/{project}/locations/{location}/trustConfigs/{trust_config}". A BackendService uses the chain of trust represented by this TrustConfig, if specified, to validate the server certificates presented by the backend. Required unless wellKnownRoots is set to PUBLIC_ROOTS. |
well_known_roots |
google.cloud.network_security_v1alpha1.types.BackendAuthenticationConfig.WellKnownRoots
Well known roots to use for server certificate validation. |
etag |
str
Output only. Etag of the resource. |
Classes
LabelsEntry
LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)The abstract base class for a message.
| Parameters | |
|---|---|
| Name | Description |
kwargs |
dict
Keys and values corresponding to the fields of the message. |
mapping |
Union[dict,
A dictionary or message to be used to determine the values for this message. |
ignore_unknown_fields |
Optional(bool)
If True, do not raise errors for unknown fields. Only applied if |
WellKnownRoots
WellKnownRoots(value)Enum to specify the well known roots to use for server certificate validation.
The well-known roots are a set of root CAs
managed by Google. CAs in this set can be added
or removed without notice.