Reference documentation and code samples for the Network Security V1 API module Google::Cloud::NetworkSecurity::V1::AuthzPolicy::AuthzRule::Principal::PrincipalSelector.
The principal value the principal rule will match against.
Constants
PRINCIPAL_SELECTOR_UNSPECIFIED
value: 0
Unspecified principal selector. It will be treated as
CLIENT_CERT_URI_SAN by default.
CLIENT_CERT_URI_SAN
value: 1
The principal rule is matched against a list of URI SANs in the
validated client's certificate. A match happens when there is any
exact URI SAN value match. This is the default principal selector.
CLIENT_CERT_DNS_NAME_SAN
value: 2
The principal rule is matched against a list of DNS Name SANs in the
validated client's certificate. A match happens when there is any
exact DNS Name SAN value match.
This is only applicable for Application Load Balancers
except for classic Global External Application load balancer.
CLIENT_CERT_DNS_NAME_SAN is not supported for INTERNAL_SELF_MANAGED
load balancing scheme.
CLIENT_CERT_COMMON_NAME
value: 3
The principal rule is matched against the common name in the client's
certificate. Authorization against multiple common names in the
client certificate is not supported. Requests with multiple common
names in the client certificate will be rejected if
CLIENT_CERT_COMMON_NAME is set as the principal selector. A match
happens when there is an exact common name value match.
This is only applicable for Application Load Balancers
except for global external Application Load Balancer and
classic Application Load Balancer.
CLIENT_CERT_COMMON_NAME is not supported for INTERNAL_SELF_MANAGED
load balancing scheme.